I was actually the "author" of one of the pieces of code that SCO claimed had been stolen from them - SCO's implementation of the Berkeley Packet Filter.
SCO had a collaboration with IBM called Project Monterey, in which SCO and IBM were merging their operating systems in order to be better positioned for IA64 (which at that point people still thought would be good).
One minor detail of the Monterey deal was that SCO got the right to port IBM's superior networking stack into SCO's operating systems. One part of IBM's networking stack was their implementation of the Berkeley Packet Filter, and that was one of the parts I ported over (I'm pretty sure the file still had a BSD copyright notice on it).
That was back in the days when SCO was a cool UNIX vendor that thought of itself as an extension of UC Santa Cruz. Back then employees couldn't really imagine it turning evil, and it made me wary of what my subsequent employers (Google and Facebook) could turn into.
SCO the "cool UNIX vendor" was not the company that sued. In 2001, the cool UNIX vendor was struggling and sold its UNIX business to Caldera. Caldera renamed itself "the SCO Group" and filed the lawsuit. [1]
The original SCO wasn't particularly cool either, I worked for a competing company that got called in to help them when they couldn't get get the 286 MMU to work, the deal was that we would get a copy of the resulting code, we got it working but in the end got zilch
I had to deal with fallout from this. At the time I worked at eBay, and were not allowed to use any OS except Windows or RedHat Linux. The reason we had to use RedHat? Because we had a paid license from them that included them absorbing all liability from IP claims regarding Linux.
But if anyone was around then, you'd probably remember that RedHat was one of the worse distros of linux at the time. So we were forced to use an inferior product because it came with IP indemnity. Thanks SCO!
While I agree that the SCO FUD surrounding Linux was real at that time (we all felt it), Red Hat was one of the most respected, functional, and widely-implemented distributions for the entire time SCO was in the news headlines.
> But if anyone was around then, you'd probably remember that RedHat was one of the worse distros of linux at the time.
There's no better microcosm of the early Linux world than this. "Yeah, that giant market-driving lawsuit was bad, I was there too and suffered along with the rest of you. But that's not the important thing: let me tell you about how bad RPM is compared to DPKG! Did you know the underlying archive format was cpio? CPIO!"
That's not intended to be too much of a barb (I was a Debian nut too, FWIW), but really, all that stuff seems pretty silly in hindsight.
There were several good versions of Red Hat (IIRC 7.3 was pretty good) and then RH9 had NPTL but unfortunately was incompatible with the rest of the world (very custom kernel, userspace, compiler). IIRC the egcs included in that led to all sorts of interesting outcomes.
One thing that the author of this article left out is that SCO was not SCO during this dark period of litigation.
SCO (Santa Cruz Operation) was an x86 UNIX vendor that wasn't great, but enjoyed a lot of market share. I'd estimate they were #2 to SUN in installations because it ran on commodity x86 hardware. But by the late 1990s, they knew their time was up given the pressure from Linux. When the company was sold to Caldera in Utah, very few original SCO people stayed, and those that did left quickly because Ransom Love (yes, that was his name) made it very clear the Caldera culture was not the old SCO culture, and that you'd have to relocate to Utah.
Following this, Caldera rebranded themselves back to SCO (The SCO Group) in an effort to convince people they were the same company. After all, they needed all the help they could get.
So, essentially, litigation SCO was not the original SCO. And in many ways, litigation SCO tarnished whatever respect the original SCO had.
>But by the late 1990s, they knew their time was up given the pressure from Linux.
They were savaged by Windows NT before Linux became an appreciable factor. Which was one of the main arguments against Linux causing faux-SCO (as an industry colleague of mine liked to refer to them as) economic harm even if their claims were true--which they weren't.
But also, yeah, charting the corporate identities through that period was hard to keep straight. There was also a branch of Santa Cruz desktop products that ended up with Sun.
And litigation-SCO deliberately tried to confound the two, so that people assumed that litigation-SCO had all the IP rights that original-SCO once had. They didn't, though, as the court case showed.
Interesting side effect of this (to me :-)) is that when Blekko was acquired by IBM I got stuck doing what is called "Blue Washing" where IBM tracks down the licenses, origins, and usages of all the source code the acquired company is bringing to IBM. According to people I worked with when doing this, the entire process and toolset was an outgrowth of the work they did to disprove SCO's claims in the lawsuit.
I found it was both invasive and thorough, and generally engineers didn't like it when the answer was "You have to delete that, we can't verify we have rights to it."
Frequently used for things like internal audits, compliance, due-diligence during financing, etc.
It’s remarkably thorough but not always completely accurate - it flagged an open source project I created that we were using as GPL. I had to correct them, which was entertaining.
I was at IBM around the time of the SCO lawsuit and had to help out with blue washing a few projects. It was also around that time that there had been some high-profile cases of GPL code getting shipped accidentally.
We had a tool that basically grepped through all the source for keywords like "Copyright", "License", or "GPL", and then we had to compile a report and get the lawyers to sign off on it. It didn't seem to me to be a very thorough way of proving provenance because it relied on proper attribution.
I wonder if it'll be much easier going forward. Take a suspect piece of code, run it through an LLM to explain it, pass the explanation to another LLM to generate code from the explanation. An automated pipeline for clean room reverse engineering.
Personally, the most interesting thing about that event was groklaw. (http://www.groklaw.net/index.php) It is hard now to reconstruct the experience of having a website dedicated to something I cared passionately about. Groklaw is an example, in my opinion, of what the internet could be, should be and isn't. A website that provided a community for people with a common cause.
I don't mean to diminish the importance of Linux at all.
I really miss Groklaw. Sometimes I wish they could come back, the insight of the author and the community around the site was really valuable and allowed me to have a more informed opinion.
One of my greatest white elephant gifts were SCO stock certificates. Was a real challenge to figure out how to spend $20+ for a bit of paper as they were getting close to delisting. Really wish I had kept one for myself.
This is a hilarious quote, in the article, attributed to Linus, related to the concept of source code pedigree and the developer certification of origin for any contribution.
> For example, in the case of "ctype.h", what made it so clear that it was original work was the horrible bugs it contained originally, and since we obviously don't do bugs any more (right?), we should probably plan on having other ways to document the origin of the code.
The concept that bugs would prove the origin makes me giggle. Because yes, if the code was stolen, it would have been stolen without the bugs included.
I would love to get a signed picture of Darl McBride for my bathroom. Because he paid for it. I heard about this lawsuit, called up a couple of IP lawyers, talked to a bunch of programmers, and read everything on groklaw. I called both analysts who covered the stock -- one had a price target of $5, while the other had a price target of $45 (stock was about 20 at the time). Then I shorted it with most of the money I had. It went down and I used the equity to short even more of it. In retrospect, the analysis was correct (i.e. don't sue a company that has more lawyers than you have employees without a good case), but the level of risk I took was insane, and it kept me up late at night for a long time.
When Microsoft sold Xenix to SCO, I seem to recall that part of the deal was Microsoft agreeing to not compete in the Unix market. Today, Microsoft is embracing Linux with their WSL stuff and that certainly impacts the Unix market.
Maybe the 1997 agreement between the two companies ended Microsoft's exile from Unix-land or maybe when Caldera bought SCO's Unix business the Microsoft agreement didn't transfer?
And I realize that, unlike macOS, Linux isn't Unix but it does compete in that market.
One of the weird side stories from the SCO saga was that of Dan Lyons, who at the time was a reporter with a little cottage industry in stories praising the work of SCO and predicting IBM’s imminent loss and comeuppance for all the Linux neck beards.
It later turned out he was also behind the briefly-popular “Fake Steve Jobs” blog, and on the strength of that reputation he left journalism to go into tech company marketing, with a brief side job writing for the show Silicon Valley.
How different would the history of Linux have been had FreeBSD (and its forks) not been encumbered by lawsuits in the 1990s? Would Linux have gained the mind and market share it did or would the BSDs have won?
I hadn't heard of Darl McBride (CEO of SCO) and I looked at his LinkedIn; this is his side of the story from his time at SCO, as he puts in in his work experience section. I found it super interesting.
All of my work experience before and after SCO was of the startup/entrepreneurial variety. Fun stuff, new, exciting and positive. Then some former colleagues on the board of SCO (previously Caldera) convinced me to come in and try and turn around a company that had fallen from a billion dollar valuation down to a measly six million. They only had $8 million of cash and they were burning $4 million per quarter so I basically had 6 months to complete the turnaround.
What they didn't tell me was the company was in a dispute with IBM over disputed UNIX software code. This led to us filing a lawsuit against IBM, retaining David Boies to represent us, raising $76M to fight the battle, seeing our stock go from $0.66 per share to $22 per share, then falling back down to pennies per share after losing an important trial.
IBM teamed up with Linux programmers worldwide to go against me and I showed up on the cover of Fortune Magazine as "Corporate Enemy Number One". Hey, at least you can say that I was number one at something huh? I was as popular in the tech industry as Donald Trump hanging out at an Oscars after party with a bunch of Hollywooders.
The legal battle is not actually over, 15 years later, the case is in review at the 10th circuit court of appeals in Denver.
Silver Lining: While the courtroom battles were raging, we started a mobile apps business that I later bought out of SCO with some friends. That is where Shout came from. Back to the worlds I know and love - tech startup tied to sports and entertainment.
During project Monterey I had to setup all of the services that allowed SCO/IBM/Sequent on the IGS/IBM side. A few short years later I was tasked with pulling all of the IBM AIX design docs and source code for discovery going back to the beginning.
One has to recall that what sued IBM was the Ray Noorda Canopy Group. Aka Caldera.
Which also levied lawsuits against Microsoft. Far from the ocean view of Santa Cruz.
I was recently bitten by this ghost of the past in the present day! Since the TLA⁺ project is trying to join the Linux Foundation, they've recently started enforcing Developer Certificate of Origin (DCO) signing on all of the repos under the github.com/tlaplus org. The CI workflow started insta-failing on my PRs since none of my commits included a DCO. Fixing this isn't terribly difficult, github gives you a rebase command to run so you re-apply every commit locally with DCO signoff, then force-push. Then in the future you have to remember to run git commit -s -am "commit msg" instead of git commit -am "commit msg". The -s flag adds a DCO message to the commit.
>Microsoft, which had not yet learned to love Linux, funded SCO and loudly bought licenses from the company.
I'm disappointed LWN would blindly rehash the "MS loves Linux" propaganda like this. Microsoft still doesn't love Linux. Their whole business model is still based on proprietary software.
Anybody know anything about the part where SCO actually won? I'm referring to the final event years later where IBM made a settlement payment to them. I assume it didn't make up for the years of effort, but I'd love to know what it was based on.
[+] [-] robotelvis|3 years ago|reply
SCO had a collaboration with IBM called Project Monterey, in which SCO and IBM were merging their operating systems in order to be better positioned for IA64 (which at that point people still thought would be good).
One minor detail of the Monterey deal was that SCO got the right to port IBM's superior networking stack into SCO's operating systems. One part of IBM's networking stack was their implementation of the Berkeley Packet Filter, and that was one of the parts I ported over (I'm pretty sure the file still had a BSD copyright notice on it).
That was back in the days when SCO was a cool UNIX vendor that thought of itself as an extension of UC Santa Cruz. Back then employees couldn't really imagine it turning evil, and it made me wary of what my subsequent employers (Google and Facebook) could turn into.
[+] [-] cjensen|3 years ago|reply
[1] https://en.wikipedia.org/wiki/Santa_Cruz_Operation
[+] [-] Taniwha|3 years ago|reply
[+] [-] jedberg|3 years ago|reply
But if anyone was around then, you'd probably remember that RedHat was one of the worse distros of linux at the time. So we were forced to use an inferior product because it came with IP indemnity. Thanks SCO!
[+] [-] jasoneckert|3 years ago|reply
[+] [-] ajross|3 years ago|reply
There's no better microcosm of the early Linux world than this. "Yeah, that giant market-driving lawsuit was bad, I was there too and suffered along with the rest of you. But that's not the important thing: let me tell you about how bad RPM is compared to DPKG! Did you know the underlying archive format was cpio? CPIO!"
That's not intended to be too much of a barb (I was a Debian nut too, FWIW), but really, all that stuff seems pretty silly in hindsight.
[+] [-] dekhn|3 years ago|reply
[+] [-] cheekibreeki2|3 years ago|reply
[+] [-] znpy|3 years ago|reply
Not a trivial thing by the way, if you think about it.
[+] [-] itomato|3 years ago|reply
The ever-looming “threat” might be laughable in hindsight had it not stifled innovation at such an early stage of growth.
IT Directors everywhere should atone.
[+] [-] dmitryminkovsky|3 years ago|reply
[+] [-] ryukoposting|3 years ago|reply
[+] [-] jasoneckert|3 years ago|reply
SCO (Santa Cruz Operation) was an x86 UNIX vendor that wasn't great, but enjoyed a lot of market share. I'd estimate they were #2 to SUN in installations because it ran on commodity x86 hardware. But by the late 1990s, they knew their time was up given the pressure from Linux. When the company was sold to Caldera in Utah, very few original SCO people stayed, and those that did left quickly because Ransom Love (yes, that was his name) made it very clear the Caldera culture was not the old SCO culture, and that you'd have to relocate to Utah.
Following this, Caldera rebranded themselves back to SCO (The SCO Group) in an effort to convince people they were the same company. After all, they needed all the help they could get.
So, essentially, litigation SCO was not the original SCO. And in many ways, litigation SCO tarnished whatever respect the original SCO had.
[+] [-] rascul|3 years ago|reply
https://en.wikipedia.org/wiki/Caldera_OpenLinux
[+] [-] grahamm|3 years ago|reply
[+] [-] ghaff|3 years ago|reply
They were savaged by Windows NT before Linux became an appreciable factor. Which was one of the main arguments against Linux causing faux-SCO (as an industry colleague of mine liked to refer to them as) economic harm even if their claims were true--which they weren't.
But also, yeah, charting the corporate identities through that period was hard to keep straight. There was also a branch of Santa Cruz desktop products that ended up with Sun.
[+] [-] AnimalMuppet|3 years ago|reply
[+] [-] ChuckMcM|3 years ago|reply
I found it was both invasive and thorough, and generally engineers didn't like it when the answer was "You have to delete that, we can't verify we have rights to it."
[+] [-] kkielhofner|3 years ago|reply
https://www.synopsys.com/software-integrity/security-testing...
Frequently used for things like internal audits, compliance, due-diligence during financing, etc.
It’s remarkably thorough but not always completely accurate - it flagged an open source project I created that we were using as GPL. I had to correct them, which was entertaining.
[+] [-] patwolf|3 years ago|reply
[+] [-] politician|3 years ago|reply
[+] [-] talkingtab|3 years ago|reply
I don't mean to diminish the importance of Linux at all.
[+] [-] elkos|3 years ago|reply
[+] [-] heelix|3 years ago|reply
Miss groklaw... what a loss when that shut down.
[+] [-] taftster|3 years ago|reply
> For example, in the case of "ctype.h", what made it so clear that it was original work was the horrible bugs it contained originally, and since we obviously don't do bugs any more (right?), we should probably plan on having other ways to document the origin of the code.
The concept that bugs would prove the origin makes me giggle. Because yes, if the code was stolen, it would have been stolen without the bugs included.
[+] [-] bobthepanda|3 years ago|reply
[+] [-] manquer|3 years ago|reply
[+] [-] CraigRo|3 years ago|reply
[+] [-] criddell|3 years ago|reply
When Microsoft sold Xenix to SCO, I seem to recall that part of the deal was Microsoft agreeing to not compete in the Unix market. Today, Microsoft is embracing Linux with their WSL stuff and that certainly impacts the Unix market.
Maybe the 1997 agreement between the two companies ended Microsoft's exile from Unix-land or maybe when Caldera bought SCO's Unix business the Microsoft agreement didn't transfer?
And I realize that, unlike macOS, Linux isn't Unix but it does compete in that market.
[+] [-] snowwrestler|3 years ago|reply
It later turned out he was also behind the briefly-popular “Fake Steve Jobs” blog, and on the strength of that reputation he left journalism to go into tech company marketing, with a brief side job writing for the show Silicon Valley.
[+] [-] tpmx|3 years ago|reply
I was going to write that the Internet remembers, but apparently that has its generational limitations. :(
[+] [-] mikece|3 years ago|reply
[+] [-] gemstones|3 years ago|reply
[+] [-] matrix12|3 years ago|reply
One has to recall that what sued IBM was the Ray Noorda Canopy Group. Aka Caldera. Which also levied lawsuits against Microsoft. Far from the ocean view of Santa Cruz.
[+] [-] ahelwer|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] tiffanyh|3 years ago|reply
BSD's were the worst hurt from all of this. Too many companies scared to use it due to lawsuit.
Really unfortunate in hindsight, and Linux forever benefitted.
[+] [-] hddqsb|3 years ago|reply
[+] [-] ginko|3 years ago|reply
I'm disappointed LWN would blindly rehash the "MS loves Linux" propaganda like this. Microsoft still doesn't love Linux. Their whole business model is still based on proprietary software.
[+] [-] 29athrowaway|3 years ago|reply
They were providing the financial ammo.
[+] [-] kanzenryu2|3 years ago|reply