Slashdot Mirror
Browser Cookie Patent
resistant writes "Here's more patent madness, this time on cookies used in browsers. (By now, even Forbes has a commendable attitude about this rampant greed)." This is actually a pretty interesting article for folks not so familiar with why patents are such a big deal in this day and age.
Read the patent - F5 DID NOT PATENT COOKIES!
They patented the ability to use and set information in cookies for load balancing decisions.
Miguel, I respect, use, and enjoy your work, but I have to think you're dead wrong here. Sooner or later, the sheer number of idiotic little patents will become overwhelming - and the coder's ability to code around them will become more and more difficult, at least if he or she wants the code to be worth a damn. I know you've had some success working around certain patents, but even you've got to admit, sooner or later, too many foolish patents will pollute the codebase into decreased functionality.
political_news.c: warning: comparison is always true due to limited range of data type
- The use of session cookies was commonplace from the mid-nineties on. IIS pretty much forced developers to send them even if they had no use for them.
- You load balance. In order for "sessions" to work, all traffic would go to a particular machine, the user being routed to it.
- You get complaints because just as someone hit the "submit" button on a form, their machine crashed, and they ended up getting billed twice for something because it turned out that the request was sent, and they, entering a second time, redid the entire request. What do you do to fix your software so that when they go in again, they end up at the same place?
The answer would be staring you in the face. The "bug" is in the session cookie, in that it's not sent to the new server the second time around and the new server can't retrieve the saved session. So you fix the cookie, make sure it contains the information about what server the session is with, and voila! The bug is fixed.Essentially, this is patenting a bug fix. That's why it's "obvious", any programmer would have solved the issue the same way.
Incidentally, I do defend software patents from time to time as being original and easier to think of in hindsight than it was before the invention for the very same reason as you argue. I think One Click was original. I think Amazon's discussion system is original. But I don't think this one is, fixing bugs is never original, and definitely shouldn't be patentable.
You are not alone. This is not normal. None of this is normal.
I think much of the problem would go away if the USPTO had to pay the lawyer cost for every patent they granted that didn`t hold up in court, that way even a small company would dare challenging a big one if they KNEW that they were right. Furthermore the PTO would have to be more careful in handing out patents. Just an idea ;).
John Carmack fan, browsing at +5 since 1999.
It's not blatant greed, it's blatant *stupidity*. People and companies will always be greedy. The point is to channel that greed so that it benefits society as a whole. Capitalism with competition is one attempt to achieve this. The patent system, also, should be designed so that when companies act in their own interest they are also benefiting the public - for example, the public gets a benefit in the long run from the invention being published rather than kept secret. But when the patent system is extended to software and particularly when the standards of patentability are so trivial, the behaviour it rewards can become detrimental to the economy as a whole, as the article suggests.
The answer is not to castigate individual companies for acting in the interest of their shareholders - even though their actions may be immoral, any one case of patent abuse will be a small part of the whole, and persuading one company to stop its actions for fear of bad PR does very little to stop other companies applying for bogus patents or to stop the patent office granting them. The answer is to fix the system.
-- Ed Avis ed@membled.com
It's always better to apply for a patent than to have someone else apply, win the patent, and then sue you.
Applying for the patent can be a cost effective defensive move. Then you don't have to go to court and defend your position... you can choose not to enforce the patent and it cost you only the cost of the patent.
Well? The challenge still stands, Mr I'm-a-hot-web-developer. Tell us your secret method of keeping track of sessions that are better then cookies. Or do you have a patent on it?
Sorry, but you can't beat a cookie. All major dynamic web page schemes have easy cookie handling. ASP, PHP, Perl, etc. Most have built-in session capabilities. ASP and PHP have options for both cookie and url based sessions, and ASP will even do the autodetection for you. But URL rewriting will break when you have complex JavaScript generating URLs on the fly, or Shockwave menus, or Java applets. As long as it's the browser sending the request, the cookie is guaranteed to be sent.
You say major browsers have broken cookie support. Well, please, do tell us more, we're all waiting with baited breath. Just one example please. Personally I've never had a problem with cookies in all my years of web development. You set a cookie, you get it back on the next request. The reason people don't trust cookies, and turn them off completely, is because of a) very early security issues, and b) idiots like you spouting off bullshit.
If you're worried about cookies being hijacked, you have some very simple things you can do server side:
- Tie session to IP. If you receive a session id that does not match the IP that set it up initially, either redirect to a login page, or ignore the request.
- Time outs. If you get a session id, and last time you saw it was 30 minutes or whatever ago, time out the session and redirect to a login page.
These are just the extremely obvious ones, and I regularly use both in my web apps. There must be other methods, some more some less secure, out there.
"Hot lesbian witches! It's fucking genius!"
For almost two centuries, the USPTO did a reasonable job balancing the need for incentive against the need for competition. But about 20 years ago the floodgates burst open, and the free-enterprise system has been thrashing in a tidal surge of patent claims ever since.
The glass bottle making industry shows that this problem is at least 100 years old. Patents were abused so that there were only two bottle making machine companies in the entire US for decades. They used many of the techniques we see in software today. They used their patent ownership to prevent others from making machines of any kind and tried to fence each other off by applying for patents needed to improve each other's machines. They used the non competitive market to demand that all of the equipment be leased, not owned, by actual bottle makers. "Price cutters" were denied the use of equipment and concesions to make bottles were handed out like gold mines to a selected few. The price of glass bottles remained artificially high until plastic and aluminum manufacture was available as a sustitute. The US government coluded with these companies. While they were tried and convicted of anti-trust violations, no real harm ever came to them and there were no gross problems of "over production", as if that were possible. While it's true that patents on busness methods and drawing squares electronically bring new lows to the method, the ends have been achievable for a century.
Friends don't help friends install M$ junk.