Slashdot Mirror
Patent On 'Private' URLs
An anonymous reader writes: "Tumbleweed, 'secure' email via http with SSL, so, not really end-to-end secure, just got the patent on private URLs; "Tumbleweed IME generates a private URL for each secure delivery. The private URL that IME creates is unique, tied to the sender of the package or transaction, to the content being sent, and to the intended recipient." I guess I can't tell my buds to surf to a non-public directory on my website to download stuff anymore." Many web applications generate these private URLs. Like the cheesy insecure bookmarkable login URL that Slash uses for example (which is just your name and password plain text in the URL which you should never use unless you're on acid, lazy, and/or realize that losing your slashdot user account will in no way affect your life because you are not a moron and use a unique password so bring on the packet sniffers ;)
If they bother trying to press charges against someone for royalties they'll be shot down within a month. I believe just about every semi-secure web based email or online transaction site uses something like that. I even found an old password protection cgi two YEARS ago that did that. Why must common sense be so rare?
I am !amused.
I've got prior art on their stupid patent, dating back to 1998 or something like that.
-russ
Don't piss off The Angry Economist
OK, so it's another stupid patent. So? These things have to be tested to stand up, it's obvious that the US Patent Office just hands them out like Everlasting Gobstoppers at the Willy Wonka factory, so let's stop getting our knickers in an uproar every time this happens.
So, I'd suggest we just let them be patent-happy idiots, and maybe amass some prior art citations for the time when they sue Cmdr. Taco for Slash's infringement of their American right to innovate.
It's a strange world -- let's keep it that way
So, did they patent this because they really felt they invented something revolutionary (in which case they're idiots) or because they wanted to make money as quickly as the ones who patented the one-click buy?
--
Trolling using another account since 2005.
It is already used by a large number of people, and is growing all the time.
The big problem with having new ideas like this is that you end up with a fragmented email system, where everyone is using different standards. I realise that variety in some arenas, such as desktop OS's, is to be encouraged, but I can't help but suspect that in the arena of communication, standards are all, and everyone should use the same methods of communication and encryption, otherwise communication breaks down.
Lets stick with PGP.
--
Clarity does not require the absence of impurities,
/* And you'll never guess what the dog had */
/* in its mouth... */
--Larry Wall in stab.c from perl
Would there happen to be anyone in here that could site previous usage?
Damn. It's only August of '97. They filed in April of '97.
-russ
Don't piss off The Angry Economist
> The private URL that IME creates is unique, tied to the sender of the package or transaction, to the content being sent, and to the intended recipient. I guess I can't tell my buds to surf to a non-public directory on my website to download stuff anymore.
Well yes. That's not the same thing.
This is talking about unique URL identifying URL.
A directory on a harddrive is not the same thing.
> Many web applications generate these private URLs.
Possibly. But Tumbleweed have patented it - they got there first - way back in 1997 according to the story, so it's tumbleweed that gets the patent. I don't see what the big deal is here. There's always been a rush to be the first to do thing - it encourages innovation, and the one who gets their first gets to exploit the invention. It's always happened, and just because it's now happening on the net is no different. I guess people aren't used to dealing with patents, but the news is that everyone else has been dealing with them for three centuries.
> Like the cheesy insecure bookmkarkable login URL that Slash uses for example
Well no, not really. That's just a URL with a password and username. That's not this. You might as well say that the diesel engine is 'like' the 4-stroke petrol engine. Sure there are certain similarities, but they aren't the same - and they can both be protected accordingly.
--
Hi!
Hey, mirko : Check your spelling : CosomosBay
-----
Since this is obviously unenforceable, why'd they even bother? Are they really stupid enough to think they can enforce this? I'm beginning to wonder if some of these companies aren't acquiring and anouncing unenforceable patents just to get the free publicity on an article on /.
Hey, I wonder if I can patent that program? A frivolous patent generator that generates patent applications based on the likelyhood that they'll provide extraordinary amusement for the Slashdot community, therefore earning a company tons of free publicity.
This is the URL I get when I search the USPO's database for this patent: http://164.195.100.11/netacgi/nph-Parser?Sect1=PTO 2&Sect2=HITOFF&p=1&u=/netahtml/search-bool.html&r= 1&f=G&l=50&co1=AND&d=ft00&s1='Private+URL'&OS="Pri vate+URL"&RS="Private+URL"
Seriously though, the patent shows a specific example, which I suppose is patentable, although for what reason I really can't imagine. Why would anybody want to rip them off when it's minimal work to roll your own similar but not identical structure?
Sometimes I think that RMS is right and that all forms of patents are worthless, but then I realise that he's actually pretty damn wrong and we don't live in his world of so-called "freedom".
The trouble with patents is not what they're for, it's how they're used. By definition patents increase freedom because they allow others to benefit from research and innovation done by people and companies, which would otherwise be held secret. They "open source" knowledge to the betterment of all. Of course, unlike the GPL they let the originator make a profit, but that's good in a capitalist society.
However when patents are awarded for anything and everything then we end up with problems like this one, where a company gets a patent on something with obvious prior art that is already ubiquitous. It's partly the underfunded USPTO's fault and partly greedy corporate lawyers fault, but the end result is a mess of litigation and demands for licensing fees.
Thankfully, this one is way too obvious to stick.
I think personally that we need more government control over corporate IP, to prevent such abuses from happening. Then when a company starts throwing its weight around because it's got some dumb patent, the government can step in and ensure that it doesn't go any further. It'll save a hell of a lot of time and money for everyone, which will benefit smaller businesses and private citizens the most, and get rid of a major source of income for those fatcat corporate lawyers :)
Jon Erikson, IT guru
Here's the patent URL...
http://www.delphion.com/details?pn=US06192407__
Here's the Abstract...
A document delivery architecture dynamically generates a private Uniform Resource Locator (URL) to distribute information. Each private URL ("PURL") uniquely identifies an intended recipient of a document, the document or set of documents to be delivered, and (optionally) other parameters specific to the delivery process. The intended recipient of a document uses the PURL to retrieve the document. The server, upon retrieval of the document, customizes the behavior of the retrieval based upon attributes included in the PURL, as well as log information associated with the retrieval in a data base. This architecture and usage of PURLs enables secure document delivery and tracking of document receipt.
What is claimed:
What is claimed is:
1. A document delivery system for delivering one or more documents between a sender and at least one recipient, said system comprising:
* a server that temporarily stores said documents, wherein said server generates a URL for each intended recipient of said documents, the URL unique to each recipient, and sends each of the URLs to each respective intended recipient; and
* a database which is associated with said server and which records log data describing which recipients accessed said documents;
* wherein said server sends the log data to the sender of said documents.
"Communism is like having one [local] phone company " - Lenny Bruce
Well, someone already beat me to it in pointing out that the patent was filed in 1997 (A suggestion to rob et al: on future stupid-patent stories, please give the filing date of the patent - it's not as if delphion makes it hard to look up.)
Oh, and here's the blatant kharma whoring: the patent (all seven claims) at delphion.
But honestly, how much research and development could possibly have gone into an idea like individualized URL's? In a sense, a user's home directory (ie. http://www.tao.ca/~jmcnaught/) is an individualized URL, and simply asking people not to tell other's their URL to keep it private is not much of an insight.
Really, shouldn't a patent reflect a protection of a long term investment, specifically hard won insights from research and development?
But then, on another level, how does the idea of intellectual property help to advance humanity? Drug companies using their patents to extort high prices for AIDS treatment from third world countries is a good example of an extremely bad situation related to patents. But on a whole, how much fast could our knowledge of nature and our ability to overcome difficulty progress if humanity was driven to share it's insights?
Perhaps companies should rely on the prestige of their having discovered a process to protect their investments, instead of asking the government to enforce it for them. That attitude is already half-way there, we've all seen certain labs bragging about how many patents have come out of their facilities.
What kind of language can we use to get these (and other) kinds of ideas across the the IP defendants, or perhaps the politicians?
That IP is essentially a monopoly granting process, that it doesn't sit well with the ideas of genuine free trade? Would abolishing IP be the answer, or should we be sitting down and discussing what deserves patents and what does not, and how long they should last?
Jeremy McNaughton
------ Live simply so that others may simply live.
*cough* prior art *cough*
The problem with capped Karma is it only goes down...
SIG: HUP
If you just do a search on for patents on google, there's a link to a place that supposedly contains "the only large database in the galaxy, with information on over: 15,000 computer programs available in source code form, 50,000 software patents, and 800,000 abstracts to algorithms and software technology reports and articles. These software resources are the output of hundreds of government, academic and corporate facilities, not only in the United States, but also from foreign facilities. Our database has been under private development for eight years."
Not that it's needed in this case, but apparently for $400 bucks, they'll do a search for prior art.
"In these sources, many forms of prior art/reusable software components are searched for: source code listings to a program, pointer to where source code can be obtained, a pointer to where object libraries are located, moderately decomposed structural configuration for a computer program, pseudo-code description of a computer algorithm, and the claims to a software patent." It looks like they look through a lot of different kinds of material: "We check many sources, including government/university/corporate technical reports, journal articles, university theses, published books, commercial products (source code and object libraries), programs posted to/announced on the Internet, programs posted to standalone bulletin board systems, collections of software distributed as libraries on CDROMs, and existing software patents. Over 150 government/university/corporate facilities and over 240 journals are tracked." As I say, it's probably not need in this case, considering just how much prior art there is for these URLs, but in the future, someone should really make use of this database if stuff like this is ever in question.
Speaking of prior art... did any of you notice that URL I used to link to google?
Thinking about the issue lately, the revised approach would have the patent office doing their usual work and then any patent which is considered okay by the patent office would then make its way to PatentSlash for a second stage public review - this should cut down on the number of patents being listed on the site and would ensure only those that the Patent Office feels okay to approve become public knowledge.
Jumpstart the tartan drive.
I mean, come on. *ANY* web-based mail isn't going to be secure unless it's already encrypted with a real security product like PGP - in which case, who needs their sorry asses anyway? I mean, SSL? Come on. And what, exactly, do they do that's better than some combination of PGP, a good VPN, and good firewalls?
I wouldn't expect this company to be around all that much longer...
OK,
- B
--
http://www.bradheintz.com/
- updated
Once that happens, we'll have to fight the procedure again with a dozen different standards competing to be named top code. While standardization does help people play together nicely, you do have to admit that standards change often, or have incompatible subsets added to them.
or is he implying that he was on acid when he decided to do plain-text UserID's and PW's?
or is he, right now, as we speak, tripping his face off in order to deal with the insanity of running /.?
com on rob, we wanna know... how's the trip?
tagline
... hi bingo
Maxim UK uses this for a really cheesey login system they use and theToronto Raptors (and the other NBA teams) use a generated sessionid in the URL for persistence. (raptors site is down right now, as usual)
Crazy. Fucking Crazy.
The global economy is a great thing until you feel it locally.
When is the patent office ever going to start looking into the patents that are filed before they start awarding them?
I've used 'private urls' (at least by their description) in more than a dozen CGIs that I've written. Give me a break, people, if it's not new, don't try to patent it!
terradot, growing awareness
I even found an old password protection cgi two YEARS ago that did that
An invention has to be new and non-obvious when the patent is filed, not when it's granted. Most patents take three years to be bribed through the USPTO. Was this standard practice in 1998?
All your hallucinogen are belong to us.
Will I retire or break 10K?
read the fucking blurb up top... rob specificaly mentions acid, and i am querying about it...
how the hell is this off-topic?
tagline
... hi bingo
Correct me if I am wrong, I havent used Tumbleweed's service, but isnt it doing _exactly_ the same thing as Hotmail? Hotmail has been around since before april 97, I think. One would think that M$ would jump all over this, since you know, they are "the most ripped off company in the world"
"See, we plan ahead! That way, we never have to do anything now."
patent (ptnt)
1. a. A grant made by a government that confers upon the creator of an invention the sole right to make, use, and sell that invention for a set period of time.
Show me where the definition says it increses freedom.
Um, what the hell? Why does this need to be in the definition (that you provided without citation) to be true? How is this a valid argument?
The other thing here is that while it is clear that things have gotten way out of hand in the world of software patents, that's not a reason to ditch them otherwise.
they allow others to benefit from research and innovation done by people and companies, which would otherwise be held secret
>Name a software related patent that does this or could have done this
I agree that there are few, if any software examples, but there are *countless* other examples.
Reform, please. Don't ditch.
spreer
This patent is incredibly broad, covering any URL which identifies the document to be delivered, the intended recipient, and "other parameters". Everyone who handled user login using querystring data (remember the good ol' days before cookies?) has prior art on this. I've got sites dating back to '95 and '96 that do this, and I certainly got the idea from someone who came before.
O'Reilly's _CGI Programming_ is copyright 1996 and I believe it describes this kind of use for querystring data. In any case, I'm sure we all have CGI books on our shelves which show exactly this use of URLs and pre-date the 04/97 filing date of this so-called patent.
Doesn't Hotmail use this kind of scheme?
Could this mean that (oh, horror of horrors) M$ isn't totaly useless?
If that's true, does this mean that other "Facts" of life could be wrong? Think of the implications. For example:
1. Ross Perot could be right.
2. Yanni is actually really really cool.
3. Michial Bolton is a good singer.
4. People really do buy Playboy for the articals.
5. Size doesn't matter.
6. Women are turned on by C.S. majors.
7. Chewbacca is Lukes father.
8. Whoppii Goldberg is HOT!
9. Creationists have a valid point.
And finally:
10. George W. Bush will be an intelligent and
competent president.
Nah, lets be realistic.
{Now where did I put that Playboy. I was reading an articale about how to pick up women by reciting lines from "Unix in a Nutshell". Have you seen it? It's the one with Woppii Goldberg on the cover.}
Seriously though, the patent shows a specific example
All patents do. It's called a "preferred embodiment." All the legal force of a patent resides in the claims. Here's the first claim of the patent in question:
Translation: If your web database uses a session_id in the GET URL, you infringe. Even Google DejaNews infringes.All your hallucinogen are belong to us.
Will I retire or break 10K?
I remember using warez FTP sites way back when, 1994 or earlier, and this was common practice. You can't have a secondary password on a anon-FTP site, so you make a directory with a name like dot-space-^h-tab-space-space-space-^m that is secret, then you only tell the person who you want to access the site the name of the secret directory.
I also seem to remember that PGP was distributed this way in the early years. You had to send an email to a bot at MIT, and they would tell you the name of some screwy FTP directory on their server to get it from. If you tried again a week later, it would be gone.
I even make a system like this myself in 1995. Someone would fill out a web form (forms were new!) and an image would be generated for them to download. It would get stuck on the FTP site, as img12345.jpg or something, for them to download. Then it would get deleted after a while. The ftp path was provided as a URL, the URL identified the document, the server stored it temporarily, and logged the transfer. Seems to satisify all their claims.
*cough* prior art *cough*
Doesn't matter unless the prior art existed before the patent was filed (in April 1997). Was Deja News around back then? (The patent is on (in plain English) "session IDs or user IDs in the URL," and Deja News uses session IDs.)
Good news: CueCat infringes.
All your hallucinogen are belong to us.
Will I retire or break 10K?
Show me where the definition says it increses freedom.
Patents increase freedom _eventually_ when they expire and fall into the public domain, as the RSA algorithm recently did. In theory, the alternative is that the invention is never revealed and never benefits society, thus justifying the temporary monopoly for the long-term benefit of making the invention public.
Unfortunately, when patents are granted on the obvious (which is patently illegal, if you don't mind the pun), this doesn't provide any long-term benefit (it would have been invented regardless) and the cost of the temporary monopoly is imposed for no benefit. This is why the law requires that patents be non-obvious to an average practitioner in the relevant field. If they're obvious, they don't deserve patent protection because there's no need to provide an incentive to reveal the obvious.
The problem is that the USPTO keep granting patents on the obvious. This is illegal, and patent examiners should have some accountability for their irresponsible behavior. Good luck getting that to happen in this lifetime.
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
...because it was the obvious way to implement something. I doubt it was that much less obvious in April. Basically I had to put stuff in the URL that was being put in cookies in the existing application I was modifying, so that it would work even if the user didn't accept cookies. The stuff in the URL/cookies was a pair of numbers identifying the user and the page to the application-server. I was using VisualWave which was created before April 97 (in 1995 I think?) so possibly someone had done it before me.
Writing is the only socially acceptable form of schizophrenia. (E. L. Doctorow)
And what, exactly, do they do that's better than some combination of PGP, a good VPN, and good firewalls?
Most residential DSL and cable contracts prohibit using VPNs on their network because VPNs are bandwidth hogs.
All your hallucinogen are belong to us.
Will I retire or break 10K?
I've used 'private urls' (at least by their description) in more than a dozen CGIs that I've written.
Did you write them before mid-1997 when the patent was filed?
All your hallucinogen are belong to us.
Will I retire or break 10K?
Forget that. I've got my own Patent.
A gamete delivery architecture dynamically generates a Salene-Propelled Unique NooKie locator (spunk) to distribute information. Each private spunk uniquely identifies an intended recipient of a spunk, the spunk or set of spunks to be delivered, and (optionally) other parameters specific to the delivery process. The intended recipient of a spunk uses the spunk(Base1) with its existing data base(Base2). The server, upon retrieval of the spunk, customizes the behavior of the Base1 And Base2 Yield (baby) based upon attributes included in the spunk, as well as log information associated with the retrieval in a data base(Base2). This architecture and usage of spunks enables secure spunk delivery and tracking of spunk germination.
1. A spunk delivery system for delivering one or more(!) spunks between a sender and at least(!) one recipient, said system comprising:
* a Server CReation and OpTimization Unit-Machine (SCROTUM) that temporarily stores said spunks, wherein said server generates a spunk for each intended recipient of said spunks, the spunk unique to each recipient, and sends each of the spunks to each respective intended recipient.
Read my diary.
We all have a general idea of what patents are for. They're around to protect a business' "intellectual privacy" so as to ensure that nobody can just copy what they're doing.
Ummm... No. Patents are for encouraging companies to publish their "intellecual privacy" (i.e., trade secrets) in exchange for legal protection for them.
The goal is to encourage other inventors to improve upon the patented ideas: Basically, the PTO attempts to improve the state of the art by saying "You can't do this. Try something else."
:--
Clear, Dark Skies
Yeah, I was laughing at them when I saw them on the Nasdaq in the start of the year. They went from like $15 a share to $2 a share in only a few hours.
They are rebounding I guess and grabbing at stupid patents is a good way to get the investors happy again..
They had a URL with a session ID the @ signs surrounding them, so
pathfinder.com/somestory/ expanding to pathfinder.com/@344656654645@/somestory/
pathfinder.com was registered in 1993. It was where Time-Warner gathered all of their print publication stories at. It's now defunct.
Two reasons. One: Bragging rights. Looks good to the investors. Two: Legal Defense. So no one can sue them for the same idea, and if someone sues them for violating their lame patent, they have ammo for a counter-suit or cross-licensing deal.
--
Clear, Dark Skies
And yet I have yet to actually see someone come up with evidence of prior art. There have been some claiming existence of evidence as early as August '97. But that doesn't predate the patent application.
IIRC, once a patent has been granted there is a period of a year in which if the same idea is reimplemented then it is taken as proof that the idea is obvious and the patent is invalid. So these claims, whilst not prior art, do show that the patent isn't nonobvious. See here for more info.
Jon Erikson, IT guru
If you read the claims, it seems like a generally limited scope stupid patent. The problem is that this fails the non-obvious requirement and the Constitutional advancedment arguement.
:)...
Trade Secret laws are the problems, not patents. Anything that SHOULD be patented (monopoly for releasing information the society wouldn't get) is now protected under Trade Secret laws. As a result, the company gets rediculous protection... there is no societal reason for Trade Secret laws, it simply allows corporations to make more money.
This sort of system needs to be revealed to be used. Therefore, the patent is silly. Furthermore, the decision to put up a system like this is NOT related to the ability to patent it, so society is not advanced by the patent, the system would be released anyway and society would gain the knowledge.
HOWEVER, this system is pretty unique, so the patent is less of an issue. Read the claims, the logs portion of it is REALLY significant. They didn't patent GETs
To fall under the patent's claims, all 7 of them, you pretty much need to have a system that does the following:
1. Accept submissions to your server
AND
2. Create a custom URL for EACH receipient of the data (meaning, if I send 1 URL to 5 people, I don't fall under the patent)
AND
3. The server logs all accesses (it would seem to reason that these aren't web logs, but database logs with specific access information)
4. Transmits the logs to the sender (there are multiple ways of this, on request, automatically, without confirmed requiest, etc., etc., etc.)
I mean, that is a relatively specific approach to things.
Additionally, it becomes questionable if the GET string qualifies as a unique URL.
For example, if I send the same URL (script access) with a different set of variables, I should potentially be able to escape the claims.
If you are doing something like this, it isn't THAT hard to work around the patent.
The problem with these patents, however, is that by merely reading the claims, one could design the system trivially with a mastery of the skill. I have no need to read the patent and gain knowledge (that I can put to use in 20 years).
OTOH: when they came up with this in 97, this was pretty unique. Now it seems very commonplace, and there probably is prior art for some of this. I also doubt that they would try to enforce these claims anyways, given how sketchy the patent seems today.
Alex
Only when they apply to something which could have been kept a secret had it not been patented.
Name one of those that applies to software.
The RSA encryption algorithm? That was just released into the public domain to the benefit of everyone. Better luck next time eh?
There are plenty of things which could easily be kept secret due to their complexity - encryption algorithms, compression routines, signal processing techniques etc etc. All of these are valid examples of software patents.
Jon Erikson, IT guru
Heck, when I was working on the Levi's Online Store, we were the first site I'm aware of to implement a wishlist or 'wish basket' in addition to a shopping cart.
If you can't beat 'em... Okay, well if I don't go for a patent, at least I'll have prior art.
Kevin Fox
--
Kevin Fox
11thangel wrote "I even found an old password protection cgi two YEARS ago that did that."
I presume you didn't read the press release or the patent. The application for Patent #US6192407 was filed on April 4, 1997, and prior art is only relevant if it happened before the patent was filed, not before it was granted.
That tidbit notwithstanding, the mind still boggles at this patent. The U.S. Patent Office is a random and capricious place! I filed for a patent five years ago for an ergonomic stenographic keyboard, split in two parts which could be attached to the arms of a court reporter's chair, lessening carpal tunnel syndrome problems by changing arm positions. The Patent Office declared it to be "obvious." Then they grant this piece of silliness? Good grief!
Open Market Web Server was using URL rewriting at least as far back as 1996, and this technique was in use at PathFinder at the time.
Critical Path's web mail was using URL rewriting for exactly the same thing that TumbleWeed got their patent on since ever. I'm not sure exactly when their first web mail revision hit the wire, but it was in 1997 sometime.
On the modperl mailing list, the debate used to flare up between people who preferred URL rewriting and people who preferred cookies, all through 1997 and 1998. So, in 1997, there were at least enough people using both techniques to field an argument. Fertile ground for prior art there.
It is the most free licence there is if you mean freedom of code rather than freedom of its users.
Code is an abstraction. How can code be free? Much the same as the phrase "information wants to be free" it's nonsense - what people really mean is that they want information to be free. You can't ascribe motivations and desires to a piece of code, no more than you can do to an instruction manual.
Jon Erikson, IT guru
This is one of referenced patents in the above patent.
http://www.delphion.com/details?&pn10=US05793972
Spammers are now patenting their techniques. Now if they would only sue each other.
Like the cheesy insecure bookmarkable login URL that Slash uses for example (which is just your name and password plain text in the URL which you should never use unless you're on acid, lazy, and/or realize that losing your slashdot user account will in no way affect your life because you are not a moron and use a unique password so bring on the packet sniffers ;)
.slashdot.org page.
Uh, no offence CT, but everytime anyone logs into slash, even though the regular POST based login form, their username and password are transmitted in plaintext to the slashdot server (since https://slashdot.org doesn't seem to exist) The URL isn't any more insecure in this respect. I haven't looked at the cookie implementation, but I'd guess that your username and password are transmitted with that, too, making your login info sniffable every time you view any
They just patened a tech (is it?) that I have been using on one of my programming projects for almost two years. Yes, I did write a web based email application. Now that they have a patent on something which I use, what the hell do I do?
Spring is here. Don't believe me, look outside!
`nuff said.
Eric Ziegast
Blue Mountain Arts
> The only way to make a profit is to wriggle
> through loopholes in the GPL, and even then it's
> a struggle.
> They can in their spare time, sure. But open
> source rarely pays the bills, which is why most
> programmers work in closed source environments
> where there is enough money to pay their
> paychecks.
This is utterly wrong. I work for MandrakeSoft. I have been working for a closed-source company. Both are startups (about the same age, actually). I earn more than the double here from what I did at that closed source company. MandrakeSoft is going well. And we are NOT making money by trying to go through some loophole of the GPL/LGPL/GFDL! Some companies does, yes, but you don't have to. At all.
What the GPL does, is to require you to innovate (that word sounds a bit bad to me, it have been so missused), to develop, to create new, better versions. If you don't people are just going to copy their versions among frioends. But a new version from the author, you have to get directly from him/her, at least if you want it early. This is not making it next to impossible to make money, just leveling the field and requireing a fair amount of work to compensate for the income, which is not the case in traditional licensing models, where you can sit on your back and get money for something you hacked 10 years ago.
These statements are not _nessesarily_ the opinion of my emploeyr, but my own, and as far as I know, they match those of MandrakeSoft pretty well.
--The knowledge that you are an idiot, is what distinguishes you from one.
Go read the stupid patent announcement. It says, "The patent application was filed in April 1997." In other words, we have to find prior art from before this!
Admittedly it's out there, and this truly is a stupid, dumb, brainless, fucked patent; but please quit citing "I was doing this in 199[89]" sources, folks!
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
I know I was not the first to discover them, but that doesn't seem to be very relevant to the PTO, so I think I'll submit my patent for private sids on slashcode based websites.
If you care to dispute this patent, please do so at the private sid http://slashdot.org/article.pl?sid=patent
Of course doing so may incur royalty fees for use of the patent.
Work for Change & GET PAID!
These patents are right up there with domain squatting. It is the informational equivalent of atherosclerosis. Where does it end? What's to stop the next patent from being "anyone using a packet-based protocol over a line for the purposes of exchanging information leading to a business transaction of any kind on Tuesdays"? Now you have to pay someone one day a week for using your TCP/IP stack to sell T-shirts.
This is the product of bloated companies with fat-cat patent lawyers, who, failing to compete on the merits of their services in the Internet marketplace, try to obtain exclusive legal rights on the use of open protocols, in order to tax those who do---all through the use of convoluted legal gymnastics, and the general incompetence of law, namely the patents office.
This is how rich people get rich off of technology whether they understand it or not: Dirty legal tactics---Brute force, anticompetitive legal plaq that clogs the arteries of the Internet economy. This patent is that very stuff.
I am a newbie at CGI scripting. I wrote a script a while back that takes login data, and uses a session-key in the URL to keep the user validated as they move around pages in the said cgi script.
Using a session key was the first thought that popped into my head to keep this state information (I didn't want to use cookies). I was below the "ordinary skill in the art" because I was a newbie, yet it was the first thing that I thought of: therefore I'd be quite willing to testify under oath that this technique is obvious to anyone with ordinary skills in the art.
Oolite: Elite-like game. For Mac, Linux and Windows
Even though they filed their patent ~6 months before you developed your code, you probably weren't exposed to their material, but instead were developing it independently. Obviousness isn't as solid a patent-buster as prior art, because it's much harder to demonstrate, but the technique of Ugly_Looking_URLs has been around a long time as a method for doing lots of different things (and primarily as an alternative to cookies.)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
thinking back, the first time I used something like that would've probably been late 96 or early 97...I'm not trying to say that I came up with the idea, just that they didn't come up with the idea...virtual postcard/flower/gift sites were using these well before 97...
terradot, growing awareness
Except that to violate the patent, you only need to do something in ONE of the claims - they are ORed together, not ANDed together. Consequently, any GET URL that identifies a sender and a recipient is in violation.
Yes, trivial. I haven't even read the patent filing, and even from here I can see that I could design such a system in five minutes, and one good week of programming would give me the same "invention" if I were starting from complete scratch. This so-called innovation is to put the session ID before the question mark in the URL so it's easier to keep a temporary copy on disk. BFD.
I would have to laugh at anyone who calls that an innovation, except that I'd see the better of it and just give a swift kick in the ass with no explanation.
Ten bucks says not even the so-called inventors can explain why anyone should care; this is just the usual patent-as-anti-competetive weapon horseshit. I defy anyone to explain why such a trivial technique is deserving of SEVENTEEN YEARS of freedom from competition. The whole point of the patent is to encourage innovation; patents like these STIFLE innovation and bring us that much closer to an economy where permission to conduct business of any sort must be granted, not assumed.
Boss of nothin. Big deal.
Son, go get daddy's hard plastic eyes.
Expanding a vast wasteland since 1996.
I've become incredibly wary of sending links to friends because of exactly what this article is talking about: Some of them encode individual information related to you. While most of them couple this with internal SessionIDs/cookies, and the unintended link follower gets nothing, some of them do as Slash does and plaintext includes it. I'm sure there's been plenty of people who have inadvertently set their login info to a friend when just trying to show them a new link.
Anyways I can't stand session unique URLs. You can't really bookmark them, and when they're somewhat properly designed you can't send them to a friend. So instead of saying "Here's the link to the blobbonator on sale" you have to direct them on how to navigate from the root to the item in question. Very lame.
yafla!The claims are OR'd together, the subparts of the claim are AND'd together.
Read the claims.
Each one involves the four characteristics I outlined... the different in the claims is predominately what is logged and HOW the log files are transmitted.
It's a more specific patent than you think.
I don't believe that any GET URL with a sender and recipient is a violation, I don't believe that it falls under any of the claims.
You must violate an ENTIRE claim.
A Reason. (there are a few ifs here):
.com. For example, 1234asdf.usemeonce.tumbleweed.com. As long as httpd is differentiating host headers, you could add and map these "secure" urls to content pretty quick with an automated process. As I've never seen it done before I'm sure it could be patented.
1. if you happen to be navigating a secure site (https) with Internet Explorer
2. and if your session information is in a cookie
3. and if you hit the back button
Internet Explorer will tell you that "the page has expired" and will ask you to reload the page.
If you're using url encoded session information (ugly urls) instead of a cookie, your session info will be automatically passed when you hit the back button. This is a nicer way to treat users who like using their back buttons to navigate a site.
Of course that session information will then likely be stored in your browser history, but hopefully it will have expired by the time someone else has sat down at your computer to use your amazon.com account to buy their textbooks for next semester.
Another Way:
What I think Tumbleweed might be talking about here is making a new URL for each transaction... like on the other side of the
Some interesting stuff I found within the patent text (PURL stands for... you guessed it, Private URL):
(My apologies for not being sufficiently familiar with slash to format that correctly - for some reason I can't use the "pre" tag) It looks to me like what they've patented here is passing arguments to a cgi application on a web server in order to retrieve data from that server and logging the transaction. Surely there is art prior to 1997 for that?
Broadly interpretted this patent pretty much covers retrieving any page via CGI that is not otherwise accessible and causes a log to be generated for such.
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
Around 1994 the University of California at Berkeley would allow a person to download SPICE (used by electrical engineers) after paying a handling fee. They would create a private temporary directory containing the program and provide the person with the URL of the directory. The person could then download the program by FTP access. No one else would be aware of the directory. Is this close enough to be prior art?
In fact, simply viewing your user info page comprimises your password!!! It's a part of the HTML that is sent, unencrypted, to you when viewing your user info page. anyone sniffing that HMTL has your password, and 0wnz j00u.
/. would not put the password in the HTML; if someone really wants to use the stupid insecure link, just have 2 steps; one link to a page that has only the insecure link; then the password isn't sent, in plantext via HTML, every time I view my user info page.
Try viewing your user info page, and read the source. There's your password, and username. doh!
I really wish
I think everything after the GET is considered to be the URL. I'd be surprised if this patent (or the courts) takes such a narrow view of the term URL to see it as only the core component (ie, the name of a script) rather than the full string. If different strings give you different pages (locations), they'll be considered URLs. Not that this is a strong patent, but I'd bet the above argument wouldn't hold up in a courtroom.
You mean those big, ugly, long-assed URLS that Akamai blasts all over their customers have to go away? Bummer.
/ ww w.akamai.com/graphics/core_logo.gif
Look at this mess:
http://a516.g.akamai.net/7/516/1/f15ee829e2faf2
gross
without the right to patent it there would never be session id's. think of all the research the coders had to put into it. if it wasn't for the knowledge that they would be able to sue the piss out of people who didn't pay royalties they never would have published thier results and nobody would have thought of it. those engineers and coders are probably barely able to put enough food on the table to feed their families, don't fight this patent unless you hate children.
One example (among many, no doubt) exists at http://www.waterken.com/.
JMR
Try e-gold - (contact me). I'm NOT e-
It's a revolutionary new thing which lets your "html" "include" what it's "link"ing to. This lets you "distribute" a "web page" with the "images" "embedded" in the "file" so that others do not need to be "online" to "view" the complete "content".
I now expect to be in "Guinness Book of Records" for most "quotation marks".
A tad off topic, I guess, but I'm wondering why I can't surf to https://slashdot.org/ instead of the usual "http:". That would make the cheesy, insecure bookmarked login somewhat less insecure, and what with all the stuff and nonsense going on in the world at the moment, especially government snooping (Carnivore/DCS) and nasty attempts at blocking stuff "to protect children", I'm getting keen on the idea of using encrypted protocols at every opportunity. So how's about encrypted Slashdot? If I'm lucky, I might even get past my damn ISP's "transparent" web proxies which dish up stale data more often than not.
AirSupply: go ahead, cut me off.
Moderators: Did you actualy think before you moderated?
Once a patent has been granted, the information regarding it is available to anyone. This means that anyone can find the patent description and use it to reimplement the same idea. This is hardly "proof" that the idea is obvious.
Maybe you should look here for more info.
They've been doing this since Yahoo! was a small company.
This is one of the most arguable patents yet. It is a *perfect* example for those who want to fight the current patent system, because any layman can understand it.
--------
Genius dies of the same blow that destroys liberty.
ok, so they filed in April '97... I remember using hotmail in March of '97...now doesn't hotmail prove prior use of the idea before tumbleweed filed for this patent? Even if it doesn't though, isn't this such a simple concept that anyone with a year's experience of internet/intranet programming could create with one or two neat little scripts? Isn't this basically just an HTTP POST request shoved through SSL (or something similar)?? I can't see how that's patentable.
Getting the lawmakers to turn against lawyers like this tho, would be difficult. I personally love the idea myself.
This is so silly. All they seem to be doing is encoding the content of some get query parameters in a non-existant directory structure.
:-) ) that returns a session specific image for a each user session.
I recently wrote some code that has a servlet draw a dynamic image. This image does not exist, but is chosen by a "fake" image name. Can I patent "An image url (IURL instead or PURL
This is pathetic. What the hell do they think you are provided the PATH_INFO for anyway.
You know I goto/have gone to a lot of sites that use these so called private trackable URLs. One of them happened to have been Amazon before the site decided to do what Tumbleweed is doing now. I tell you the morons at the USPTO will give me a patent on the hair from my cat if I tried. This isn't new at all and its unenforceable. Someone needs to give them a reality check on the technical front. However I don't thing our new illustrious President is up for the job.
BMaximus