Slashdot Mirror
IPFilter Infriging on Bay Network Patent?
jorhan writes "Darren Reed,
the author of IPFilter,
recently posted this message to the IPFilter mailing list. Apparently IPFilter may infringe upon USA patents owned by Bay Networks, specifically, #5790554. The patent might seem to own just about every conceivable way one might wish to filter and forward data packets, but trying to read through all of the "wherein said first condition" started to give me a headache (ObIANAL). But when you read what application the authors specifically had in mind, it really has little to do with network layer firewalling. Even more important is the question Darren's mail indirectly poses, "Anyone know of any prior art?""
How long until someones recieves notice of patent infringement for their method of submitting patents?
But does Bay actually really exist anymore? Nortel sucked up them (after they had sucked up Annex). Getting updates for Annex is a bear. Bay was sort of sinking beneath the relentless Cisco; getting bought by a telco wasn't going to make them more agile.
I suppose the title could be talking about early adopters of Microsoft products, but that's not quite my intention. :)
The company that thinks of an idea that may be used widely later has the responsibility to patent it. The younger the technology is, the easier it is to get away with un-necessarely broad patent language, because people aren't aware of the number of uses that can fall within a patent's grounds.
My official recommendation for the situation is that tech patents granted in the last 5 years be reviewed by a panal of experts...patent lawyers from the government (FTC, department of commerce), paid consultants, and computer professionals from promonant comporations, i.e. Cisco Systems, IBM Corp, Microsoft, etc. to review their scope and reword them if necessary.
Note that it wouldn't be a party to get rid of tech patents, but to refine the existing ones as to nail down exactly what's protected and what isn't.
Bay Networks owns the patent, and as such, it is their responsibility to enforce it. Now, if they're nice, they could grant the authors if IPFilter a royalty-free license to use their intellectual property, but because IPFilter is an open source project, that is in effect granting the entire world permission to use it, and that is something Bay doesn't want. Hence, they need to stop the entire thing.
Conclusion: Yet another example of the shortcomings of the United States patent system. Sure, it's better than anything else in the world--but that doesn't mean it's perfect. Far from it, infact.
Keep in mind, ALL of a patent's claims must apply to your invention. If a single one isn't a match, then you are free of the entire patent.
IANAL.
This patent can be applied to any router that any msg takes on the net. How can such a patent be held up?
How would this affect ZoneAlarm and Linksys and D-link routers?
I have seen the enemy and it is us... and we attack with a sea of legal papers which will kill us with paper cuts
This is because IP Filter is not used on Linux maybe ? Linux uses iptables / ipchaines, while many unices use IP Filter. Oh and btw, Linux is not a UNIX. Get used to it.
"Conclusion: Yet another example of the shortcomings of the United States patent system. Sure, it's better than anything else in the world--but that doesn't mean it's perfect. Far from it, infact."
Hmmmm, I'm curious - it's the "best" patent system in the world, but here we have "yet another example" of its failings.
How much do your actually know about the patent systems of every other country in the world?
Filters may be configured on a per port basis, i.e., a filter can be applied to data packets entering or exiting a specific port on a networking device such as a LAN switch
The patent seems to be specific to network switching/routing hardware based solutions, not software based. IANAL, but it could be shown that the intent that Bay had was to do packet level filtering inside of switches on a port-to-port basis (as some of their hardware, like the Accelar series does), and not on a software-ontop-of-an-OS basis as this shows
Referring to FIG. 1, a network device 100 as may be utilized by an embodiment of the present invention is shown. Network device 100 is a LAN switch, however, it is understood by those of ordinary skill in the art that an embodiment of the present invention may be applied to other network devices such as a hub or bridge.
If I'm wrong, then a lot more than IPFilter is in trouble... Checkpoint and Raptor (now Symantec) better watch out!.
Sig (appended to the end of comments you post, 120 chars)
In case you didn't already notice the patent office is in a pretty sad state, they will accept patents on virtually anything. This has resulted in companies filling for tons of frivolous patents on completely obvious technologies. That way if one of them tries to go after another for patent infringement that company can retaliate with it's own patents. The big looser in all of this is of course basically any non-corporate entity. Without a mile high stack of patents they become easy targets. I hate to sound naive but I'm a bit surprised at how little attention this has drawn in the political arena, you'd think by now someone would have started pushing for some reform but I haven't heard of any serious efforts to do so.
From the patent: the present invention relates to a method and apparatus for controlling the forwarding of data packets from a network device...
Seems obvious to me that this would affect a broad range of devices from switches to load-balancers to firewalls and would probably benefit a large group of corporations to begin either investigating prior art or ask Bay nicely to license the tech.
It's the holder of the patent you have to worry about, not the patent office.
IANAL, but my understanding has always been that you're taking a risk when you submit an overbroad patent - if even one of the listed embodiments doesn't actually work, the patent is invalid, at least from that claim to the end of that chain of patent claims.
MHO. YMMV. Any resemblance between this post and real persons, or reality in general, was accidental.
Bay Networks owns the patent, and as such, it is their responsibility to enforce it.
Assuming that's what you meant, and AFAIK: The "enforce or lose it" rule is only for trademarks. So Bay could just ignore the project as long as they want, and still demand fees from other (commercial) projects.
the United States patent system. Sure, it's better than anything else in the world
That one surprised me, why would you think that? It seems that regarding the basic setup the US patent system is virtually indistinguishable from any European one.
Instead, let patent applicants put up a, say, $5K bond with their application. The patent office makes no attempt to validate the patent (just as presently, you might say :) but merely publish it.
Then, if someone finds any prior art, let them forward it to the patent office to examine it. Then the patent office makes a judgement, pays the bond across to the finder, and marks the patent as cancelled. Interested parties (those suckered into paying licensing fees) get notified by email alert.
Perhaps this would generate a thriving third world industry of people frantically chopping down many of the stupid patents which currently get issued.
Before complaining that putting up $5K would stifle creativity for the small guy, consider whether the current state of affairs actually works in the little guy's behalf or not...
[x] auto-moderate all posts by this user as insightful
It'd be nice if someone had a few thousand dollars to hire a lawyer and get a more definitive answer, but it seems like prior art was also mentioned in the (two message) thread, so this isn't (yet) a serious issue.
The patent seems to only apply if you use numeric offsets into fields. If the patent is an intent to patent just about any rule-based firewalling, just about any commercial firewall product -- like FW1 product for Solaris would be simple examples of prior art. If this isn't the case, then it's got too many differences between itself and IPFilter or IPtables to be of much use in shutting down the IPfilter project.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Reading the patent, both the abstract and the claims say many things to indicate that this patent covers network devices "such as a switch". Much of the patent is faily specific to forwarding between ports on such a device. I really don't think it can be said to generically cover generic layer-3+ packet filtering (in fact, I think it's pretty specifically layer-2ish).
Now, I'm not a lawyer, but I am a network engineer who deals with packet filtering all the time, and any "expert witness" worth his salt would bring these points up in a patent-suit. Someone should step up to be first on this one (Checkpoint or Cisco would be good choices, but there are many others who would be hurt by having to license this stuff).
On a more general point, I'm sure there are patents out there on just about everything that a modern Linux, BSD, etc system does. Some are already expired, but many are not. We really need to get a game plan here. My personal take is that patents are still a good thing, even on software, but it's the duration and disclosure that kill us. How can we reasonably get patent duration for software down to 2 years and require early disclosure of a pending patent? If those two things happened, patents would actually be a good thing for Open Source!
Of course, unlike trademarks, the risk that they will try to enforce it remains throught the life of the patent. However, if it really worries you, you can have the patent reexamined or get a declaratory judgement.
"My official recommendation for the situation is that tech patents granted in the last 5 years be reviewed by a panal of experts... patent lawers ... and computer professionals from promonant comporations, i.e. Cisco Systems, IBM Corp, Microsoft, etc."
What if an expert (from one of the big companies) comes across a patent from a competing company that would make things easier for their own company business-wise? They could argue for it to be removed. Of course, the other experts could probably just veto that opinion, but the influence is still there. This also works the other way too; a representative from one company will be in a better position to defend their own company's patents.
I say keep the professionals out of it because their own interests will taint the process. To replace them, bring in university professors that have nothing better to do than to sit on this panel of review.
Buying a Dell computer is equivalent to dropping the soap in a prison shower.
This patent claim was filed 4 October 1995.
I have a first edition copy of the book, D. Brent Chapman & Elizabeth D. Zwicky, _Building Internet Firewalls_ (Sevastopol, California: O'Reilly and Associates), dated September 1995. Thumbing thru it, I find chapter 6, which is titled ``Packet Filtering". ISTR that September is the month that preceeds October.
Since it takes about a year for a book to go from start of writing, thru production & at last release, I'd say Packet Filtering was a technology very familiar if not much used in late 1994.
Is that satisfactory evidence of prior art?
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
Keep in mind, ALL of a patent's claims must apply to your invention.
This applies only to parts of one Claim, or to Claims that depend on other Claims ("4. The invention of claim 1 where the number of consecutive items is four"). If something infringes even one independent Claim, then it infringes the patent.
Will I retire or break 10K?
cuz it's bogus
(* The patent might seem to own just about every conceivable way one might wish to filter and forward data packets, but trying to read through all of the "wherein said first condition" started to give me a headache *)
Laywers should learn how to clean up their source code.
For one, they should give clauses names or ID's. Then they can have phrases like:
"If ($trans and $horgton) or $rollsNice or $tamper5 or ($beforeExpire7 and $gasoline) then coveredUnderStateStatute("Nebraska", 43726)"
Table-ized A.I.
Hardware router/hub/firewalls may be a more interesting problem.. The patent seems to apply to using rules to figure out which (physical) port to send stuff to... I don't think it references anything like the idea of rewriting packets so that they go (for example) to a machine at a different address or a different TCP/UDP port on the recieving machine.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
receiving a data frame at a port of a network device coupled to said network said data frame to be forwarded to a destination node in said network based on a destination address for said destination node associated with said data frame
I'm having a hard time thinking of a network device that doesn't do this. :)
Patents aren't evil by nature. PKWare owns patents that cover the way the inflate/deflate alogrithms work. PKWare also put them in the public domain. Or the RTLinux patent. He wasn't served with papers or told to stop doing what he is doing. IPFilter isn't exactly an unknown piece of code either. I'd assume it's not a problem. Companies don't want to test patents like those becuase they lose all the marbles when they don't win in court.
Stop reading these articles or filter them out.
read http://marc.theaimsgroup.com/?l=openbsd-misc&m=102 663216302242&w=2
2 665630513591&w=2
but in the thread it talks about a prior art, the main writer of OpenBSD's PF mentioned a prior art: http://marc.theaimsgroup.com/?l=openbsd-misc&m=10
The page that you went to was the homepage of IPFilter, and IPFilter doesnt run on Linux... that is why you didn't find it there.
You know, everything doesn't have to revolve around Linux in some way.
Buying a Dell computer is equivalent to dropping the soap in a prison shower.
What the fuck is this? I'm gone for a few weeks, and now all of a sudden logged in users are dissing the CLiT, the best trolls have gone AC because some lame posting limit, widening is suddenly only supported by Opera, and I have to get a new nick to reflect the new karma system.
I guess I've got to be obnoxious as fast as possible to reach terrible karma today. It's no good lingering at "bad" and being unable to get any lower.
I'm not a troll, but I play one on Slashdot
I hope the judge who first allowed a software patent is proud of the monster he created, because this has turned software development into a minefield. The greatest creations of our generation are public and open, and at every turn, pathetically obvious 'innovations' seal off every avenue of advancement with patents.
Lame.
This to me seems to be the crux of the matter. They are patenting all type of filter (normal routing, re-routing, droping, etc.) based on the contents of the data packet, in some form. While I can't be certain, I think any decent packet sniffer would have this capability. (I can't remmber if any I've used are actually older than 1995, when the patent was filed.)
Anyone got more specific info? I bet we can find several examples of test equipment previous to this patent to derive data based filtering from.
How about IP stacks? Anyone know of an IP stack that could sniff the data section of a packet before 1995? Now there's gotta be a few examples of that!
for you. get used to it.
the thing is... a piece of hardware say a switch runs its little OS that uses software to filter packets just like a computer that runs a OS and uses software (IPFilter) to filter packets. AFAIK all networking equipment uses software to filter packets.
:)
The only network that i can think of that would use a 'hardware' filter is a Carrier Pigeon network and the filter is obviously a shotgun...
Darren Reed also asked in the OpenBSD misc mailing list
for prior art and points to pf probably being affected,
too (read here).
Daniel Hartmeier, swiss Author of PF, the OpenBSD packet
filter, has a good reply finding prior art and Darren even thanks him explicitly a lot, which is not what we _were_ used to read from him.
I personally do not have any objections against him,
still - though I use pf as it is in OpenBSD - the operating system of my choice, and not
even the recent OpenSSH bug could prevent me from
trusting that team.
My Karma isn't excellent, damn it! (And
How about getting the patent office to employ people who know what they're looking at, i.e. engineers/techies/etc, so that stupid patents aren't registered in the first place.
As done by several other countries who you claim your patent system is better than.
ISTR that September is the month that preceeds October.
Ok, that's a new one for me. What's ISTR?
Do it yourself and you could end up making matters worse for yourself (read: willful infringement) or making a mistake.
Here is a brief overview of patent infringement lawsuits. If this does not make you want to seek legal help, then I wish you luck.
I understand the "I Am Not A Lawyer" portion of ObIANAL, but what's the "Ob" prefix mean?
Yeah, yeah - perhaps offtopic, but I must ask. My karma is already 50... wait, "excellent", what's up with that?!
Ryan Fenton
Linux is not UNIX.. and it doesnt matter wtf dictionary.com says. Linux is a UNIX-like operating system. It is similar to it in design and function, but is only similar. For it to be really called UNIX it would have to based off the original code or be the original code itself. Linux holds none of these characteristics and therefore cannot be called UNIX. After all, UNIX is a trademark. Even if it was based off UNIX itself it could not be distrubuted as it is now due to licensing issues. Thus, Linux is not UNIX in every way you look at it.
In other words, don't get caught up on the written description, because that has very limited legal significance.
Don't correct people when you don't have a clue. IPFilter is iptables.
Better to be thought a fool than to open your mouth and remove all doubt.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I thought that the GNU in GNU/linux stood for Gnu's not unix.
(* How about getting the patent office to employ people who know what they're looking at, i.e. engineers/techies/etc, so that stupid patents aren't registered in the first place. *)
But the job is so boring that you eventually just start approving sh*t for the hell of it or because your eyes get too tired to parse all that legalsay.
The smarter you are, often the easier it is to get bored.
I think they should do drug testing there. Imagine all the stuff you would approve if you were on LSD.
"One click? Oh that is sooooo sparkley and rainbowish tingle mingle. Trippin' stampity stamp stamp you da man!"
Heh, Ironic, I'm a fucking retard. Nevermind. Iptables is Netfilter.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
iptables is the userspace tool that uses netfilter, not IPfilter.
"There are, of course, alternatives to the described embodiment which are within the understanding of one of ordinary skill in the relevant art. The present invention is intended to be limited only by the claims presented below."
They actually admit that it's a specific case of a generic idea! IANAL, but it seems like they're saying "anybody coulda thought this up". A refreshing change from all the people who think that one-click purchases are on the order of the cotton gin.
Austin is more fun than Dallas.
I say, invalid patents have to return all earning from sales under devices covered in the patent to the new holder. Simple and clean, and it doesn't weigh down the little guy too much.
personal, it's modify...In preferences: Reason Modifier, People Modifier, Anonymous Modifier
- Directing data to multiple ports (obviously very oriented towards LAN switching)
- Filtering on variable length fields
- Jumping between rules rather than sequential processing
- Less than/greater than comparisons in addition to equals/not equals
I am not too familiar with IPFilter, but a quick read of the web page indicates that it doesn't support these features, although NAT may come close in some ways to the first (IANAL).I also suspect that some bigger fish, such as Cisco, may infringe on this patent if IPFilter does
Here are the relevent piecesof the related art section:
andVery nice.... but it's WRONG.
Linux is Linux. It's unix-like, but it's not unix.
Forget it man. You've got nothing to worry about.
If Nortel ever tried to enforce this, they'd have to go up against...
Cisco, Lucent, Checkpoint, just to name three.
It isn't going to happen.
A process already exists for people to assert prior art raising substantial new questions of patentability against an existing patent, and in a forum where the presumption of validity does not apply. In extraordinary cases, such as the Compton's patent, the PTO Commissioner can call for a reexamination by himself.
internet?
Isn't this patent office a disguised tax office?
CRIMINAL penalties for submitting stupid, overbroad patents? And what the hell drugs are the on at the USPTO? Do these guys get paid only on the basis of how many of these thigs they accept?
The US patent system has gone far beyond what was put in the Constitution. It was meant to protect INVENTORS from unethical corporations, not corporations against inventions...
Corporatism != Free Market
The patent is certainly valid but, don't panic just yet. This particular patent, though very general and broad scoped in nature, was actually filed to protect a very nice feature found in Bay / Nortel layer 2/3 and beyond switches. This feature has been in their switches since 1995 and possibly earlier and it allows for the routing/switching of packets based on a specified pattern match of ANY arbitrary portion of a FRAME. Note the specific reference to ATM?
Using this filtering method, you can switch/route a packet or frame from/to any port based on ANY part of the frame. If you wanted, for some bizzar reason, to make your decision based on the crc checksum you can do it. Also, because you are looking at the entire frame/packet, it is not specific to IP. You can filter/switch/route ANY protocol IP, IPX, HTTP, DECNet, APPN, anything. It is extraordinarily powerful, though infrequently used. But it is great to have when you need it. You can find it on most of their switches and routers from the BayStack 450 to the Bay BCN router to the Passport 8600 series layer 3 switches.
I do not feel that IPFilters needs to be concerned as this patent and could possibly be applied to ANY filtering tecnique in use today. Anything from MAC based port blocking to layer 7 web switching. However, even Bay/Nortel has notr choesen to challenge or attempt to enforce the patent on anyone so far.
As an interesting side note. Up until last year Nortel was filing and being awarded patents at a rate of two per day. They patented any and everything that they did. Hell, there is even a patent(not copyright) on a set of icons they designed for you on mobile phone type PDAs. That's right, a patent on a small set of crappy looking icons. Try doing a patent search with keyword Nortel. You'll be amazed.
Nortel is close to going broke... always be wary when you start to hear about patents and companies in trouble. Investers, creditors start looking really hard for company "assets" to recoup their losses.
It's the classic change of stategy to ligitation to keep your company afloat.
Be afraid, be very afraid.
Toddlers are the stormtroopers of the Lord of Entropy.
IPfilter doesn't seem to do type/offset matching - that sounds like what Ascend used to in the MAX products ("generic filters") or the packet filter that used to ship with Irix 5.3 (whose name I forget).
Gnu is not Unix, Gnu is free [as in beer] software that runs on many different operating systems.
/home/anonymous it is no more Unix-like than a insect and a car.
Linux is a kernel [duh, not realy Unix by itself?].
Linux supports POSIX (as does all other Unix-like-claiming OS's).
Linux kernel runs initd of which starts a bsd or sysv init and spawns some processes [duh, Unix?].
Linux kernel is a component [duh, not really Unix by itself?].
Linux kernel is part of a packaged Unix-like [duh, Unix?] distribution.
freeBSD is a packaged Unix-like [duh, Unix?] environment.
HP-UX is a packaged Unix-like [duh, Unix?] enironment.
Linux has many redeaming traits and you want to call it Unix-like and not a "flavor of Unix" or a "free implementation of Unix"
However, if I went to a MS Windows PC and created a \dev\null, \dev\random, \bin, \sbin, and
Besides, the original post from AnonymousCowheard appeared only to reveal the underlying concept of Linux being a "flavor of Unix" and perhaps the author of IPFilter could provide a clue to the crowd that Linux kernels are not supported by IP Filter and Network Address Translation and IP Masquerading are provided by another agency.
www.nat32.com sells a piece of software to make Network Address Translation work on a Microsoft Windows Operating System. A Unix-feature on Microsoft Windows, you don't say?
Didn't you mean to say that Linux is not Unix because it doesn't support the same IP network structure as does freeBSD, HP-UX, and the others do as quoted are supported in IPFilter? If I remember correctly, AT&T had the first Unix to be written entirly in C which could theoretically be cross-platform. Based on optimization techniques, freeBSD is no more a Unix than Linux because they don't share the same internals. It's the application layer that looks at the system layer as a whole and determines if it is merely operating on a Unix environment. Or do you want to classify an application not based on its code and instead classify it based on compile-time? oops, I brought a bug in idealogies into the lamp of death. I am l33t!
I am the nightmare of nightmares.
In the old days patents applied to the invention, not the result. You can't patent "a method for fastening clothing" but you can patent a zipper or velcro.
So it seems to me that filtering packets is a result, not a method, and as long as IPFilter doesn't use Bay Networks' code or some slick algorythm patented by them then I don't see why this should even be an issue.
Coding Blog
I don't see a problem. A patent infringement is only a problem if the patent owner has a legitimate patent with no prior art (which seems unlikely considering the ridiculously broad scope of the patent) and they take legal action (of which I see no mention here).
I know that in its current Nortel hands it's fine, they're hardly going to try and use it against all packet-filtering 'things' out there because it was originally written to cover ATM frames. Mind you, we'd have said that about SGI's OpenGL patents. Can anyone see Microsoft buying this patent off Nortel, or entering into a patent partnership deal, or swallowing Nortel Networks whole because it could used against Microsoft's competitors?
Feel that power? That's mah MOUSING FINGER
How much do your actually know about the patent systems of every other country in the world?
Ha! Oh, please! Next you're gonna want me to believe in the tooth fairy!
I can't believe you people.
"I say crush the little toe on the CEO's left foot" and/or similar arbitrary and spontaneously rambled out 'solution' to the 'problem.'
They should use a bitmap of an armchair do-nothing doofus for the icon for Slashdot patent stories.
If University professors have nothing better to do than sit on this panel of review, fire them.
This is too utterly obvious to be innovative. This patent should be used as the "poster boy" of reforming the patent system. I bet those guys at Bay Networks thought they were so clever in doing what thousands of others would consider to be quite obvious (but had other important work to do, so they never implemented it). That would tend to make me think that the level of IQ among engineers at Bay Networks is not very high if this kind of thing is something they consider to be an invention. Now we know the examiners in the USPTO are low IQ. But now I have to add in the engineers at Bay Networks, too. Boycott time.
now we need to go OSS in diesel cars
How is it a failure. The idea was concieved propogated and is not in use by many people. Just because they may be oblicated to pay for the IP of others does not make it bad. It only shows that there is a cost involved.
When reading a patent such as this it's important to keep a few things in mind:
Ignore the abstract. It has no legal effect -- it is illustrative only. The abstract is often drafted by legal (but not technical) staff based on some summaries prepared by technical (but not "legal") staff. A lot is lost in the translation.
Ignore the summary -- skip to the claims. The most important part of a patent is the Claims section. Everything else is illustrative. The summary of the "present embodiment" (ie what was actually built) is only useful in so far as it gives you an idea of what the patentee is trying to protect. But you will almost always see that the claims are far wider and it is the claims that have legal effect.
Concentrate on the base claims. Almost all patents set out 3 or 4 "base claims". The rest of the claims will be derived claims -- they'll start with "The method set forth in claim X, where...". If a base claim is invalid (or not applicable to what you're doing) then all derived claims are also invalid. So, concentrate on them and try to find your points of difference there.
Claims repeat themselves. Generally, you'll find that the earlier base claims are narrow in scope. They'll then refine some of this in derived claims to make the application clearer or cover the most valuable applications of the invention. Then, a new base claim is started, with more generic language. That process tends to continue until the patent is very large. This is deliberate -- the patent attorney is trying to be as broad as possible, but if they're too broad, the patent will be invalid. So the strategy is to repeat the basic claims so that if a broad claim is struck down as invalid the narrower ones can still survive. If you don't infringe the narrowest patent you can often skip the broader claims. This one's a little different -- some of the claims cover different aspects of the "invention".
Get a lawyer if you're serious. A real lawyer properly briefed will do a better job than you're own analysis or general advice from others -- as Darren suggests.
Careful what you write. Finally, if you're doing some kind of patent analysis, never write "we infringe this" or "possible infringement." Instead, draw up two columns -- the list of patents you "do not infringe" (with reasons) and the list of patents "under investigation".
In this case, note that base claim 1 does not require type or offset. Derived claim 2 simply adds that as a possible variation. Like all patents it's difficult to read (it should be taken out back and shot) -- however, it does seem to envisage only a hub, depending on your definition of "destination node" and "destination port." I think claim 1 could be distinguished from IPfilter on that basis. It follows that claims 2 - 13 are also distinguishable and don't apply to IPFilter.
Claim 14 seems overly broad and relates to configuration of the invention under patent. Not easily dismissed based solely on the language of the claim though. Claims 15 - 21 are derived.
Claims 22 and 28 are problematic, and frankly, poorly drafted. 28 seems most likely to cause IPFilter grief, if it applies. But they're both (overly) broad and could be covered by prior art. These two claims need some careful analysis.
Basically, prior art is not the only way to show that you don't infringe a patent. Going the prior art route can require you to go to court to invalidate or modify the patent -- expensive proposition. It's cheaper and easier to invent around the patent by avoiding the base claims.
My two cents.
It's a failure because in certain fields there is very little checking done to see wither or not the 'IP' really is 'IP', or just a logical application of well known principles.
To get a patent granted, the subject matter must be something that would not be obvious to an expert in the field. A lot of the time with software patents, this is not the case.
Advanced users are users too!
That one surprised me, why would you think that?
It's American Culture (tm).
"Not invented here" is a big part of it.
That's becuase they are Modifiers to the Moderation on a comment.
Advanced users are users too!
Spoken like a person who has never touched LSD
The GNU is not a reference to the kernel, but the userland stuff.
When Stallman came out with the idea of GNU, he wanted to revolutionize computing with a new kernel based on a variation of Mach microkernel. It would have, amongst others, a UNIX compatible "server" (as these things are called in microkernels". as he was writing this, he (and others) came up with a bunch of tools. Though they run pretty much everywhere, they are still called the GNU tools (as opposed to the FSF toolchain, which is probably more appropriate). They run on pretty much every version of UNIX or UNIX-like variant out there, also with Cygwin, windows as well. They're the basis for a lot of embedded projects too, which usually don't even have a kernel, much less a UNIX one.
Linux came out, used the GNU toolchain. Stallman wanted what he felt was recognition for the contribution to the Linux product, that it essentially was built with the GNU toolchain. Talked to Linus, who said fine. From what I read, this was a misunderstanding, Linus thought he just meant calling Debian GNU/Linux, since all decisions are very much based on FSF/GNU principles. Stallman now calls every distribution GNU/Linux. Many flamewars have been fought on this.
Looking at Nortel Stock (who owns Bay Networks) soon you may be able to buy the whole company and solve the whole problem.
Netfilter = iptables.
Wakey wakey.
-----
PGP Key ID 0xCB8FF658
Linux is not a UNIX. Get used to it.
/proc filesystem, and I print from my WinNT box at work using enscript and lpr because the Solaris machines at work don't have enscript and I don't have root.
UNIX, much like pornography, has gone to a "I know it when I see it" thing.
From the strictest view, one might consider the only UNIX OpenUNIX from Caldera. This is where the UNIX brand name has finally ended up (ATT -> Novell (strangely enough) -> SCO -> caldera). It may die there, caldera's in bad shape. OpenUNIX is changing, becoming very Linux friendly.
Almost all UNIXes (Unices?) have a Linux compatibility layer in the kernel. So Linux is becoming the one all encompassing API, if not the one true UNIX.
UNIX came out of AT & T, back when UNIX was still a research project and they were friendly with educational institutions. BSD was a fork. SVR4 UNIX, the most common "base" variant was basically SVR3 with BSD stuff. FreeBSD/NetBSD takes on the spirit of that work. Is FreeBSD UNIX?
Darwin, The base of MacOS is a Mach Microkernel with FreeBSD/NetBSD. It will be the most distributed "UNIX" ever. Is MacOS UNIX? it's very NeXT based, which was a bastard offshoot.
Linux works like UNIX, has the same design philosophy. Is the only UNIX some folks will ever touch. You have weird hybrids of SVR4/BSDlike systems depending on where Linus and the Distro guys picked and choosed stuff.
I have Cygwin on my Win2000 box. I use a bash shell, have rlogin, gcc tools. Is Win200 Linux? I even have a
Hmm, is POSIX compliance mean UNIX? POSIX was supposed to be the one true UNIX standard. If so than the most POSIX OS is WinNT. MS had a POSIX subsystem, never really worked but was needed to satisfy government regs on OS purchasing. MS WinNT was the only OS ever to get POSIX certified, so it's the one true UNIX, from a point of view.
Don't call folks stupid on things that are just interpretation. I can say OpenUNIX, the *BSD's, or WinNT the only UNIX, depending on what my criterea are. Sayig your interpretation is the only one is just trolling for a flamewar.
to modify down the Moderation of comments that use tt, because they are used in page lengthening attacks.
Its ironic that Darren Reed finds himself having to decipher legalese after he put OpenBSD through the mill over the legalese of his ambiguous (at the time) license.
Two wrongs don't make a right, but 3 lefts do - Lew of GO magazine
Personally I can't think of anything more obvious than what seems to be described here.
to check the validity of patents
Its not the job of the USPTO to verify patents
They just accept them so there is a record of when the "idea" was discovered.
Just some thoughts
//TODO: Think of witty sig statement
That one surprised me, why would you think that? It seems that regarding the basic setup the US patent system is virtually indistinguishable from any European one.
Exactly... the major diference isn't legal, but the implementation of the "governamental" departments that handle patents...
And... btw... both systems sux... as they failed to evolve to modern age societies.
Cheers...
Seems to me that routed datagrams are conceptually very similar to the normal snail mail postal service, and thats been around forever. If a legal comparison between the two could be found a lot of network based patents could be overturned. This might be a rare situation where fuzzy wording might help.
And it's terrible PR, especially for a company only really known to engineers, such as a network infrastructure company.
The only way the typical /.er can pick up a chick is with a forklift. -- AC
The only way the typical /.er can pick up a chick is with a forklift. -- AC
The only way the typical /.er can pick up a chick is with a forklift. -- AC
Patents should be reserved for true innovations, not something completely un-novel such as this.
stupid slashcode not allowing empty message bodies. oh well.
don't ya hate pants?
UNIX(R) is a registered trademark.
This isn't open to interpretation.
And here's what they have to say on the subject:
Developed by Linus Torvalds, Linux is a product that mimics the form and function of a UNIX system, but is not derived from licensed source code. Rather, it was developed independently; by a group of developers in an informal alliance on the net. A major benefit is that the source code is freely available (under the GNU copyleft), enabling the technically astute to alter and amend the system; it also means that there are many, freely available, utilities and specialist drivers available on the net.
Recent versions of Glibc include much functionality from the Single UNIX Specification, Version 2 (for UNIX 98).
The key thing is that a court might in future decide that some claims are valid but others are not. So the first couple of claims in a patent might well lay claim to the entire state of the art, and might only be there as a kind of #define macro for subsequent claims. I once read an encryption patent (ISTR it was for a DVD system that didn't get used) where Claim 1 was for XORing the output of a random number generator with the cleartext. This was followed by a series of claims that started "A system as in Claim 1 where the random number generator is...".
So when you see a patent that seems to claim the whole of some technology, don't panic. There is going to be tons of prior art. You just have to work out where the prior art ends and the real invention starts. This is going to be a bit grey on the boundary (thats where patent lawyers make their money), but you can still get a fairly clear idea pretty quickly. You can also get a fair idea just by looking at the claims and thinking about the technology they represent. Once you get to precise descriptions of obscure algorithms then you are into the meat of the patent.
Incidentally, don't be scared of legalese. Just think of it as an unusually verbose and unstructured programming language.
Paul.
You are lost in a twisty maze of little standards, all different.
hmm the best system in the world?? Yeh sure that's why studies say that more than half of the patents in IT in the US is invalidly granted!! Duh ;-).
what a good system for people wanting to get blank cards for bullying small bussinesses. Hey these thing happen. The whole pattent system is not adapted to the fast pased evolution within the whole IT sector. The patent system date from beginning last century and was set up to protect the invention of people who invested lot's of their money and time to come up with the idea. Idea's which would take most other people 10's of years to produce themselves!! A lot of the granted IT patents however are simple evolutionary invetions, which most people can come up with given a week of time and the correct information to deduct this so called new patent from. The evolution of evermore broadening the patent descriptions doesn't help either. Hey after all doesn't the guy who finds a new application for your idea also innovative?? Something to think about perhaps
Other studies currently clearly show that there is no advantage for the econonomy of pace we're seeing in IT, for using a patent system. Even more the are several studies that actually show a negative effect on innovation. What a brilliant system. But then again it's there to protect the small inventors IP. If you still believe that you must've live on Mars for the last 30 years. No small invertor currently has eiter the money to get a patent or doesn't the money to fight the big companies infringing on his patents.
But still it's the best system in the world !!!
YOU WISH
While the patent system is in dire need of being addressed, I think that being blown up by a terrorist would suck a great deal more ass than being involved in patent litigation. At least in the long run.
Help save the critically endangered Blue Iguana
"Sure, it's better than anything else in the world--but that doesn't mean it's perfect."
What, even Ben & Jerry's Cherry Garcia ice-cream? :p
Ceci n'est pas une
Huh? How so? Except from maybe Japan, the US patent office is the one which grants the most crap patents. At least, in Europe, there was *some* debate to know if software patents should be allowed at all. Plus in many countries you have: 1) more serious patent checking 2) a period of time during which the patent content is published and anyone can say "No! Here is prior art" 3) a justice system which is not based on confrontation: i.e. you don't need to have the most lawyers to dig yourself the most possible evidence and refute the evidence of the opposite side ; there is a judge who is in charge of investigating, and who will hear both you and the other side. If you are sued for a frivolous patent, you just have to open your desk drawer, take the article which is describing your implementation, go to the justice appointement, give the article to the justice expert helping the investigation judge, and wait for the case to be dismissed.
Given the general terms of the patent, might the Berkeley Packet Filter, published in December 1992, constitute prior art? (see http://citeseer.nj.nec.com/mccanne92bsd.html )
It happens because I do feel that the OpenSSH team
has not made any mistake. The early 3.3 release and
the usage of privsep was not forced because, how some
Theo-haters express it, he wants people to use his new
toy privsep, but because they needed a fix for the hole
and couldn't tell where it was because then, the
exploit would have existed before the patch. And the
original finder of the flaw has leaked it or something
like this.
I still feel comfortable with that team.
My Karma isn't excellent, damn it! (And
If a base claim is invalid (or not applicable to what you're doing) then all derived claims are also invalid. So, concentrate on them and try to find your points of difference there.
This is not generally true, and often false. The dependent (you called them derived) claims include all the limitations of their parent independent (you called them base) claims. For this reason, if the parent independent is NOT INFRINGED (because one or more limitation is not present in the accused), the dependent claims are not infringed. (There is an obscure exception to this rule, but it holds almost always).
The converse is not generally true. If a parent claim for A+B+C IS INFRINGED, the dependent claim for A+B+C+D might not be infringed by an accused device with A, B and C, but no D. For similar resons, the corresponding proposition for validity is NOT generally true.
A parent claim for A+B+C can read on a piece of prior art, while one of its dependents for A+B+C+D might not, because the dependent claim could have one or more additional limitations, in this case D, that are not disclosed in the prior art. This happens all the time -- invalidating the broad claim does not put an end to the case if the dependent claims are also infringed.
I don't(didn't) know how to do a quick sort, so i decided to work out the fastest way so sort based upon first principles, and guess what I ended up with a quick sort (faster than most/all of the implementations I found when searching the web!).
Most people would say a quick sort was a radical implementation and could be patented, but I worked it out using locical application and no prior knowlage of how a quick sort worked, except that it sorted.
thank God the internet isn't a human right.
that's not funny. That's cliche.
I suppose I should read the whole patent before I comment, but just reading your quotes here, I can't imagine how this ever got approved. Add less/greater than logical opertors is somehow new and unique, and not a logical extension that would be obvious to anyone with experience in the field? Non-sequential rules, and rules beyond forward/drop? Fitering on a variable length field when there's already prior art for filtering on an arbitrary offset? None of this solves any new problems - it's just logical extensions to the feature set of a router. Anyone writing filtering software would implement exactly the same features, if they decided they wanted them.
Not really. In the long run, getting blown up by a terrorist means you're just dead. 10 years from now you'll still be dead.
A patent litigation will keep you alive, but rape your free will on a daily basis. 10 years from now, you'll still be suffering from the BS litigation and/or its cascading effects on your life and motivation.
I'd rather be shot dead than dragged through endless bureaucracy by the gov't.
-Billco, Fnarg.com
Easy : any network device made by Realtek. Crap at sending data frames, but great for raising kernel-panicking PCI bus errors.
-Billco, Fnarg.com
I thought that patents prevent other people from making money off your ideas ? That would imply that non-revenue implementations would be safe from lawuits ? Anyone ?
Digital Equipment Corporation's VMS operating system (in many ways far superior to Unix, but killed by DEC's incredible lack of marketing savvy)was the first certified POSIX-compliant operating system. And it was not in any sense a Unix.
It was also 64-bit clean around ten years ago, and had ACLs that *worked* before anyone else.
NT inherited some lame vestiges of POSIX compliance from VMS because it is basically a bootleg version of VMS with a GUI inapropriately tacked on at the kernel level instead of userspace where it belongs. Cutler has much to regret.
If DEC had been smart enough to open the VMS source before it got too bloated, there would be no need for Linux or the various Unices. The problem areas in VMS (such as the expensive process creation and the strong bias towards American English) could have been eradicated by the same legions of hackers that have made Linux viable.
What is the justification for software patents at all? This has never made any sense to me. Copyright, yes. Trade secret, yes. But patents?
It's not only that the patent examiners are basically clueless in the software field, though that would be enough of a reason to repudiate them right there. It's that the basic idea doesn't make any sense. A piece of software is a mathematical expression. It may have several identity transforms performed on it (e.g., compiling, etc.). It is a precise recipie for how to do something that is so detailed that a certain kind of machine can follow it. This is clearly something for which the appropriate protection mechanisms are copyright and trade secret. The fact that you can store the program on a chip means no more than the fact that you could store the patterns for a Jaquard loom on punched cards. It's the same thing!
Software patents are a perversion of the law. Not the worst one that we've seen, but not a good one, either.
I think we've pushed this "anyone can grow up to be president" thing too far.
The managers of certain companies aren't evil by nature.
You didn't make an argument about patents. That's a comment about the management of some companies.
OTOH, a patent is no more evil than a pistol or a car. A patent is a tool that can be used in certain ways. This doesn't make them a good idea. Not every tool that can be built, should be built, and I feel that patents, especially software patents, are one of the mistakes.
Of course, mistake is only in terms of a certain set of desired results. If your aim is to concentrate power in a small number of hands, and to increase the domination of a subset of lawers* over the economy, then I suppose they could be considered a good idea.
* Patent lawyers are a specialized subset of lawyers who are allowed to speak at a patent court. Most lawyers are forbidden to. I have heard that this is because patent law twists the language in new and exciting ways, so that even ordinary lawyers can't properly understand it.
I think we've pushed this "anyone can grow up to be president" thing too far.
"Laywers should learn how to clean up their source code.
"For one, they should give clauses names or ID's. Then they can have phrases like:
"If ($trans and $horgton) or $rollsNice or $tamper5 or ($beforeExpire7 and $gasoline) then coveredUnderStateStatute("Nebraska", 43726)"
What you read in a patent application isn't soure code, it's an executable designed to run on the US justice system. You are not supposed to understand it. In fact, a patent has greater value to the person who files the patent if it is (1) meaningful and yet (2) impossible to understand.
Of course if you try to disassemble a patent, the labels will be meaningless mumbo jumbo which you have to decipher, without the benefit of a symbol table.
IANAL but if I did become AL I'd write an open-source legalese compiler. Then any programmer can produce complex gobbledygook to jam up the works of the US legal system, rather than relying on money and teams of paralegals. Onward the revolution!
Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!
Its bad becauseit allows very broad defintions./
"one click" purhcasing from amazon..who ever would ahvbe thjough t of that given a web form a database and a button?
YHBT. YHL. HAND.
Your claim as to it's failings is too weak.
It's a failure becuase there is generally little to no checking done to ensure the patent's validity.
It's a failure because it is quite expensive to defend against even frivolous patents.
It's a failure because it has been extended to cover areas that it should not cover, but which are instead more properly covered by copyright (e.g., software).
It's a failure because it rewards patents that are nigh unto unintelligible over patents that clearly describe what is patented.
These claims, of course, make certain assumptions as to what the purpose of the existence of patents are. You might consider what purpose is served by a system with the listed "failures". Just what kind of society is it encouraging.
I think we've pushed this "anyone can grow up to be president" thing too far.
This doesn't work, as prior art doesn't automatically translate into a prior patent. There is prior art on using an ax to chop firewood, but that doesn't mean anyone has a patent on it.
I think we've pushed this "anyone can grow up to be president" thing too far.
Yeah, I've got your prior art. It's called the Post Office.
Gee, individual packets of unknown data with a sender, a reciever, which is then acted upon by a list of rules, and generally passes through a series of 'stations' and 'hubs' until it gets to it's destination?
Vintage computer games and RPG books available. Email me if you're interested.
I dont see why you say its dead. I have had tremendous success with it. All I have ever had with linux is trouble. From network cards to X. Now, granted that X is a little bitch most of the time, it was easier for me to set up in BSD. My network cards worked automatically in BSD, something they didnt do in Slackware, Red Hat, or Debian. My BSD box is notably faster than previous installs of linux that I have had running on it. I am highly pleased with it. So, if you want to babble on saying that it is dead just because that is what the average fucking idiot on slashdot says, go ahead. I would recommend trying it. Oh yeah, and lets not forget about OS X. I believe the prediction is 5 million plus OS X users by the end of the year. I hardly call that dead, unless your definition of dead is growing. Be intelligent, please.
a switch to me...not a firewall.
Bay would be additionally hampered in attempting to enforce this by the "or" clause in claim 1: "to at least one of a monitor port, a destination port associated with said destination node, or an additional destination port associated with an additional node other than said destination node". If any of these three conditions could be found in the prior art(only one need be found), then this broad claim should be ruled invalid according to patent law. The law provides that if you attempt cover a broad swath by claiming "either or" conditions then you can be likewise struck down easier by invalidating only one of the conditions that you are attempting to cover (there is some attempt at justice within the realm of patent law)
(Disclaimer: I am not defending insane IP patents so don't flame me :-) ) ;-)
They may be logical, even obvious extensions but if they were the first to think of them then they can get a patent.
This patent was filed in 1998 and packet filtering at the time was quite restricted because of the latency that it introduced (packets needed to be processed by a CPU rather than by a switching chip).
The issue of the variable field was quite important at them time. More than just allowing an arbitrary offset it allowed you to filter if a value appeared anywhere in a variable length field (ie. if the list of numbers (1,4,5,2) contains a '5' in it anywhere. As the patent explains this was important in token-ring source-route bridging. Good thing they have 20 years of patent protection for that vitally important token ring filtering capability
MS WinNT was the only OS ever to get POSIX certified
I evaluated (as a customer) multiple POSIX-compliant products back in the day, so color me skeptical. Could you support your statement by naming the precise POSIX standard to which you claim NT was the only OS certified? (POSIX 1003.1?)
Whethr or not there is a prior patent is not relevant. If there is prior art, then the thing is not patentable.
One of the criteria for a patent is that it wouldn't be obvious to an expert in the field. And even in 1998, string manipulation algorithms were well known, and it doesn't look like they were creating any NEW algorithms - just applying existing ones. Now, what's considered "obvious" can be pretty subjective, but I know jack-all about networking, but I know if I was told that we needed to filter on the presence of a key byte in a variable length field, I could whip something up using long-known standard techniques in roughly no time at all. The innovation obviously could be making this fast enough to be done in real time on the network hardware of the day, but since they're claiming patent protection over software as well as hard/firmware solutions, it seems to be they're claiming the basic technique, not just an innovative implementation.
You mean it should not be patentable. Unfortunately, just about anything appears to be patentable, and it can cost an immense amount to get the patent revoked.
Remember, there are the laws, and then there are the practices. The law tells us that it's the most important, but in practice, the practices are practiced.
I think we've pushed this "anyone can grow up to be president" thing too far.