Slashdot Mirror
Microsoft Confirms IE Changes in Wake of Lawsuit
theodp writes "On Monday, Microsoft verified that it will be making what it calls "modest" changes to Windows and IE to meet the requirements of the jury verdict against it in the Eolas patent infringement case. Microsoft says it will finish making the changes to IE and Windows by early next year and will provide developers that use IE technology with documentation to help them modify their applications, Web pages, and browser plug-ins to work with the new plug-in scheme, which affects all Web pages that use plug-in technologies such as Adobe Reader, Apple QuickTime, Macromedia Flash, RealNetworks RealOne, all versions of Java, and Windows Media Player. A preview of the new user experience shows the user being prompted to confirm loading of each ActiveX control."
And what about Mozilla? Opera? K-Meleon? Safari?
Is it clear just how much this patent ruling will affect the internet as we know it?
While $520 million might be a drop in Microsoft's $40 billion bucket, it's still a big enough factor to warrent a change in practices. Too bad the anti-trust efforts didn't enjoy this level of success...
Stop by my site where I write about ERP systems & more
all these products are supposed to enrich the quality of the living web ::not:: cause more pain by inflicting pop up warnings and alert boxes.
so now I need to accept 3 alert boxes before I can hit skip on your flash splash page ?? ;)
Fear Breeds Knowledge
I, for one, particularly like the idea of being notified before my browser loads an ActiveX control. Sounds to me like a feature that should already be in the browser for security purposes anyway. Yes, I know it's a user changeable option, but honestly, how many "Joe Sixpack" users know the option's there anyway, much less what it means?
The probability that someone is watching you is directly proportional to the stupidity of your actions.
As much as everyone here wants to see microsoft go down, there a thousands of windows applications that rely on these and you can bet that not all of them will be updated anytime soon. Many programs use OLE with WMP and IE to have these features but it sounds like older applications will now be incompatible.
Huh, who'da thunk it. I expected MS to buy the Eolas patent, or Eolas itself if necessary, and turn the patent against AOL/Netscape, Opera, and the rest of their competition. They're actually not being vicious bastards in this one...
-3Suns
~~~~
The Revolution will be Slashdotted
My web browsing experience just got even better!
It guess it just goes to show you that at the end of the day, someone will always find a new way to screw everyone else over for money.
Even though it's just Microsoft, I can't help but think that this is going to end up affecting other stuff too. Once a company like Eolas gets away with this garbage, I doubt they'll quit while they're ahead. I see more lawsuits like this in the future.
using namespace slashdot;
troll::post();
Law of unintended consequences steps up to the plate. This security enhancement took a half billion dollar patent lawsuit to be brought about. What will bring about the next one be and how much will it cost? Maybe, just maybe, they will someday learn that fluid integration of third party code without user approval is a bad idea?
Yeah, they agreed to a list of stuff.
tcd004
What I see when I look at this new format, is a whole new era of popup ads. With Microsoft now requiring you to click 'Ok' before you can play a flash game, or watch a video, there will no doubt be an entire genre of popup ads designed to look just like these windows.
Ad ware will run rampant, as users are clicking OK left, right and center.
0110100100100000011000010110110100100000011000100
Fantastic. More browser sniffing, more money spent on more developer time to code workarounds for the new behavior, and more dialogs to arbitrarily disrupt user experience.
You're ignoring (probably intentionally) the awful precident this sets in regards to the enforcement of (ridiculous) software patents. Let's recognize what is truly the greater evil here.
"Ask not what your country can do for you." --John F. Kennedy
To be really careful about security, I turn Active X off on all sites except a few. I get that annoying "This site may not display properly ...." message and cant get rid of it (Microsoft dosent want me to not use Active X remember) Now -users- of Active X will have it just as bad or worse it appears.
If you look at the site they show a new tag, NOEXTERNALDATA, which basically nullifies this change... I think we will see a lot of sites violating the patent while Microsoft sits is in compliance.
Sometimes it helps to read...
And I just finished training all my users to NOT click OK on boxes that pop-up when using the web. Now you're saying I have to train them to make educated decisions to accept or decline boxes?
The monkey trainers at the circus will have an easier time...
Sigh.
IMHO the Eolas vs M$ case proves once and for all that (software) patents -- used with good or bad intentions -- frustrate rather than further innovation.
--
Nothing is illegal if one hundred businessmen decide to do it -- Andrew Young
This annoying feature was already present in one form in IE. If you check "don't start ActiveX controls" (or whatever this option was called), the dumb thing pops up a dialog box complaining about how you'll not see this site in it's full beauty because you don't like ActiveX.
;).
For every page, and for every damned control embeded in this page (IIRC, it's a while since I last used IE)
I'm glad the the yes-to-active-x fraction now gets their own piece of the pie
Actually, the dialog shown only allows you to click "OK". Who needs options when you've got Windows :-)
Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
I love how Microsoft, after a $500 million lawsuit, finally plans on putting a dialog box in that the user must click through to load an ActiveX control... ...when designing this dialog box, you'd you'd think someone would have mentioned how easy it would be to put a "Yes"/"No" choice in it. Right? Because sometimes users might want to not load controls, for various nefarious reasons we are all aware of. Right? Right???
wrong
Ha! From that page: "If the OBJECT element used to load the control contains PARAM elements but none of the PARAM elements specify a source of data external to the current Web page, then the control does not access remote data" and so the user will not be prompted.
I suppose that this is one of the concessions they were required to make: plugin content that "specifies a source of data external to the current page" was probably convered specifically by the patent in question.
But here's the VERY NEXT sentence: "The OBJECT element for an ActiveX control has a new attribute: NOEXTERNALDATA. Specify true for this attribute to indicate that the control does not access remote data and that Internet Explorer should not prompt the user." Notice that this doesn't say "specify this tag and we'll CHECK to see if there's external data." It's basically a way to turn off the prompt, no questions asked.
In fact, the code example directly following specifies a "param url=", which sounds a helluva lot like a "source of external data" to me. Is it just me, or does this directly flout the entire point of the changes? I can't imagine that's an accident... I think MS just said "here, we'll change our default behavior, but we'll let users subvert the change starting now."
Ha!
Other interpretations?
Geez. Come on moderators, follow the links before you mod.
Dan East
Better known as 318230.
If anyone has read Jef Raskin's "The Humane Interface" they know that a dialog box that allows only one action has a information theoretic efficiency of 0 (E=0). He was referring to dialog boxes with that at least told the user something important or useful, "Finished searching document" for example. But this takes the cake. E must equal -1 (E=-1) they might as well just have a dialog box with a button and no message at all.
Win a signed Stephen Carpenter ESP Guitar from the Deftones: http://def-tag.com/?r=0008781
The NOEXTERNALDATA tag can only be used when there are no parameters passed. If I simply have as their example shows, then the plugin will load, but will not know where to load data from. It'd be similar to loading the flash plugin but not pointing it to a data file... pretty useless.
Additional parameters (like a file) would be ignored if NOEXTERNALDATA is specified.
Oddly enough, the tag is theoretically the correct way to embed images, depending on how you read the HTML spec. Can you imagine a popup coming up for every image on a page?
by updating your code. I updated http://media.accettura.com last night to use a JS method recommended. Seems to work in all browsers I tested at the the moment. No dialog from IE's new release... only difference is JS is now required to see the object. But I don't think many people have JS still disabled.
The following example shows an OBJECT tag that loads a control without a prompt from Internet Explorer because the NOEXTERNALDATA attribute is set to true. The control does not receive the URL property.
In other words, the control doesn't get that URL parameter, it's just loading the component without a data source.
Is it just me or is an alert box with just an OK button completely worthless in this case? All it does is delay loading the control without giving the user the ability to not have it load. The user only has two choices: load the potentially dangerous control, or leave the dialog box on screen. This doesn't solve any of the problems and just adds more headaches to the browsing experience.
ADVENTURERS! - ANTIHERO FOR HIRE - CARDMASTER CONFLICT
Looking at the changes to the user experience document from MS, it seems to me that this may be trivial in the long run.
... and it may not, depending on the way it was written (anyone have a link to the patent itself?) If not, then all we need are some good mime-encoders. The main bad part, I guess, is getting away from standard HTML, but then you were doing that anyway when you embedded a plugin...
You can't pass "PARAM" lines with clear text data, but you *can* pass DATA lines with base64 encoded data. So what do we need to do? Encode our PARAM data lines, of course.
This may break the patent
http://www.ozzie.net/blog/stories/2003/09/12/savin gTheBrowser.html
"If you fight, fight without fear. If you love, love without reservation." -- J. Michael Straczynski, Babylon 5
This guy seems to be doing it for a vendetta, not for money. If it was purely a money thing, the free browsers would have little worry since they aren't good targets. I mean, no point taking someone to court who has no assets, it'll just be a waste of your time and money. Well he's not out for that reason, despite asking lots of money, he's out to cripple Microsoft. Ok, many people here would say that's a good thing (I'd say it's anti-capatalistic, but never mind). However, what happens if he gets a burr up his ass about another browser? Say he decides that Opera is unfair, since it charges money and he thinks all browsers should be no cost. Or maybe he gets in a abr fight with a Mozilla dev and gets mad at Mozilla. Then what? He can again use his patent as a weapon.
However, what he does is really not relivant. The point is that patents should NOT be allowed to be used as weapons by anyone, small or large. The point of a patent, and this is explicitly(*) spelled out, is to provide an inventor some protection so they can make money off an idea in the intrestes of promoting PROGRESS. In other words, you get a time limited right to your idea that people can't infringe on, so you are encouraged to share it with the world to use, and recieve compensation as a result. It isn't so some random guy or corperation that didn't invent shit can play bully with people.
Patent bullying needs to be stopped period.
(*): It's article 1, section 8, clause 8 of the constitution: "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries"
Shouldn't be too hard to write a program that watches for that dialog box and hits OK for you. Security be damned. Its a windows box. As for open source browsers, if they are required to do something like this they should be sure there is an easy source code work around. Maybe they can't distribute their software with the work around in place, but just download the source, muck with a few lines of code, and re-compile. At least power-users won't have to deal with it. There's no law against modifying the source on your system. Yet.
Go to teh security settings and tell IE to prompt you before running an ActiveX control. It'll then ask your permission, which you may give or not. This box is a lame-ass notification that they are forcing on people because of the patent. IF you want it to ask you, that's a different setting, and already available.
..or useful or good in any real way - but I suppose you already knew that.
I think we'll be seeing more and more of this garbage in the years to come - software coded awkwardly to get around useless patents.
My solution? Cut the time on software/business patents to 3 years. Plenty of time to build a lead based on a valid new idea - very little opportunity to "pre-patent" an obvious idea to extort with later.
Let's not stir that bag of worms...
I quite agree, Eolas are a much worse evil in this instance (though I'm sure they do not seem themselves that way, they no doubt belive they are heros of some kind), I was so disgusted I sent them the following email...
To: info@eolas.com
Date: Tue Oct 07, 2003 03:09:36 PM BST
Subject: Congratulations on your lawsuit
I would like to congratulate you on managing to successfully sue Microsoft and still manage to be seen as a despicable bunch of malevolent malcontents by the public at large (including industry professionals).
By exploiting the US legal and patent system and it's weaknesses (in particular it's notorious inability to deal with technical software cases) and infecting the rest of the world with your insipid patent claim (which is an insult to everybody with any knowledge of browsers, plugins, going as far back as the original inspiration for Tim Berners-Lee, Bill Atkinson's HyperCard) you have made the web a less pleasant experience, and you haven't actually contributed anything new to the concept of software plugins (those of us who remember HyperCards XCMD's are more than aware of that, even if the US patent office and the courts were not).
I'm sure your all convincing yourselves you've 'slain a giant' and that you are trying to re-enforce that opinion among yourselves for your own benefit, even though the rest of the world is largely telling you otherwise, most vocally. I'm sure you will casually disregard the voices you do not wish to hear.
Many people (those working for free in the open source world, as well as plugin developers and commercial software developers and web content maintainers) will now have to spend many man years working on an alternative non-patent-infringing format so they can be sure to remain free from your legal shenanigans. This is time that they could have spent working on other free an open software for the benefit of everyone (or who knows, even at the park, or at home with their families!). Not to mention all the end users that will be effected by this and who will have to now spend time downloading, installing and working around 'fixes' that will be necessary in the wake of your decision to sue.
In your own special way, you have truly made the world a worse place to live in.
Congratulations.
--
This is ridiculous. Basically the ruling appears to state that:
Plug-ins are OK as long they don't load external data
If they do, microsoft can't load it for you without a prompt
BUT you can document.write it in and avoid the prompt
BUT only if the script is in an external file...
So the key point here seems not to be with plug-ins (which obviously pre-date the patent) but plug-ins using EXTERNAL data...
Now this just doesn't make sense. The HTML standard has ALWAYS supported full urls being used in ALL tag that can get data ie. <img src="http://external.com/image.gif"> In fact the HTML standard was written specifically so that it doesn't care if data is local or not.
So in conclusion, why would Chewbacca live on Endor... this just does not make sense... I rest my case
I am very concerned about the real out come from this. Since my crystal ball runs Windowz it is not working. Micro$oft settled with these "People" and gave them enough cash to pay lawyers for quite a long time. Who/what else is going to wind up "infringing" ?
Now Micro$oft is going to make "changes" to IE, just what is no longer compatible? Let me guess, all older versions of IE. Are all web pages no longer going to be able to support older versions of IE with out "infringing"? Now which versions of the Microsoft OS are going to get new versions of IE? Win XP for sure, Win2K? Win9x will probably not get a new version. Now it will become unusable.
Now it's easy to start a rallying cry about getting new users on the LINUX platform, by suggesting that disgruntled users will switch. However most of them are probably not really tech savvy and were really stressed to get their AOL CD into the computer in the first place.
I guess more obsolete computers on the used/surplus/junk market is a good thing? The users left in the lurch will most likely buy new computers with some Micro$oft OS, on them.
Now worst cast paranoid thought. Micro$oft wanted this to happen.
All this Eolas guy did was clamp down on the independent browser makers -more-.
so MS figures out a workaround... due to the fact that IE holds 95% of the market, all the big plugin vendors will change their access methods to support the new workaround.
So web developers who wish maximum coverage (nearly all) will change their html code to support the new access method.
Then, either other browser vendors have to spend just as much money to maintain compatibility, or they lose the features on any site that has switched to support 95% of the internet.
And a small browser company's turnover time for making the change is going to be longer than MS, as they don't have the swarms of programmers. So it costs the independent software developers at least the same in programmer wages (excepting -purely- OSS browsers) to do the change, but costs them more in user-satisfaction and market-share as they have a longer time without the features, and they've lost programming time they could have been using to -improve- their own browser.
How much time has the Opera or Safari team already lost just doing CYA code reviews to ensure they're not in an exposed legal position?
And as for this altruistic notion that Eolas is only out to stop the Big Bad Guy... what happens if IE does lose market share to something like Opera? What happens when Eolas would suddenly decide that that Opera's business tactics weren't fair either?
There's too much legal risk for a browser developer to -not- migrate to supporting the new method right away. Sure, they'll probably be backwards compatible to the old way - but what web developer wants to embed an activex plugin in their web content that is unusable to 95% of their potential market?
Keep in mind that this new plugin requirement only needs to displays an 'Ok' box in the event that the plugin data is remote. Meaning if you go to homestarrunner.com and watch an sbemail flash movie hosted from homestarrunner.com - there's no messagebox; it's still a seamless experience.
So what does this mean? Well... it does mean that you'll have to click Ok once for every remotely hosted activex ad (nightmare).
I myself tend to think that web hosts would sooner drop plugin ads, or start hosting locally long before they'd suffer through potentially losing 95% of their viewers.
(I certainly hope that IE ads a config option so I can disable remote activex data streams altogether. That'd be a pretty good adblocker. I guess there may be a silver lining.)
// "Can't clowns and pirates just -try- to get along?"
but the Eolas guy specifically says that he wanted to use his patent to change the landscape of the broswer industry; he talks about allowing other browsers back into the market by only enforcing his patent against Microsoft
I fail to see how this will "change the landscape of the broswer industry". Microsoft published instructions on how to create web pages that do not prompt the user. Greater than 90% of web browsers are IE. So every web developement firm (or company that puts up it's own public website) will have to do extra work to fix old sites and write new ones (or else their customers, the people whose content on the sites will complain).
Nothing will change, except for wasted work hours. IE will still be the dominant web browser (which may change in the future, but not because of Eolas).
The point of this dialog is NOT to enhance security, or give the user a choice, it's to get around the patent. That's it's only purpose.
From the article:
"We believe the evidence will ultimately show that there was no infringement of any kind, and that the accused feature in our browser technology was developed by our own engineers based on pre-existing Microsoft technology," a Microsoft spokesperson said in early August when a federal court jury delivered its verdict.
Welcome to what happens when you open Pandora's Box. What the lawyer/spokesperson/talking head missed here is that it *doesn't matter* if you built the system inside of a dark room sealed in a nuke-proof underground bunker - if someone else already has a patent on it, they own the idea. There is no "but *we* built this version!" cry that works, when someone 'patents software' they are essentially forbidding you to think or create without their permission.
Copyright prevents you from lifting their code and claiming it as your own.
Patents prevent you from building your own ideas if they happen to overlap someone else's.
<i>Actually, the dialog shown only allows you to click "OK". Who needs options when you've got Windows :-)</i>
What about
| This dialog was brought by you by the |
| friendly folks from Eolas, your favorite |
| extortion company. Press OK to continue. |
| |
| [ OK ] |
What a mess.
Certainly there must be prior art for such an obvious software implementation. Thank you USPTO for your complete ineptitude. And thank you legal system for your ineptitude as well.
Eolas probabally just wants to cash-in on the $250 million patent settlement. I don't think MS intentionally lost the case in order to squeeze the competition. MS provides a trivial javascript work-around at the bottom of the new IE documentation. Any browser which runs javascript can presumably do the same. MS' documentation seems to state that the patent covers external program and data referenced within a web page, but it does not cover a second layer of indirection, such as an externally included javascript file that itself includes external activex object data.
So that is the new work around.
But it does create a whole new upgrade-cycle of
browser exploits. Previously, javascript could be filtered, which made it much more simple to filter out the remaining active content.
But now all the active content must be put into javascript, so filters will have to be able to process javascript to indirectly filter out the active content. Since the majority of the IE exploits target activex and embedded objects, there will be a long road of successful IE exploits until this new filter technology is stable.
This disproves the conspiracy theory that says MS lost the patent case intentionally.
Why would MS lose this patent case and accept the consequences of a whole new round of IE exploits and Virii/worms?
That would be just plain dumb, especially when your company is being sued in California for creating insecure software, and your reputation for providing secure products is at an all time low!
OK - so far so good. Then they get to this part: I can see where this is going... So- in summary: Writing the code directly in HTML is a violation and will trigger IE to spit the silly dialog box. Having JavaScript (and therefore the browser itself) write the offending code is just kosher. Wow.
Culture is more than commerce
Because the software world hasn't had big, market changing innovations lately. Really, I mean that. And I see no reason why a new software idea couldn't be on the market within a year.
Think I'm wrong? Name one real software idea that fits these criteria:
1. Patented in the last 3 years
2. Could not be exploited for a reasonable "head start" profit in 3 years
Show me that, and I'll show you a useless, obvious or redundant patent - a patent that will only be used to harm innovation down the road.
It's only been luck that we haven't seen more damage from bad software patents. Law should be changed now, or we'll see real problems in 2015. 3 years (or thereabouts) is a compromise that could protect most legitimate interests, I think.
Let's not stir that bag of worms...