SCO using Samba source code: permission granted or not?
Posted 7 Dec 2003 at 14:40 UTC by lkcl
I've never told anyone about this before. In 1997, I collaborated for a few weeks with one of the developers of VisionFS on decoding the NT Domain protocols. Both VisionFS and Samba are windows-compatible file, print and login servers.
The issue is that whilst our cooperation accelerated the understanding of NT Domains, SCO's developer sent me some of his code, and the implicit understanding was that he would be able to copy mine.
However, no such agreements were actually in place...
The NT Domain protocols are implemented in Windows NT 3.5, 4.0 and now 5.0 (aka 2000 and XP). Much extended and enhanced, but the same basis. At the time (1997), staring at data over-the-wire it was all but impossible to work out what was going on.
The DMCA was not in effect at the time.
So, when I was contacted by one of SCO's developers on the VisionFS project, I was very happy to talk and exchange knowledge. I received some files - about 500 to 1,000 lines of code. They were based on The Open Group's header files from the reference implementation of DCE 1.1.
It helped enormously. I do not know if the developer had permission to release that code, but the VisionFS team were very very helpful because it was Samba source code that had helped them to write VisionFS. They had examined the samba file system code in lieu of there being no documentation from Microsoft.
So, having received this code, I began to understand. I then ran with it for several weeks, months, getting on for four years, and I can pretty much guarantee that the original 500 - 1000 lines has been totally replaced in Samba TNG.
At one of the CIFS conferences - in about 1999 (i think) - I was responsible for performing some smbclient, rpcclient and rpctorture tests in the Connectathon Lab, crashing various company's CIFS servers. SCO was there, and when I analysed their server, I noted that the responses coming back were the same as the servercode that I had developed around end of 1997, beginning of 1998.
I didn't say anything, but what those packets meant was that the SCO developers must have assumed that because they had passed on that 500 to 1000 lines of code to me, it was okay for them to copy the 5000 to 10,000 lines of code that I subsequently wrote.
Why am I mentioning this?
well, assuming that that code is STILL in VisionFS, I hereby give notice that if anyone wishes to pay for expenses and legal costs, I am happy to give evidence that SCO has infringed copyright of the Samba source code.
i cannot do so on my own because it costs too much time and money. plus, i prefer to work in a world environment where technical enhancement is based on trust, cooperation, fun and respect.
Also, assuming that that code is still in VisionFS, I hereby give notice to SCO that if you drop all lawsuits against Linux, I will not pursue a copyright infringment case against SCO.
by the way - it is easy to check whether the code is still in VisionFS.
Using ethereal and/or rpcclient in debugging mode, a command is run and
the output examined for a sequence of numbers. Cross-referencing of that
sequence against the Samba CVS repository for 1997 will demonstrate that
the same code base generated the identical output.
Exerpt from SCO's web site,
SCO, The Santa Cruz Operation, the SCO logo, the Tarantella
logo, Tarantella and UnixWare are trademarks or registered
trademarks of The Santa Cruz Operation, Inc. in the USA and
other countries. UNIX is a registered trademark of The Open
Group in the US and other countries. All other brand or product
names are or may be trademarks of, and are used to identify
products or services of, their respective owners.
SCO and Samba, posted 7 Dec 2003 at 21:30 UTC by trs80 »
I don't think there's any necessity to sue SCO, they'll collapse under their own hubris quite soon. If you haven't been following the case at GrokLaw or LWN then you'll be pleased to know that SCO is clutching at straws, and have presented no actual evidence as yet.
On a related note, the Samba team have elected not to sue SCO (scroll down) on a similar basis to what you describe, mainly because they don't want to drop to SCO's level of hypocrisy.
Different cases?, posted 8 Dec 2003 at 03:38 UTC by tk »
Are the uses of Samba code in OpenServer and VisionFS the same thing?
Perhaps there's no copyright violation in the former, but there is a
violation in the latter. If this is so, then it still makes sense to sue SCO
for the latter violation.
I hereby give notice that if anyone wishes to pay for expenses and legal costs, I am happy to give evidence that SCO has infringed copyright of the Samba source code.[...]
i cannot do so on my own because it costs too much time and money. i prefer to work in a world environment where technical enhancement is based on trust, cooperation, fun and respect.
Those two statements seem kind of contradictory. Given that you think SCO have infringed your copyright and thereby abused your trust, do you want to do nothing about it and remain "friendly" to them? If so, why are you offering to help in a suit against them?
If you think there is an infringement in SCO's code then you ough to be able to find out through the usual methods without needing to spend much time or any money on it. Just find a cooperative person who has a copy of their software. If you mention it here or on groklaw you'll probably find someone.
Once you establish whether there is, or is not, any evidence of actual infringement then you'll be better placed to either talk about bringing a suit, or just publicizing the facts.
clarifications, posted 8 Dec 2003 at 10:28 UTC by lkcl »
martin, hi! yes the two statements appear to be contradictory: what i am saying is that i am happy to let sleeping dogs lie.
i.e. i expect SCO to see sense.
also just to clarify: you say that i think SCO have infringed my copyright and _thereby_ abused your trust: this is not entirely the case.
i believe that by the packet responses from their product when i tested it in 1999 being identical to those of the samba ntdom code in 1997 that it is very _likely_ that they copied my code.
i believe also that the FUD/marketing people have abused the _tarantella's_ and IXI Vision Ltd's (wholly owned UK subsidiaries of SCO) trust and spirit of cooperation with some open source developers.
i kept very quiet about what happened because it was very helpful.
trs80, i'm not considered to be part of the samba team. the samba team leaders treated me shockingly badly during a very difficult time for me - so much so that people to whom i relate some of the things that happened do not believe it.
leaving that aside: i mention it because until they apologise for what happened i have, and want, nothing to do with them.
the _use_ of samba - as a GPL'd program - is fine. if sco want to _use_ samba they are entirely entitled to do so.
legally, the use of samba has absolutely _nothing_ to do with a totally separate program called the linux kernel.
hypocritical, yes - legal, yes.
what i am referring to is totally different: analysis of VisionFS server product in 1999 demonstrated that SCO is likely to actually have *CODE* from samba IN THEIR *commercial* product, or at least a very clear derivative [VisionFS is written in c++, whilst samba is written in c].
VisionFS and Samba/OpenServer
VisionFS is a COMMERCIAL product. version 1 was developed by a team of three people from 1996 to 1997 in 18 months of c++ programming by a company in Cambridge that was formerly known as IXI vision Ltd before it was acquired by SCO.
VisionFS had limitations where it could only really handle up to about 150 clients (it had a locking daemon).
consequently, VisionFS started to be "bundled" for free some years later with SCO's operating system.
At some point, it must have become abundantly clear to SCO that the amount of work required to keep VisionFS up-to-date was prohibitive, and they must have decided to push samba instead.
basically, like the samba team say, i don't believe it is in anyone's interests to get involved in causing such damage or sinking to such depths to do so.
however, what i _do_ believe in is raising people's awareness of what is acceptable fair play and what is not. often enough, just by doing that at the right time is enough to get things settled down again.
i hope that by simply mentioning these things that SCO finally starts to realise what is in their best interests and backs down.
1) changes in the license agreement require the cooperation and agreement of all parties
2) all parties in the case of samba means well over a hundred contributors, not all of whom can now be contacted.
3) therefore samba under the GPL is here to stay.
statements made by the samba team about "we decide that samba is to remain free" are... oh never mind. *still very sad and alone*.
What are you talking about? Nobody is proposing to change the Samba licence except sometimes you.
?? sorry, you must have misunderstood. it is virtually impossible to change the license under which samba is released, due to the code having been contributed by so many people.
i believe you may be referring to large sections of code having been written by smaller groups of people, where some of the minor contributors expliticly handed copyright to the major contributors.
this is getting off-topic, so if anyone considers this particular thread to be relevant for discussion, please contact me.
Okay - I AM NOT A LAWYER - nor do I pretend to be.
However, from what I understand (and this is not to be taken as advice or anything, just my humble opinion), it depends who has the copyright. Some projects insist that the copyright to code is handed over - I think the FSF does this for their projects, and I'm not sure if Samba do.
If this is the case, then it isn't your place to complain about breach of copyright as you don't own it anymore. However, if it is, then I think you are free to start your own case (hmm, could be expensive!)
However, I don't think this has any legal bearing on the SCO-IBM case. As I can make out, the case is about breach of contract, though IBM have fired back with breach of copyright stuff (distributing GPL'd source code with limitations that breach the GPL).
I don't think Samba could be a part of this particular case, rather it may have to stand on its own.
But that aside, it is interesting and good publicity against SCO given that they have trumpeted so much about how the FOSS world steals other people's work without redress. If it is true, maybe something could be made of it in court, though I'm not sure how, short of IBM/RedHat's lawyers pointing the finger at SCO and saying "well, they nicked code!".
For my opinion, I would say that this kind of thing goes on an awful lot (proprietary software containing free code in breach of license), but for this case I am not in any way qualified to comment like you are.
Have you thought of writing to Groklaw about this? I know IBM's lawyers read it and they might have some more to say (and they are real lawyers after all!). Thanks for the article.
hiya salmoni, yes to the best of my knowledge with a few specific exceptions of small amounts of code, all the authors of samba specifically own their code contributions.
thanks (and also to martin) for the recommendation of writing to groklaw.
Press Release, posted 9 Dec 2003 at 06:33 UTC by ncm »
There seem to be lots of misconceptions in postings here.
I don't want to get into them, except to ask people
to read more carefully before posting.
You don't need to file suit. What you need to do is compose
a press release calculated to maximally embarrass SCOG.
Release it on (e.g.) their 30-day discovery deadline, or
whenever they file their affadavit explaining why they still
can't satisfy the judge, or when they post their next FUD
bomb meant to boost their stock price.
You'll probably need help composing the press release,
so that it is in the register, and uses the vocabulary, of the
investment "community", not the hacker community. Demand that
SCOG put a stop to "stealing" your "intellectual property"
immediately. Suggest that paying a royalty per copy of VisionFS
already shipped (whether standalone or bundled into
UnixWare) might protect them against a lawsuit and injunctions.
(What were they charging for VisionFS, before? That seems like
a reasonable royalty.)
The prospect of those lawful royalties might even lead a law firm
(e.g. the one IBM uses?) to take the case on spec, at no cost to
cool!, posted 9 Dec 2003 at 10:14 UTC by lkcl »
i like that approach very much :)
IXI vision ltd was a wholly owned subsidiary of sco,
which later on spawned tarantella ltd, a wholly owned
subsidiary of sco. it turns out that when SCO was
bought by caldera, along with some of the assets,
the remaining bits that were left _became_ tarantella.
END OF STORY., posted 9 Dec 2003 at 13:08 UTC by lkcl »
tarantella is now a separate company (i presume that it is the former ixi vision ltd staff).
i quite _like_ the people who work for tarantella, especially the vision fs team.
tarantella now own the vision fs product.
by pursuing this matter it would be tarantella that would be affected, not sco.
tarantella would then have to - if they _could_ - take the matter up with their former owners, SCO.
so, unfortunately, the desired result cannot be achieved directly (getting sco to back down).
therefore there is no benefit in pursuing this further.
thank you to everyone who contacted me, for the advice and time given: i hope that sco will back off without damage done.
SCO backing off, posted 9 Dec 2003 at 15:54 UTC by ncm »
It would do no good for SCO to back off. They must be soundly
thrashed. Settling with them, or dropping countersuits because of
dismissal of their own case, would just encourage all the other
scumbags. Note that SCO's owners and officers have already
profited handily from their machinations, and have no need actually
to win their case. Now, all they need is for the countersuits to
be ruled moot once their own suit is dismissed or dropped, and they
take away their riches scot free.