Tom Moody - Miscellaneous

Tom Moody - Miscellaneous Posts

These posts are either "jump pages" for my weblog or posts-in-process that will eventually appear there. For what it's worth, here's an archive of these random bits. The picture to the left is by a famous comic book artist.



View current page
...more recent posts



Making the world safe for free software
A litigious blitzkrieg by the anti-Linux crusader the SCO Group has been enraging open-source developers for months. But SCO's attack has ignited its own counterreaction.
- - - - - - - - - - - -
By Farhad Manjoo

April 15, 2004 | In the summer of 2002, engineers at the Chrysler Corp.'s research and development facility in Auburn Hills, Mich., jumped on the Linux bandwagon. For several years, the company had been running computerized simulations of high-speed vehicle crashes on a network of expensive -- and, eventually, comparatively slow -- Unix mainframes; each crash test would take days to compute, eating into Chrysler's production cycle.

The company's IT department, with consultation from IBM, saw that a "cluster" of Linux machines could do the job faster, for less money. By replacing its Unix system with about 100 off-the-shelf IBM PCs running Red Hat Linux, Chrysler boosted the speed of each crash test by about 20 percent, while reducing maintenance costs by about 40 percent.

Chrysler's experience with Linux makes for a classic open-source software success story. By choosing the free, flexible operating system over a proprietary system, the company saved money and time; the story would make a good ad for Red Hat and IBM. And that's probably why the SCO Group -- the small software company in Linden, Utah, that has been Linux's biggest detractor during the last year -- decided to punish Chrysler.

SCO claims that Linux is actually an illegal derivative of the Unix operating system, which SCO says it owns. In a lawsuit filed on March 3, SCO accused DaimlerChrysler, Chrysler's corporate parent, of violating the terms of a Unix license Chrysler signed in the 1980s -- the violation, SCO suggested, stemmed from Chrysler's adoption of Linux in place of Unix. At the same time, SCO sued AutoZone, the giant car parts retailer, which uses Linux in each of its 3,000 stores; SCO claims that by using Linux, AutoZone is "willfully" infringing upon SCO's intellectual property.

To fans of Linux, SCO's latest moves are both silly and a little bit scary. The company's case is widely thought to be extremely weak. Of course, people say, SCO is never going to stop AutoZone and DaimlerChrysler from using Linux! But the scary part is that it might not matter much whether SCO's case is weak, because even frivolous lawsuits demand an (often expensive) defense. Consequently, some in the open-source community wonder whether SCO's case indicates a real cause for concern with free software.

"They sued AutoZone and DaimlerChrysler even though those companies didn't do anything wrong and acted in good faith," says Daniel Egger, a partner at the venture capital firm Eno River Capital. AutoZone and DaimlerChrysler simply purchased open-source software; they didn't write the code. But "because of a quirk in our legal system," Egger says, "you can be sued for using software when you did nothing wrong, just because some third party claims that they own part of that software or that the software infringes on their rights."

This is a problem, Egger says. Corporations take risks all the time, but they're not fans of unquantifiable risks. Companies don't want the free software they install today to become a hundred-million-dollar legal boondoggle five years from now. And that's why what the open-source world could really use, Egger says, is a financial mechanism to measure and eliminate the "risk" associated with using software like Linux. There's a word for such a complex-sounding system: "insurance." And if you're the IT manager at a big company and you're thinking of installing Linux, Daniel Egger would like to sell you some coverage.

Egger is the founder of Open Source Risk Management, or OSRM, an innovative new firm that will soon begin offering insurance protection for Linux. At the cost of $30 per $1,000 of coverage, OSRM promises to defend Linux against all infringement claims, exactly the kind of suits that Chrysler and AutoZone are now facing. If SCO represents the biggest threat to Linux in its existence so far, then OSRM is a classic example of how the flexible open-source world reacts to every new threat -- by innovating a new, widely distributed, from-the-bottom-up solution.

Insurance is crucial for Linux, Egger says. Unlike proprietary software, the free operating system is vulnerable to third-party infringement claims. When large corporations buy applications from proprietary software firms such as Microsoft, they are usually sold rock-solid "indemnification" packages -- clauses that let the customer off the hook in the case of any legal question surrounding the software. But it's not the same for Linux, which was written by many developers all over the world and can't be guaranteed by a single firm. It wouldn't be fair to ask Red Hat, say, to indemnify you of any claims against Linux, Egger points out. "You would be asking them to guarantee something which they have no more knowledge of than you do," he says. "You're asking them to do something where they might be in the position of having to guarantee what their competitors wrote."

Egger believes that only a neutral firm can guarantee the legality of Linux, and only one that has strong ties to the developer community. In order to guarantee that Linux isn't infringing on anyone else's property, OSRM is inspecting the OS's code with the help of many developers. The firm is being advised by such open-source gurus as Bruce Perens, and it has hired Pamela Jones, a paralegal who runs the popular Groklaw discussion site, to help with legal strategies. Jones is the pioneer of what she terms "open legal research" -- complex legal research done in the open, on the Web, by groups of people with varied expertise in law and code. During the past year, Groklaw has been the center of such research aimed at thwarting the SCO case; Jones and others on Groklaw plan to do similar work for OSRM.

It's these ties to the open-source community that make OSRM most interesting. The firm, says Bruce Perens, gives open-source developers a chance to stand by their work. "What we are saying is, for a very small amount per year we will put our money where our mouth is," Perens says. IT managers "will not have to defend this use to their bosses again."

There's no evidence, yet, that SCO's efforts against Linux have been effective. For several months, SCO has been asking corporate users of Linux to pay it for the right to use the free operating system -- but in the first quarter of the fiscal year, the company only managed to sell $20,000 worth of licenses for Linux, which suggests that most firms don't believe SCO's claim that it owns Linux. (In order to sell these $20,000 worth of licenses, SCO spent about $3.4 million on litigation during the quarter.) Meanwhile, the Linux market seems as strong as ever. Don Marti, the editor of Linux Journal, points out, for example, that the Linux server business experienced double-digit growth during the past year.

But Marti also says that he knows of some companies that are at least delaying plans to migrate from Unix to Linux, which is understandable considering SCO's attacks. Both AutoZone and DaimlerChrysler were once celebrated for their adoption of Linux; now they're being sued for it. If you were a large corporation thinking about Linux, wouldn't you wait until the dust settled?

Well, if you were a lawyer at one of those Linux-leaning corporations, one thing you might consider doing first is reading Groklaw. Groklaw was founded about a year ago by Pamela Jones, a paralegal and a techie who became intrigued by SCO's $5 billion case against IBM. SCO claimed that IBM engineers had secretly stolen code from SCO's Unix software and stuffed the code into Linux, making Linux an illegal copy of SCO's property. Jones, who was skeptical of this claim, began blogging about it. "I thought maybe, in my wildest scenario, a hundred people would ever read what I was doing, and I was thinking exclusively of a blog, not a Web site," Jones told Salon in an e-mail interview. "Blogs are more casual and have more leeway editorially. So I was just breezing along with panache, without a care in the world. It felt like I was writing 'Dear Diary, today SCO did thus and so.'" But as the SCO case heated up, Jones saw her site catapulted into the spotlight -- i.e., it was getting frequent links from Slashdot -- and the content morphed into something more than breezy blogging. Soon, she says, groups of people with expertise in various areas of the law and software development began offering her tips, and in a short time these readers began working together on Groklaw projects aimed at undoing SCO's case.

For example, in January, a group of Groklaw regulars published an exhaustive examination of a set of files in Unix System V called the Application Binary Interface; the team looked at the legal and technical history of these files, as well as SCO's role in their development, in order to determine whether SCO could reasonably sue others for using the ABI files. Their conclusion: "I think you will see from this article alone that if SCO is planning to sue anyone over the ABI files, unless there are facts we haven't unearthed, they seem to be leaning on a rickety bamboo reed."

"I couldn't do that definitive research without the community," says Pamela Jones. "I don't think IBM could either, for that matter. I believe we have established that there is no point in SCO pursuing the ABI files."

Jones has been praised by just about everyone in the open-source world for her efforts to undermine SCO. Linus Torvalds, the creator of Linux, has said that Groklaw shows "how the open-source ideals end up working in the legal arena, too, and I think that has been very useful and made a few people sit up and notice." Bruce Perens calls Jones "paralegal to the world." Clay Shirky, the influential tech pundit, points out that "Groklaw may also be affecting the case in the courts, by helping IBM with a distributed discovery effort that they, IBM, could never accomplish on their own, no matter how many lawyers they throw at it."

About the only party not happy with Groklaw is SCO. The firm's CEO, Darl McBride, has publicly accused IBM of secretly funding Groklaw (Pamela Jones denies this.) In an interview with Salon, Blake Stowell, a spokesman for the firm, dismissed the idea that Groklaw can be a source for well-researched insight into the SCO case; in his view, much of what goes on at Groklaw is unabashed SCO-bashing. "One of Groklaw's biggest roles is to provide an opinion," Stowell said. "I think they have been successful in having an awful lot of people come to their site to gain an opinion on things. But it's a very one-sided opinion, and if that's the only thing that people read to gain an opinion on things they're getting a very one-sided view." Stowell doesn't think that Groklaw has uncovered anything of lasting import legally. "I don't think they've influenced at all what we've done in our lawsuit," he said.

Reading through Groklaw, it's certainly easy to see Stowell's point. You'd be hard-pressed to find a pro-SCO word on the site, and, as on Slashdot or any other discussion board, "there's a lot of chatter and noise in the comments," notes Don Marti, of Linux Journal. But it's also true that readers of Groklaw often point to valuable primary sources of new information concerning complex legal controversies, Marti says, and for a lawyer looking into Linux, these resources are probably very helpful.

It's this aspect of Groklaw that attracted Egger, of OSRM. One part of establishing Linux's legality in order to offer insurance for it, Egger says, is sorting out the complicated legacy of Unix; Egger considered Groklaw the perfect forum to conduct this research. "The history of Unix is very tangled and confused," Egger says. Anybody who owns a bit of Unix can say, "There's something in Linux that is similar, so I'm going to sue!"

That's what SCO did, Egger says, "and if SCO can do this, there are about 30 other Unix product lines besides the ones that are in dispute in the SCO case, and we better find out what happened to those, who owns them and what happened to them." Through OSRM, Egger will fund part of Jones' work on building this "Unix timeline," but all of the information the project digs up will be given to the public domain, Egger says. The timeline project will also include the work of hundreds of volunteers who asked to help after Jones announced it on Groklaw. In an article to be published in a forthcoming issue of Linux Journal, Jones says that the volunteers include "most of the published historians of Unix and many of the people who actually contributed to Unix in the first place." She adds that one Groklaw reader has called her "the maintainer of the Linux anti-lawsuit kernel," which Jones says is a "good description of what our project is all about."

The core of the Linux operating system -- the "kernel" -- is made up of millions of lines of code written by programmers of varying ethical and professional obligations; it is not a piece of software designed to satisfy lawyers, as is probably the case with much of the code written at proprietary firms, but instead to satisfy developers. So how can OSRM ever be sure enough of what's inside Linux -- and of where it came from -- to offer insurance for the system? Egger says that the company has launched an extensive "certification process" of the operating system. The process is labor intensive, but, he says, not all that difficult.

"We look at the origin of the code and make sure it was written by reputable people," he says. "We make sure we know they weren't involved in litigation, and that the companies they worked for agree that they were authorized to contribute this code to Linux. So we look at who wrote the code and what documentation there is around that." OSRM also maintains a "huge database" of both proprietary and open code from other software, Egger says, and the company is comparing that code with the Linux code "to look for possible copying." The company has not yet completed its certification of Linux, but so far, Egger says, "I have not found anything that would cause me to be concerned -- it looks very, very clean." But Egger adds that if he did find something, "we wouldn't tell you -- we would just quietly work with the developers to fix it."

Egger considers this part of the process key to the success of OSRM. There are probably some in the open-source community who look askance at Egger's project; part of the business of selling insurance for a product, after all, is convincing customers that there's a risk associated with using that product, and many open-source developers don't think there's anything risky about using Linux. But Egger insists that he's not looking to profit from weaknesses in Linux -- and, indeed, he says he'll do everything he can to work with Linux developers to make the system safe from legal attacks. "We'll quietly identify places where better documentation, a better record will reduce the risk of future litigation," he says. "We call it 'papering the kernel.' We're engaged in these activities at a very high level. That's the value of insurance companies -- we're involved with the community in risk mitigation activities, in developing best practices for reducing exposure, and in proactive research." All of this, he says, makes Linux safer.

And slowly, fans of open-source software -- even the ones who think SCO's claims are bogus -- are coming around to the idea that Linux has got to be made safer from third-party infringement suits. Last year, Pamela Jones was somewhat skeptical of the idea that open-source software needed legal protection; now, she's changed her mind. "I haven't changed my mind about the strength of the GPL, [GNU General Public License] which is what really protects you," she notes. "But I became convinced, when I saw the stock price shooting up, that there will be copycat SCOs. I know my business enough to know that it is pretty much inevitable. Nuisance lawsuits are a fact of life. How do you protect against that threat?" OSRM, she says, offered "a way for the community to fight and win against future nuisance lawsuits ... Nuisance lawsuits will come. So we must be realistic."

Then Jones added this analogy: "When you buy insurance for your car, is it because you don't trust the workmanship or have doubts if Ford had the rights to the machinery that built it? Or is it because you realistically know there are bad people in the world who might steal your car or your radio or scratch your windshield by throwing a rock at your car?

"It's the same with software. There's nothing dangerous about GNU/Linux software. What you need protection from is people, bad people."

- tom moody 4-15-2004 4:53 pm [link] [add a comment]



Will the Opposition Lead?
By PAUL BERMAN
("I wish the Democrats would...put...together a...shadow government...to explain the dangers of modern totalitarianism.")

The war in Iraq may end up going well or catastrophically, but either way, this war has always been central to the broader war on terror. That is because terror has never been a matter of a few hundred crazies who could be rounded up by the police and special forces. Terror grows out of something larger — an enormous wave of political extremism.

The wave began to swell some 25 years ago and by now has swept across a big swath of the Muslim world. The wave is not a single thing. It consists of several movements or currents, which are entirely recognizable. These movements draw on four tenets: (i) a belief in a paranoid conspiracy theory, according to which cosmically evil Jews, Masons, Crusaders and Westerners are plotting to annihilate Islam or subjugate the Arab people [why single out Arabs here? do paranoids in Iran or Pakistan not fear subjugation too?]; (ii) a belief in the need to wage apocalyptic war against the cosmic conspiracy; (iii) an expectation that, post-apocalypse, the Islamic caliphate of ancient times will re-emerge as a utopian new society; (iv) and a belief that, meanwhile, death is good, and should be loved and revered.

A quarter century ago, some of the extremist movements pictured the coming utopia in a somewhat secular light, and others in a theocratic light. These differences, plus a few other quarrels, led to hatred and even war, like the one between Iran and Iraq. [Oh, those little quarrels.] The visible rivalries left an impression in some people's minds that nothing tied together these sundry movements.

American foreign policy acted on that impression, and tried to play the movements against one another, and backed every non-apocalyptic dictator who promised to keep the extremists under control. The American policy was cynical and cruel. It did nothing to prevent those sundry movements and dictators from committing murders on a gigantic scale.

Nor did the policy produce anything good for America, in the long run. For the sundry movements did share a common outlook, which ought to have been obvious all along — the paranoid and apocalyptic outlook of European fascism from long ago, draped in Muslim robes. [Islamofascism!] These movements added up to a new kind of modern totalitarianism. And, in time, the new totalitarianism found its common point, on which everyone could agree. This was the shared project of building the human bomb. [Kind of a Manhattan Project on the cheap.] The Shiite theocrats of Iran pioneered the notion of suicide terror. And everyone else took it up: Sunni theocrats, Baathist anti-theocrats of Iraq and Syria, the more radical Palestinian nationalists, and others, too.

The Sept. 11 attacks came from a relatively small organization. But Al Qaeda was a kind of foam thrown up by the larger extremist wave. The police and special forces were never going to be able to stamp out the Qaeda cells so long as millions of people around the world accepted the paranoid and apocalyptic views and revered suicide terror. The only long-term hope for tamping down the terrorist impulse was to turn America's traditional policies upside down, and come out for once in favor of the liberal democrats of the Muslim world. This would mean promoting a counter-wave of liberal and rational ideas to combat the allure of paranoia and apocalypse.

Some people argue that anti-totalitarian revolutions can never be brought about from outside. The history of World War II says otherwise. Some people respond with the observation that Germany, Italy and Japan are nothing like the Muslim world. In Afghanistan, the American-led invasion has nonetheless brought about an anti-totalitarian revolution. A pretty feeble revolution, true — but even feeble progress suggests large possibilities.

The whole point in overthrowing Saddam Hussein, from my perspective, was to achieve those large possibilities right in the center of the Muslim world, where the ripples might lead in every direction. Iraq was a logical place to begin because, for a dozen years, the Baathists had been shooting at American and British planes, and inciting paranoia and hatred against the United States, and encouraging the idea that attacks can successfully be launched against American targets, and giving that idea some extra oomph with the bluff about fearsome weapons. The Baathists, in short, contributed their bit to the atmosphere that led to Sept. 11. Yet Iraq could also boast of liberal democrats and some admirable achievements in the Kurdish north, which meant there were people to support, and not just to oppose. Such were the hopes.

As for the results — well, in one respect, these have turned out to be, in spite of everything, almost comically successful. Baathism's super-weapons may have been a figment of the universal imagination; [no, Saddam was trying to develop them 15 years ago; by 2003 they were a figment of the GOP imagination] but as soon as the United States elevated this figment into a world crisis, astonishing progress was made in tracking down weapons programs and trafficking in Libya, Iran, Dubai and Pakistan [GOP talking point]. Some people will go on insisting that sudden progress on these matters has nothing to do with Iraq, and the dominoes tumbled simultaneously by sheer coincidence — but some people will believe anything.

Nobody can doubt, however, that even in its planning stages, the invasion and occupation of Iraq were depressingly bungled. The whole thing was done in an odd mood of hysteria and parsimony, a bad combination. It is tempting to conclude that, all in all, we would have been better off staying out of Iraq altogether — and maybe this will turn out to be the case.

But everyone who feels drawn to that conclusion had better acknowledge its full meaning: the unavoidable implication that we would be better off today with Saddam Hussein in power; better off with economic sanctions still strangling the Iraqi people; better off with American army bases still occupying Saudi soil (Osama bin Laden's original grievance against us); and better off without the progress on weapons proliferation in the Muslim world (unless you believe in the sheer-coincidence theory, in which case, you think that progress would have happened willy-nilly [you silly person, you]). That is a pretty horrifying set of alternatives.

Now we need allies — people who will actually do things, and not just offer benedictions from afar. Unfortunately — how many misfortunes can fall upon our heads at once? — finding allies may not be easy. Entire populations around the world feel a personal dislike for America's president, which makes it difficult for even the friendliest of political leaders in some countries to take pro-American positions.

But the bigger problem has to do with public understandings of the war. People around the world may not want to lift a finger in aid so long as the anti-totalitarian logic of the war remains invisible to them. President Bush ought to have cleared up this matter. He has, in fact, spoken about conspiracy theories and hatred (including at Tuesday's press conference). He has spoken about a new totalitarianism, and has even raised the notion of a war of ideas. [But Bush is a loon, Paul!]

But Mr. Bush muddied these issues long ago by putting too much emphasis on weapons in Iraq (and his gleeful opponents have muddied things even further by pretending that weapons were the only reason for war). He muddied the issues again by doing relatively little to promote a war of ideas — quite as if his loftier comments were merely blather. His national security statement of 2002 flatly declared that totalitarianism no longer existed — a strange thing to say. War requires clarity. Here is incoherence.

Somebody else will have to straighten out these confusions, then. I think it will have to be the Democrats — at least those Democrats who accept the anti-totalitarian logic. And why shouldn't they show a bit of leadership? After the Spanish election last month, America needed to reach out to the new Spanish leader, Josι Luis Rodrνguez Zapatero, and his voters. Mr. Bush was in no position to do this, given that in November he had delivered a speech that was all-too characteristically insulting to the European left. Instead, it was Senator John Kerry who made a public appeal to Mr. Zapatero to keep troops in Iraq.

I wish the Democrats would follow Mr. Kerry's example and take it a step further by putting together a small contingent of Democrats with international reputations, a kind of shadow government — not to undermine American policy but to achieve what Mr. Bush seems unable to do. The Democrats ought to explain the dangers of modern totalitarianism and the goals of the war. They ought to make the call for patience and sacrifice that Mr. Bush has steadfastly avoided. And the Democratic contingent ought to go around the world making that case.

The Democrats ought to thank and congratulate the countries that have sent troops, and ought to remind the economically powerful Switzerlands of this world that they, too, have responsibilities. The Democrats ought to assure everyone that support for a successful outcome in Iraq does not have to mean support for George W. Bush. And how should the Democrats make these several arguments? They should speak about something more than the United Nations and stability in Iraq. They should talk about fascism. About death cults. About the experiences of the 20th century. About the need for democratic solidarity.

This is not a project for after the election — this is a project for right now. America needs allies. Today, and not just tomorrow. And America needs leaders. If the Bush administration cannot rally support around the world, let other people give it a try.

- tom moody 4-15-2004 8:28 am [link] [add a comment]