Slashdot Mirror
Browser Cookie Patent
resistant writes "Here's more patent madness, this time on cookies used in browsers. (By now, even Forbes has a commendable attitude about this rampant greed)." This is actually a pretty interesting article for folks not so familiar with why patents are such a big deal in this day and age.
And I patent it!
I read an interesting article in the New York times last week that sheds a little light on the practice of filing for these obviously ridiculous patents. Evidently companies are using these useless patents by donating them to universities or organizations and taking a huge tax write off for it. It is starting to make more sense now. $4000 (US) to "research" and file the patent, and then if they happen to get it, donate it to a college and write off the "Value" at $800,000.00! A very large profit without ever having to enforce an obviously unenforceable patent.
(sig on loan to Smithsonian)
I think Nabisco has prior art on this one.
Nothing from nowhere I'm no one at all
whoever does it, will make lot of money.
Consensus is good, but informed dictatorship is better
Heck go the whole mile and patent .txt files. Even that is too short, just patent computer files. End the charade.
Oh, and no comments about Bezos and his helicopter crash? I'm surprised, Slashdot, you didn't jump on this.
What next? Pies, pasteries, fudge brownies? Where will this madness stop?
I'm going to patten the act of sex. I will be rich beyond all dreams. I will only collect on the act of sex at the birth of a child, but I will charge retroactivlly for all "pratice acts"
Anyone remember IEMSI? I think that was it. Anyway, it was a mechasnism that allowed BBS's and dial-up clients to exchange login information to create a session that was persistent. It was actually pretty neat. I remember I lobbied for it be included in Renegade (COTT LANG in da hizouse!). That was close to a decade ago.
Knowledge will be unregulated, and its overall value will go down financially. This will open the way for innovation, but innovation is likely to be lost in the crowd of malicious creations and intellectual wanking/spam.
I work on the mono project and so I happen to know all about patents... They are no big deal - if someone puts a patent in my face I just laugh and code around it - its simple really like the song from the lion king says: 'no worries'
;^)
http://www.go-mono.com/faq.html#patents
Before adopting WHATWG, read the moonlight.NET EULA [http://www.microsoft.com/interop/msnovellcollab/moonlight.mspx]
It seems like the patent pursuit is stemming from failed or failing companies or tiny companies looking to blow up overnight but this article points out that HP is getting into the business. Hmm, has HP's stock tanked?
I hate liberals. If you are a liberal, do not reply.
re: http://www.thestandard.com/article/0,1902,24011,00 .html
0 .html
I've patented the use of repeating the first two paragraphs. been using it since the early 90's.
re: http://www.thestandard.com/article/0,1902,24011,0
I've patented the use of repeating the first two paragraphs. been using it since the early 90's.
Read the patent - F5 DID NOT PATENT COOKIES!
They patented the ability to use and set information in cookies for load balancing decisions.
Interestingly, as the technology is being used in some kind of load balancing router (if I understand the article properly, it's fairly vague) it actually looks like a hardware patent more than a software one (routers run software, but then so do milling machines...)
It still looks "obvious" to me, but it's not the patent the submitter claims it to be. Bad submitter! No cookie for you!
You are not alone. This is not normal. None of this is normal.
I disagree. Linux and Slashdot aren't gay. They're both gender neutral, as they neither endorse nor discriminate either sexuality. Second, whether Linux sucks is a matter of personal preference, and you are entitled to your opinion, though this discussion would be more interesting if you actually had any arguments for it. As of now, it just looks like a troll.
I claim this patent in the name of MARS!
"We shall party like the Greeks of old! You know the ones I mean." - HedonismBot
Any web app developer can tell you that there's half a dozen more reliable and secure ways to persist data. Typically allowing a user to resume a session without apt verification is bound to lead to problems: data & identity theft, inappropriate disclosure...
Height: 38U, Weight: 0 Newtons, Eyes: #0000FF, OS: Gray Matter 1.0 (Alpha)
Sesame Street's Cookie Monster was unavailable for comment.
Patents are a critical part of the foundation of successful free markets. Why would anyone want to innovate if not to profit from his innovations?
I highly recommend The Lever of Riches to anyone who wants an accessible but rich economic analysis of innovation. The book attempts to answer the question of why different countries and civilizations have had varying levels of technological success. Patents are discussed, and in particular how different kinds of patent law influece the kind of innovation that is produced.
Amazing magic tricks
How many people have made that joke? Oh well, you're fired.
Offtopic, I know, but it has to be mentioned =P. I think OSDN fired everyone but CmdrTaco given that he seems to be making all the posts.
Forbes, that bastion of neoconservative thought, has rarely met a government granted monopoly they approved of (see telco deregulation, airline dereg, among others).
The judge should rule that all of the involved parties be forced to read this:
Legal Protection of Digital Information
There will be a test on Monday.
Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
Everyone is just trying to get a dollar and a cent out of a tech industry they still think is hemmoraging cash. But here the implications are even worse. The worst thing about a domain name grab is that it points to a hack portal like xupiter.com and that in two years (with the anti-tech economic downturn) they'd probably drop the domain name.
By having a patent though... well, it can be bad news all around. I wonder, why didn't W3 try and pick up all these patents? Or are they out of their element here?
What is music when you despise all sound?
When this said something about someone patenting cookies I had wistfully hoped that the long drawn out legal battle that ensued would lead to an era of peace and harmony where no cookies were stored, malicious or otherwise!
Don't you mean that "they didn't approve of?"
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Why didn't ID software patent the 1st person shooter? It would've saved humanity from loads of crappy doom-clones.
Hofstadter's Law: It always takes longer than you expect, even if you take into account Hofstadter's Law
The company I work for was recently sued for patent infringement by some yahoo that claims that he invented hierarchal relationships in DBs. Every programmer there laughed. It was absurd since they were already in use at the time he claims to have invented it. But he WON! And the cost of an appeal could make it not worth while financially (appeals are heard in front of "experts", though).
Crazy. Things like this should never get to court!
"We shall party like the Greeks of old! You know the ones I mean." - HedonismBot
Slightly offtopic, but did anyone read the "Patent Madness" article? It loops three parts over and over. Disconcerting.
You know, I don't think Keebler's and Nabisco should be forced into licensing cookie technology. There's gotta be some prior art here somewhere!
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
Well, they did say that they've been using it since 1999. Which brings up an interesting point. Where using cookies to handle load balancing in 1999 seemed like a pretty neat idea (digital wristwatches), four years later, the idea is totally dated, as you've pointed out. Perhaps a "middle-of-the-road" solution would be to recognize the accellerated obsolescence inherent in technlology, and patent ideas related to software more appropriately - how's a four-year limit on software patents sound? Long enough for the developer to do whatever he wants with his/her ideas in the short term (I.e.: make lots of $$$), but short enough so that when the idea is released into the public domain, the ideas are still relevant, if dated.
political_news.c: warning: comparison is always true due to limited range of data type
I recall a Goon Show where the word 'Help' was copyrighted by Grytpype-Thynne who made a killing by pushing Moriarty (?) into the water and charging him royalties every time he Help!
Nothing changes :-(
I have just filed a patent for the invoice. Now I control all the worlds business.
Lol, I'd love to know what n00bie moderated Miguel de Icaza as "Redundant." Looking forward to m2 on that guy :)
I assume it was the type of "n00bie" who's been around longer than you and knows that Miguel has a UID lower than 600,000.
Just a guess though.
Here it is, FSC-0056 EMSI/IEMSI.
The USPTO measures its own net income with all the sophistication of a dot-com, focusing only on the top line--application fees.
Well, that's how every government agency works. The top line, the amount of money coming in, through fees, funding, etc., is the amount controlled by the people in charge. And in bureaucracies, that's everything -- your worth as an administrator, your salary, and your political power, is defined by how big a budget you control, and how many people you have under you. So bureaucrats do whatever they can to increase their budgets.
if someone puts a patent in my face I just laugh and code around it
Then do you think you can implement an LZW encoder by the end of May (i.e. before the U.S. patent runs out on June 21), without infringing U.S. Patent 4,558,302? What about an MP3 encoder that doesn't infringe any of these?
Will I retire or break 10K?
If someone patented popups, and enforced it, then I'll be cheering :)
Prior Art
Of a good discussion here on Slashdot? It only slows things down having worry about what's true and what isn't.
[why cookies]
Any web app developer can tell you that there's half a dozen more reliable and secure ways to persist data.
Care to list them? Aside from making every simgle page a form, or re-writing pages to append an ID to every single URL link? Cookies are still the most convenient way to maintain a session with lower server-side overhead. Using session cookies is certainly no less secure than the above methods (possibly more so, if the browser history allows another user to continue the session due to bad coding on the server).
Code, Hardware, stuff like that.
I thought I experienced a dejavu...
;-)
Anyways, RTFA
One of the main differences between patent courts and the rest of the court system is that patent court is not adversarial by design. When you go for a patent, you're not under such a heavy burden to prove you're worthy of it. And it's not the government's job to prove you're not, or even to put up a challenge. Other courts are adversarial by design. Each side does whatever it can to prove they're right and the other is wrong. Out of this emerges a winner and a loser. The patent system is not like that. Instead of a right and a wrong, we're left with two maybes, and potentially some new barriers to free commerce.
I think much of the problem would go away if the USPTO had to pay the lawyer cost for every patent they granted that didn`t hold up in court, that way even a small company would dare challenging a big one if they KNEW that they were right. Furthermore the PTO would have to be more careful in handing out patents. Just an idea ;).
John Carmack fan, browsing at +5 since 1999.
Because they haven't had the time to do any real empirical research in the area they are working in.
With so many small companies, they are in a rush to find a solution to a problem. They will use the first solution that is practical. Since it may be new and original, management assume that it is worth patenting. If for no other reason, than to make the company appear as if it has some "valuable IP", keep the share price up and the shareholders happy. Given the chance to sit back and see the bigger picture, the designers would more than likely see more efficient solutions.
I would expect that the research in a patent should be of a greater standard than that of a Master's thesis project or maybe even that of a Ph.D. At least the author' should be required to prove they have done some research. The patent office always assumes that this has taken place.
However, anything that raised the cost of filing patents of the reach of small companies would be considered to be "stifling innovation". Not because it actually did so, but because it kept the stock prices down.
This isn't a patent on cookies, this is a patent on load balancers detecting cookies and using them to keep a session associated with a specific server in the load ballanced pool.
I thought I read this paragraph before. I thought I read this paragraph before. I did! I did! What is going on??? What is going on???
It's not blatant greed, it's blatant *stupidity*. People and companies will always be greedy. The point is to channel that greed so that it benefits society as a whole. Capitalism with competition is one attempt to achieve this. The patent system, also, should be designed so that when companies act in their own interest they are also benefiting the public - for example, the public gets a benefit in the long run from the invention being published rather than kept secret. But when the patent system is extended to software and particularly when the standards of patentability are so trivial, the behaviour it rewards can become detrimental to the economy as a whole, as the article suggests.
The answer is not to castigate individual companies for acting in the interest of their shareholders - even though their actions may be immoral, any one case of patent abuse will be a small part of the whole, and persuading one company to stop its actions for fear of bad PR does very little to stop other companies applying for bogus patents or to stop the patent office granting them. The answer is to fix the system.
-- Ed Avis ed@membled.com
...Why doesn't anyone just pull the ultimate stupid act and Patent anyone from Patenting anything else? Doesn't seem any more stupid than any of these other patents.
The editor said it had to be 1000 words... he didn't say they had to be strung together uniquely.
The editor said it had to be 1000 words... he didn't say they had to be strung together uniquely.
Some people forget that computing is one industry that did not always have to deal with patents as it does now. Computing was moving along perfectly well without them, so patents don't come off as necessary to spur innovation, but weapons to needlessly hobble competitors. Patents are being awarded for ridiculous and obvious ideas that stifle the development of software and hardware for all but the richest participants. The consumer does not benefit from this reduction in competition. Furthermore, your point suggests you think that if one industry has patents they all should have them. I suggest you examine the details on how patenting works in each field and you throw out such broad sweeping conclusions.
For a far more prescient, detailed, and learned view of patents specifically talking about patenting algorithms used in the production of computer software (sometimes inaccurately called "software patents"), listen to or read RMS' talk on patents.
Digital Citizen
IIRC, Turing's Machine is describable in [relatively, for a mathematician] simple mathematical formulae. Given that all of today's computing machinery modus operandi, and therefore all software algorithms, can be described in terms of a turing machine, which in turn can be described in formulaic terms, it follows that all software is just insanely complex algebra simplified by a well-designed (for the task) notational convention.
Given that mathematical formulae cannot be patented, and that one also cannot patent simplifications by simple notation changes, all that needs to be done is hire a couple of renowned mathematicians, a bunch of lawyers with dark blue suits, and throw them at a judge.
Right? I can't possibly beleive I'm the first one to have tought of that.
-- MG
...started being able to take already existing technologies (cookies here, mouse clicking there, etc) put them together and patent the whole mess? From what I can gather the company didn't invent cookies, but a way of using cookies. It'd be like patenting driving nails in with a hammer in two hits instead of three (I can see it now, two-hit-hammering). A distinction needs to be drawn between the tool that's invented and the use of the tool.
Why patent office clerks (whose job, let's not forget, is to know enough about the technologies involved to make informed decisions) can't make this distinction is beyond me. My guess is it's not just a matter of throwing money at the problem. Remember, patents are a profitable business for the government, and somebody gets to spend that money.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
It's always better to apply for a patent than to have someone else apply, win the patent, and then sue you.
Applying for the patent can be a cost effective defensive move. Then you don't have to go to court and defend your position... you can choose not to enforce the patent and it cost you only the cost of the patent.
If you are talking about actually storing *data* in the cookie, then I can also come up some much better answers. Hell, even flat files are better than that for most purposes.
:)
When it comes to keeping the session connection between a web app and a browser, I can't come up with any that is better. ID in url? Hidden form fields? Or god forbid, trying to keep track of a visitor via IP?
If you don't want people to have "remember me"-cookies or forget to close their browser, just time out the damn session then. Make them login again. All of the above alternatives are far worse in that respect too.
So, I assume you had something else in mind that I haven't thought of. And you will enlighten me.
Why would anyone bother laying any claim to cookies?
1. Patent cookies
2. Enforce patent
3. Demand $1,000,000,000 per cookie license
4. Profit!
5. Uh, wait a minute, nobody paying for license, no profit. But...
6. End of cookies in our lifetime.
it used to be that you had to present a working model of an invention to the PTO before being granted a patent. This had the effect of both crystalizing the definition of the claims and restricting these to those specifically demonstrated w/ the implementation. Patent drawings have a similar effect though they allow for a more liberal interpretation of the implementation.
IF these hucksters had to actually show the PTO examiner the implementation of their claims alot of these patents would be either thrown out for obviousness or prior art , or forced to drastically restrict their claims.
examiner : this looks like a hyperlink ?!?
huckster : no it's a user joy eliciting interaction actuator.
examiner : wha ?
huckster : our claim is on all interactions that make people happy , or result in greater happiness.
examiner : so if I click this link and it leads to a picture of a cute baby and that makes my smile , you want to own that interaction ?
huckster : right , that baby would be infinging on our patent.
examiner : ok then here's your patent for hyperlinking to pictures of smiling babies that make me happy. Good Day
I think this rampant abuse of patents is a good thing(TM). Every time I see another of these frivolous lawsuits, I have to smile. The backlash will come eventually. Every asinine lawsuit brings us closer.
If the mainstream media is starting to get clued in, that's a pretty good sign.
A dyslexic man walks into a bra.
Set up a 501c3 non-profit corp which will act as a pool of patents to be used as a counter-threat against patent racketeering. These large companies can then donate their patents to it, get a tax write-off, and they can simultaenously continue to benefit from the defensive protection of those patents.
Will someone please clarify exactly what a patent covers? I thought a patent covered a particular implementation of something.
For example, can I not create my own online ordering system that allows a purchase with only one click? So long as I don't have the same object model or database schema as Amazon, I thought I was fine.
I also thought it was fine for me to create a system that charges toy race cars using magnetic inductance. Just because the Candela Rechargable Lamps use a "patented" magnetic induction charging system doesn't mean I cannot do something similar. I just need to be careful if I make lamps, since if my design matches theirs then I am infringing.
I have my name on a patent filed by my employer, but our patent has full object models and design docs. I thought that was because patented that particular design/implementation, not the concept of what the system does. All responses are appreciated.
Given you admit these facts, then it follows that the current war is either immoral or an attempt to make up for the past 20 years of failed American foreign policy.
What now with the war going on, I'll bet Tony Orlando wishes he had patented yellow ribbons .
quiquid id est, timeo puellas et oscula dantes.
My hope is that, after a dozen or so of these crap patents are thrown out, companies will realize that this isn't actually an effective way to scam money. So far we've had the hyperlink thrown out, and I'm sure we'll have one-click buying, targetted ads, and cookies thrown out... so only 8 more incedents of blinding stupidity left!
Incidentally, and only slightly off-topic, I hope (Or, at least, my karma hopes), can we have less hyperlinking in stories? It shouldn't take more than one guess to figure out which link is the actual news. The "patent madness" link was unnecessary, and only served to waste precious mouseclicks.
I'm hitting submit now before I turn into a crotchety old man at 21.
Philip Sandifer's academic website
Am I the only one to notice how messed up that article from The Standard is? Some paragraphs were repeatedly repeated (i.e. more than twice). Don't they have editors or something? And it wasn't even directly relevant to this particular patent issue. It was more of a commentary on software patents in general. Perhaps that part got edited out in favor of repeating so much of the text. :)
Well no, just because we supported Saddam in the past doesn't mean we always have to support him and can't change our minds. I mean, we fought two wars against Britain - does that mean we always have to be enemies with them? I think not. So, supporting Saddam is not exactly failed foreign policy. I think that there have been some problems with American foreign policy - our support for Israel has gotten us into most of the trouble - but if we hadn't supported Israel, then the racist Arabs would have wiped them out by now, since Europe is basically anti-Semetic. Furthermore, the war is an attempt to remove weapons of mass destruction, specifically biological weapons, not nuclear weapons.
Is there any page that lists patents that are now in the public domain, or have a less than a year left? That is one page I would love to visit.
Jumpstart the tartan drive.
Furthermore, the war is an attempt to remove weapons of mass destruction, specifically biological weapons, not nuclear weapons.
Of which, there are none. None were found by the inspectors and none have been found by the combatants. If none are found, Bush is up the creek. As for Europe being basically anti-Semitic anyone who puts "Nigger Boo Jew" into a subject line, doesn't really hold the moral compass, now does he? That's right! History does matter! And you've been trolled!
Cookies are handled different by different browsers... even in the "big ones", it is often handled wrong.
It is better to go with pure standards, like putting a session id in the URL, rather than deal with 100 support calls from people who don't trust cookies, or have a browser that doesn't handle them properly (eg. IE)
The USPTO is hiring patent reviewers.
In the short amount of time you spend reading slashdot and shaking your fist at "The Man" you could have reviewed (and rejected) an obvious patent.
Seriously, It is a nice government job, with benefits, and you'd be doing a lot of good.
Step away from the hookah, drink some water, and go to bed.
united states nuclear device terrorist bioweapon encryption cocaine korea syria iran iraq columbia cuba
How have I been trolled? Please explain.
They didn't patent the cookie.
I can't believe we get these submissions DAILY where both the submitter and the editor are too lazy to read the article.
stupdidity.
Oops, USPTO beat me to it.
darn.
Did anyone else read the article on "The Industry Standard" site? It seemed like they didn't actually edit the thing--at least five paragraphs were repeated word for word at least once more later in the article. Very annoying to read.
'Phone-jacking: Give someone a ring, they'll have to answer to find out who it is!' - Threni
Patents are a critical part of the foundation of successful free markets. Why would anyone want to innovate if not to profit from his innovations?
So that they could pretend to innovate and squeze money out of other industries that have or would have come up with the same innovations anyhow. Free markets exist and prosper inspite of patents, not because of them. Patents monopolies are worthless, it is only now that it is becomming seriously notable.
Try - "necisity is the mother of invention" - for a rational reason for people to innovate. Try - the moral and historical foundation of property derives from the fact that property has tangable limits. Try - incentive does not a property make. Surely it is as true today as it was in the 1850's when plantation masters insisted that they had no incentive to grow cotton without slave properties. It is ashame that so many have fallen for such fradulent forms markets and property rights.
The author of the Forbes article is Gary Reback who is a notorious anti-monoplist.
Opica Brez Ime in Metulj enaka sta!
Yeah, if Bush and Saddam had decided to kick each others' asses in an FPS game, instead of letting all hell loose, it might really save humanity.
Escher was the first MC and Giger invented the HR department.
Actually, now the large companies are using patents defensively. Instead of saying "OK, we'll pay the $20 million" they say "OK, but we have 10 patents that you infringed on. Let's just call it even".
If they were benevolent, couldn't they threaten to disallow F5 to using cookies?
Well? The challenge still stands, Mr I'm-a-hot-web-developer. Tell us your secret method of keeping track of sessions that are better then cookies. Or do you have a patent on it?
Sorry, but you can't beat a cookie. All major dynamic web page schemes have easy cookie handling. ASP, PHP, Perl, etc. Most have built-in session capabilities. ASP and PHP have options for both cookie and url based sessions, and ASP will even do the autodetection for you. But URL rewriting will break when you have complex JavaScript generating URLs on the fly, or Shockwave menus, or Java applets. As long as it's the browser sending the request, the cookie is guaranteed to be sent.
You say major browsers have broken cookie support. Well, please, do tell us more, we're all waiting with baited breath. Just one example please. Personally I've never had a problem with cookies in all my years of web development. You set a cookie, you get it back on the next request. The reason people don't trust cookies, and turn them off completely, is because of a) very early security issues, and b) idiots like you spouting off bullshit.
If you're worried about cookies being hijacked, you have some very simple things you can do server side:
- Tie session to IP. If you receive a session id that does not match the IP that set it up initially, either redirect to a login page, or ignore the request.
- Time outs. If you get a session id, and last time you saw it was 30 minutes or whatever ago, time out the session and redirect to a login page.
These are just the extremely obvious ones, and I regularly use both in my web apps. There must be other methods, some more some less secure, out there.
"Hot lesbian witches! It's fucking genius!"
From the article: In 1980 the U.S. Supreme Court, by a 5-to-4 vote, broadened the scope of what is patentable by directing the USPTO to grant patents on human-made, genetically engineered bacteria.
... directing the USPTO to employ human-made, genetically engineered bacteria?
Should that not be
Because it seems to me that is exactly what they are doing. Either that, or rolling dice...
I asked for a refund - and got my monkey back.
- Yes, session-based cookies are better because the data dies with the browser and never has to leave the safe-and-snuggly confines of the server.
- URL-based session identification is even better because I don't have to care whether the client's browser can handle any type of cookie, session or otherwise.
Oh yeah, and as for basing any sort of security around IP-address, remind me never to use your websites behind our proxy service lest I actually want everyone else in the company behind the same firewall to hijack my web session! =PWhen you go to the bank, do they hand you back a printout of your account number and PIN number, 'for your convenience'? When you finish a phonecall, do you leave the receiver off the hook so you can continue the same phonecall at some undetermined time? That's what using cookies to persist sessions feels like to me. I simply don't want to use them!
Height: 38U, Weight: 0 Newtons, Eyes: #0000FF, OS: Gray Matter 1.0 (Alpha)
Nobody reads the F*cking articles anymore. If they want COOKIES, they talk about COOKIES! And when they talk about COOKIES, Sesame Street's Count Dracula counts how many COOKIES the COOKIE-MONSTER has eaten.
... but which article am I supposed to read?
I am not a lawyer but my sister is, so don't mess with me
Cookies are probably the most hated of all things Internet. Who in their right mind would want to patent them?
Take a vocabulary class, berate opponents questioning sexuality. Lather. Rinse. Repeat. You know many gays prefer anonymous sex. I wonder if you can make case that ACs are gay? I am sure this AC could.
Exaggerating the scope of a patent makes for some nice press and fans the flames of Slashdot anti-patent demagoguery, no doubt. But this patent neither claims nor reaches into the scope of cookies generally.
Rather, it is far more narrowly drawn to a particular use of cookies (acknowledged as prior art) for a particular load-balancing scheme in a particular manner.
While I've generally agreed with your posts, I have to call you on this one. Patents do not assure that you will profit from your inovations. At best, they let you stop others from profiting from your inovations (or even, in many cases, from improving on them). Nowadays, the main thrust seems to have shifted to stopping other people from profiting from their own inovations--which I would hardly call conducive to a free market.
Patents are to free markets what censors are to freedom of the press; not only do they directly limit what can be done, but the threat of them often limits what is attempted.
-- MarkusQ
1. Session based on incoming IP address.
2. Session based on URL- or POST-embedded token.
3. Session based on a session cookie *not* generated by the load balancer, but instead by the app(s) running behind it.
[Pound, a very simple, elegant open-source load balancer, can handle these top three.]
4. Session based on Authorization/Authentication information send with each browser request.
5. Session based on browser-stored certificate. (This is sorta cheating; very similar to item 4.)
Well, damn. I can only come up with 5.
Ed R.Zahurak
You know, oblivion keeps looking better every day.
Apparently The Standard has excellent proofreaders on staff on staff:
From the article:
This computer animation, shown during the introduction of a conference on software patents yesterday, illustrates a nightmare haunting many software developers in Europe. They fear that what is described as "patent madness" by European and US patent offices will turn software development into Russian roulette. The bullets: trivial patents on obvious techniques; the revolver: lawyers of US software giants.
On the presentation screen in the hall of Frankfurt University, lines of code appear, character by character, slowly evolving into a computer program. Suddenly, one subroutine flashes red. A warning dialogue appears, stating: "The algorithm 'theorem of pythagoras' is patented". Information is provided where a licence can be obtained and for which royalty fee.
This computer animation, shown during the introduction of a conference on software patents yesterday, illustrates a nightmare haunting many software developers in Europe. They fear that what is described as "patent madness" by European and US patent offices will turn software development into Russian roulette. The bullets: trivial patents on obvious techniques; the revolver: lawyers of US software giants.
He gave you #2, and #1 won't work because of proxies and users who share IP addresses (home, network, etc.).
>1. Session based on incoming IP address.
:-)
What if you disconnect and reconnect with a totally different IP address? (especially likely if you're a mobile user...you could be connecting to a completely different network).
What if it's a public computer? Your cookies might be stored separately from someone else's (presumably you have different logins) but then you connect from the same IP address..
2. Session based on URL- or POST-embedded token.
Cool, so if I want to get to your information, all I have to do it pull up your history folder
Twenties Retirement
For people who dont want to spend $$$ on R&D and who dont mind exporting their 'invention' to the US I highly reccomend browsing the USPTO as a supply of ideas.
They have inventions that will never ever be patented in countries outside the US since other countries have much more conservative guidelines.
also there actually is some cool stuff there (not all of it is rubbish), however most US companied dont seem to patent thier inventions in much more favourible areas.
I hope that helps
Nah, they got Taco to edit the article!
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
By the way, don't insult those of us who are Computer Scientists by using the word algorithm. You can't possibly begin to understand what an algorithm even is, you dumb shit.
For almost two centuries, the USPTO did a reasonable job balancing the need for incentive against the need for competition. But about 20 years ago the floodgates burst open, and the free-enterprise system has been thrashing in a tidal surge of patent claims ever since.
The glass bottle making industry shows that this problem is at least 100 years old. Patents were abused so that there were only two bottle making machine companies in the entire US for decades. They used many of the techniques we see in software today. They used their patent ownership to prevent others from making machines of any kind and tried to fence each other off by applying for patents needed to improve each other's machines. They used the non competitive market to demand that all of the equipment be leased, not owned, by actual bottle makers. "Price cutters" were denied the use of equipment and concesions to make bottles were handed out like gold mines to a selected few. The price of glass bottles remained artificially high until plastic and aluminum manufacture was available as a sustitute. The US government coluded with these companies. While they were tried and convicted of anti-trust violations, no real harm ever came to them and there were no gross problems of "over production", as if that were possible. While it's true that patents on busness methods and drawing squares electronically bring new lows to the method, the ends have been achievable for a century.
Friends don't help friends install M$ junk.
What if you disconnect and reconnect with a totally different IP address? (especially likely if you're a mobile user...you could be connecting to a completely different network).
:-)
Then, you're fucked. *shrug*
Cool, so if I want to get to your information, all I have to do it pull up your history folder
Yeah, maybe. For URL-embedded tokens, anyhoo. Lets hope us smart developers put a session timeout in, huh?
Ed R.Zahurak
You know, oblivion keeps looking better every day.
Well, the original post said methods that are more reliable/secure than cookies...I just want to know how these qualify.
Twenties Retirement
All that, and you didn't even mention that is wasn't second post? Shame one you.
And to the grandparent: YOU LOSE IT
After reading that article I seriously don't like IBM more than I did before. I have troubles seeing how the "free" movement can look up to IBM so much, simply because they happen to profit from Linux right now...
What's wrong with that article? Repeats some of the paragraphs two or three times.
Proletariat of the world, unite to kill bad proofreaders
In Soviet Russia, I ruled you
Sex? Duh, there're people on this planet who don't have sex. Think bigger!
:)
Me...I'm going to patent using an organic mechanism for exhaling and inhaling gases.
I'm then going to have Bill Gates pay me for breathing. Or, alternatively, some anti-MS pays me to not license the patent technology to Bill Gates
Proletariat of the world, unite to kill the US Patent Office
In Soviet Russia, I ruled you
1. Session based on incoming IP address.
Will not work with MASQ'ed connections, or any other that causes IP to change between requests, so effectively useless.
2. Session based on URL- or POST-embedded token.
As I mentioned, although it creates heavier server load, and prevents any sort of page caching.
3. Session based on a session cookie *not* generated by the load balancer, but instead by the app(s) running behind it.
Cookie. So irrelevent.
4. Session based on Authorization/Authentication information send with each browser request.
Same as point 2, except even less secure.
5. Session based on browser-stored certificate. (This is sorta cheating; very similar to item 4.)
Well, damn. I can only come up with 5.
Yeah, and of those, one method is too unreliable to be any use, another is actually using a cookie, and the rest are all the same! So you've basically proven nothing, except help reinforce the notion that cookies are the most reliable and practical method for passing a session id back and forth.
Code, Hardware, stuff like that.
Thats right ... you too can use 1s and 0s in your computer ... and all i ask is $0.00001 per bit!
"Glory is fleeting, but obscurity is forever." - Napoleon Bonaparte
Anyone besides me notice the article is badly cut-and-pasted over and over itself?
-- All That's Evil in the Geek Space
I do not think that "commonplace" should enter into any consideration of what is patentable.
Disallow patents because everyone uses the technology?
"I'm sorry sir but your internal combustion engine invention was so useful that it is too commonplace to be patentable so we are revoking your patent."
Difficult technological innovation should be rewarded regardless of its measure of market acceptance.
Cookie crap patents should not be rewarded based upon the fact that any CS undergrad could have come up with the scheme in 1 hour.
Someone has probably suggested this already, but I don't recall seeing it. Why not add a section to /. for prior art, as an archive of references?
I would argue that embedding a session ID in the URL is more reliable. I actively use multiple browsers for the same task and am often annoyed when a web site gets confused by my dropping a URL/link from one browser onto another. (Why would I want to do that? Well, my copy of Safari renders gorgeous text but sometime for bulk viewing I prefer to drop things into Mozilla tabs. Sometimes I use a third browser that deals better with progressive JPEGs. [Mozzila seems to wait for the whole file before showing anything.])
Cookies are often convenient but only because server side programming tools are so often inconvenient. By focusing on responses as text or byte streams, you too-easily prevent the ability to do things like rewriting URLs quickly and efficiently without much extra effort. With appropriate code support, rewriting URLs should be no harder or more inefficent than bulk file transfers. (Hint: parsing the text streams character by character to find URLs is not the easy way).
I once worked on a commercial web site where full URLs were embedded in web pages because multiple application servers sat behind a half-standalone/half-proxy web server and the (incovenient) mechanism used to pass HTTP requests to the backends (some JRun, some WebLogic, and some specialized vertical application web servers) couldn't automatically understand what they user-visible web server name should be and would otherwise put stuff in the URL that broke links from one backend server to another. Ick. If the app servers made URL rewriting convenient, we wouldn't have had to invent extra hacks that interposed logic between the proxying front end and various backends to deal with the several sessions that, to the end user, had to appear as a single session
Other possible alternatives not listed above include
Please don't complain that these don't work with existing browsers in the real world. Cookies didn't work, either, until they were widely supported. Please don't require cookies unless there's a really good reason to. If you can generate dynamic HTML just for me (ala Amazon, where you won't be caching things Amazon thinks I might also be interested based on my last N searches in that session to show to others not associated with Ashcroft) you can write your URLs in a way that encodes the notion of a session. If this would break your notion of security, you security is already broken.
cookies can be, and often are, used for tracking a computers habits.
They can be abused.
Information that a site needs, should be kept on that site.
The Kruger Dunning explains most post on
Yeah, yeah, whatever, I didn't say it was foolproof. You can also use a hash of a combination of client-provided headers that are very likely to remain constant during the session: agent string, screen resolution, etc. It's not meant to be foolproof. The scheme also breaks when people are behind large multi-ip proxies, or when http is proxied but https is not and your app mixes both.
if you're worried about someone snooping your session id (either in transit or from disk cache), then a cookie-based or url based schemes are equally at risk.
Also, have fun hijacking an md5() generated session id. And there's nothing stopping you from changing the session id on every request. Yes, I've done that once before, and it works pretty damn good, under some circumstances.
And there's no data stored on the client machine, just a session key. Again, see up two paragraphis if you're worried about this being stolen.
Something has to give when you're sticking to standard web protocols; there's only so much you can do. But if you run your session over https all the way, cookie-tied-to-ip scheme works just fine.
"Hot lesbian witches! It's fucking genius!"
I'd say my criticism of cookie use is concerned with those that might throw just about anything into a cookie. For example, I saw just this afternoon a code example about implementing different levels of security access and what did the code use to query the security level of the user? Cookie. "Is this a regular user? Yes/No. Is this the administrator? Yes/No." Now for a mere example it was fine but I can't count how many times I've seen people in my company cut-and-paste a solution directly into place-- they're obviously NOT thinking about how they're using cookies...
You're right that cookies don't have to be insecure but I wonder/doubt that there are enough people out there actually putting enough thought into protecting information that goes in and out of the websites they create.
Height: 38U, Weight: 0 Newtons, Eyes: #0000FF, OS: Gray Matter 1.0 (Alpha)
I forgot to mention an important fact in the 1.3.67 announcement. In order to
get a fully working kernel, you have to follow the steps below:
- Walk around your computer widdershins 3 times, chanting "Linus is
overworked, and he makes lousy patches, but we love him anyway". Get
your spuouse to do this too for extra effect. Children are optional.
- Apply the patch included in this mail
- Call your system "Super-67", and don't forget to unapply the patch
before you later applying the official 1.3.68 patch.
- reboot
-- Linus Torvalds, announcing another kernel patch
- this post brought to you by the Automated Last Post Generator...