Setting the Record Straight on OSS v. Perens - Perens' History of FUD and Profiting Off It
February 7, 2020
Educational Background
Bruce Perens is not a lawyer. Perens did not graduate from law school, nor did he graduate at all from any university.
Crying Wolf
In 1999, Perens notified the police of and widely publicized a verbal threat by Eric Raymond, claiming he was afraid for his own safety because he knew Eric was a "firearms enthusiast", suggesting there was a physically violent threat. He retracted the accusation the next day.
Perens Apologizes After Lawsuit Threat to Corel Hits Slashdot
In the same year, Perens emailed the following lawsuit threat to the debian-legal mailing list:
To: debian-legal@lists.debian.org
Subject: Corel Lawsuit
Date: Fri, 26 Nov 1999 10:09:00 -0800 (PST)
From: bruce@perens.com (Bruce Perens)
Message-Id:
It's time for us to bring suit against Corel for this "can't download unless you're 18" stuff. That's not in our license and they know it. I've tried to help them several times, and they continue to be 100% clueless. I think at this point they are not representing Debian well, and should not distribute it. I'm not going to help them any longer.
Bruce Perens
This mail was sent on the same day as a barrage of comments on this Slashdot article regarding an agreement on the Corel website that governed the ability to download the software from Corel's servers, requiring click-through agreement that the person downloading wasn't a minor. This situation (provided the agreement were drafted properly) would not be too dissimilar from notices displayed by the Fedora project and others that request acknowledgement that the person downloading the software isn't from any US-designated sanctioned countries for export-compliance purposes. The FSF has a FAQ entry on this latter instance: "the FSF understands the desire of commercial distributors located in the US to comply with US laws. They have a right to choose to whom they distribute particular copies of free software; exercise of that right does not violate the GPL unless they add contractual restrictions beyond those permitted by the GPL."
After others pointed out the issue with Perens' theory, and noticing that it had turned into a second Slashdot post about the lawsuit threat, Perens apologized repeatedly, reproduced below:
Guys, I am having a real bad morning and I spoke too soon. I meant to open a discussion on a mailing list, not to be on top of Slashdot by sending one email. Everybody else on the list said it's too soon for a lawsuit.
Bruce
Oh darn, I have really screwed up this morning. I'd better admit it and control the damage before it gets worse.
I got frustrated with Corel because I have worked to smooth these things out twice before. I sent a message asking if it was time for a lawsuit to a Debian mailing list. I did not expect that message to be posted to Slashdot. The people on the Debian list told me to chill out, which was good advice.
So, Corel folks, I apologize. You need to sort our some issues with the community, but any talk of a lawsuit at this time is way out of proportion.
Bruce Perens
No, I no longer lead the Debian project, and when I did we didn't count votes. And I got a little too upset this morning and said stuff I should not have.
Bruce
Erik,
Agree that the witch-hunt mentality is bad for us. I headed it off twice before. I just got too darned frustrated about heading it off yet another time. Stupid me, I didn't realize that one message posted to an obscure Debian mailing list would mean a slashdot headline.
Point taken. I guess "I screwed up" is no excuse either, but there isn't much more I can say.
Point taken - anything I say or do may end up being publicized way out of proportion and I'd better be more careful about it.
I get enough of the spotlight, don't worry about that. There's no chance that I'd miss it at this point - in fact I am fully aware of its disadvantages.
Apparently all of the lessons Perens learned there were lost in the two decades since. In the Slashdot posts visible above, the parallels to our situation are unavoidable, as well as the distinct difference in Perens' behavior when it comes to accusing a small company vs a large one. Red Hat's subscription policies were also brought up in several comments. Rather than praising Perens for his exercise of free speech, as he himself and his lawyers would now want him to be championed for, many on this post mentioned their loss of respect for Perens given his reckless public accusations. Several commenters pointed out how badly this kind of hasty witch-hunt reflected on Perens, the community, and supposed "news" sites like Slashdot that published Perens' accusations without an ounce of fact-checking:
I think Bruce Perens simply misses the spotlight.
Corel did not modify your license terms. They are merely refusing to distribute to a certain class of people. The GPL does not force Corel into distributing the software at all. If I have a peice of GPL'd software sitting here on my hard drive and you come up to me demanding that I give you a copy of it I have every right to refuse.
This might sound strange, but after reading the comments in this article that have Bruce Peren's name on them, I'm wondering if someone has not broken into his Slashdot account. How could anyone who has read and understood the GPL miss such an important point?
This is an excellent example of how quickly things can get out of contol and blown out of proportion on the internet. Bruce Perens made a half cocked statement about a lawsuit against Corel. He has since admitted that this was a rash decision.
What bothers me is that slashdot even posted this. I've never seen such a low quality post on slashdot before. I agree with the earlier comment by someone who said that posts like this should removed from the main page and archived instead. I just hope the mainstream media doen't get ahold of this. It really makes the Linux community look bad in my opinion.
You're attempting to put the genie back into the bottle with this one. There have been several people here who agree with your original email about suing Corel, they are not likely to change their mind just because you retract your 'shoot from the hip' email.
Good luck controling the damage on this, the thread so far is enough to convince many companies that it's not worth the trouble to go open source/GPL at this time.
As far as I'm concerned /. does far more harm to the open source and the Linux community with premature nonsense articles like this than anything else. Yet another blindly posted article that was not investigated to any degree whatso ever. This is good flamebate against Open Source and basically shows the acute immaturity in the Linux Community. You people who run /. have an obligation to the community to report things that are correct, complete and fair instead of acting like a bunch of immature kiddies who post garbage like this. Any RESPONSIBLE person would have contacted Bruce for a clarification of the issues. Instead you post this crap and create waves within the community. It should have stayed on the mailing list where it orginated.
The Open Source Trademark We Claimed We Had, But Didn't
Also in 1999, Bruce Perens was associated with Software in the Public Interest (SPI), which attempted to trademark the term "Open Source" (presumably to extract fees from people for the privilege of being able to call their software "Open Source", even though it was already a common phrase at the time). The trademark application lapsed, but that didn't stop the SPI from asserting on its website that it had a registered trademark for Open Source. As was written by a news report at the time which appeared to have forced an end to the bogus claim:
The public was told by the USPTO about the abandonment a few weeks ago. Yet SPI, which should know more than anyone else about what's going on, continues to assert (at least up until early June, when this piece was written) that the term Open Source is a registered trademark of SPI. That claim is patently false, pardon the pun, and always has been. The term has never been a registered trademark, and it's no longer even pending registration.
It continues:
Raymond, through Bruce Perens, first bequeathed the term to SPI, which also does high-level management for the Debian Linux project. The plan was that SPI, which was incorporated, would legally own the trademark and Raymond would administer and enforce its use. So it was SPI that actually tried to register open source. Then Raymond and Perens went to help form the Open Source Initiative (OSI) in November 1998, and claimed that the trademark went with them. The SPI disagreed, responding with a call for public consultation that happens to include a fairly good history of this whole soap opera. The OSI homepage, while stating that Open Source is a registered trademark that OSI "manages," never explicitly acknowledges who owns the term. Indeed, their assumption that someone actually owns the term at all is (and always has been) highly unfounded.
More information on this can be found here. Here Perens admits in a Slashdot comment that it was he who filed the registration for the Open Source trademark. Perens co-founded the OSI (a group he later resigned from, later was denied re-entry into, and resigned from a second time), which had the below text visible on its website prior to the publishing of the above news article:
Any software that uses licenses that are certified conformant to the Open Source Definition may use the Open Source trademark, as may source code explicitly placed in the public domain. No other license or software is certified to use the Open Source trademark.
This can be verified via archive.org. After publication of the above news exposé, the content of the page was changed, as can be verified here.
Scary Linux Patents We Can't Tell You About
With the "Open Source" trademark business foiled, Perens moved on to the insurance business, specifically patent indemnity insurance. In January 2004, he did an interview with the BBC talking about how software patents "threaten Linux." There was no mention in the interview of Perens' conflict of interest, though, that he was involved (at least in talks) with a startup called OSRM around this very topic, and became a board member in April of 2004.
In June of 2004, he made a guest advertisement^Wpost on ZDNet issuing a similar warning: "Open source: Prepare for attack" This one mentioned in the bio "Bruce Perens is a member of the board of directors at Open Source Risk Management, a company that sells insurancelike [sic] protection for Linux use." In August of 2004, OSRM spread out the claim in news media that "Linux potentially infringes 283 patents" via articles like this one.
In this article, interestingly, in contrast to Perens aiming in his blog post to make our customers guilty of contributory copyright infringement because they were now aware via his blog post of our supposed copyright infringement, here OSRM refused to provide the claimed list of 283 patents for the following reason: "If we were to publish the patents, we've now put everyone on notice of those patents. For those who have tried to avoid them, we've forced them to know of them, so we've screwed the community," Ravicher said. "If someone really wants to know, they can do the search themselves."
This FUD from an organization Perens was involved in was used by Microsoft to scare people away from using Linux, as mentioned in this November 2004 article. OSRM then had the gall to accuse Microsoft of engaging in FUD for mentioning the same things from the report they had caused to be widely published with fear-mongering headlines from Perens. Perens, in fear-mongering to advocate for the company he was involved with, failed to mention some of the things pointed out by the OSRM report author (after perhaps the Microsoft debacle brought them a little too much attention), like:
Ravicher also pointed out that the number of untested patents that Linux violates "is so average as to be boring; almost any piece of software potentially infringes at least that many patents."
More specifically, the study found that not a single software patent fully reviewed and validated by the courts is infringed by the Linux kernel.
This FUD was called out back in August 2004 via the following Forbes article called "Linux Scare Tactics". Among its notable quotes:
It used to be that enemies of Linux were the ones spreading "fear, uncertainty and doubt" about the free operating system. Now the F.U.D. comes from Linux zealots themselves, who believe they have found a way to make money on it.
Run by a North Carolina venture capitalist named Daniel Egger Daniel Egger , the 12-employee OSRM wants to charge companies $150,000 a year for $5 million in legal coverage that kicks in if they get sued for using open-source programs like Linux.
"First the Linux folks say there is no risk to using Linux, and now they say there is a lot of risk and you need insurance? And by the way, they're making money selling the insurance? This smells to high heaven," says Robert Enderle Robert Enderle , president of the Enderle Group , a market research firm in San Jose, Calif., that tracks the Linux market.
Linux advocates howl that SCO is running a shakedown racket. They point out that SCO still won't say which parts of Linux contain stolen SCO code, nor will SCO name Linux users it claims are paying license fees to SCO. Similarly, OSRM says there are 283 patents that Linux may violate, but won't say what those patents are. (OSRM says it will tell customers who insist, but warns this could make customers vulnerable to claims of "willful infringement," which could lead to triple damages.)
Ravicher, who performed the patent analysis that turned up Linux's 283 possible patent violations, claims on his Web site that he has "extensive experience litigating, licensing, prosecuting and otherwise counseling clients with respect to patents." In fact, he has three years of experience as an associate at two law firms in New York and has never acted as lead counsel on any patent litigation.
Ravicher's online bio also claims that he "practiced law" at Skadden, Arps, Slate, Meagher & Flom, one of the country's most prestigious law firms. Actually, he spent eight weeks at Skadden as a summer intern while he was still attending law school.
The paradox for open-source software has always been this: How can you make money with programs that are given away for free? Some make money by customizing code, or installing systems, or performing support and maintenance.
And now here comes plucky OSRM, sowing fear and selling insurance--which, if nothing else, takes the prize for chutzpah.
The BusyBox Controversy, or "The Emperor Has No Copyright"
Perens wrote the initial version of BusyBox in 1995, declared it complete in 1996, and stopped all further development on it. Other individuals forked the code and rewrote it. When these other individuals planned in 2006 to release new versions under GPLv2 only instead of "GPLv2 or later", Perens objected, claiming they needed his approval due (he claimed) to his holding significant copyright ownership of the code. In response to this, Rob Landley, a more recent maintainer of BusyBox at the time, published a lengthy forensic analysis of the BusyBox codebase, motivated by Perens' actions during relicensing discussions, where Landley stated that Perens' "repeated demands quickly turned into threats." As a result of this analysis, Landley claimed Perens had no code left in the BusyBox project.
Despite multiple people questioning Perens over the years regarding evidence of his claimed continued copyright in BusyBox, I have not been able to find any statement where Perens points to even a single line of code in BusyBox that still matches his original version. Such a statement does not even exist in his below deleted blog post. Perens did, however, claim Landley was "wrong" and cited "multiple" unnamed lawyers that he had discussed the matter with. Further, even if Perens did still have copyright over parts of the code, it's not clear that a "v2 or later" license change to "v2 only" would require permission of copyright holders (for the newly-forked versions).
On the topic of Perens' contributions to BusyBox, Landley also had this to say, in a post well worth reading in its entirety:
Erik Anderson took various forks of a project bruce had abandoned years earlier and stitched them together into a new project, which he proceeded to replace pretty much all of the existing code of within the first year or two. It probably would have been _easier_ for him to just start over from scratch, but that wasn't his style.
As to what Bruce originally did, he stitched together a dozen or so existing projects he hadn't written. The bulk of the original code was things like gzip, copied verbatim into his "new" project. Other projects (such as Red Hat's nash) did the same thing, but they didn't get turned into important embedded tools because they weren't repurposed and rewritten for seven years by Erik Andersen.
The reason I have no respect for Bruce's "work" is because I've never seen him do any work for me to respect. In the five years I'd been poking at busybox (by the time I became maintainer and tried to clean up the license mish-mash) I had never interacted with Bruce as a programmer, and his contributions (if any) had never been discussed on the list or on IRC.
Bruce simply isn't a coder. Hasn't been this decade, that I've noticed. He's an author and politician. (Hint: most people don't need an equivalent of http://perens.org/about/self-promotion/ on their websites.) His claims to fame are things like inheriting Ian Murdock's Debian project and giving it is current culture of hostility to newbies and close ties to the FSF. That isn't code, that's politics.
In 2009, Perens became upset that the SFLC was filing a copyright infringment lawsuit in support of the BusyBox software without involving him in it, despite him not being involved in the development of it for some 13 years. In a now-removed blog post, which is still accessible via archive.org, he claimed that "much of the current code base is a derivative work of my copyrighted code." Perens also claimed in the now-deleted post that Landley and other BusyBox developers were "in apparent violation of various laws." In Perens' post where he states:
Unfortunately, all of this is confusing my strategic consulting customers. Thus, I will offer them a waiver of my interest where appropriate. I will also offer a waiver to those companies that use my assistance in coming in to compliance with the Busybox license, at my usual consulting rate for that assistance rather than "damages" related to my copyright, regardless of their past or present infringement.
He appears to be informing the public that he won't sue his own customers, and won't sue anyone who pays him to become his customer. But if Landley's analysis is correct, Perens had no basis to sue anyone in the first place, making this a pure seeking of payouts for his business based on FUD. Others also saw this as an attempt by Perens to cash in on a lawsuit he was left out of. And according to this comment by Perens, it appears he was successful.
Overstated Programming Prowess
In one of the posts cited above, Rob Landley discusses Perens' exaggeration of his programming prowess, saying that "[h]e's an 'open source developer' who doesn't seem to _develop_ anything, but loves to order around those who do." More of Landley's statement from a decade ago regarding Perens' programming history is reproduced below:
If you hunt around a bit on perens.org, you can eventually find http://perens.org/works/software/ (which is link #25 of 36 in the nav bar, obviously a high priority). That page starts by noting that back in the 90's he posted map data to the internet (which isn't coding, wasn't data he collected or created, happened in the floppy drive era, and he's pointing at work somebody else did on their website and somehow taking credit for it).
Next up is "Electric Fence", which is actual code but which the man page at http://linux.die.net/man/3/efence says was from 1987, and that man page ends with a "What's Better" section pointing at two other projects from the mid-90's. Wikipedia currently lists 23 separate projects that do this sort of thing (http://en.wikipedia.org/wiki/Memory_debugger) none of which are gcc's current built-in stuff like libmudflap. The efence implementation is a simple wrapper around malloc and friends that allocates a guard page before and another after each allocation. (Um, I've done that myself, back under OS/2 in 1996. You need a library for it?) Its project page at http://perens.com/FreeSoftware/ElectricFence/ says "a new version will be up shortly", but archive.org's oldest version of that page (from 2004) has it saying the exact same thing and pointing at the exact same version.
The next entry is his claim to busybox. Whatever else you want to say about it, the last actual coding he did on it was over a decade ago.
Then he has a page noting that some media center remote should work out of the box but didn't for him, so he had to tweak a config entry. (This is on his "software" page?). Then some javascript to pan and zoom some camera from firefox, and finally "convert vim outliner to various slide show formats".
That's it. I've seen undergraduates with a better programming portfolio. Heck, when I was an undergraduate I could have pointed you at various bulletin board systems I wrote (my first big C program and my first big C++ program were both bulletin board systems, back before ISPs), the bake build tool for OS/2 (which amazingly is still online), the little mcga game I wrote in 8086 assembly, and all sorts of other stuff I can't even remember today. But I'm not the one claiming to be some great community leader, I just some developer who happened to be doing stuff that Bruce flipped out over.
I was reminded of Landley's above quote when I read O'Melveny's announcement regarding the lawsuit, which mentioned Perens as "one of the early contributors to the Linux Kernel." This was news to me, as I had never seen him discuss anything on the Linux kernel mailing list in my 20 years of Linux kernel development and never saw any copyright notice of his in Linux kernel code I ever worked on. So I did some digging into this claim.
The only contribution of Perens to the Linux kernel's code that I've been able to find is this single line change from Feb 2nd, 1995 with an added 4 line comment and pseudo-copyright notice. Since this "contribution" is so small, it's been reproduced here in full:
diff --git a/fs/namei.c b/fs/namei.c
index f9d83b7d1989..21b935ce2096 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -396,7 +396,17 @@ int open_namei(const char * pathname, int flag, int mode,
iput(inode);
return error;
}
- if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
+ if (S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
+ /*
+ * 2-Feb-1995 Bruce Perens
+ * Allow opens of Unix domain sockets and FIFOs for write on
+ * read-only filesystems. Their data does not live on the disk.
+ *
+ * If there was something like IS_NODEV(inode) for
+ * pipes and/or sockets I'd check it here.
+ */
+ }
+ else if (S_ISBLK(inode->i_mode) || S_ISCHR(inode->i_mode)) {
if (IS_NODEV(inode)) {
iput(inode);
return -EACCES;
This one-line change was introduced in the 1.3.60 version of Linux from a year after the date mentioned in the change, February 7th, 1996. The change, along with Perens' comment, was removed a little over a year later, in version 2.1.44 of the Linux kernel, released on July 8th, 1997. I'll leave it to the reader to decide whether a single-line change that was quickly removed is noteworthy 25 years after the fact, or whether this is yet another example of exaggerated self-promotion on the part of Perens.
Bonus Insight
While the case was in court, there appeared this post on Slashdot by the account used by Bruce Perens, bearing his name.
The comment was:
Nothing here says that Perens made a cent for being sued. It says in the court papers [link to a PDF on perens.com] that his lawyers worked for about 900 hours and were paid for about 450 of them, at fair rates for lawyers.
When people pointed out that the "Bruce Perens" account was referring to himself in the third person via last name, he replied a mere 3 minutes later with "Oops. My family has been told they can't comment either. I apologize for this."
To my mind, there are only two conclusions one can come to from this, as I'm unaware of any other instances where posts made under the "Bruce Perens" account on Slashdot were claimed to have been made by his family members.
So either: 1) For this single post, out of over two decades of posting on Slashdot, Perens' family were all gathered around his computer logged in to Slashdot under his account, one jumped onto the keyboard without him being there (as surely being a legal expert he would advise them immediately not to comment on the case, and the comment would not have been posted), referred to their spouse or father in the third person by their last name (very common) and linked to a PDF on Perens' website that's not easily found. Then within the next 3 minutes, that family member got off the computer, was scolded by Perens, and then Perens himself posted the reply blaming the family member for commenting.
Or 2) Perens lied and blamed his own family because he was caught shilling for himself in Slashdot comments and forgot to log out into an anonymous account first.
For more information about the lawsuit, including the anonymous troll who formed the sole source of Bruce Perens' false claims, see Part 1 of our post here: https://grsecurity.net/setting_the_record_straight_on_oss_v_perens_part1.
For more information on what we think the implications of our experience are on the stewards of the GPL
and the community at large, see Part 3 of our blog here: https://grsecurity.net/setting_the_record_straight_on_oss_v_perens_part3.
For those who believed the opinions of a layperson reflected facts, please see this article from an actual lawyer regarding the
GPL and subscription policies with conditions on providing future services or support: https://www.clfip.com/ip/blog/the-gpl-and-a-condition-on-providing-future-versions-or-services/