A Heads Up to the Media

By Pamela Jones
Groklaw

November 22 2003

According to Todd Weiss of ComputerWorld [ http://www.computerworld.com/news/2003/story/0,11280,87373,00.html ], there were only 80 people. Count them. 80. Bill Gates had thousands at Comdex, with an overflow room.

I'll bet Jupitermedia Corp. was surprised and disappointed. I don't need to bet or guess. They said [ http://news.com.com/2100-7340-5110200.html ] they were "a little disappointed in the turnout for the keynote speeches." Here they invited the most hated executive in the IT world, probably thinking it would boost attendance, and it flopped.

See, that's why it's always better to stick to your principles. If you have any. That way, even if things go south, at least you still have your self-respect. Nobody in the IT world takes Darl seriously. No, wait. 80 people are at least curious. That should tell the press something vitally important about SCO's claims. We know what he is talking about, and we dismiss him.

Here's a bit more detail on the show:

"Meanwhile, a keynote speech at CD Expo Tuesday night by Darl McBride, president and CEO of The SCO Group Inc., drew only about 80 attendees. . . . . At least one exhibitor pulled out before the show was to end today.

"An executive with Siemens Enterprise Networks who spoke on condition of anonymity confirmed that the company sent its booth staff home Tuesday night and removed its equipment from the CD Expo floor yesterday. . . .

"Siemens was by no means alone with unfulfilled expectations. 'It's much smaller than I anticipated,' said one, who asked that his name and company be withheld. Another vendor said show organizers had perhaps overplayed the potential crowd at the Jupitermedia show."

This poses a dilemma for Groklaw. We have about 400,000 hits a week now. Do I do a transcript of the speech and spread it far and wide? Or let it sink under the water, never to be seen again? Votes?

I didn't just bring up the keynote speech to be mean, however. Not that I don't feel like being mean, now and again, when it comes to SCO. Rather, I mention it because it relates to another key bit of news this week, namely SCO announcing to the press that they "had to" hire bodyguards to protect their executives from "death threats" allegedly coming from the Linux community.

Huh? Death threats from a community that has never been known to harm a flea and are being criticized for not even being aggressive enough in business to charge money for their work (SCO measures testosterone in dollar signs), which they want to freely share with the world because they are such nice people? Puh-lease.

I waited to write about it, because I was interested to see how the mainstream media would react to what seemed to me to be likely a PR prank. Of course, I was not disappointed in my expectations. Some in the press covered it straight-faced, as they always do when Darl says anything.

If they were covering Jesus Christ's trial, it'd be: "A spokesman for Pontius Pilate informed the Jerusalem News that the accused threatened to overthrow the government and replace it with his own kingdom. 'We took a strong stand, because the threat was both broad and deep,' said Marcus Spartacus, from Pilate's office. 'The sedition laws are clear and will be enforced vigorously.'" A lot of the story gets missed, you see, when you only quote spokespeople for one side. Even if you get quotes from both sides, it's still not the complete story. Reporting is where you find out, when possible, who is telling the truth by digging for facts, not just scribbling down quotes. Otherwise, you could just miss the story of the century. I know you know that. Just a friendly reminder.

And I was too angry to write, also, without ... well, without wanting to threaten somebody. Only kidding. Don't hire more security, Darl. It's a joke, kiddo. A little hyperbole. But I did need time to calm down.

SCO's Darl McBride told the Salt Lake Tribune [ http://www.sltrib.com/2003/Nov/11192003/business/112207.asp ] that he hired protection for SCO executives. And of course he was telling the press all about it, claiming they received email and phone threats from the community. I believe that's exactly what I'd do too, if I received a credible death threat: I'd tell everyone in the media all about it, including what hotel I was staying in with my bodyguards.

The home town paper, of course, wrote about it. But so did Bloomberg News. In fact, the SLT story appears to have been taken from the Bloomberg News story in large part, or vice versa. According to the first report from Jonathan Berr of Bloomberg News, whom you may remember from the SCO teleconference Tuesday (he's one of the reporters they allowed to ask questions), the local police were asked about it, but they knew nothing about any so-called threats:

"Local police were unaware of any threats against SCO, said Captain Cody Cullimore of the Pleasant Grove Police Department, which patrols Lindon."

I thought it was great that Berr bothered to contact the police. That is what a good journalist should do. But why wasn't this significant piece of the story not being reported by anyone else? I contacted Mr. Berr, to ask him for a link so I could point you to the story, which I had received only in an email, and he sent me another email instead, with an edited story, which by then, the next day, had been updated, and the local police were no longer in the article. Instead there was this paragraph:

"Blake Stowell, an SCO spokesman, declined to say what specific security measures a private security contractor is taking or when they began. Hackers have tried to shut down the company's Web site four times since March, he said. The company has notified the U.S. Federal Bureau of Investigation about the threats. No arrests have been made, Stowell said."

The first Bloomberg News story, and the SLT, said three attacks. Now, one day later, it's four. I only remember them mentioning two in public before, and one of them for sure is in dispute as to whether it ever really happened. What's going on here?

Bruce Perens says he doesn't believe the latest threats story either:

"Reaction Tuesday from the open-source community to SCO's security concerns was a mixture of disbelief and scorn.

"'I just don't buy it,' said Bruce Perens, a Berkeley, Calif.-based Linux developer and open source advocate. 'This is just an effort to discredit the open-source community.

"'If there were real threats, the police would be there instead of husky fellows with radio tubes in their heads,' he said."

With SCOSpeak, you have to be careful. By putting the "death threats" and the web server "attacks" in the same paragraph, and then saying that the FBI had been notified, it sounds like Stowell means they notified the FBI about the "death threats", but I believe he may have meant the server "attacks" instead. That would be logical, don't you think? If you had a death threat, would you call the FBI or the local police? If you did call the FBI, what would they tell you to do, if the threat was credible? Call the local police or hire bodyguards yourself? Which would have jurisdiction anyway, the local police or the FBI? On the other hand, the FBI does have jurisdiction over server attacks, if the dollar loss meets the threshold. You just have to watch those SCOfolk real close, don't you? It's like talking with a car salesman.

While we can't know for sure what is going on, without more facts, which SCO is eternally short of, what might a reasonable and fair explanation be? I see two ways to look at it.

First, if I were a starry-eyed 7-year-old who had yet to grow the first cynical bone in her body, and I believed every single word of SCOSpeak emanating from Utah, I'd probably guess that they got some hotly worded email or phone calls from some tipsy teenagers, maybe. It looks like it wasn't even that much. EWeek [ http://news.com.com/2100-7340-5110200.html ] has this illuminating tidbit:

"McBride, who was accompanied by a pair of security guards because of reports that his speech might be disrupted by protesters, said that as SCO's CEO, his loyalties are to the company's stockholders, customers and employees, not the Linux community."

Excuse me, but as a 7-year-old, I still believe that peaceful protests are part of what the US Constitution legally allows for and that it doesn't reflect evil intent on the part of those wishing to express their views. But... um... there were no protesters, were there? There was barely an audience, let alone anyone interested enough to protest. So how credible was the "threat"?

But if I were an adult who had been following this story closely and had read Dan Lyons' Forbes article [ http://www.forbes.com/home_europe/2003/11/13/cz_dl_1113sco.html ] about his experience with SCO's honesty or lack thereof, I think I'd look at it differently, more like this: I might notice that not long ago, the "always fair and balanced" Rob Enderle wrote about the Linux community with disdain, as he is wont to do, and he predicted that the community's "zealotry" would lead it to go too far and do damage to their cause.

When I read that, I immediately started worrying this might be a prediction, one with maybe a plan of fulfillment behind it, that maybe he had some inside information. OK, I'm not a starry-eyed 7-year-old any more. That really was my first thought -- that SCO might try to tarnish the Linux community's reputation deliberately by some stunt they would blame on the community.

I was worried enough that I contacted a few in the community to share my concern that there might be some kind of PR setup to try to make the community look bad. I thought they might stage an "attack" on their servers or something, but whether that or something new, I felt sure something would follow. Then I waited for the other shoe to drop. Is it possible it just did? From the SLT account:

"'With the personal threats to our lives we have had to rachet up security both for our company and for certain individuals,' McBride said. Sontag stressed that most in the open-source community, while understandably upset with SCO's Linux claims, are reasonable in their conduct.

    "'However, there are some elements who have an almost religious zealousness about Linux,' he added. 'In some ways, that can be scary for anyone opposing their positions.'

Religious zealotry, eh? Sound like someone you know? By the way, before we dump Enderle out of the car and continue on our journey here, may I inquire why a site that calls itself LinuxInsider regularly publishes his anti-Linux hate pieces, and other negative articles, including the report about the bodyguards, of course, minus the detail that the local police knew of no threats? I am not providing a link, because they might do it for the same reason that CDXPO may have invited Darl to speak, in which case the fewer hits his articles receive, the less likely anyone will be motivated to print his rants.

Getting back to the alleged "attacks" on SCO's servers. I don't know anything about two new alleged attacks, but I believe if they had occurred, the community would likely have noticed. Netcraft keeps track of such things. For that matter, are we being asked to believe that there have been four such events and the FBI can't find even one guilty party? I have more confidence in their abilities than that.

The only "attack" I was personally aware of was the highly publicized "attack" in August. This one, not to put too fine a point on it, smelled mighty fishy. When the August "attack" allegedly began, the one that lasted for days and kept business hours, Utah time, I called SCO's ISP the first day, when the first news of an attack surfaced on the internet, and I asked to speak with tech support.

"Say," I said, after identifying myself to the guy on duty, "I hear SCO is being attacked." "What?" he said, incredulously. "Who told you something like that?" I said I had read it on the internet and I was calling just to verify. Then he started laughing.

Laughing.

He told me that he wasn't really allowed to talk about a customer specifically one way or another. But he was already laughing, so I pressed a little. "Can I at least assume from your reaction that whoever made the statement that SCO is experiencing an attack is all wet?" After a pause, he said, "You could say that."

So, while I am not a programmer and am not qualified to judge the technical issues, I do know that this guy was not acting like he was busy handling anything like an attack or had any knowledge of any attack prior to my phone call. And, if it were happening, he would have been the first to know. Cf. this [ http://www.groklaw.net/article.php?story=265 ] article.

The next day, two different individuals called SCO and asked [ http://www.groklaw.net/article.php?story=252 ] if there was an attack, and both were told no, that SCO had taken themselves down to do an update of the web site and were having trouble getting back up. Later, a third individual reported the same thing. Here is what Netcraft said about the "attack" at the time:

"The SCO site was up for a few hours during business hours in Utah, but has since failed again. Many news sites carried the story that Eric Raymond had spoken to a group responsible for a Distributed Denial of Service attack on the www.sco.com site and that they agreed to stop. However it appears that this may have been a hoax, or they subsequently changed their minds, or another person decided to continue the attack."

Maybe a hoax, and if so, one that has been perpetuated ad nauseum in the press as being a fact, and has even entered history by being included as a fact in SCO's SEC filings. But it was never proven to be a fact, folks. Just an allegation by SCO. Trustworthy SCO. Who always tell the truth, the whole truth and nothing but the truth.

There is another element. On September 1, it was announced [ http://www.pro-linux.de/news/2003/5909.html ] that SCO had been fined in Germany for material on its web site that violated the injunction against them. (Scroll down the page for an English translation, those of you who don't read German.) It's been reported SCO's German web site was hosted from Utah, and they certainly did have to do some changes to their web site during the same general time period in question. Is it not possible that they took the web site down to bring themselves into compliance with the German court's order, which included a fine, and then had trouble getting back up again, just as their employees told us? Do you, in your heart of hearts, think that might be possible?

No one but SCO, so far, knows the truth, and I make no accusations, because I don't want to act the way they do. My point is this: if the mainstream press reports as true anything these people say, I believe they could be used to build a case against the Linux community. There is a lot at stake. The press has been improving in their coverage of SCO, and we appreciate it, so this is just a heads up.

I find it hard, if not impossible, to believe SCO's story. I just can't, and after Darl's keynote speech, I trust him like I trust cancer. Why he is trying to paint the Linux community as thieves, pirates, and now thugs is beyond a decent mind's comprehension. It isn't the Linux community he should worry about. A defiled conscience is a much more realistic fear.

Or maybe the danger they face is that SCOfolk will stab themselves all over with the many pains the Scriptures warn is the result when you fall in love with money. Here's Darl's story:

"'This started off as a contract dispute with IBM, then we discovered [alleged SCO-owned Unix code] within Linux,' McBride said. 'Now we have a firestorm of controversy and anger from many in the Linux community.'"

It's not anger, exactly. It's moral outrage at what we are witnessing. We are not the liars, thieves, thugs, pirates or attackers. The truth is that all the undeserved, verified threats have come from SCO and their new partner, David Boies. The Linux community has shown remarkable restraint, especially when you consider it's their creative work, their IP, if you will, that Darl is trying to rip off. Here is one reaction to the teleconference from Joe Barr and Chris Preimesberger on Newsforge:

"SCO is going to attack the 1994 AT&T/BSD settlement. That's a very interesting item that the few favored analysts (and only a select few journalists) who were allowed to ask questions failed to pick up on. Here's our take on why SCO is embarking on this new course of action:

";SCO has steadfastly refused to get specific about infringement of its IP. That's probably not because they are coy, but rather because they can't. The few snippets of code it dared to make public already have been laughed off the stage and quite thoroughly debunked. With both IBM and Red Hat now demanding in court that SCO show its cards, the company came to realization that it was either at the end of the trail or that it had to broaden its horizons.

"They've chosen the latter."

The fact that their code samples were laughed off the stage didn't stop SCO from using the same examples as "proof" of infringement in recent media interviews and public appearances, including on the Linux Show [ http://www.thelinuxshow.com/ ], which aired the Town Hall meeting of Q & A after Darl's speech, where they again used the SGI code as an instance of 'infringing" code -- even saying that it was admitted that it was such. That's not a true and complete picture. Period.

So why do they say the things they do? Well, I'm not God, so I will have to just guess. My impression is that they anticipate that the Red Hat case, in particular, is unlikely to go their way when the judge rules on their Motion to Dismiss, any day now, and they want to open a second front, as something to distract from a possible negative decision. It's easy to be awful with copyright law, and they perhaps also figure they'll get a quick infusion of cash and PR benefit from a take-down or some other mean-spirited nonsense. As Bill Claybrook was quoted [ http://www.enterprise-linux-it.com/perl/story/22719.html ] as saying, "Boies sees that the more lawsuits, the more chance of making money." That's a likely problem when a lawyer is also the plaintiff.

They also are raising an issue they may hope will survive the international laughter and outrage -- and the judge in Utah -- when in discovery in the IBM case, they have nothing meaningful to show for their claims. So they open a second issue, which will also take time [ http://www.eweek.com/article2/0,4149,1394425,00.asp ] to resolve:

"'They knocked on one door and didn't get any money, and now they're moving to the next door,' said Phil Albert, a partner at intellectual property law firm Townsend and Townsend and Crew LLP, in San Francisco. 'Part of their strategy may be that it doesn't really matter if they have any copyright claim.'

"Proving a copyright claim is difficult, and SCO will need to overcome major hurdles to do so, legal experts said. But the fear of litigation alone may force a defendant company into a settlement, which would set an example that could push other Linux-using companies to pay SCO the license fees it has been seeking from end users, they say."

Meanwhile, they are making money, they say. They very much would like the SCOShow to continue, naturally.

Here [ http://www.infoworld.com/article/03/11/19/HNgplthreatens_1.html ] is the actual explanation behind it all, in my opinion:

"The SCO Group Inc.'s Chief Executive Officer, Darl McBride, enlisted the help of the World Intellectual Property Organization (WIPO) to bolster his arguments against the open source GPL (GNU General Public License) and Linux during a keynote address at the CD Expo conference here in Las Vegas.

"Citing WIPO data, McBride said that the value of the worldwide software market would approach $229 billion by 2007, and that it was being threatened by the ideas behind the Free Software Foundation's GPL, the software license that governs Linux.

"'The world, especially here in America, is shifting to one that is an information society,' McBride said. 'In the future, is that $229 billion in software still going to be there? Or in the case of the Free Software Foundation's goal, is proprietary software going to go away?'"

Money is such a pesky thing, isn't it? By the way, Ransom Love has now told us [ http://zdnet.com.com/2102-1104_2-5110377.html ] why he sold all his shares of SCO stock. It wasn't ethics. It was money. He did it because he was sure SCO would lose the IBM case:

"Q: What did you think when SCO filed the lawsuit against IBM?

"LOVE: I wasn't surprised about the lawsuit against IBM because there were longstanding issues we weren't able to resolve with IBM. But I lived through the Microsoft suit at Caldera (in which Caldera sued Microsoft over the DOS operating system), and those things take on a life of their own. They consume a business. When it first came out my biggest concern--we had done work to get SCO to a position where it was profitable, then they got themselves embroiled in this major lawsuit, and I just new it was going to go south. That's when we--my wife and I--sold our shares.

"Q: Presumably, you think Linux still has a chance, given your new post at Progeny?

"LOVE: Absolutely. I think a lot of this stuff will take its course. For example, I'm almost certain that Novell has existing rights for using Unix products, so they may very well be indemnified. When they sold Unix to SCO, they kept a lot of stuff themselves. That could provide a buffer between SCO and the industry. It'll be fun to watch what happens."

One final detail from the Love interview. Guess how this whole sad lawsuit business got started? He says Caldera was discussing "what we can do through UnitedLinux to indemnify people who had used both Unix and Linux. Apparently, Darl took that in a little different direction than we intended."

The point of this article is this: I fear the SCO team plan on painting the Linux community as having a lunatic fringe, one that can't be trusted, that poses a security risk that must be stopped, so they can fulfill their dream of destroying the GPL and succeed in their "land grab" and get paid on every copy of Linux ever sold. And they insist that "Linux is Not Free" precisely because if it's free, they don't get their payment. So if you bump into Darl on the street, tip your hat politely and go on your way. It's the best strategy. IBM is going to wipe up the floor with them, I expect. Red Hat too. Just be patient.

And you media people: We hope you don't let yourselves be used. There is a lot at stake here, and we are relying on you to do your job. That means reporting as a fact only facts that you have verified and know to be factual. Journalism 101. Cynicism is actually useful in a reporter. It's how you end up winning awards for investigative reporting. Yup. That's a hint.

UPDATE I checked with Web Knight, who does criminal law, and he tells me that even if you called the FBI, while under certain circumstances they would have jurisdiction, the local police would normally be informed and involved also. Here's what he tells me: "The FBI has some statutory jurisdiction and some discretionary authority. They certainly help with local drug cases. They have jurisdiction of kidnapping. They have labs and resources that many local authorities don't. Much might depend on what was threatened. Certainly local police would have to be brought in on it. I am sure that under one task force or another they can get involved."

08:29 AM EST

Copyright 2003 http://www.groklaw.net/ - http://creativecommons.org/licenses/by-nc-nd/3.0/