Slashdot Mirror
Newegg Beats Patent Troll Over SSL and RC4 Encryption
New submitter codguy writes to note that a few days ago, and after a previous failed attempt to fight patent troll TQP Development in late 2013, Newegg has now beaten this troll in a rematch. From the linked post: "Newegg went against a company that claimed its patent covered SSL and RC4 encryption, a common encryption system used by many retailers and websites. This particular patent troll has gone against over 100 other companies, and brought in $45 million in settlements before going after Newegg."
This follows on Intuit's recent success in defending itself against this claim.
What would be fitting is for all those "settlements" to be automatically overturned and the troll forced to refund the money.
But I know it doesn't work that way. If you wuss out and pay the toll, there is no getting your money back from the troll.
I do not fail; I succeed at finding out what does not work.
Sure is nice that we can freely use this form of encryption that should never be used anymore.
I read the internet for the articles.
And liberty and justice for all...who can afford it.
Jack of all trades,master of none
This sounds like a good opportunity.
I'm in the money...
“He’s not deformed, he’s just drunk!”
They are also throwing a sale to celebrate.
http://www.newegg.com/When-We-...
I was taken a little by surprise over this yesterday when I got the email about it, I wasn't even aware of the court fight going on. I am happy to hear that Newegg is standing up to the trolls, and their shirt about it is kind of cute.
http://www.newegg.com/Product/...
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
and it will be from Newegg. Thank you for standing up to the patent trolls.
.
Kudos to Newegg.
I think you have to be a lawyer and have ownership of a patent first (it doesn't have to be worth anything, but you have to be the rightful owner of it...)
Quo usque tandem abutere, Nimbus, patientia nostra?
Have millions saved up, buy up patents as they expire or from companies who have filed bankruptcy. Move to Texas where they have the most lax laws regarding patent acquisition and leniency in favor of judges on patent trials.
then,
SUE
THE
SHIT
OUT
OF
EVERYONE!
When will they reform patent law so trolls don't have a business case? They could radically limit the validity duration of a patent, so after like two years, there's no case any more. Also, they could limit the right to sue to either the original inventor(s) or a company that bought the patent and is actually using it in a product. Then patents work the way they were intended, not as an extortion scheme for patent trolls.
no, I don't have a sig
...have ownership of a patent...
I'll see what I can find on Craigslist...
“He’s not deformed, he’s just drunk!”
I'd just off the trolls and the lawyers. The next bunch would get the idea...
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Drawn and quartered. Look up the definition. It is a long and drawn out process for execution. They have wasted a lot of people's time and money and deserve to be snuffed out for such blatant and deliberate thievery.
Jesus was a compassionate social conservative who called individuals to sin no more.
It's worth noting that there are known attacks against RC4 (especially SSL using RC4). While these aren't quite practical yet, it is clear that RC4 is obsolete, and that current programmers should choose other stream cyphers (AES). Even supposing the patent was legitimate, the technology it covers has become obsolete well within its lifetime.
This illustrates one of the key reasons software (that is, algorithms) shouldn't be patentable: the field moves so fast that 20-year patent protection isn't useful. Even supposing the authors of software need patent protection to recoup their "investment" in inventing the algorithm, 20-year protection is effectively an infinite term, since by the time the protection ends, the technology is obsolete.
As an aside, note that patenting a protocol (such as RC4) automatically ends its usefulness. Protocols are only useful if the other party to the communication can participate, and interoperability is very important in software. Patents are ill-suited for this. Copyright, on the other hand, works well: the code you write is protected, but anyone else can write their own code to implement the protocol and communicate with you.
You do realize that the content is submitted by members and approved by members, right? "Take a drink from the firehose..." In other words, make an account and contribute positively to the community, and you can make sure that the sort of content you want to see is represented here.
Slashdice has a history of not approving / delaying stories they don't like - look at how long it took (and what lengths it took) to get a story about the Sourceforge malware scandal.
Yep. Slashdot took so long to report the Sourceforge 'scandal' that I saw the first article about it *on Slashdot* before I saw the first person complaining about Slashdot not covering it.
Note: The posts in question were in the comments *FOR THAT ARTICLE*.
Those that were extorted(paid the licensing fee) need to sue for their money back, plus opportunity cost losses, legal fees, punitive damages.
Finish them.
At least three articles have been submitted to the firehose. Yet nothing has appeared. It is SOP around here to delete unfavored stories.
AFAIK here's the Patent
Harrison's Postulate - "For every action there is an equal and opposite criticism"
As much as I hate patent trolls, there might have been a silver lining if they had won this case.
RC4 is the last cipher PCI 3.1 supports. After it's eliminated IE8 will no longer be able to shop online which should kill it off for good.
Kill it with fire!
RC4 is almost 30 years old.
s/hung/hanged/
Uh, that's not what happened. There were loads of comments well before the submission was approved. That's why, when it was approved, it came with this note from the editors:
Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long.
Emphasis mine.
Oh wait, you said you didn't see anything in the comments before it was posted. Reading might not be your strong suit.
The Republican ruled courts hate engineers. That is why they always rule against IP and for corporations. They hate us so much they consider us equals to humans. Equals.
Oh, what's the selling price? *checks wallet*
Yip and a decade ago, everyone was already saying that you should not use it anymore.
Then you weren't looking very hard for it, as it was talked about on I think it was ars technica like a week before slashdot reported on it and I found out about it through posts lasting pretty much that entire time complaining about their lack of coverage
SCO argue otherwise: You only have to claim ownership, not actually have even the vaguest title to it.
Sent from my ASR33 using ASCII
"as they expire"
That would not be a wise move. The penalties for claiming ownership of a non-existent patent (expiration moves it into the realm of non-existent), is quite steep. I've heard something like $20k per infringement. I remember hearing about a tie manufacturer getting hit with a multiple hundreds of millions dollar fine for forgetting to remove a "covered by patent X" statement off of their products after the it had expired.
tree fiddy
This illustrates one of the key reasons software (that is, algorithms) shouldn't be patentable: the field moves so fast that 20-year patent protection isn't useful.
So what's your stance on RSA, one of the early software patents, which is still used everywhere?
So what's your stance on RSA, one of the early software patents, which is still used everywhere?
Cryptography is a special case, as governments did their best to prevent innovation there until the late 90s/early 2000s. And the RSA patent was another of the reasons for the slow spread of cryptography prior to the end of the last Crypto War, as no-one wanted to be tied to a patented algorithm; some even suggested it was patented for precisely that reason, though I doubt that was the case.
I didn't try to articulate every problem with software patents, merely those illustrated by the just-overturned patent covering SSL using RC4. Note that RC4 itself is about 30 years old, and was developed by RSA security.
In any case, regarding the RSA cryptosystem itself, it was developed by several academics (independent of its previous, secret, invention GCHQ), and clearly it would have been developed and published even without the extra bonus of patent protection. It's important to remember that patents are a means to an end ("promot[ion] of Progress of Science and useful Arts") -- which is not to make money for inventors but to provide them an incentive to invent for the public good. In other words, a Patent is a way for the public to give up something (the natural possibility of making use of an invention you hear about) in return for a different advantage (getting the invention made in the first place). If inventors would invent even without the extra incentive, there is not need for the incentive.
Since practically all the value of inventiveness in the software business can be captured simply by writing the software (and, in cryptography especially, by ordinary academic incentives such as promotion, tenure and professional recognition), software patents don't help. Instead they hinder.
For a salient example consider the LZW patent. The algorithm was designed by two academics (Lempel and Ziv of the Technion). The main effect of the patent was to end the widespread use of .gif files (the GIF standard specified LZW compression), which dominated the early internet. Rather than knuckle under and pay licensing fees (and end free-software projects like Mozilla), the internet community developed PNG, an equivalent but patent-unencumbered compressed raster image format. Practically the whole internet switched to PNG -- showing that useful technology can be invented without the patent incentive, and that when there is no patent it is much more widely used for everyone's enjoyment.
PS: It is likely that the LZW patent was invalid (patenting an abstract algorithm), but nobody wanted to take the legal risk of going to course to invalidate it. This obnoxious patent has since expired.
Is RC4 still a thing?
so do the previous losers get their money back, or do they have to counter sue as it's civil court?
My stance on the RSA patent is that it should never have been granted in the first place due to the "obvious to someone skilled in the arts". Basically they did the maths for an idea that had been widely published by James H. Ellis in the 1960's but he didn't have the mathematics to make it practical implementation. This was demonstrated by the fact that we now know that Clifford Cocks at GCHQ had several years earlier worked out the exact same algorithms again based on the ideas of James H. Ellis. It is clear that what we know now as RSA encryption was obvious to someone skilled in the art of cryptography and mathematics and therefore should have been an unpatentable idea. That it was granted a patent should be seen as a classic object lesson in the failings of the US Patent Office, and that it's failings go back many decades and are nothing new.
"When someone is hung out of malice but with no intent to kill, as described in the example below, hung is the conventional word"
Hung is acceptable.
"You were hung out to dry by your partner."
"They were hanged yesterday"
"You were hanged out to dry by your partner" is silly
"They were hung yesterday" is fine.
Strictly speaking, AES is a block cipher, though a stream cipher based on it is common in practice (which I'm sure is what you meant).