The Inquirer-Home

Digging for Truth

Research in support of an Open Source/Free Software Community's Reply to Darl Mcbride
Fri Sep 19 2003, 14:11
Introduction

The following research is the result of efforts to compile a truthful record of the SCO controversy and in the hope that it will be helpful to anyone interested in understanding and proving the truthfulness of statements made in an open source / free software community's open letter to SCO's Darl McBride by Groklaw's readership on September 18, 2003.

We note that a number of web pages appear to have disappeared from SCO's web site recently, as well as from the Wayback Archive and from Google, particularly in the past few weeks. All the links on this page worked at the time of preparing this document, but we cannot guarantee their continued availability. And if nothing else, this record shows what once was available, even if it all should suddenly disappear from the internet. Many of us, in any case, have saved copies of the materials locally.

Links to Mr. McBride's Open Letter to the Open Source Community are in an Appendix located at the very end of this document, should you wish to refresh your memory. We have arranged the material topically, in the order in which topics are addressed in our letter, with additional resource material added thereafter. We hope you will find this document useful.

1. VIOLATIONS OF THE GENERAL PUBLIC LICENSE (GPL)

Text of the GNU General Public License (GPL).

Columbia Law School Professor Eben Moglen, pro bono publico general counsel for the Free Software Foundation, which maintains the GNU General Public License, under which Linux is distributed, on the GPL in an affidavit in the MySQL case ( Progress Software Corp. v. MySQL AB, 1st Cir., No. 02-1402 ).

"SCO Scuttles Sense, Claiming GPL Invalidity" by Eben Moglen.

"The GNU GPL and the American Way" by Richard Stallman.

FSF's Bradley Kuhn: "'Most of the core GNU components are all copyrighted by the Free Software Foundation and distributed under our auspices under GPL. SCO's right to redistribute them, and Linux too, is the GNU GPL and only the GNU GPL.... FSF holds documents from SCO regarding some of this code. SCO has disclaimed copyright on changes that were submitted and assigned by their employees to key GNU operating system components. Why would SCO itself allow their employees to assign copyright to FSF, and perhaps release SCO's supposed 'valuable proprietary trade secrets' in this way?"

Eben Moglen: "'From the moment that SCO distributed that code under the GNU General Public License, they would have given everybody in the world the right to copy, modify and distribute that code freely,' he said. 'From the moment SCO distributed the Linux kernel under GPL, they licensed the use. Always. That's what our license says.'Moglen noted that SCO cannot readily make the claim that it inadvertently released the code, because the GPL requires that when code is released under its auspices, the developers must release the binary, the source code and the license, and the source code must be able to build the binary. Presumably, then, the binary functions the way the creators want it to function and has the capabilities they want it to have. 'This isn't an inadvertent distribution case,' he said."

Microsoft tries to explain the GPL (but mischaracterizes it):

"The GPL permits unlimited free use, modification, and redistribution of software and its source code, but imposes three key restrictions on every licensee:

" -- If the licensee redistributes any code licensed under the GPL, it must guarantee availability of the code for the entire work for unlimited replication by anyone requesting it.
" -- If the licensee redistributes GPL code, it may not charge a licensing fee or royalty, but may charge only for distribution costs.
" -- If the licensee includes any GPL code in another program, the entire program becomes subject to the terms of the GPL.

"This third restriction is what makes the GPL 'viral,' because it causes GPL terms to apply to software that incorporates or is derived from code distributed under the GPL, regardless of whether the program's developer intended that result or even knew of the presence of GPL code in the program. Violation of these restrictions may subject the offender to civil and criminal penalties for copyright infringement.

"Microsoft does not oppose the use of the GPL by individual developers, but does want developers and researchers to be aware of risks and restrictions they may face in using or developing GPL software."

Linux programmer David Mohring responds to Microsoft's explanation in a comment on Groklaw:

"' -- If the licensee includes any GPL code in another program, the entire program becomes subject to the terms of the GPL.'

"Actually, the above statement is Microsoft FUD, since it is actually the reverse which is more correct. If the licensee includes any NON-GPL'ed code in a GPL'ed program or library (*and* then distributes the resulting combined product outside of the licensee's organization) the NON-GPL code in question is deemed to be also licensed by the distributer under the GPL license.

"Note that is the not the commingling of the GPL'ed source with the NON-GPL'ed product, but the act of distribution, outside of the licensee's organization ,which actually effectively results in the licensee granting all downstream recipients the rights to use the result under the GPL license.

"Just including GPL'ed source inside a NON-GPL'ed program or library does not 'automatically' license the NON-GPL'ed program/library under the GPL -- it just means that anyone distributing the resulting product, outside of the licensee's organization, is in violation of the GPL license. The licensee has then three options. 1) Recall and Cease distributing the combined product *OR* 2) Remove the GPL'ed code from the product and distribute the result under whatever license the licensee sees fit *OR* 3) License the combined product under the GPL.

"With the latter option #3, the licensee has the right to retain copyright over their original source code and Dual/Multi-license under the GPL and any other licenses they choose. Sun does this with OpenOffice, as does the MySQL project and TrollTech with the QT libraries. If the licensee/vendor is careful, maintaing at least one branch of the source seperate from the pure single licensed GPL'ed sources, geting all outside developers to assign copyright over to the licensee/vendor for major contibutions and patches, the licensee/vendor is free to exercise option #2 at any time with the un-commingled source branch. Sun does this with the proprietary StarOffice6, which is based on the Sun OpenOffice.org sources. TrollTech also offers a proprietary licensed option for the QT libraries.

"Microsoft's claim also totally ignores the existence and use of the LGPL license. The LGPL license is the same as the GPL license but grants the recipient the right to link into NON-GPL'ed programs/libraries. The LGPL is widely used and is very NON-GPL friendly. All of the vendor who supply proprietary applications for Linux link with the GNU LGPL licensed C and C++ libraries."

Copyright Law

Some general explanations available currently online.

Eben Moglen: "...section 7 of the Gnu General Public License (GPL)... specifies that if legal 'conditions are imposed... that contradict the conditions of this License' you cannot distribute GPL protected free software."

Eben Moglen on why you don't need a copyright license: "You don't need a copyright license from anybody to use any program. That's like saying you need a copyright license to read a newspaper... if there's plagiarised material in the New York Times, that doesn't mean that people who buy the New York Times are liable."

2. SCO INVOICES WILL PROVOKE LEGAL ACTION

New York General Business Law (GBL) Sections 349 and 350.

GBL Sections 349 and 350 (New York's Consumer Protection Law) prohibits "...any deceptive or unconscionable trade practice in the sale, lease, rental or loan of any consumer goods or services...".

"Unfair acts and deceptive practices carried out in the course of business or trade are prohibited in New York State. Section 349 of the General Business Law specifically prohibits this activity and has become the most frequently prosecuted consumer-related offense in New York State."

New York's Consumer Protection From Deceptive Acts and Practices Statutes.

New York's key consumer protection statutes are Sections 349 and 350, Chapter 20 of the General Business Law. Section 349 provides: "Deceptive acts or practices in the conduct of any business, trade or commerce or in the furnishing of any service in this state are hereby declared unlawful." N.Y. Gen. Bus. L. § 349(a). Section 349(h) provides that in addition to the right of the Attorney General to seek injunctive relief and restitution under Section 349(a), any "person" injured as a result of the prohibited deceptive acts or practices "may bring an action in his own name to enjoin such unlawful act or practice," and may also seek to "recover his actual damages or fifty dollars whichever is greater." N.Y. Gen. Bus. L § 349(h). Moreover, the court may, "in its discretion increase the award of damages to an amount not to exceed three times the actual damages up to one thousand dollars, if the court finds the defendant willfully or knowingly violated this section. The court may award reasonable attorney's fees to a prevailing plaintiff." Id.

"Section 350 provides: 'False advertising in the conduct of any business, trade or commerce, or in the furnishing of any service in this state is hereby declared unlawful.' N.Y. Gen Bus. L. § 350. The term 'false advertising' means 'advertising, including labeling, of a commodity,' if such advertising is 'misleading in a material respect.' N.Y. Gen. Bus. L. § 350-a(1). Section 350-e(3) provides that any 'person' injured as a result of misleading advertising 'may bring an action in his own name to enjoin such unlawful act or practice,' and may also seek to 'recover his actual damages or $50, whichever is greater.' N.Y. Gen. Bus. L. § 350-e(3). This section also provides for discretionary trebling of damages and an award of attorneys fees to the prevailing plaintiff. Id.

"The elements of a Section 349 or 350 claim are (1) that the defendant engaged in an act or practice, or advertising, that was deceptive or misleading in a material respect, and (2) that the plaintiff was injured as a result. See, Berrios v. Sprint Corporation, 1998 WL. 199842 at *3 (E.D.N.Y. March 16, 1998); BNI New York LTD v. DeGanto, 675 N.Y.S.2d 752, 755 (1998); McDonald v. North Shore Yacht Sales, Inc., 513 N.Y.S.2d 590, 914 (1987). 'There is no requirement that the plaintiff show specific dollar injury, or to obtain injunctive relief that there even be pecuniary injury at all. Nor is there any requirement that the deceptive practice or false advertising be intentional or even reckless or amount to fraud.' N.Y. Gen. Bus. L. § 349, Practice Commentaries. 'Nor does plaintiff have to prove reliance upon defendant's deceptive practices.' BNI New York, 675 N.Y.S.2d at 755. See also, Small v. Lorillard Tobacco Company, 677 N.Y.S.2d 518, 519 (1st Dept. 1998) (Section 349 'does not require proof of justifiable reliance').

"The standard for whether an act or practice or advertisement is misleading is objective, requiring a showing that a reasonable consumer would have been misled by the defendant's conduct. Berrios, 1998 WL 199842 at * 3, quoting S.Q.K.F.C., Inc. v. Bell Atl. Tricon Leasing Corp., 84 F.3d 629, 636 (2d Cir. 1996); Oswetto Laborers Local 214 Pension Fund v. Marine Midland Bank, 623 N.Y.S.2d 529, 533 (1995). Though not contained in the statute nor required by the New York Court of Appeals, several federal courts have determined that a private right of action under Sections 349 and 350 requires some sort of offense to the public interest. See, e.g., Franklin Electronic Publishers, Inc. v. Unisonic Products Corporation, 763 F. Supp. 1, 5 (S.D.N.Y. 1991); Jenesco Entertainment v. Kotch, 593 F. Supp. 743, 751-52 (S.D.N.Y. 1984)."

Fraud: "In actions for fraud, corporate officers and directors may be held individually liable if they participated in or had knowledge of the fraud, even if they did not stand to gain personally (see, e.g., Marine Midland Bank v Russo, , 50 NY2d 31, 44 [1980])... deceptive trade practices which, by definition, include any false or misleading statements."

NY General Business Law, Article 21-A, Fraudulent Transactions in Securities,Section 339.

15 USC Section 45, Section 5(a), the federal equivalent.

Section 13(b) of the Federal Trade Commission Act, 15 U.S.C. Section 53(b) -- authorizes FTC to seek injunctive relief.

Jules Polonetsky, et al.,v. Better Homes Depot, Inc., et al 2001 NY Int. 125: "The Attorney General of the State of New York has authority under: (a) NY Executive Law §63(12), which authorizes the Attorney General of the State of New York to seek injunctive relief, restitution,damages, and costs against any person or business entity which has engaged in repeated fraudulent or illegal acts or otherwise engaged in persistent fraud or illegality in the conduct of business; and (b) NY GBL Article 22-A which authorizes the Attorney General of the State of New York to seek injunctive relief, restitution, and penalties when any person or business has engaged in deceptive business practices."

Utah's securities fraud statute.

Steven J. Vaughan-Nichols : "Billing companies for software they've already paid other vendors for on unproven allegations that SCO Unix code is hidden inside Linux? This plan is just crazy and (to my untrained, non-lawyer eye), it comes dangerously close to fraud."

Example of eConnect CEO guilty of issuing false press releases and facing prison.

National Fraud Information Center.

3. SCO HAS SHOWN US NO INFRINGING CODE

Linus Torvalds: "Yeah, I don't personally think they have any IP rights on Linux, and I agree, it looks more like a suit over the contract rather than over Linux itself."

Linus: "Off their Rocker".

Linus: Negotiate what? - September 10th, 2003.

IBM denies it: "'IBM is not aware of any Unix System V Code in Linux. SCO needs to openly show this code before anyone can assess their claim. SCO seems to be asking customers to pay for a license based on allegations, not facts.' -- Trink Guarino, IBM spokesperson.

RedHat denies it: "Given that we have extensive legal resources put forth into making sure we respect the valid intellectual property rights of companies, we are not concerned with the statements that have been made. We do take intellectual property very seriously." -- Leigh Day, Red Hat spokesperson.

In a letter to its customers, Red Hat wrote: "SCO has not demonstrated that any infringement exists, nor has it established that it owns derivative works in UNIX. Nothing has been proven to establish that such a license is needed."

SGI denies it: "'The bottom line is that SCO has no basis for a claim against us,' the statement said."

Free Software Foundation's Bradley Kuhn says Caldera assigned copyrights on employee contributions to the FSF: "Indeed, FSF holds documents from SCO regarding some of this code. SCO has disclaimed copyright on changes that were submitted and assigned by their employees to key GNU operating system components."

Greg Lehey, who worked in IBM's Linux Technology Center, writing "a clone of the AIX Journalled File System, the predecessor of the JFS ported by the JFS for Linux project," says IBM carefully kept AIX and Linux coders separate: "Having worked on Linux for IBM, I can state categorically that the separation between AIX and Linux is complete. Nearly all of the people working on the Linux kernel have no access to AIX source code. It's theoretically possible that some people do have such access, though I know of nobody, but IBM has guidelines for that case, just to be on the safe side: don't read AIX code and write Linux code in the same place. Read the code, go elsewhere and write. Even this, though, would hardly be useful: AIX is UNIX, Linux is Linux. The kernels have such completely different structures that any code import would be a waste of time: it's easier to write it from scratch."

Robert X. Cringeley: "What SCO owns... is the copyright on this particular work as applied to UNIX. But Linux is not UNIX, so applying the same ideas -- even the same code if it comes originally from an upstream source -- is not necessarily copyright infringement.

"Say I write a new high-level programming language, then do nearly identical implementations of that language for UNIX and Linux and the UNIX version is made part of some official UNIX distribution. Does that mean the Linux version violates the UNIX copyright? No. But I wrote both versions and the code is identical. Surely that is a copyright violation? No. This isn't a matter of clean rooms and virgins and reverse engineering, it is a matter of precedence and authorship. Sequent (now IBM) did not give up all its rights to the code when it was made part of UNIX. They were very careful to plan it that way."

Anupam Chander, Professor of Law at the University of California, Davis, School of Law, a graduate of Yale Law School and Harvard College, who specializes in cyberlaw and international law: "IBM should win"

Thomas Carey, partner with intellectual property firm Bromberg & Sunstein, explains the side letter to the AT&T-IBM license agreement, now Exhibit C to SCO's complaint, gives IBM rights to derivative code.

"SCO Admits to Not Knowing Own Code History in Recent Q & A".

"SCO may not know origin of code, says Australian UNIX historian".

Linus Torvalds on his attitude toward IP: "Torvalds took issue with SCO's position. 'I care deeply about IP (intellectual property) rights. I've personally got more IP rights than the average bear, and as the owner of the copyright in the collective of the Linux kernel, I shepherd even more. It's what I do, every day. I personally manage more valuable IP rights than SCO has ever held, and I take it damn seriously,' Torvalds said in an e-mail interview."

Larry Rosen: SCO's remedy lies with IBM, not users.

SCO's Changing Story About the Code They Showed

August 26 -- "But Sontag said the BPF routines were not intended to be an example of stolen code, but rather a demonstration of how SCO was able to detect 'obfuscated' code, or code that had been altered slightly to disguise its origins. The slide displaying the code should have been written differently to reflect that intention, he said.

"'It was an example of our ability to find moderately changed or obfuscated code, it was not an example we are using in court,' Sontag said. 'If they want to go off and make a big defense on that, they are welcome to it.'"

Sept. 11 -- "SCO acknowledges it has not, because of pending litigation, completely revealed its evidence of purloined code showing up in Linux. However, Stowell argues his company has revealed -- through a mix of private screenings where viewers signed nondisclosure pacts and in a public slide show three weeks ago at SCO's trade show in Las Vegas -- sufficiently damning examples backing its claims.

"They keep saying we are not showing the code, that we are being deceptive," Stowell said. "But we have shown it, literally, to hundreds of people now.... We have been very forthcoming. The programs we have identified make up about 20 percent of Linux."

Offers to Remove Any Infringing Code

Linus Torvald's offer to remove any infringing code.

Richard Stallman's offer to remove any infringing code: "If any AT&T-copyrighted code was copied into GNU, this occurred despite our continued efforts to prevent such copying. Our intention was to write code from scratch, and we have surely done so 99% of the time or more. If SCO can find code that was copied and is not fair use, they merely have to show it to us. We will take out the AT&T code and replace it."

Another offer.

Eben Moglen offers to remove any infringing code: "This isn't an inadvertent distribution case,' he said. However, he noted that the Free Software Foundation works with companies to ensure that they do not release anything under the GPL that they do not intend to release. In fact, he said, when SCO first filed its suit against IBM, he approached SCO's lawyers because it is the Free Software Foundation and not IBM which holds the copyright to the Linux distribution IBM created, Linux for S/360. IBM created the Linux distribution but released it under the GPL and signed the copyright over to the Free Software Foundation.

"Moglen said that when he approached SCO's lawyers he asked them to show him any problems with the particular Linux distribution and if there were any he would stop its distribution. 'They have never responded to that invitation,' he said. He added, 'We help people to solve problems with free software. If they would show us something, we would be happy to help them with it.'"

The FSF policy for contributors most specifically would not allow any UNIX code in: "'Contributors to the GNU Project must follow the Free Software Foundation's rules for the project, which specify - among other things - that contributors must not enter into non-disclosure agreements for technical information relevant to their work on GNU programs, and that they must not consult or make any use of source code from non-free programs, including specifically UNIX.'...

"'Copyright, as I have pointed out here before, protects expressions, not ideas. Copyright on source code protects not how a program works, but only the specific language in which the functionality is expressed. A program written from scratch to express the function of an existing program in a new way does not infringe the original program's copyright. GNU and Linux duplicate some aspects of UNIX functionality, but are independent bodies, not copies of existing expressions.

"'But even if SCO could show that some portions of its UNIX source code were copied into the Linux kernel, the claim of copyright infringement would fail, because SCO has itself distributed the kernel under GPL. By doing so, SCO licensed everyone everywhere to copy, modify, and redistribute that code. SCO cannot now turn around and argue that code it sold people under GPL did not license the copying and redistribution of any copyrighted material of their own that code contained.'"

Jon "maddog" Hall: "Take your code, please! We don't want it." MP3.

Bruce Perens: "They should show us what code they have problems with. We'll take a look at it or we'll just replace it."

Darl McBride: "The Linux community would have me publish it now, (so they can have it) laundered by the time we can get to a court hearing."

Others in the community agree that any Linux source code that is proven to be infringing will be removed immediately:

May 16th, 2003 Jeff Kintz, posting to a mailing list related to Linux kernel development: "As soon as SCO reveals exactly which code segments 'belong' to them the Linux development community will be engaged in a furious competition for the status to be attained by being the person who replaces that code with non-infringing code."

May 19th, 2003 Gary Barnett, Research Director of Ovum in "SCO: Stuff and nonsense": "If there is an 'offending' code within the Linux kernel, it will be fixed very quickly.... Indeed, the Linux community is already calling on SCO to identify the code that it claims to own so that it can get to work on replacing it."

May 21st, 2003 Mitch Anderson, posting to a different Linux mailing list: "...once (if) the offending pieces have been disclosed. They will be removed so fast that their heads will spin."

May 27th, 2003 Robert Frances Group "SCO's New Business Plan": "It seems likely that as soon as the infringements are made publicly known, they will be immediately rewritten to eliminate the infringements. If SCO were truly concerned only about its IP, a path exists for the elimination of any infringements in a very short period of time...."

May 28th, 2003 Mike Angelo, in an editorial at MozillaQuest: "Moreover, all McBride and SCO-Caldera need to do in order to get any SCO-owned code removed from the kernel.org Linux kernel, the GNU/Linux OS, or Linux distributions is simply to tell these people what SCO-owned code is in the Linux kernel, the GNU/Linux OS, or the Linux distributions. It would be removed immediately, if not sooner. However, McBride refuses to disclose what SCO-owned Unix code is in Linux."

June 10th, 2003, Paula Rooney, in an article for ChannelWeb My Summary: "Linus Torvalds asked SCO about viewing the code; they told him he could not see it without signing their highly restrictive NDA."

Eric Raymond and Bruce Perens: "If you wish to make a respectable case for contamination, show us the code."

Another in LinuxWorld.

4. CODE CAN BE BOTH IDENTICAL AND LEGAL -- THE BSD CONNECTION

"Open Sources: Voices from the Open Source Revolution", including this chapter, "Twenty Years of Berkeley Unix --From AT&T-Owned to Freely Redistributable" by Marshall Kirk McKusick, who was involved in the BSDI lawsuit, which briefly covers the early history of UNIX, including the lawsuit:

"With the increasing cost of the AT&T source licenses, vendors that wanted to build standalone TCP/IP-based networking products for the PC market using the BSD code found the per-binary costs prohibitive. So, they requested that Berkeley break out the networking code and utilities and provide them under licensing terms that did not require an AT&T source license. The TCP/IP networking code clearly did not exist in 32/V and thus had been developed entirely by Berkeley and its contributors. The BSD originated networking code and supporting utilities were released in June 1989 as Networking Release 1, the first freely-redistributable code from Berkeley.

"The licensing terms were liberal. A licensee could release the code modified or unmodified in source or binary form with no accounting or royalties to Berkeley. The only requirements were that the copyright notices in the source file be left intact and that products that incorporated the code indicate in their documentation that the product contained code from the University of California and its contributors. Although Berkeley charged a $1,000 fee to get a tape, anyone was free to get a copy from anyone who already had received it. Indeed, several large sites put it up for anonymous ftp shortly after it was released. Given that it was so easily available, the CSRG was pleased that several hundred organizations purchased copies, since their fees helped fund further development. ...At the preliminary hearing [in the lawsuit] for the injunction, BSDI contended that they were simply using the sources being freely distributed by the University of California plus six additional files. They were willing to discuss the content of any of the six added files, but did not believe that they should be held responsible for the files being distributed by the University of California. The judge agreed with BSDI's argument and told USL that they would have to restate their complaint based solely on the six files or he would dismiss it. Recognizing that they would have a hard time making a case from just the six files, USL decided to refile the suit against both BSDI and the University of California. As before, USL requested an injunction on the shipping of Networking Release 2 from the University and on the BSDI products.

"With the impending injunction hearing just a few short weeks away, preparation began in earnest. All the members of the CSRG were deposed as were nearly everyone employed at BSDI. Briefs, counter-briefs, and counter-counter-briefs flew back and forth between the lawyers. Keith Bostic and I personally had to write several hundred pages of material that found its way into various briefs.

"In December 1992, Dickinson R. Debevoise, a United States District Judge in New Jersey, heard the arguments for the injunction. Although judges usually rule on injunction requests immediately, he decided to take it under advisement. On a Friday about six weeks later, he issued a forty-page opinion in which he denied the injunction and threw out all but two of the complaints. The remaining two complaints were narrowed to recent copyrights and the possibility of the loss of trade secrets. He also suggested that the matter should be heard in a state court system before being heard in the federal court system. ...a settlement was finally reached in January 1994. The result was that three files were removed from the 18,000 that made up Networking Release 2, and a number of minor changes were made to other files. In addition, the University agreed to add USL copyrights to about 70 files, although those files continued to be freely redistributed."

Ancient UNIX released by Caldera under BSD-like license

"Oldies but Goodies".

Dennis Ritchie's Unix page.

Caldera License.

The UNIX Archive.

Press release announcing release.

"Why Caldera Released Unix: A Brief History".

BSDi-USL lawsuit documents.

BSDi Ruling.

1974 UNIX License.

"Ancient UNIX Released Under What Terms?".

5. WE POLICE OUR CODE EFFECTIVELY -- DO YOU?

Linus Torvalds: "So we actually have a very good notion of where the code came from and what the [intellectual property] rights are...when it comes to the stuff that IBM has given Linux, we have been very, very careful about how we accept them. The one thing SCO has mentioned has been the Read Copy Update code that IBM gave us, and that wasn't accepted for the longest time into the kernel exactly because we knew the patents were owned by IBM. [But] we said we couldn't take it until you [IBM] said very explicitly that you also license the patents."

Linus Torvalds on contribution cleanness: "'For copyright infringement, the best protection is the fact that the code is open. Think of it like stealing a car: as a potential car thief, would you do it in full daylight with a lot of people looking on, or would you prefer to do it when nobody is watching?'

"The article says this is what SCO is claiming happened, that IBM boldly stole the code, but Linus finds that hard to believe, asking in effect what would the motive be? 'Sure, it could be done, but what would be the point? It's not like I pay these people on a "per line written" basis.'"

Yahoo! Messageboard for SCOx:

"SCO is mouthing off about how Linux can't police IP issues. They are also claiming they own trade secret rights to Read, Copy, Update (RCU) technology, and that IBM misappropriated these rights by passing RCU to Linux.

"The following kernel mailing list archives ought to refute all of those claims:

http://www.cs.helsinki.fi/linux/linux-kernel/2001-36/0393.html
http://www.cs.helsinki.fi/linux/linux-kernel/2001-36/0394.html
http://www.cs.helsinki.fi/linux/linux-kernel/2001-36/0505.html

"The first email finds kernel maintainer Andrea Arcangeli from SuSE REJECTING IBM's submission of RCU to linux because the technology is covered by US Patent #05442758, as pointed out by Alan Cox or Red Hat.

"The second is IBM employee Dipankar Sarma stating that IBM owns this patent, having purchased the inventor Sequent, and that IBM legal has reviewed it and approved its release under GPL.

"The third is confirmation from Andrea Arcangeli that an IBM patent grant letter has been sent to both Linus and him.

"OK, SCO dweebs. How do you have a trade secret on something that is patented by someone else? First of all, patenting requires disclosure. Second, a patent grants exclusive rights that means your use of the technology must be authorized by them. Third, it's very clear that the kernel maintainers are exercising proper controls to assure IP is properly licenced."

US Patent #05442758.

License Compliance, from Donald B Marti Jr.'s Linuxmanship advocacy page:

"As a Linux user and administrator, you already comply with the terms of the GNU General Public License. (Easy, isn't it?) If you are in a position to do so, make sure other people comply with proprietary software licenses too. Persuade management of the necessity to do this by digging up cases of license violations that have resulted in large fines."

Darl McBride's Perens misquote

What McBride wrote.

Computerwire (subscription req'd): "In his statement McBride appears to have attributed a ComputerWire paraphrase as a quote from Perens. Anyone looking to verify this reference should try the August 26 edition of Computergram, not August 25 as stated by McBride."

Other analysis of the code by Greg Lehey and Eric Raymond.

Dennis Ritchie Acknowledges the Code.

Bruce Perens.

6. INDEMNIFICATION IS A RED HERRING

Attorney Thomas Carey:

"Meanwhile, Carey noted that SCO President and CEO Darl McBride seemed to have misspoken when he said last week that Linux is unique in that it is an operating system which is offered without any warranty of copyright non-infringement (which implied that users were taking a big risk by signing onto Linux).

"Carey said he took a look at the Unix license between AT&T and IBM -- the very agreement that forms the basis of SCO's complaint. 'It contains a nearly identical disclaimer of any warranty of non-infringement,' he said."

SCO's "Linux Intellectual Property License": "ALL WARRANTIES, TERMS, CONDITIONS, REPRESENTATIONS, INDEMNITIES AND GUARANTEES WITH RESPECT TO THE SOFTWARE, WHETHER EXPRESS OR IMPLIED, ARISING BY LAW, CUSTOM, PRIOR ORAL OR WRITTEN STATEMENTS BY ANY PARTY OR OTHERWISE (INCLUDING, BUT NOT LIMITED TO ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR ANY IMPLIED WARRANTY OF NON-INFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS) ARE HEREBY OVERRIDDEN, EXCLUDED AND DISCLAIMED."

Is there Linux code in SCO's Unixware?

Who Did What with the Code?:

"But there may be more reasons that SCO will be looking at legal troubles. Even before Caldera bought out SCO's Unix, SCO was adding Linux functionality to UnixWare.

"Specifically, SCO added Linux compatibility to its Unix properties with operating system packages like UnixWare's Linux Kernel Personality (LKP). The LKP enables UnixWare to run Linux binaries.

"So SCO was adding Linux functionality to its own Unix products, and was also considering bringing Linux functionality to its older OpenServer Unix. Given SCO's own reasoning, could all this Linux functionality be added to Unix without introducing Linux code into Unix?

"Look at the history. When Caldera first bought SCO in August 2000, it suggested that it was going to open source a good deal of Unix. That never happened.

"But what Caldera did do, as described in a Caldera white paper dated March 8, 2001, with the then new tag-phrase of 'Linux and UNIX are coming Together' by Dean R. Zimmerman, a SCO writer, was to try to merge the best features of both operating systems. Early on there's a line that fits perfectly with open source gospel. 'For a programmer, access to source code is the greatest gift that can be bestowed.' And then, getting straight to the point, Caldera declares: 'Caldera has begun the task of uniting the strengths of UNIX technology, which include stability, scalability, security, and performance with the strengths of Linux, which include Internet-readiness, networking, new application support, and new hardware support. Caldera's solution is to unite in the UNIX kernel a Linux Kernel Personality (LKP), and then provide the additional APIs needed for high-end scalability. The result is an application "deploy on" platform with the performance, scalability, and confidence of UNIX and the industry momentum of Linux.'"

Former SCO employee Christoph Hellwig on whether SCO Group might have put UnixWare source in the Linux kernel:

"It might be more interesting to look for stolen Linux code in Unixware, I'd suggest with the support for a very well known Linux fileystem in the Linux compat addon product for UnixWare...."

Comparing SuSE Linux Enterprise Server 8 with UnixWare 7.1.3 by Roberto J. Dohnert.

ZDNet: "Love added that any kind of move on SCO's part to 'unify Unix and Linux' would be 'very positive.'"

"Did SCO Violate the GPL?" with particular emphasis on LKP: "The source, who has seen both the Unix System V source code and the Linux source code and who assisted with a SCO project to bring the two kernels closer together, said that SCO "basically re-implemented the Linux kernel with functions available in the Unix kernel to build what is now known as the Linux Kernel Personality (LKP) in SCO Unix.

"The LKP is a feature that allows users to run standard Linux applications along with standard Unix applications on a single system using the UnixWare kernel.

"'During that project we often came across sections of code that looked very similar, in fact we wondered why even variable names were identical. It looked very much like both codes had the same origin, but that was good as the implementation of 95 percent of all Linux system calls on the Unix kernel turned out to be literally "one-liners",' the source said."

Running Linux Applications on UNIX with LKP.

Doug Michaels, former CEO of Santa Cruz Organization:

"I also believe in the principle that great programmers should "steal" great code whenever possible, so long as they do not violate any laws or license agreements. In hindsight, it's clear that "steal" was a poor and confusing choice of words on my part. I was perhaps being too flippant by trying to point out that one can't really steal that which is freely offered."

Linux Journal: "'Linux is being pulled across the spectrum of IT solutions, and a single kernel won't scale,' Ransom says. The considerations that are important to embedded Linux, to the small server market Linux rules now, and to the midrange and high-end server markets are different. As Linux 'forks' -- hopefully through a proliferation of compile-time options, not a real fork, Ransom hastens to add -- the high-end parts will end up participating in some sort of technology-sharing arrangement with UnixWare.

"So, Linux, UnixWare, Openserver, Monterey (or whatever they're calling it now) what is the secret master plan? I draw a chart of OSes down the left, years across the top, fill in 'Linux 2.4' in 2001 with a question mark, and ask Ransom to fill in the rest. Arrows sprout from Linux and spread like fungus tendrils into the 'UnixWare' and 'Monterey' areas -- that's the compatibility thing -- and a big arrow moves forward into the future along the UnixWare/Linux dividing line. This represents the spawn of Linux and UnixWare, an uber-OS with a yet-to-be-determined licensing policy. Ransom says you'll be able to see the source code, but parts will be open source, and parts will be 'viewable source' -- you'll be able to read it, but not modify and redistribute it."

In January of this year IBM became a Technology Partner of SCO (United Linux).

On March 17 of this year Opinder Bawa, formerly of IBM and Toshiba, but then Vice President of Technolgy and Development at SCO, wrote an article for Computerworld. It was titled "How To Integrate Linux With Unix. His last suggestion was: "4. Contact the necessary vendors and gather the binaries and source code needed to allow Unix applications to run on Linux and Linux applications to run on Unix."

SCO works with the Linux kernel and donated code, but didn't notice any infringement in those years?

Caldera Employees Contributed to Linux kernel

"Caldera Employee Was Key Linux Kernel Contributor".

"Could the Identical Code be From Contributions from SCO Employees Themselves? A Reader Names a Name".

About SMP: "The initial port was made possible thanks to Caldera Multiprocessor Linux Kernel Development."

Caldera worked on unifying Linux and UNIX

Ransom Love's Linuxworld 2000 Keynote Speech: Caldera To "Add Components" to Linux Kernel To Make It Scale.

Video of Ransom Love's speech.

IWeThey Twiki on Trillian Project.

http://www.linuxia64.org/pressQA4.pdf .

http://www.caldera.com/images/pdf/scolinux/UnitedLinux_whitepaper.pdf .

Trillian Project.

"Caldera Backs Away From 64-Bit Open Unix": "'The feedback from Intel and our customers is that 64-bit addressing today just isn't a priority, and the 32-bit processors are just getting better and better,' said Caldera's VP EMEA, Chris Flynn. '32-bit is good enough for most people's processing requirements.' That appears to suggest that Open Unix and OpenServer's lifespan will last only as long as 32-bit processors continue to sell, but Flynn maintained that the operating systems will remain available as long as customers want them.

"'There's plenty of mileage in 32-bit Unix,' he said. 'Until our customers tell us that they don't want Unix and they don't want 32-bit Intel any more, which I don't see happening, then nothing's going to change. 32-bit is just great for customers over the next few years, but we do have choices, and we could move forward with our 64-bit projects.'

"One of those choices will be 64-bit Linux, which is being developed through the IA-64 Linux Project, and will be available from Caldera. Flynn believes that by the time users are looking to purchase 64-bit servers and operating systems in volume, Linux will have gained the robustness and scalability it requires to compete with Unix in the enterprise market.

"Another option Caldera has on the shelf is IBM's AIX 5L, which was developed from the Monterey project between IBM and SCO. In 2001, Caldera offered a preview of the AIX 5L operating system for Itanium to developers, and it remains a possibility that Caldera will offer IBM's Unix for 64-bit users should there be the demand."

Old SCO, Santa Cruz Organization, also donated to the Linux kernel.

1999 SCO press release: "As a founding sponsor of Linux International, SCO is a strong proponent of the Open Source movement, citing it as a driving force for innovation. Over the years, SCO has contributed source code to the movement, and currently offers a free Open License Software Supplement CD that includes many Open Source technologies. SCO UnixWare 7 operating system, the fastest growing UNIX server operating system for the past two years, supports Linux applications as part of its development platform."

2000 SCO press release.

SCO Answers Questions About Linux.

Programmer Peter Roozemaal on Groklaw finds Caldera copyright notice in Linux, indicating company officially donated the code and naming the employee who wrote the code.

Linux services being implemented in Project Monterey:

www.tdagroup.com/pdfs/ebus.pdf
http://www-5.ibm.com/se/news/1999/12/p9912081821.html
http://archive.infoworld.com/articles/hn/xml/00/08/10/000810hnibmaix.xml
http://home.clara.net/blenny/AIX5L.html

OpenUnix not on i64 in 2002:

"Q: So OpenUnix will continue in parallel to OpenLinux?
"Yes. OpenUnix could well keep going in parallel to OpenLinux. We are not moving OpenUnix onto Intel's 64-bit platform, but (Intel's current 32-bit architecture) will be around for a long time yet."
-- May 31, 2002, Ransom Love.

Ars Technica articles explain 64-bit here and here.

Recent Microsoft intellectual property cases

MS SQL Server.

Intertrust.

Sun Microsoft.

Eolas.

Burst.com"Did Microsoft 'steal' Media Player 9 technology?"

Newsforge opinion saying users of GNU/Linux are currently in less legal danger than users of Microsoft's SQL Server 7, thanks to the Timeline win over Microsoft in their contract dispute over Timeline's patents.

Timeline Memo:

"This memorandum is intended to help third parties analyze potential patent infringement(s) as it relates to their own product offerings. It is Timeline's position that any party on notice of the existence of the 511 patents has a legal duty to investigate and form a reasoned opinion on infringement. That is not Timeline's duty. And, if a party forms an opinion that there is infringement, then its duty is to procure a patent license, or modify its products to "design around" an infringement, or cease any further use, license, maintenance, etc. of the product. Otherwise, the users, manufacturers, and distributors are subject to statutory claims for treble damages for willful infringement similar to those embodied in RICO, Anti-trust and Consumer Fraud statutes.

"The 511 patents can apply to stand alone software products or combinations of software products. Of particular focus at this time are products used in conjunction with Microsoft SQL Server 7.0 or after. All Microsoft products stand-alone are licensed. But whether a combination of products infringes all the elements of a valid claim of a Timeline patent must be examined. If so, then whether the non-Microsoft code or product provides at least one of the material steps in such infringement must be determined. In that case, the step(s) provided by the third party product or code is not covered by Microsoft's license. The user, licensee, licensor, or manufacturer must secure its own license or stop any further use."

The Register quotes the president of Timeline as saying that damages facing SQL Server developers could be in the millions. A Timeline press release back in February announcing the judgment, appears to be threatening legal action against SQL Server developers and users, "...particularly those Microsoft customers who relied on Microsoft's assurances, failed to investigate them thoroughly, and knowingly continued to provide material steps in an Infringing Combination. These infringers, if any, may face treble damages for the entire three and one-half years the case was tied up in the courts. Microsoft is not a law firm. Relying on its advice should not constitute acting in good faith; which is the required defense to treble damages for failure to investigate and honor patents once on notice of their existence.'"

The press release quoted in full in the Register, headlined "Microsoft Vs. Timeline Final Judgment Affirms Timeline Patent Rights; SQL Server Users Could Face 'Staggering' Damages", says this in relevant part, though we recommend reading it in full:.

"'Why Microsoft would mislead its own customers, arguably inducing them to act in a manner potentially to their great detriment, was initially very difficult for us to understand,' Osenbaugh continued. 'We assumed Microsoft simply felt that someone would successfully challenge the Timeline patents or that Timeline would capitulate before Microsoft's statement came back to haunt it. And Microsoft openly supported a number of third parties who unsuccessfully challenged the validity of the Timeline patents.

"'But, in hindsight and even though Timeline won the litigation, we must admit Microsoft's approach apparently worked for it. The monies spent on legal fees were inconsequential to them. Between the litigation and the false press release, Microsoft effectively froze Timeline out of leveraging its patent-protected niche in the SQL Server market for over 3 1/2 years. This time period was long enough for Microsoft to launch its now openly stated strategy to become dominant in the ERP and Analytics software market historically serviced by its own customers.'"

7. WE RESPECT THE LAW

SCO spokesman: "The Web site of embattled software maker The SCO Group Inc. was inaccessible again on Tuesday, fueling reports of another denial of service attack.... The outage prompted Netcraft to declare that SCO was again the target of a DoS attack. However, the outage was actually due to preventative measures taken by SCO and its hosting service to mitigate the effects of future attacks, according to company spokesman Marc Modersitzki."

Netcraft: "The SCO site was up for a few hours during business hours in Utah, but has since failed again. Many news sites carried the story that Eric Raymond had spoken to a group responsible for a Distributed Denial of Service attack on the www.sco.com site and that they agreed to stop. However it appears that this may have been a hoax, or they subsequently changed their minds, or another person decided to continue the attack."

James Dornan: "I have just called the 800-SCO-UNIX phone line, pressed option #5, and spoke with a 'Customer Care' person about The SCO Group's web site outage. The lady on the phone was cheerful and nice, all the best things you could expect from a person handling problems. She claimed that 'We upgraded the site this weekend, and are having problems getting it up come back up.'"

8. WHO MAKES UP THE OPEN SOURCE COMMUNITY?

Linux International .

Linux Documentation Project's "Powered by Linux!".

Mandrake's Linux Success Stories.

Governments like Linux.

Quantitative data on Linux.

Why open source beats closed for debugging: Damien Challet and Yann Le Du of the University of Oxford have written a paper titled "Closed source versus open source in a model of software bug dynamics."

SCO's UNIX business declining

Most recent 10Q filed with the SEC for the quarter ending July 31, 2003.

Last annual report filed with the SEC.

Linux Journal: "According to McBride, 'obviously Linux owes its heritage to UNIX, but not its code. We would not, nor will not, make such a claim.'"

"While acknowledging the validity of SCO's search for licensing fees from those genuinely using Sys V Unix, Claybrook sees a hint of desperation in SCO's litigious behavior. 'Before any of this happened, SCO's business was going nowhere,' Claybrook concludes. 'I think things were getting desperate because they weren't generating any revenue from their Linux business and their products were losing market share steadily.'"

9. DUAL LICENSING IS AN OPTION

Text of the Lesser General Public License (LGPL).

How the LGPL Works.

MySQL offers their software under a dual licensing program: "All of our products are available under open source licenses, but we also sell commercial licenses for all of the products so they can be adopted in situations where an open source solution is not appropriate."

OTHER RESOURCES

Historian Peter Salus, author of "A Quarter Century of UNIX", on the history of UNIX and the UNIX licenses, on video and as an MP3 stream and download.

"The Smoking Gun".

Dan Ravicher, Esq.'s paper, "Software Derivative Work: A Circuit Dependent Determination.

IBM's Subpoena to Canopy Group.

UNIX chart.

The Novell Letters.

Groklaw's Legal Links.

Does SCO own UNIX?

MISCELLANEOUS

Is SCO Math-Challenged?

Count of NUMA and RCU code lines.

"Dick Gringas, a programmer, spent the time to figure out some of SCO's math. They are talking about millions of lines of code. Dick has figured out the numbers for SMP/RCU/NUMA code in Linux, and even if you put them all together in one heap, it doesn't add up to millions of lines of code."

Martin Pool:

"Cutting out the bits of code that don't exist in SCO, while still giving them the benefit of the doubt, I get rather less than a million lines of code. Perhaps 500,000, depending on how you cut it.

"I just don't think there *are* a million lines of common functionality between Linux and SCO. If I was starting from scratch to write something like Linux, and I had carte blanch to copy from SCO then I don't think there are a million lines I'd be able to use. (And this is to say nothing of SCO's notoriously bad code quality, which made Linux such a pleasant change years ago.)

"You could do this more rigorously by going through SCO's feature list and picking out the particular files in Linux that match: a driver for this IDE chip and that SCSI card and so on. It's more work than I care to put into it at the moment, and I'd lay money that you won't get to a million lines."

When Did SCO Decide to Sue?

"McBride said that he initiated an investigation into the provenance of Linux code in January this year after IBM Software Group senior vice president Steve Mills had pledged at LinuxWorld to 'transport' IBM's knowledge of AIX into Linux. "That startled us because they have contracts that state that they won't do things like that," said McBride."

SCO hired Boies Schiller Flexner weeks before IBM'S Steve Mills spoke at Linux World. Steve Mills made his speech on Thursday, January 23, 2003.

January 22, 2003, Darl McBride confirmed that SCO had already retained Boies.

Maureen O'Gara broke the story of SCO+Boies on January 13, 2003.

Groklaw "Methinks He Doth Protest Too Much".

Caldera released under the GPL for years

Now They Are Starting to Look at the GPL?

More.

SCO and Industry Leaders Establish Free Standards Group.

SCO to boost revenue by offering Linux services.

SCO grasping at the Linux straw?

Note quote from SCO PR Director: "'We embrace the Linux movement, It's open source, which is where Unix came from, and it encourages innovation, not stagnation,' said SCO's PR director Brian Ziel in a email. 'Developing for Linux is developing for Unix.'"

SCO's OpenLinux Install Documentation, the introduction, is titled "Where did Linux come from?" and it helpfully explains the GPL thus:

"Linux was started in the early 1990s as a small research project by a Finnish college student named Linus Torvalds. Soon after Linus started his project, hundreds of others began to participate in its development via the Internet. A cooperative venture grew in which thousands of people were working together to create a new operating system. The inclusion of the GNU utilities from the Free Software Foundation (see http://www.fsf.org) and the release of Linux under the Gnu General Public License (GPL) furthered the spread of this work. The GPL provides that the source code to the software is released with the product and that no one can restrict access to it. Software licensed under the GPL license is sometimes referred to as Open Source software. With this type of software, anyone can examine and extend the source code, but all such work must be released for public use. Other licenses provide for inclusion of source code with its associated software, but to date the GPL is the most common Open Source license."

It then adds that "Programs that run on Linux don't have to be licensed under the GPL or any other Open Source license. Thousands of commercial applications that you can run on Linux (such as Corel WordPerfect 8 or Oracle 8 Server) use commercial licenses; they are not "GPLed," and do not include source code, thus they cannot be freely distributed. The Linux product you have purchased is built upon the work of thousands of individuals, then assembled and packaged by Caldera Systems, Inc. More complete histories of Linux and the free software and Open Source development communities are available in many of the online and printed resources named at the end of this chapter."

"About the GNU Tools" in the same guidebook says:

"The GNU toolchain is a set of compilers and development tools that are the foundation of the Linux development environment and are also supported on many other platforms. These and other handy development tools are available at the www.gnu.org website. Built versions of many of these tools are included on the Caldera OpenLinux Workstation, either in the main development system or on the 'contrib' CD.

"All source code for GNU tools is available; anyone can download, build, and use them for free. You can also download the current 'Top of Tree' and make modifications to the tools that are needed. If you fix a bug or add a significant feature, you should contribute it back to the community, although this is not required if you do not distribute your altered software. If you distribute such work, you are actually required to distribute your source and contribute it back to thw owner of the original software. See http://gcc.gnu.org for more information about participating in this work; always consult with your own legal authorities about your specific rights and obligations for any work you are doing.Several different license types can be used for code that is contributed to the Open Source community. See www.opensource.org for an overview of the terms and restrictions of the different licenses.

"Note that you are not required to provide the source for an application that is created using the GNU toolchain. You must, however, carefully check the license type of all libraries that are used in the code: libraries that are covered by a GPL can only be used in free software; libraries that are covered by an LGPL can be used in free or proprietary software. The www.gnu.org web page provides more information about the terms of the different licenses; when in doubt, consult your legal experts."

In their guide for developers, they clearly state that Linux is "a UNIX-like operating system" and Linux and GNU tools are released under the GPL:

"The Linux operating system and the GNU toolchain are released under the GNU General Public License (GPL). The GPL provides that the source code to the software must be made available and that no one can restrict access to it. With this type of software, anyone can examine and extend the source code, but all such work must be released for public use. Other licenses provide for the inclusion of source code with its associated software, but GPL is the most common Open Source License. 1.2. What is OpenLinux?

"OpenLinux is Caldera's self-hosted source code Linux distribution that conforms to commercial software release procedures. OpenLinux is based on the most current stable open source technologies, but subjected to rigorous testing procedures similar to those used for proprietary operating systems."

This page lists some of their contributions to the Linux kernel "Early support of the SMP development effort (hardware provided to the SMP development team)."

They have whole pages devoted to the GPL, in which they accurately explain how it works. For example, here it says:

"This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License."

On this page of the Installation Guide, which explains Linux and gives some of its history, it says that Linux is a "UNIX operating system clone", with no AT&T code in it:

"What makes Linux so different is that it is a free implementation of UNIX. It was and still is developed cooperatively by a group of volunteers, primarily on the Internet, who exchange code, report bugs, and fix problems in an open-ended environment. Anyone is welcome to join the Linux development effort. All it takes is interest in hacking a free UNIX clone, and some programming know-how. The book in your hands is your tour guide. (later also says: Linux is a free version of UNIX developed primarily by Linus Torvalds at the University of Helsinki in Finland, with the help of many UNIX programmers and wizards across the Internet. Anyone with enough know-how and gumption can develop and change the system. The Linux kernel uses no code from AT&T or any other proprietary source, and much of the software available for Linux was developed by the GNU project of the Free Software Foundation in Cambridge, Massachusetts, U.S.A. However, programmers from all over the world have contributed to the growing pool of Linux software."

IBM preceded UNIX: "It is absurd to say that Unix was the foundation for Hewlett-Packard and IBM, as Lewis does in his introductory paragraph. Both companies had been established for more than thirty years when the first line of Unix was written."

Appendix

Darl McBride's Open Letter to the Open Source Community.

Darl explains his letter.

Copyright © Groklaw, 2003

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?