Microsoft Patents Sudo's Behavior

Foofoobar writes "Just when you thought all was safe on the crazy patent front, Microsoft has come out of the obvious patent closet to file patent number 7617530, which basically duplicates the functionality of 'sudo' which is found in all Linux systems. PJ over at groklaw has a wonderful writeup on the entire fiasco."

claims

[sopssa]

As usual, you need to look at the claims of the patent. For example these points dont really cover sudo:

1. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.

2. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising: determining multiple accounts capable of permitting a task not permitted by an account of a current user wherein the determining is based on criteria comprising: frequency of use; association with the current user; and indication of sufficient but not unlimited rights; receiving indicators for the multiple accounts capable of permitting the task; presenting a graphical user interface, the graphical user interface having: multiple account regions, each account region identifying one of the multiple accounts capable of permitting the task; an authenticator region capable of receiving an authenticator for one of the multiple accounts capable of permitting the task; receiving, through the graphical user interface, the authenticator for one of the multiple accounts capable of permitting the task; and responsive to receiving the authenticator for one of the accounts capable of permitting the task, packaging, into a computer-readable package, the received authenticator and the account capable of permitting the task associated with the authenticator, the package effective to enable authentication of the account capable of permitting the task.

3. The media of claim 2, where the each account region comprises a name identifying one of the multiple accounts capable of permitting the task.

4. The media of claim 2, where the each account region comprises a graphic identifying one of the multiple accounts capable of permitting the task.

5. The media of claim 2, further comprising permitting the task.

6. The media of claim 2, further comprising authenticating the account capable of permitting the task and, responsive to authenticating the account capable of permitting the task, temporarily elevating rights of the current user to that of the account capable of permitting the task effective to permit the task.

7. The media of claim 2, wherein rights of the account of the current user are limited by controlled-access software.

8. The media of claim 7, wherein the task is prohibited by the controlled-access software prior to authentication of the account capable of permitting the task and wherein the controlled-access software refrains from prohibiting the task in response to authentication of the account capable of permitting the task.

9. One or more computer-readable media having co

Re:claims

[Halo1]

Remember that they all have to apply.

No, they don't. Only one independent claim (i.e., 1, 2 or 9) has to apply (at least it's like that in Europe), or an independent claim along with some dependent claims if you want a stronger case because then the claims become more specific and hence hopefully more distant from the prior are (e.g., 2 and 3, or 2 and 7 and 8).

This isn't exactly sudo.

That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.

Re:claims

[jpmorgan]

Except, gksudo doesn't come up in response to a failed security authentication. gksudo comes up because the control panel knows it needs administrator permissions and explicitly calls gksudo. gksudo is not sitting around behind the scenes, watching for authentication failures.

Much more specific than the summary suggests

[Sockatume]

If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.

Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.

Re:Penalties

[Tim+C]

I don't condemn all software patents.

I do. Copyright protects software, there's no need for patent protection.

Dear Newbs, su came before sudo

[BitZtream]

If you're going to claims something copies 'sudo' with 'Linux' please realize that sudo copies su which was around long before Linux.

sudo has more features than su, yes. Everything that 'copies' sudo has more features as well.

Although the patent in this case does not copy sudo, or gksudo or OSX. The patent covers something that detects an authorization (NOT AUTHENTICATION) failure and gives an opportunity to elevate privileges and continue rather than denying the request.

su, sudo, gksudo and the OS X applet all require knowledge in advance that elevated privileges are required.

Do I think the difference is worth patenting? No, its the next logical step. However, if you're going to rant and rave about what Microsoft is patenting, at least realize they aren't patenting a clone of something you've been using for years.

You only make the rest of the OSS world look stupid to the powers that be when you rant and rave and you are completely ignorant of whats being done. We lose credibility and get written off as raving lunes when you respond like this. So please, shut the hell up.

Just like PolicyKit

[Jeremy+Visser]

That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.

Indeed. In fact, this patent reminds me more of PolicyKit (which is GUI-based) than sudo. See screenshot, which almost exactly matches how I visualised the patent after reading the initial claims.

Re:This is why software patents shouldn't be allow

As an ex-programmer/technical writer who is now a lawyer who's also worked at the USPTO as an examiner (during law school), I feel I must weigh in on the language issue. Patents and patent applications are neither technical documents nor legalese. They are a unique and bizarre hybrid of the two which, quite frankly, I think no one understands. The claims, specifically, since the specification is sometimes actually intelligible in a meaningful way. Everyone (examiners, phositas, judges, lawyers) has trouble dealing with claims and their meanings. The fact that we require pre-litigation court hearings to determine what a claim means (Markman hearings) AFTER the USPTO has already reviewed and approved the claims, which requires determining what the claim means, should be a sufficiently strong indicator that the current style of writing for patents is uncommunicative and ineffective.

To speak more directly to software patents, the USPTO doesn't recognize such a thing literally. Moreover, in general the PTO doesn't look upon the software field as a true technical/engineering discipline, and so looks down upon software/programming expertise in it's examiners. If it appears that the PTO doesn't know a thing about how software works or what is out there as prior art, it is because generally it doesn't know a thing. The field of endeavor isn't recognized or utilized, and examiners often interpret claims to avoid dealing with software (as they don't have the background knowledge to know how to begin researching the prior art).

Software may or may not be patentable ideologically, but as long as the field is given short shrift and basically sneered at by the PTO, no patent process will make sense for the majority of software/business method patents.

AC for obvious reasons.

Re:Penalties

[IICV]

Further: how quickly we forget the threat of those 235 patents. If that's not patent trolling, what is?