[Luni]-understanding the Linux/SCO court caseDon Benesch dbenesch at worldnet.att.netMon Jun 9 20:00:33 CDT 2003
A little OT. I've been told that I see conspiracy everywhere, (Especially with regard to M$) but the timing of this report from Security Wire Digest makes me a bit suspicious. Don ******************** *LINUX ATTACKS ARE UP, ACCORDING TO NEW SURVEY Cyberattacks worldwide hit record levels last month, with more than three-quarters of successful breaches made against Linux-based systems, according to a new report by London-based mi2g. The company says an analysis of attacks the past three months--mainly to determine the digital impact of the Iraqi war--show compromised Linux-based systems accounted for a whopping 76 percent, or 19,208 breaches, between March and May. Microsoft's Windows-based systems, mainly IIS servers, were the victims of most other attacks, according to several published reports. A record 2,576 attacks were recorded May 4 and 23,009 for the month of May, according to one news account. However, members of the Web site Zone-H.org confirmed Friday that the analysis does indicate Linux attacks have widened while Windows breaches have waned since January 2003. Mi2g attributes the upswing in Linux attacks to misconfigured systems and the lack of standard security practices for online server management within the open-source community. The security firm also blames Linux's growing popularity, which makes its systems bigger hacker targets. *********** REPLY SEPARATOR *********** On 6/9/03 at 11:56 AM jean at kcco.com wrote: >Quoting Matthew Landry <mbl at lelnet.com>: > > >> Of course it _matters_. The problem is the ever-too-prevalent meme >> "of course SCO is going to win and Linux is going to face death and then >> that'll be the end of the world". Which is of course wrong because SCO >> isn't going to win, SCO winning wouldn't kill Linux, and Linux dying >> wouldn't be the end of the world. All three outcomes, if they happened, >> would be bad. But none of them are actually GOING to happen. > >Agreed on all three points. However, I see a dangerous "dismissiveness" >not of >the allegations (which are absurd), or the FUD/hysteria of the impending >destruction of Linux (which is neither impending, nor going to happen at >all), >but of the tactic being applied against linux and, if successful in any >real >sense (i.e. depressed Linux sales for years to come as $CO drags this >nonsense >out, etc.), almost certain to be applied against other free software >projects >small and large. > >This tactic is dangerous, destructive, and not necessarilly as futile as >we'd >all like to believe. That is what we need to not be living in denial of, >and it >is that very denial I am seeing put forth quite often on this list, on >other >lists I subscribe to, at slashdot, etc., and it is that denial which needs >to be >fought in addition to the misinformation and FUD coming from Redmond >Washington, >Utah, and elsewhere. > >> And if the Linux community starts acting like SCO is >> about to blow a big hole in its side, that'll only give the FUD more >> credibility. > >It is perhaps a fine line to walk >> And no, this _couldn't_ happen to {Free,Net,Open}BSD, because the >> BSD projects are not even potentially privy to any SCO trade secrets. > >You cannot be certain that any free project, anywhere, hasn't had code >contributed that was derived improperly from a trade secret. The same >goes for >any proprietary project. If the mere allegation of this becomes >successful in >its broader goals (disinformation against Linux and free software) expect >to see >more of it, aimed at both free and proprietary products. $CO has chosen to >begin using the tactical nukes of IP law in a particularly negative-sum >fashion >(c.f Game Theory)...if this is at all successful (it arguably already is, >in >that they've artificially and fraudulantly inflated their stock price, and >obtained a cash donation from Microsoft) it will be used again, and again. > >> And a >> trade secret case, unlike a copyright or patent case, can only be pursued >> against a defendant with legitimate access to those secrets and a >> pre-existing obligation to keep them...it doesn't infect third parties. > >Very true, and in some incarnations of the accusations eminating from Utah >it >has only been trade secrets that have been alleged. In other incarnations >of >their accusations it has been copyright violations and even patent >violations. > >They don't have a case. We all know this. If they did, they would reveal >the >offending code so that it could be checked and, if found to have been >improperly >included in the Linux kernel, removed. > >Far, far more likely is that $CO has improperly included GPLed code in >their >proprietary product (the linux compatability layer, as one former >developer at >SCO pointed out, would be a good place to start looking for such >violations). > >However, as harmless as this will ultimately be to Linux on the legal >front, it >is harmful in a FUD sense, and in a financial sense if this strategy is >ever >employed against smaller projects without the funds to defend themselves, >be >they free software or proprietary. For this reason it is imperitive that >we >take the method of attack here very seriously, for clearly spurious >charges, a >frivolous law suit, and easy access to the media through hype and a PR >firm can >do real damage to a product's image and perception. > >In short, we should be brainstorming methods by which such allegations, >even >were they to be true (e.g. Microsoft infiltrates a free project and has >someone >dump illegal code into the project, then comes out a couple of years later >with >allegations that happen to be true because they engineered this ... and >no, I >don't think such tactics are at all below them, or as unlikely as we'd all >like >to believe), can have a minimal impact on a project's viability. For >example, >should contributers sign affidavits as to the legality of their code? >Perhaps >that is overkill, but perhaps a copyright clause making that assertion in a >comment at the top of the code is not. I'm not offering any easy answers, >but I >do believe we have an opportunity to learn from this debacle and innoculate >future projects from this sort of attack, if we give it some thought and >don't >simply dismiss it as absurd. The charges are absurd: the methodology being >employed to abuse the legal system and trump up fictitious charges is not. > >Jean. >______________________________________________________________________ >Linux Users Of Northern Illinois - Technical Discussion >luni at luni.org >http://luni.org/mailman/listinfo/luni
More information about the luni mailing list |