All Your BASH Are Belong To Us

Published on Wednesday, 10 August 2011 19:31
Written by Douglas Eadline
Hits: 11308

From the "secret sauce that tastes bad" department

Many Linux/Unix programmers are not aware that a battle over Bash scripts is currently raging in a Kansas courtroom. A Linux cluster vendor, Atipa Technologies is claiming all the Bash scripts they shipped to customers contain trade secrets and were stolen by former employees. Should this issue be decided in Atipa's favor, the fundamental idea of shared and open software could be blanketed by the simple claim of trade secrets.

In the Linux world, Bash scripts are the tools of all administrators and users. For those that may not know, Bash is a program that let's one talk to the operating system of the computer using a text command line. Often called a "shell," it provides access to commands that can start programs, look at files, check machine status, and a whole bunch of other useful things. One powerful feature of Bash shell is the ability to write a text file (or script) that contains a list of Bash and system commands that normally would be typed into the command line. The script can then be "executed" just like any other program on the computer. This feature allows system administrators to perform repetitive tasks simply by running the script, rather than receptively retyping the list of commands.

Sidebar One: About the Title

For those that are confused by the title, the meme All your base are belong to us comes from video game lore. It is a rather nonsensical statement that runs similar to the legal arguments put forth by Atipa Technologies.

Image

To aid in the execution of scripts, Bash provides control structures (if-then-else, while, case, etc.) and the use of variables. In programming terms Bash scripting is Turing Complete, meaning it can perform any type of computation possible on a modern computer. In summary, it is a powerful programming tool that is easy to use.

In the High Performance Computing (HPC) community, Bash scripts have been one of the tools used to help maintain, administer, and create clustered systems. Most HPC clusters are built and administered using Bash scripts. The basis for these scripts (and even the actual scripts themselves) are often shared in books, articles, and on public mailing lists.

There is a general understanding that unless explicitly marked in the contents of the script (the text file that is the Bash program), a Bash script is freely available for use and modification by anyone. In some cases there is a copyright notice or a license that allows (or disallows) sharing or modification. These are always explicitly stated at the beginning of the script and obvious to anyone who reads or modifies the script.

Bash scripts are freely exchanged for several reasons. First, they can be short (written in a few minutes or hours), yet effective, programs that are not worth all the overhead required for commercial licensing. Second, scripts tend to be more specific than general in nature, so using someone else's script often involves making some modifications. Finally, they are extremely difficult to protect due to their nature. A script by definition needs to be readable by users (at least the root superuser) as plain text. There is no way to obfuscate a script so its use can be controlled or hidden from users. (There are of course poor programming habits!) As an example, the first few text lines of a Bash script that is used on the majority of Linux systems running today are given below.

#!/bin/bash
# makewhatis: create the whatis database
# Created: Sun Jun 14 10:49:37 1992
# Revised: Sat Jan  8 14:12:37 1994 by This email address is being protected from spambots. You need JavaScript enabled to view it.
# Revised: Sat Mar 23 17:56:18 1996 by This email address is being protected from spambots. You need JavaScript enabled to view it.
# Copyright 1992, 1993, 1994 Rickard E. Faith (This email address is being protected from spambots. You need JavaScript enabled to view it.)
# May be freely distributed and modified as long as copyright 
# is retained.
#

Rest of script follows written in Bash plain text bash language

Note the copyright and instructions on distribution and modification in the script. Other scripts have similar usage information including a copyright notice and any licensing terms.

Therefore, most Bash scripts are given away freely, reproduced, modified, and reused with the understanding that unless otherwise noted they are a shared community resource. If a script author wanted to protect the contents of a script, they would include a copyright notice (and register the script with the US Copyright Office) and they would also provide some language that may place restrictions on how the script could be copied or used. Most importantly, they could not expect the script to hide a trade secret because most legal experts will agree that Trade secrets are by definition not disclosed to the world at large. Instead, owners of trade secrets seek to protect trade secret information from competitors by instituting special procedures for handling it, as well as technological and legal security measures (Wikipedia:Trade Secret Protection). Quite simply, expecting a Bash script to protect a trade secret is like listing the recipe for Coca-cola on soft drink cans as part of the ingredients and expecting it not to be copied. In the computer world, there are other ways to protect trade secrets in programs, but expecting Bash or any other scripting language (Perl, Python, etc.) to protect a trade secret is wishful thinking.

Sour Grapes - Did They Steal Linux?

The preceding introduction to Linux/Unix scripting has not been an academic exercise. As mentioned, the entire concept of an openly readable Bash script protecting trade secrets is currently scheduled for trial on August 16-31, 2011 in the Douglas County Courthouse, Lawrence, Kansas. The sole remaining defendant is Bret Stouder, a former salesman at Atipa (whose parent company is Microtech Computers of Lawrence, Kansas). In February of 2004, Bret Stouder and Rocky McGaugh as well as a few other employees at Atipa Technologies left to form their own company called TeamHPC. A few days later, both Bret and Rocky were greeted at their homes by members of the Lawrence Police Department and were notified that search warrants were obtained to remove any memory bearing device in their possession. When asked what the basis of the warrant was, one officer stated that it was believed that Bret and Rocky had stolen the "Linux software" that was needed to build commodity HPC clusters at Atipa. After both the local police and the FBI took three years to search all of the computers, Palm Pilots, and other memory bearing devices, the material was returned and no criminal charges were ever filed. It seems they could not find the missing Linux.

Several months after departing Atipa, Stouder sent a demand letter asking that Microtech pay over $300,000 in unpaid commissions he earned while at Atipa. A few weeks later Microtech served Stouder and McGaugh with a law suit alleging that they had formed a conspiracy to destroy Microtech’s servers, and steal its customer list and trade secrets. Over the next two years Microtech added other former Atipa employees (some who now worked at TeamHPC) in what appeared to be an effort to sabotage TeamHPC. The other defendants were TeamHPC employees Will Dinkel, Chris Allison and Tom Frahm. A portion of the unpaid commissions that Stouder demanded were for an opportunity that both he and McGaugh had spent seven months developing. The sales effort was successful when Stouder signed and returned Atipa's best and final offer of $8M for the largest Itanium cluster built to date. The customer, Bechtel Bettis a managing corporation for the Department of Energy, provided a purchase order several weeks later. According to Stouder, Microtech never paid a single commission for that sale. Stouder also mentioned he had left an additional $4M of miscellaneous orders for Atipa to complete. The Itanium sale, however, was complete before Stouder and McGaugh left Atipa to form TeamHPC.

Unfortunately, Mike Zheng owner of Microtech did not see it that way because he failed to pay the commissions due to Stouder, presumably because he left the company. Mr. Stouder decided to take the issue to court and in late 2004 Stouder counter-sued asking for the commissions he earned while at Atipa.

The Bash scripts in question are those used to provision the clusters for customers. These scripts, like any other Linux tools can have varying inputs and are placed on the cluster for the convenience of the customers. That is, the claimed trade secrets were shipped to every customer with no more than an Atipa copyright notice. The main authors of many of the scripts, Rocky McGaugh understood the open nature of HPC clusters. By providing administrators and end users with the scripts and instructions on how to use them, HPC clusters could be easily modified and changed by the customer. (e.g. add,remove, change compute servers, users etc.). Most customers would not buy a Linux HPC cluster were it any other way because "open access to the plumbing" is one of the main selling points of Linux based HPC Clusters. According to Stouder, the scripts he, McGaugh, and others placed on customers clusters while at Atipa did claim an Atipa copyright, but did nothing to conceal the common methods and means used by Atipa to configure HPC clusters.

About those customer lists. According to Stouder and the company web page on February 13 2004 Atipa's customer list was in plain sight. Indeed, they even "published" the names on a company t-shirt (see below). It should also be mentioned, than many of the Atipa sales were to publicly funded institutions that are required by law to publicly announce their bid request and specifications to all potential vendors.

On the Backs of Others

Stouder also mentioned that he had a lawyer in the beginning, but is currently defending himself and trying to educate the legal system on the concept of open source and sharing. Sadly, McGaugh, a much respected and liked contributor to the HPC community took his own life in in December of 2004. Rocky was a constant participant in open conversations about the means and methods of HPC clusters on the famed Beowulf Mailing List.

When I mentioned this story to people they often ask "what can I do to help?" I mention that if they know of a lawyer that can assist Stouder, that would be useful. I also suggest that they not buy from companies that threaten the openness of the HPC cluster market. In the case of Atipa, they are asking the judge to affirm their ownership claim of common and open practices as their private trade secrets. The very same methods that may drive the HPC cluster you are using today.

The issue runs a bit deeper, however. The HPC market, which has estimated revenues in 2010 of over $25 billion, is largely fueled by the growth of the Linux HPC cluster. At one time, clusters were considered a "hobbyist" approach to HPC and those that worked to develop this technology were part of that "weird Linux thing." The HPC cluster methodology, which began as the Beowulf Cluster project at NASA, was built by members of an open and diverse community. Software was developed by government labs, universities, companies, and individuals who all understood the power of an open community approach. The open source concept of "give a little and get a lot" rings true in the HPC clusters market and community.

Throughout the development of open source and HPC clusters, there have been companies and individuals that enter the market and believe they can just lay claim to the techniques and methods pioneered by those that came before them. These predators believe that because someone decided to share their work, in an effort to move the market/community forward for everyone, they have a right to call it their own. Run, don't walk, away from these organizations. The HPC community knows how to share and make money. A $25 Billion dollar market has been built on that concept.

Finally, Cluster Monkey will report on the outcome of the trial. We wish Bret Stouder the best of luck in arguing his case. If he loses, you may want to check all those Bash scripts running on your systems, because a precedent may be set where companies can claim "All Your BASH Are Belong To Us" and you may owe them some money.

Image
The Atipa Customer List circa 2004

Unfortunately you have Javascript disabled, please enable Javascript in order to experience the comments correctly