July 28, 2004

[none]

When AT&T balkanized its UNIX holdings in 1993, two different companies ended up walking away with pieces of the original Unix. Novell originally bought it all, then decided to keep the Unix source and sell the UNIX trademark -- the name, in other words -- and the Single UNIX Specification standards to the X/Open Company. The Open Group (as it is now called) has since learned to use these assets profitably by offering qualification testing and certification for operating systems. If your OS meets certain requirements, passes the qualification tests, and you pay the fees, you get to call it UNIX. Even if your OS is named Windows or GNU.

The purpose of the Single UNIX Specification is to ensure that an operating system will behave, operate, and communicate in a standard fashion so that it can be trusted in critical environments. In order to reach that goal, the operating system has to have certain predefined parts and achieve a reliable and predictable level of functionality.

So what's involved with the UNIX standard certification? Basically you download some test programs (linked below) and the The Open Group audits the results to ensure that it meets a collection of guidelines on designing a portable, interoperable, networked operating system. An example of one of the points of the standard is the layout and function of the ctype.h file. If you'd like to read the entire UNIX Specification version 3 (the latest as of this writing), you can do so at this address. It requires a registration, but it's not really much of a hassle and it doesn't require verification of your email address.

Currently there are no UNIX03 certified products in the list provided by The Open Group, and the company doesn't comment on products currently undergoing certification. You'll find IBM AIX 5L; Sun Solaris 8, 9, and Express; and Compaq Tru64 5.1A in the UNIX98 list, which was the previous standard. Notice something missing? That's right, there are no SCO products that have passed the UNIX03 or UNIX98 standards. To find UnixWare you have to go back to the UNIX95 standard, where you'll find a handful of other UNIXes, including SGI's IRIX and HP's HP-UX. To find SCO OpenServer you have to go all the way back to UNIX93, a standard ten years out of date.

You also won't find GNU or BSD in the list anywhere, even though at a glance the BSDs appear to qualify on an initial level and most GNU/Linux distributions could be easily modified to become compliant. So what's keeping them from being certified?

In researching this article I was met with hurdles that almost made me give up on writing it. For instance, the first step in UNIX certification is agreeing to a 54-page license agreement. I don't have the time or patience to read through the entire thing, but a very basic way of explaining it is, it makes a company accountable for their operating system. Generally a license, whether free or proprietary, exempts the manufacturer and/or distributor from any liability claims by end-users. Operating systems that qualify for and use the UNIX brand name are held liable by The Open Group to continue conformance to the specified standards through upgrades, bug fixes, patches, and other modifications. If a certified product is found to be non-compliant, the manufacturer or distributor has to bring it back into compliance within a certain timeframe.

What SCO doesn't want you to know

Since you don't need any of the original AT&T Unix source code to certify your operating system and use the UNIX trademark, you do not have to license anything from the SCO Group to call your operating system UNIX. As a matter of fact, SCO has to pay The Open Group to use the UNIX and UnixWare trademarks, and according to this statement, The Open Group is not very happy with SCO's obnoxious and unprofessional public behavior.

SCO only has the right to license the Unix source code that they have control over; basically what they bought from Novell, which was sold to them first by AT&T. SCO does not control the patents to the Unix source -- that also remains with Novell -- and whether or not SCO controls the copyright to the code is currently a matter of debate; SCO says they control the copyright and Novell claims that they still retain those rights. When you step back and examine the situation, the SCO Group actually controls very little so-called "intellectual property" with regard to the Unix operating system.

Another interesting SCO-related point is their claim that Linux contains code similar to bits found in SVR4 Unix. GNU/Linux and the BSDs are striving for standards-compliance on many levels, and that means following the proscribed Open Group, ISO, and IEEE standards as much as possible. SCO has shown very little proof of copyright infringement thus far, but has claimed that the Linux files such as ctype.h and errno.h are "copied" from their proprietary code, when instead they were designed according to published standards. SCO does not own the standard or the material in the standard; they are either trying to intentionally mislead people to give the appearance of credibility, or were not thorough enough in their research on the matter.

Aside from the required responsibility of the vendor, a potential customer thinking of using a trademarked UNIX operating system also has the advantage of having a standard set of APIs and a standard interface throughout all UNIXes. So from a buyer's perspective, the UNIX brand has a lot of value for mission-critical environments.

Standards and requirements

The first UNIX standard that The Open Group used was UNIX93, but that was more or less an inheritance from AT&T and only applied to OSes that predated the Single UNIX Specification. The first UNIX standard to to be developed by The Open Group was UNIX95, followed by UNIX98 and now UNIX03. These standards are often also referred to as versions 1, 2, and 3, respectively. Interestingly enough, as of the UNIX95 standard, an operating system does not have to use or license any of the original AT&T Unix source code in order to be certified as a trademarked UNIX. IBM's OS/390 V2R4, for instance, is UNIX95 certified yet it contains none of the Unix System V Release 4 code. So that means that the BSDs and GNU (Linux and HURD), being free of source code from the original AT&T Unix and in spite of the fact that GNU's Not Unix, could become certified UNIX operating systems. So could Microsoft Windows, theoretically, although it would take much more work and effort to make Windows conformant to UNIX03 standards.

How much work would it take to get one of the GNU or BSD variants up to standard? Some or all may already be there right now, but there are pages and pages of specific requirements to read over in order to find out. Examining them in GNU or BSD requires a good working knowledge of the operating system's source code, and the thought of poring over all of that code is at least twice as appealing as summarizing the license agreement. Here are the basic requirements that an OS must meet to be compliant, with links to in-depth descriptions of what they really mean:

Think your OS is up to snuff? First run down the checklist, then try running it through The Open Group's list of standard test suites to determine compliance.

The fees

So let's assume that some GNU/Linux distribution was able to meet all of the Single UNIX Specification standards and all of the tests have been passed. Your lawyer has read through the license and explained it to you. You've filled out all of the forms and are ready to go. So how much does it all cost?

The exact cost depends on how many units you deploy per year; with all costs added up the range is anywhere between roughly $45,000 and more than half a million dollars when the process is finished. There are enough factors involved with the process that it's impossible to guess what it would cost for any specific operating system or distribution. Some of the costs are one-time only, some are annual or periodic. The Open Group maintains a complete fee schedule online if you'd like to see the exact breakdown.

UNIX and the Linux Standards Base

When I asked Novell why SUSE Linux isn't certified for the Single UNIX Specification, they replied in such a way as to show that they had no idea what I was talking about. I repeatedly tried to contact Red Hat regarding this matter, and along with IBM and the OSDL, but no one returned a call or replied to an email. It seems that The Open Group has some work to do when it comes to brand awareness.

Novell told me that The Linux Standards Base was good enough for the products they're selling (SUSE Linux, namely). That got me wondering what the difference is between the LSB and UNIX certifications, so I asked The Open Group. In their own words:

The Single UNIX Specification specifies application programming interfaces (APIs) at the source level, and is about application source code portability. Its neither a code implementation nor an operating system, but
a stable definition of a programming interface that those systems supporting the specification guarantee to provide to the application programmer. Efforts such as the Linux Standard Base, and similarly the iBCS2 for x86 implementations of System V, are about binary portability and define a specific binary implementation of an interface to operating system services.

The LSB draws on the Single UNIX Specification for many of its interfaces although does not formally defer to it preferring to document any differences where they exist, such as where certain aspects of Linux cannot
currently conform to the industry standards, one particular example being the area of threads. Some interfaces are not included in the LSB, since they are outside the remit of a binary runtime environment, typically these are development interfaces or user level tools. Likewise there are many areas in the LSB that are outside the scope of the Single UNIX Specification (for example system administration interfaces).

The Open Group representative then pointed me to two white papers on the subject here and here.

What would GNU/Linux gain from being UNIX?

So it's possible for a GNU/Linux or BSD implementation to become a real UNIX. Would it be worth the time, effort, and money to get certified? The certification process only takes about a week, assuming the product in question meets the standards already. Since GNU/Linux already meets most of the qualifications as written in the POSIX and LSB standards, it probably wouldn't take much effort or money to bring it into UNIX compliance. A corporation like IBM or Novell wouldn't have a problem paying the requisite fees -- in fact IBM's already paid for the certification for two of their products.

When you certify an OS, you certify it for a certain hardware platform that you're presumably selling with it, although software-only vendors can still get the certification. More than likely, GNU/Linux and BSD would be certified on x86 systems. For a hardware vendor like Sun or IBM, it would make sense to offer a UNIX-certified solution because they're selling the hardware with the software, thus providing a complete certified solution for customers. This is what they've done in the past with Solaris and AIX, respectively, but the big problem is that those OSes are primarily for proprietary hardware (POWER and SPARC-based systems), although Solaris will work on and is certified for x86 machines. The enormous advantage of a GNU/Linux or BSD solution would be their superior hardware support, which would allow customers a much more diverse selection of considerably lower-cost products. When Sun and IBM proprietary hardware sells anywhere from $4000 to $20,000 dollars (U.S.), a similarly powerful alternative x86 solution could cost under $1000.

According to The Open Group, thus far nearly $60 billion in procurements have required UNIX conformant or certified products. I was unable to find any data suggesting that this trend will continue, but even just selling upgrades and migrations to the current installed base is a market in itself. There is certainly money to be made by certifying a free software operating system. The question is, who is going to get there first?

Jem Matzan is the author of three books, a freelance journalist and the editor-in-chief of The Jem Report.

Click Here!