Slashdot Mirror
Browser Cookie Patent
resistant writes "Here's more patent madness, this time on cookies used in browsers. (By now, even Forbes has a commendable attitude about this rampant greed)." This is actually a pretty interesting article for folks not so familiar with why patents are such a big deal in this day and age.
Read the patent - F5 DID NOT PATENT COOKIES!
They patented the ability to use and set information in cookies for load balancing decisions.
Any web app developer can tell you that there's half a dozen more reliable and secure ways to persist data. Typically allowing a user to resume a session without apt verification is bound to lead to problems: data & identity theft, inappropriate disclosure...
Height: 38U, Weight: 0 Newtons, Eyes: #0000FF, OS: Gray Matter 1.0 (Alpha)
Miguel, I respect, use, and enjoy your work, but I have to think you're dead wrong here. Sooner or later, the sheer number of idiotic little patents will become overwhelming - and the coder's ability to code around them will become more and more difficult, at least if he or she wants the code to be worth a damn. I know you've had some success working around certain patents, but even you've got to admit, sooner or later, too many foolish patents will pollute the codebase into decreased functionality.
political_news.c: warning: comparison is always true due to limited range of data type
Forbes, that bastion of neoconservative thought, has rarely met a government granted monopoly they approved of (see telco deregulation, airline dereg, among others).
Slightly offtopic, but did anyone read the "Patent Madness" article? It loops three parts over and over. Disconcerting.
The USPTO measures its own net income with all the sophistication of a dot-com, focusing only on the top line--application fees.
Well, that's how every government agency works. The top line, the amount of money coming in, through fees, funding, etc., is the amount controlled by the people in charge. And in bureaucracies, that's everything -- your worth as an administrator, your salary, and your political power, is defined by how big a budget you control, and how many people you have under you. So bureaucrats do whatever they can to increase their budgets.
The good thing about that, is that it it is excellent material to make governments wake up about the sillyness of the patent system as-is. Maybe they will at last understand that things need to be changed.
Note that I don't care if the government's motivation for changes would purely be financial. In the end, the only thing that really matters is that no more of these extremely silly patents are granted.
Linux user since early January 1992.
- The use of session cookies was commonplace from the mid-nineties on. IIS pretty much forced developers to send them even if they had no use for them.
- You load balance. In order for "sessions" to work, all traffic would go to a particular machine, the user being routed to it.
- You get complaints because just as someone hit the "submit" button on a form, their machine crashed, and they ended up getting billed twice for something because it turned out that the request was sent, and they, entering a second time, redid the entire request. What do you do to fix your software so that when they go in again, they end up at the same place?
The answer would be staring you in the face. The "bug" is in the session cookie, in that it's not sent to the new server the second time around and the new server can't retrieve the saved session. So you fix the cookie, make sure it contains the information about what server the session is with, and voila! The bug is fixed.Essentially, this is patenting a bug fix. That's why it's "obvious", any programmer would have solved the issue the same way.
Incidentally, I do defend software patents from time to time as being original and easier to think of in hindsight than it was before the invention for the very same reason as you argue. I think One Click was original. I think Amazon's discussion system is original. But I don't think this one is, fixing bugs is never original, and definitely shouldn't be patentable.
You are not alone. This is not normal. None of this is normal.
I think much of the problem would go away if the USPTO had to pay the lawyer cost for every patent they granted that didn`t hold up in court, that way even a small company would dare challenging a big one if they KNEW that they were right. Furthermore the PTO would have to be more careful in handing out patents. Just an idea ;).
John Carmack fan, browsing at +5 since 1999.
It's not blatant greed, it's blatant *stupidity*. People and companies will always be greedy. The point is to channel that greed so that it benefits society as a whole. Capitalism with competition is one attempt to achieve this. The patent system, also, should be designed so that when companies act in their own interest they are also benefiting the public - for example, the public gets a benefit in the long run from the invention being published rather than kept secret. But when the patent system is extended to software and particularly when the standards of patentability are so trivial, the behaviour it rewards can become detrimental to the economy as a whole, as the article suggests.
The answer is not to castigate individual companies for acting in the interest of their shareholders - even though their actions may be immoral, any one case of patent abuse will be a small part of the whole, and persuading one company to stop its actions for fear of bad PR does very little to stop other companies applying for bogus patents or to stop the patent office granting them. The answer is to fix the system.
-- Ed Avis ed@membled.com
I think Duck Hunt was a 1st person shooter first.
It's always better to apply for a patent than to have someone else apply, win the patent, and then sue you.
Applying for the patent can be a cost effective defensive move. Then you don't have to go to court and defend your position... you can choose not to enforce the patent and it cost you only the cost of the patent.
I think this rampant abuse of patents is a good thing(TM). Every time I see another of these frivolous lawsuits, I have to smile. The backlash will come eventually. Every asinine lawsuit brings us closer.
If the mainstream media is starting to get clued in, that's a pretty good sign.
A dyslexic man walks into a bra.
Jury trials in patent infringement are an American oddity (some would say absurdity).
You bamboozle a jury with technical information and The attorney with the nicest suit wins on the day.
Many other countries have specialist patent courts with judges who have sometimes have technical (usually engineering) backgrounds. When they need it, that can take advice from independent advisors and the decisions are all the better for it.
People in this forum and others should be careful not to tar the patent system worldwide on the basis of the US law or on the basis of some half-assed miscomprehension of patent law as it relates to software.
The reality/chicken-little ratio in these discussions is depressing low.
My hope is that, after a dozen or so of these crap patents are thrown out, companies will realize that this isn't actually an effective way to scam money. So far we've had the hyperlink thrown out, and I'm sure we'll have one-click buying, targetted ads, and cookies thrown out... so only 8 more incedents of blinding stupidity left!
Incidentally, and only slightly off-topic, I hope (Or, at least, my karma hopes), can we have less hyperlinking in stories? It shouldn't take more than one guess to figure out which link is the actual news. The "patent madness" link was unnecessary, and only served to waste precious mouseclicks.
I'm hitting submit now before I turn into a crotchety old man at 21.
Philip Sandifer's academic website
They didn't patent the cookie.
I can't believe we get these submissions DAILY where both the submitter and the editor are too lazy to read the article.
Well? The challenge still stands, Mr I'm-a-hot-web-developer. Tell us your secret method of keeping track of sessions that are better then cookies. Or do you have a patent on it?
Sorry, but you can't beat a cookie. All major dynamic web page schemes have easy cookie handling. ASP, PHP, Perl, etc. Most have built-in session capabilities. ASP and PHP have options for both cookie and url based sessions, and ASP will even do the autodetection for you. But URL rewriting will break when you have complex JavaScript generating URLs on the fly, or Shockwave menus, or Java applets. As long as it's the browser sending the request, the cookie is guaranteed to be sent.
You say major browsers have broken cookie support. Well, please, do tell us more, we're all waiting with baited breath. Just one example please. Personally I've never had a problem with cookies in all my years of web development. You set a cookie, you get it back on the next request. The reason people don't trust cookies, and turn them off completely, is because of a) very early security issues, and b) idiots like you spouting off bullshit.
If you're worried about cookies being hijacked, you have some very simple things you can do server side:
- Tie session to IP. If you receive a session id that does not match the IP that set it up initially, either redirect to a login page, or ignore the request.
- Time outs. If you get a session id, and last time you saw it was 30 minutes or whatever ago, time out the session and redirect to a login page.
These are just the extremely obvious ones, and I regularly use both in my web apps. There must be other methods, some more some less secure, out there.
"Hot lesbian witches! It's fucking genius!"
Exaggerating the scope of a patent makes for some nice press and fans the flames of Slashdot anti-patent demagoguery, no doubt. But this patent neither claims nor reaches into the scope of cookies generally.
Rather, it is far more narrowly drawn to a particular use of cookies (acknowledged as prior art) for a particular load-balancing scheme in a particular manner.
For almost two centuries, the USPTO did a reasonable job balancing the need for incentive against the need for competition. But about 20 years ago the floodgates burst open, and the free-enterprise system has been thrashing in a tidal surge of patent claims ever since.
The glass bottle making industry shows that this problem is at least 100 years old. Patents were abused so that there were only two bottle making machine companies in the entire US for decades. They used many of the techniques we see in software today. They used their patent ownership to prevent others from making machines of any kind and tried to fence each other off by applying for patents needed to improve each other's machines. They used the non competitive market to demand that all of the equipment be leased, not owned, by actual bottle makers. "Price cutters" were denied the use of equipment and concesions to make bottles were handed out like gold mines to a selected few. The price of glass bottles remained artificially high until plastic and aluminum manufacture was available as a sustitute. The US government coluded with these companies. While they were tried and convicted of anti-trust violations, no real harm ever came to them and there were no gross problems of "over production", as if that were possible. While it's true that patents on busness methods and drawing squares electronically bring new lows to the method, the ends have been achievable for a century.
Friends don't help friends install M$ junk.