August 24, 2003

Let SCO hang itself

- by Eric S. Raymond -
The confrontation between SCO and the open-source community has now
escalated to open war. I suppose, in retrospect, that this was
inevitable once SCO announced its intention to sue on a theory
that would make all open-source licenses invalid. And we all know
who's lurking like Emperor Palpatine behind Darl Vader, funding his
lawsuit to the tune of at least $6,000,000[1] even if not otherwise
pulling his strings. Update 25 Aug, 0700 US EDT

SCO/Caldera's site is being hit by a massive denial-of-service attack
today. The timing, the scuttlebutt on Slashdot and elsewhere, and the
contents of my mailbox all suggest strongly that the DOS attack was
triggered by Darl McBride's slanderous interview[2] accusing the
community of being IBM's sock puppets, and my response[3] to it.

It appears that my response articulated what many of us have been
feeling for months as SCO's public rantings grew ever wilder and more
destructive. McBride's personal accusations against me bother me very
little, but I am nevertheless honored and humbled by the heartfelt
support many of you have emailed. A good number of you seem to want
to elect me your war-leader in this crisis -- maybe it's time for me
to dust off that Obi-Wan Kenobi costume the SVLUG people made for me
to wear on the original Windows Refund Day . I will strive to be
worthy of your trust.

With whatever authority I have, I ask that the DOS attack cease immediately.
Please stand down *now*. We have better ways to win this fight.

There are at least three reasons running a denial-of-service against SCO
is a bad idea:

First: We're the good guys. But that doesn't matter if we aren't
*seen* to be the good guys. We cannot fight our war using vandalism
and trespass and the suppression of speech, or SCO will paint us as
crackers and maybe win. Let's keep the moral high ground here.

Second: We have other tools that are more powerful. We have an
astonishingly strong set of facts on our side. SCO has been caught in
multiple lies, wholesale IP violations, and defamatory statements. The
way to destroy them is with legal weapons. We can do that.

Third: SCO is its own worst enemy. Every time its spokespeople
open their mouths, they dig their company's grave a little deeper.
Consider their statements at SCOforum and what followed. We're
in an even stronger position than we were three days ago.

We *want* them raving in public. It helps us. Everything they say is
more rope to hang them with in a courtroom, but they're too trapped in
their own propaganda-based strategy to do the smart thing and shut up.
Their problem is that the moment they stop FUDding long enough for
people to get a clear-eyed look at the facts[4] their credibility will
evaporate and their stock price will crash hard. Even all the legions of
Microsoft's press shills, captive analysts, and astroturfers won't be
able to rescue them.

Stop the DOS attack. Let SCO speak out and hang itself.

Right now, the most helpful thing you can do is collect SCO's
published statements and show how they have repeatedly contradicted
themselves and lied about the facts. I've received some genuinely
useful stuff by email describing factual and legal vulnerabilities
that the research team[5] here at Alliance HQ didn't spot on its own --
papers like Greg Lehey's analysis[6] of the code SCO revealed at
SCOforum showing that they must have stripped BSD copyrights out of
their kernel tree. The reports indicating reason to believe that
there is probably GPLed code in Unixware's Linux Personality Module
were helpful too.

One of our big advantages over SCO is distributed brainpower. There
are a lot of us, and we have excellent Internet-research skills. Want
to strike a blow against SCO? Help convict them using their own
public statements, their own 10Ks and 10Qs, all the press coverage,
the material that's in their web and FTP sites. Collate. Assemble
dossiers. The facts are with us, so gather and use the facts. All
cheesy Star Wars references aside, this is info-war. Truth --
believable and provable truth -- is the weapon.

This is why sites like the IWeThey SCOvsIBM page[7] and
WeLoveTheSCOInformationMinister[8] aren't just good clean fun; they're
valuable references to help lawyers demonstrate SCO's record of bad
faith, lies, and massive intellectual-property theft. Do more of
that; in particular. the IWeThey wiki badly needs updating and better
cross-references. These things will be used to defeat SCO -- and
sooner than you probably think.

I'm organizing a conference call early this coming week among a few
key leaders to decide on the next stage of our response. Have
patience. There is a plan developing, which I can't talk about
because the element of surprise is part of it. We will counterattack
at a time and place of our choosing and we will win.

Rebel Alliance provisional command, over and out...

[1] http://www.infoworld.com/article/03/08/08/31OPcringely_1.html

[2] http://www.nwfusion.com/news/2003/0825scoatta.html

[3] http://www.catb.org/esr/writings/mcbride.html

[4] http://www.opensource.org/sco-vs-ibm.html

[5] The research team: myself, Rob Landley, and Catherine Raymond, esq.

[6] http://www.lemis.com/grog/SCO/code-comparison.html

[7] http://twiki.iwethey.org/twiki/bin/view/Main/SCOvsIBM

[8] http://WeLoveTheSCOInformationMinister.org/

Update posted 25 Aug, 0700 US EDT: I have just received confirmation that there was indeed a DoS attack
on SCO's network, a rather sophisticated one organized by an
experienced Internet engineer. The person responsible has agreed to
terminate the attack in response to my earlier request[1], but it
will not actually end until the timers on his 'bots run out.

I don't actually know who the attacker is, and don't want to; the
person who phoned me was not him, but an associate -- what spies call
a cut-out. It is clear that the attacker was no script kiddie; he was
able to come up with a subtle, selective attack that only took out a
subset of sites on the subnet that hosts SCO and looked like a site
outage from the outside.

I had been hoping, and actually expecting, that the attacker would
turn out to be some adolescent cracker with no real connection to the
open-source community other than a willingness to stand down when one
of its leaders asked. But no; I was told enough about his background
and how he did it to be pretty sure he is one of us -- and I am
ashamed for all of us.

This attack was wrong, and it was dangerous to our goals. I realize
the provocation was extreme; since March SCO has threatened, grossly
insulted, and attacked our community and everything we've worked for.
I'm certainly not without sympathy for the person who did this.

Newvertheless...we must *never* make this mistake again, whether
against SCO or any other predator. When we use criminal means to
fight them, no matter what the provocation is, we bring ourselves down
to the level of the thieves and liars now running SCO. That is
unethical, and bad tactics to boot.

Public opinion matters, it even influences judges. We must do right,
and we must be *seen* to do right, in order to win against SCO and the
bigger, nastier foe pulling their strings. In an info-war like this,
truth is the most potent weapon, but a reputation for virtue and
honesty runs a close second. Don't be the one to throw ours away!

One more request. Please try to keep the conspiracy theorizing under
control, at least in public forums. Yes, SCO is behaving much like a
sock puppet of Microsoft now, but we have neither any evidence of
conspiracy prior to the lawsuit there nor any need to suppose it to
explain either company's behavior. Overheated speculation about how
long they've been plotting this just makes us look paranoid. Stick to
the facts; Microsoft, a convicted predatory monopolist, is funding a
lawsuit against its only serious competition to the tune of more than
six megabucks, and their money is the only real income SCO has.
That's quite enough without the speculation.

Rebel Alliance provisional command...uh...thanks you for your cooperation.
There will be further dispatches shortly. Keep watching the skies...

[1] http://lwn.net/Articles/46229/

Editor's note: The opinions in this article are Mr. Raymond's, and may or may not be shared by NewsForge editors or OSDN management. However, it should be noted that, like Mr. Raymond, NewsForge editors and writers are not being paid or coerced by IBM in any way to write (or not write) about SCO's recent actions.

Click Here!