Slashdot Mirror
Microsoft Patents Sudo's Behavior
Foofoobar writes "Just when you thought all was safe on the crazy patent front, Microsoft has come out of the obvious patent closet to file patent number 7617530, which basically duplicates the functionality of 'sudo' which is found in all Linux systems. PJ over at groklaw has a wonderful writeup on the entire fiasco."
As usual, you need to look at the claims of the patent. For example these points dont really cover sudo:
1. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.
2. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising: determining multiple accounts capable of permitting a task not permitted by an account of a current user wherein the determining is based on criteria comprising: frequency of use; association with the current user; and indication of sufficient but not unlimited rights; receiving indicators for the multiple accounts capable of permitting the task; presenting a graphical user interface, the graphical user interface having: multiple account regions, each account region identifying one of the multiple accounts capable of permitting the task; an authenticator region capable of receiving an authenticator for one of the multiple accounts capable of permitting the task; receiving, through the graphical user interface, the authenticator for one of the multiple accounts capable of permitting the task; and responsive to receiving the authenticator for one of the accounts capable of permitting the task, packaging, into a computer-readable package, the received authenticator and the account capable of permitting the task associated with the authenticator, the package effective to enable authentication of the account capable of permitting the task.
3. The media of claim 2, where the each account region comprises a name identifying one of the multiple accounts capable of permitting the task.
4. The media of claim 2, where the each account region comprises a graphic identifying one of the multiple accounts capable of permitting the task.
5. The media of claim 2, further comprising permitting the task.
6. The media of claim 2, further comprising authenticating the account capable of permitting the task and, responsive to authenticating the account capable of permitting the task, temporarily elevating rights of the current user to that of the account capable of permitting the task effective to permit the task.
7. The media of claim 2, wherein rights of the account of the current user are limited by controlled-access software.
8. The media of claim 7, wherein the task is prohibited by the controlled-access software prior to authentication of the account capable of permitting the task and wherein the controlled-access software refrains from prohibiting the task in response to authentication of the account capable of permitting the task.
9. One or more computer-readable media having co
If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.
Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.
No kidding!!! What do you say at this point?
without "sudo". My thanks to Micro$oft for inventing that great program! --Stak
Holy happy hippy crap!
It's US patent system's fault, not Microsoft. They have to file these to cover their own ass. And actually I haven't ever seen MS patent trolling, they've even gave their patents to organizations which purpose is to keep them open. Even the TomTom vs. Microsoft case was because TomTom attacked MS first and they had to counter.
Patent system is the one to blame.
...because I couldn't bothered reading all that shit.
Genesis 1:32 And God typed
There are too many sudo-intellectuals running it, that's why.
Patenting sudo is a slight legitimate error?
Damn. I want some of that anti-guilt thing you are taking.
NO SIG
The big industry writes them up just as protection from patent trolls and then collude to keep small competition out (ie Microsoft was threatening that Linux was stepping on its patents back in the day).
Patents were made to spawn innovation - bypassing secretive guilds by incentivizing the opening of knowledge to public domain in exchange for a limited time monopoly. Projects and society are way too fluid now to keep many inane details secret anyway. There needs to be a study of which types of patents coming in provide useful knowledge to the People, and which majority are just wastes dumps of text - and amend the system accordingly.
I would urge the USA to do this now, while it is the leading superpower in which others follow suit. It may have been to our advantage in the past, but not so in the future, imo.
Patent Office: "Rejected."
Microsoft: "sudo patent this obvious idea"
Patent Office: "Okay."
With apologies to xkcd.
MS: Grant me this patent.
USPTO: No!
MS: Sudo grant me this patent.
USPTO: Okay...
I don't condemn all software patents.
I do. Copyright protects software, there's no need for patent protection.
It's official. Most of you are morons.
...with Windows' lax control of permissions allowing just about anybody to run as a super user, surely they should have a patent for "sudon't" which would probably be infinitely more useful?
Gentoo Linux - another day, another USE flag.
$ make me a patent
make: *** No rule to make target `me'. Stop.
$ sudo make me a patent
Okay!
$
I am the original author of "priv", which came before sudo, and I didn't see any mention of it. This utility was published in Unix World back in 1987, and basically did the same thing. Does this mean "priv" is exempt from this patent?
Get rid of everything Micro and Soft: Buy Viagra and/or Linux
I couldn't bothered reading all that shit.
Oddly enough, that is exactly what the patent examiner said.
I'm a good cook. I'm a fantastic eater. - Steven Brust
Since when do programmers need to be patent lawyers? Patents are written in fluent legalese, not plain $HUMANLANGUAGEOFYOURCHOICE.
Understanding the scope of the problem is the first step on the path to true panic.
No, it was a typo.
They patented *sume*. Long 'e' by the way.
---- Teach Peace. It's Cheaper Than War.
Thanks for telling us that those claims are too complicated for you to read. Please make sure to put that on your resume, because if I was a potential employer looking to hire you for anything even remotely technical, I'd want to know that you give up whenever a discussion gets remotely above the complexity of "M$ sux0rz."
That's not a technical description: it's legalese. I've done my share of technical writing, ranging from scientific journals articles to user and developer documentation, but I'd never be able to get away with producing such incomprehensible gibberish.
copyright doesn't protect against duplicating functionality - only copying the exact binaries/source code. If I want to write my own sudo replica, copyright doesn't stop me... but a patent would.
That is one of those statements where both sides shout "EXACTLY", and then stare at each other.
If you have a copy of his source code and duplicate product in another language, you'll get your clock cleaned in court. To effectively copy the other guys software, the best defense would be to have no knowledge whatsoever of his code.
Historically everyone in software has been copying everyone else all along. Things were fine before patents became all the rage. Imagine is Apple had patented the GUI in 1984. The windows GUI couldn't have been developed patent free until 1999. It's an absurd idea, no matter how much I currently dislike windows dominance. And, yes, I do realize Apple stole the GUI from Xerox...
Do we actually want to prevent duplication of functionality?
Also, isn't patent still supposed to allow duplicated functionality if the implementation is different enough?
And actually I haven't ever seen MS patent trolling,
Their shakedown of camera vendors and threats to OS implementors over the VFAT patents are a classic case of patent trolling.
The technology covered by the patents no longer has any intrinsic value, because nobody uses OSes that don't support long filenames. The only reason to use the long/short filename conversion in VFAT is purely circular: to ensure compatibility with VFAT itself.
Thus, these patents only remaining purpose in life is to create a barrier to entry in the markets that Microsoft operates in. The technology covered by them is is providing no end-user benefit, and consumers are paying royalties and getting nothing in return other than a less competitive market.
This patent was filed more than four years ago, in April of 2005. This filing predates Red Hat's announcement of PolicyKit by about a year. And PolicyKit probably wouldn't cover this even if it predated the Microsoft concept because it doesn't meet the "automatic" criteria, AFAIK.
And for anyone thinking that this is a patent on sudo, it is not. It also is not a patent on Apple's AuthorizationExecuteWithPrivileges, though it is much closer to that. It differs from the Mac OS X design in that it:
It further differs from sudo in that it presents a GUI (in addition to the two ways above).
Regarding launching a GUI window when a privilege violation occurs, this is precisely why Windows got the "Allow or Deny" reputation it got. You really don't want to authorize every little action. Further, when it comes to a typical desktop environment, a rights system should not be so complex that there are more than about two classes of users anyway---those who have the rights to modify system files and those who are limited to their own files. Therefore, something like sudo, PolicyKit, AuthorizationExecuteWithPrivileges, etc. is generally a much better design because it puts the application in control of the experience and allows you to run a series of actions with elevated privileges, forcing apps to be designed with proper privilege separation, and reserving elevated privileges for only the minimum portion of the code necessary. The Windows "automatically throw up a GUI when you get a permission denied" design has a significant risk of creating user indifference towards important security notifications, which results in a significantly less secure system in the long run.
Also, I'm under the impression (based on the patent) that Windows is temporarily elevating the privileges of the application itself, which means that you now have a much larger chunk of code that must be checked for security holes, lest malicious individuals co-opt the application for nefarious purposes. Such a design also makes it very hard to adequately use code signing to ensure the authenticity of the code running with elevated privileges, thus allowing security holes in the app to readily be exploited and turned into the equivalent of root holes just by the user clicking "Allow".
In short, it's a terrible security design filled with myriad fundamental design flaws, all codified in a patent filing for all to mock. I certainly won't lose sleep over this patent getting approved. No one should reasonably want to implement the sort of security architecture that would violate this patent.
Check out my sci-fi/humor trilogy at PatriotsBooks.
http://xkcd.com/149/
Pathological kinda promises Path + Logical - but instead, you get stuck with pathetic.
You're use of the word "genious" is brillant.
I always thought a sudo-intellectual was someone who thinks they are smart enough to be given the root password...
If we can put a man on the moon, why can't we shoot people for Apollo-related non-sequiturs?
Math equations can be brilliant and stunningly innovative yet they can't be patented. Why should software be any different?
After skimming the patent, this sounds more like it's more like prompting for sudo. If this were Linux, it would be something like:
"You need to use sudo to run this program. Would you like to use sudo? y / n"
This is a very specific patent and most certainly wouldn't cover sudo, but rather the automatic detection of the need for it and a very detailed description of the GUI built on it. It's almost like the people writing about the patent didn't bother to read it...
120 characters for a sig? That's bloody useless.
If you're going to claims something copies 'sudo' with 'Linux' please realize that sudo copies su which was around long before Linux.
sudo has more features than su, yes. Everything that 'copies' sudo has more features as well.
Although the patent in this case does not copy sudo, or gksudo or OSX. The patent covers something that detects an authorization (NOT AUTHENTICATION) failure and gives an opportunity to elevate privileges and continue rather than denying the request.
su, sudo, gksudo and the OS X applet all require knowledge in advance that elevated privileges are required.
Do I think the difference is worth patenting? No, its the next logical step. However, if you're going to rant and rave about what Microsoft is patenting, at least realize they aren't patenting a clone of something you've been using for years.
You only make the rest of the OSS world look stupid to the powers that be when you rant and rave and you are completely ignorant of whats being done. We lose credibility and get written off as raving lunes when you respond like this. So please, shut the hell up.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.
Indeed. In fact, this patent reminds me more of PolicyKit (which is GUI-based) than sudo. See screenshot, which almost exactly matches how I visualised the patent after reading the initial claims.
Law is the programming language for the system of society. The problem is, rather than doing exactly what you told it to do, regardless of whether that's what you wanted it to do, the system makes every possible effort to interpret the code in such a way so that it doesn't have to do what you instructed it to do.
upon the advice of my lawyer, i have no sig at this time
The problem being you can engineer your way round a patent on a specific innovative break design in a car.
Trying to work around a patent with a flowchart with a note reading "slows car down" is pretty much impossible.
Hence it kills innovation, not encourages it.
I presented this argument to someone just the other day, but here it is again: Mathematicians develop insanely difficult and complex algorithms all the time, and must share their work in the public domain because you can't copyright or patent mathematics. Not a formula, I'm talking about full algorithms, logical procedures, proofs and so on. Algorithms which have changed the world by such orders of magnitude that no matter how novel and amazing some little piece of code looks to the programmer, compared to the work of mathematicians it is almost always will come up looking pretty much completely trivial.
Imagine if someone had patented the fast fourier transform? Or any number of a virtually infinite set of unique and groundbreaking algorithms that have literally changed the course of science. Technology and science would be weaker for it, you might not even have a job with a computer in front of you.
Now why is it that sequences of logical steps, algorithms, when developed by mathematicians are anybodies game, and yet when a programmer or a software company comes up with an algorithm, a sequence of logical steps no different to the ones in the field of mathematics, it is suddenly different and needs monopoly rights granted to the author? Do you honestly think that novel method 3.57a to make database requests in a unique way is as important to the world as something like the fft? Or the Kalman filter?
Get over yourselves programmers, your code is not special, logic is logic, patenting a logical procedure is about as wrong as it gets in my books. If you develop code and it is useful, you are going to be the foremost expert in your new system. You will make money without a patent. The problem is this isn't about putting food on the table, this is about geeks who fancy themselves Knuth thinking they ought to be millionaires.
There are multiple issues getting mixed up in the Groklaw article and the discussion on Slashdot.
A patent application has three hoops to jump through to be patentable:
35 U.S.C. 101 - the claims must be patentable subject matter. The question of "is software patentable" is what the Supreme Court is deciding in In Re Bilski. This is the largest issue most of the Slashdot community seems concerned about, and it's obviously a big issue right now. These claims, as written, may be patentable subject matter under current 101 criteria. This is why there were written with all the "computer readable media" language.
35 U.S.C. 102 - the claims must be "novel" subject matter. This is what people object to when they yell "BUT I DID THIS BACK IN 1990!"
35 U.S.C. 103 - the claims must be non-obvious subject matter. This is what most people appear to be objecting to in the present discussion....if sudo existed before this patent, then laying down Microsoft's GUI idea on top may be obvious. (This is NOT a Section 102 issue). This is the part where the patent office (and examiner) screwed up. Even if the examiner couldn't find a reference that taught exactly what Microsoft claimed, he/she should have at least rejected the now-issued claims as obvious. Maybe he did, but half-assed the rejection...who knows.
The Groklaw article points out an "obvious" patent and yells that is shouldn't be patentable subject matter. Those are two separate issues. Yes, it's probably obvious. Depending on your view of software patents, it should or should not be patentable subject matter. That fact that it's an "obvious" idea will NOT in any way be affected by the Supreme Court's decision in Bilski (that case is about patentable subject matter under Section 101).
And, yes, I do realize Apple stole the GUI from Xerox...
Actually, no. Apple traded their stocks for a day with Xerox engineers which had to show them what they've done. And they've done very little compared to things that were in the first Mac GUI. I.e. overlapping windows.
Things like these are documented on Apple's folklore site.
It is always better to be a first grade version of yourself than a second grade version of someone else.
As an ex-programmer/technical writer who is now a lawyer who's also worked at the USPTO as an examiner (during law school), I feel I must weigh in on the language issue. Patents and patent applications are neither technical documents nor legalese. They are a unique and bizarre hybrid of the two which, quite frankly, I think no one understands. The claims, specifically, since the specification is sometimes actually intelligible in a meaningful way. Everyone (examiners, phositas, judges, lawyers) has trouble dealing with claims and their meanings. The fact that we require pre-litigation court hearings to determine what a claim means (Markman hearings) AFTER the USPTO has already reviewed and approved the claims, which requires determining what the claim means, should be a sufficiently strong indicator that the current style of writing for patents is uncommunicative and ineffective.
To speak more directly to software patents, the USPTO doesn't recognize such a thing literally. Moreover, in general the PTO doesn't look upon the software field as a true technical/engineering discipline, and so looks down upon software/programming expertise in it's examiners. If it appears that the PTO doesn't know a thing about how software works or what is out there as prior art, it is because generally it doesn't know a thing. The field of endeavor isn't recognized or utilized, and examiners often interpret claims to avoid dealing with software (as they don't have the background knowledge to know how to begin researching the prior art).
Software may or may not be patentable ideologically, but as long as the field is given short shrift and basically sneered at by the PTO, no patent process will make sense for the majority of software/business method patents.
AC for obvious reasons.
the system makes every possible effort to interpret the code in such a way so that it doesn't have to do what you instructed it to do.
So law is interpreted. Wonder why our justice system is so slow...
Further: how quickly we forget the threat of those 235 patents. If that's not patent trolling, what is?