Like storing the contents of a web crawl. The row key is the URL, the column is the crawl timestamp, and the cell contains the page (or keywords). That's a column created on the fly. Another application off the top of my head is storing access logs, where each row is a date, each column is a person, and each cell contains a resource they accessed. Having two billion columns is hardly excessive (in theory) for a suitably-large application.
Cassandra, like BigTable and HBase, is not the same as a traditional RDBMS. It's also a column-oriented DBMS. Since each group of columns is stored separately, there's no performance impact to having extra columns. Columns that aren't needed (like old crawls in the example above) simply aren't loaded into memory. What's bad design for an RDBMS is perfect for Cassandra or HBase.
You seem to misunderstand the doctrine of fair use.
But if you circumvent a security device in order to exercise a "fair use" then you are safe.
"Fair use" is not a defense against a DMCA claim. It's a poor defense against a copyright infringement claim. This lawsuit is because Hotz broke a protection mechanism, not because he copied copyrighted materials (though I expect that issue to be raised if/when the courtroom fireworks start).
As to the primary purpose of the exploit, that's probably going to be up to a judge. Sure, everybody close to the jailbreaking scene knows it's for the sake of running a custom machine, but to Sony, it's a blatant avenue for piracy. Even a good purpose is only useful if Hotz is accused of selling/trafficking the exploit. The main problem comes from breaking the protection in the first place, and I see little defense for that (though IANAL).
I hope the case dies quickly and favorably here and now. If Sony can't show jurisdiction, or can't pull off any other illusion to show this case is justified, then there's another abusive lawsuit on record. It's more ammunition against the DMCA, and less painfully expensive than fighting up to the Supreme Court.
Jailbreaking a phone is not actually in any law. Section 1201(a)(1) of the DMCA authorizes the Librarian of congress to make specific exceptions every three years. Jailbreaking is one of those exceptions currently in effect, but only for the purposes of switching carriers or "interoperability" between legally-purchased programs.
Even if his code were covered by an exception, Section 1201(a)(2) prevents him from making his tools available to the public. The people using such tools may be accused of "trafficking" such tools, and face legal problems of their own.
I remember well a particular quote from 1998: The DMCA passed. Run. Run and hide.
"Fair use" is irrelevant with regards to section 1201 of the DMCA, which covers breaking copy-protection schemes. The unlock-to-change-carriers is a specific exemption, from the Librarian of Congress. The DMCA authorizes the LoC to make exceptions every three years to prevent abuses of copyright law. The Librarian determines what kinds of copy protection may be broken, for specific purposes.
The VCR case predates the DMCA, and is a shining example of how the DMCA screws over consumers. Back when that ruling occurred, the burden was on the copyright holder to show that the accused actually copied their intellectual property.
The DMCA changed that. Now, any form of encryption, no matter how trivial or ineffective, is considered a protection mechanism, and if you break a protection mechanism, you're assumed to be copying. This is a much lighter burden of proof, and it tramples uses that are obviously legitimate. Thank the WIPO.
The right to petition is just that: The right to petition. Please point out where in the Constitution every government employee is given the right to publicly release confidential information.
The union analogy is false, because there is no indication that having a union-loving employee will cause any harm. In contrast, allowing disgruntled government employees access to classified material weakens the trust in that classification. Part of the point of diplomatic cables is that nations can communicate without worrying about other nations knowing what was said. Without trust that those communications are secret, communication stops, and diplomacy breaks down.
Of course there are different stories told to everyone, but it's not because the government is intending to lie to the people. The intent is to plan actions before revealing them to other nations. That's why traditionally these materials have been fairly easy for anyone with proper clearance to access. Now it's obvious that can't be the case anymore.
There is definite harm in having security risks accessing secure material. That's why I used the pyromaniac analogy. There is definite harm in giving a pyromaniac unfettered access to flammable materials.
The idea that everyone should have access to everything is naive. Perhaps we should allow 6-year-olds to drive a car and vote? Anything less is discrimination!
Maybe I'm overreacting. Maybe it's just the government that can't have secrets. In that case, let's release the complete personal and social history of everyone who enters public office. Why stop there? Let's release all the personal details of every government employee! Everyone should have a right to know how many speeding tickets their mailman has received!
Perhaps that's too personal. Instead, let's just openly publish every detail on how to produce a working nuclear missile!
Where does it stop? Secrecy is a vital part of running a nation, like it or not. Sure, some things are kept secret wrongfully, and there is legal precedent for the limited leaking of classified information for the public good. Widespread releases are not intended for the public good. They're intended to embarrass the United States government, and disrupt normal actions. They're the actions of a disgruntled employee, not a defender of democracy.
Nothing was exposed though, except personal information. Palin's use of personal email accounts had been known for quite a while before the account was hacked, and was already under investigation.
I take it you've never gotten a phone call at 4:00 AM on an "business use only" line saying "you're a worthless sack of shit and I can't wait to see your death on the news". Four days and zero hours of sleep later, there's definitely "physical harm" involved.
The article only mentions that Palin's family got only "abusive emails and phone calls". There's no mention of threats, but it wouldn't surprise me if there were. That quote above was told to me by someone whose number had been given to a single psychopath. I can only imagine that a widespread leak would be worse.
What happens when the opposed policy is praised by other governments and people in high regard?
What happens when an already-disgruntled government employee with access to confidential documents sees one too many things go against them?
There's no infringement on free speech here. Any government employee can express any opinion they like about the government. That's never been in question. Instead, government employees who might be a security risk get moved away from confidential information, just like any sane person would move a pyromaniac away from flammable items. It's not an infringement of a perceived right to "say or do anything, anywhere, anytime, with no consequences". It's common sense.
You missed mentioning union dues, getting forced into whatever decisions the union makes for you, and tenured teachers who haven't updated their material in 15 years, beyond what the state mandates. Those complaints come from my local high school science teacher, and are the majority of what I remember from his hour-long speech on why he hates the teacher's union.
My preferred solution: Kill off the union, and raise taxes to actually pay teachers what they're worth. Abandon tenure in favor of standardized tests including things that have been corrected. Solicit local donations of supplies/services (and mention where they came from) rather than following the lowest bidder.
Unfortunately, any political support for my plan disappears at "raise taxes".
1. "Only following contract/orders" is no excuse, as every single professional organisation will tell you;
2. SSNs/local equivalents are subject to regulation in many jurisdictions. The law trumps your contract.
The law in our jurisdiction, as stated by our lawyers, does not require any kind of notification unless a threshold number of users are affected, and their protected information leaves a reasonable authorized area. There is no definition for an authorized area. The law doesn't affect us, so the contract has more restrictive limits, cutting back the authorized area to just our company.
So I'm supposed to trust your competence here even though you're demonstrably incompetent when it comes to the simpler task of correct logging.
I think I showed myself perfectly competent. We were looking for a given condition that triggered a rare bug. We were unable to reproduce the bug in test cases. I logged everything relevant, and caught the bug. The logs were then stripped of all protected information. According to all applicable legal restrictions, even that's unnecessary.
The correct procedure is to issue a notice to anyone whose data you are handling of: (i) what you did wrong; (ii) what you believe the impact was and why; (iii) and how it was corrected.
The correct procedure, according to all applicable laws, is to do our jobs. If and only if a large release (or breach) occurs, we are required to go through the notification process only if it's likely that protected data could be accessed. Such a process is very expensive, to the point where a single incident would have bankrupted our company back then. Obscene privacy to the point of killing innovation is useless.
The correct procedure in an ideal world is to have a unique identifier for every person for every place they want it. SSNs only have one billion combinations, and the easy ones (123-45-6789) get used all the time. Then, every institution using that number could record its use, and there would be a central place where it could be monitored. The whole thing would be funded by leprechauns, powered by unicorns, and secured with magic pixie dust.
The correct procedure, according to my opinion, is to screw over every idiot who fights against a national ID number. My company had no relation to Social Security, and indeed no financial-history need at all. We used the SSN as a global identifier, because it's the best there is in the United States for correlating personal records across different sources.
This applies even when your hubris makes you 100% sure that nothing could possibly have gone wrong.
Fortunately, you aren't in charge. The law (and common sense) requires that we follow appropriate procedures based on a risk assessment. If a heavily-encrypted hard drive is stolen, there's practically no chance the data is public. If we learn the data is somehow public, we must respond accordingly. We proceed based on knowledge, not fear.
Then people have something to work with in the event that you were wrong and data was leaked.
You mean like the note in the operations log saying I modified the other log? How about the note in my supervisor's notebook where I explained "I'm going to just log all of X to find what's triggering the bug"?
The correct procedure here is to incorporate test users in the production database, carefully marked and maintained by testing staff acting within prescribed limits as regular users, not to randomly select a customer as a guinea pig for fixing your bugs.
We tried that for two days first. Test cases didn't trigger the bug.
Developers are by policy permitted special access to these records alone.
Not when it's another company's data source, to which we're only allowed access by the aforementioned contract, and we can't change anything. Sure, we made our te
It doesn't matter if I did or not (though I did), because in my company had contracts authorizing us to use the data however we wanted. I'm fairly sure we could run the SSNs across a 6-foot-tall marquee in the office and been legally clear, as long as no visitors were in the office.
All the logs were stored on encrypted volumes anyway, in known locations. Since the information never (because of preexisting security) left the company, no reporting was needed. Then there's the time where my team intentionally bypassed security layers to view other personal (protected) numbers, because we needed to see what they looked like to understand a production-only bug...
My point is that storing recorded information is ridiculously easy, and recording information is part of the job. Google was intending to collect basic wifi information (ESSID and channel, as I recall), and ended up storing a lot more than that (probably to try to only run the vans once). I've long since lost interest in the details of this case, but I'd assume Google vans just stored everything they received, and processed it later. That intermediate storage, never meant to be used or released to the public, would constitute "eavesdropping" under loosely-worded laws.
Hi. I'm a software engineer. A few months ago, I dumped a few million social security numbers to a log file. It sure is a good thing I turned off that logging before I switched projects.... Of course, it was turned on for five days until that happened, and nobody realized that SSNs were part of that log.
Life with data is difficult. Fields of "arbitrary data" are logged, sometimes publicly. There's nothing any reasonable person or company can do to stop it. The best they can hope for is that they've hired ethical people who will respect the limits of what they should and should not see.
What I'm saying is that these things involve effort, and unless you were personally involved with the projects, you are in no position to dismiss them as trivial.
I've worked on a few patents myself. One in particular took all of 15 minutes to get the basic idea, and six years to get details worked out to the point of being "almost" patentable. Last I heard, the cost was almost $100,000. When the patent's done, it will read as something completely simplistic and obvious, along the lines of "take X, map to Y, compute Z, map back to X".
So if there's a particular limit on effort involved, where do you draw the line? 300 man-hours? 100? 5?
How is some arbitrary limit on "labor" supposed to prevent lowering the bar? Instead, it just raises the cost of stupid patents, because now there's a minimum about of wages that need to be paid to researchers, even for simple patents that will be predecessors to others.
>> Facts do not start out as opinions. Facts are unchanging truths of the reality we live in. Whether they are known to humans or not does not change their truth. A fact, observed through the biased eyes of an opinion may or may not be recorded truthfully. It's kind of like how yellow fish look chartreuse when the water's green. Replacing the water helps, as long as the new water's more clear.
To restate my signature in the same analogy: Cleaning fish tanks reveals so many brighter colors.
What does the 1970's have to do with wanting returns on my investments?
Animation delivered in the context of HTML/HTTP
I honestly don't know what this is referring to. Perhaps it's the LZW patent, representing 6 years of theoretical work into compression algorithms, and only coincidentally used for GIF images. If it's something else, please let me know.
One-Click
Upon re-examination by the USPTO, Amazon's patent covering placing an online order by a single action was determined to have about a quarter of its claims novel. Upon resubmission, the revised patent, including methods for client identification and authentication, were accepted. The patent also includes specific designs and workflows for storing credentials securely on a server for use later, without violating security policies.
Dating via photos
It's not just dating via photos. It's psychological research into what features people tend to find physically attractive, combined with the latest research into facial recognition algorithms. Rather than saying "Find me a girl who describes herself as pretty", you can pick a few girls you like, and the software will find others with similar features, including other preferences as well. Sure, it's shallow and biased, but it's much closer to how humans themselves behave. An important milestone in digital image processing has been reached, as the result of many many hours of research. Should that not be rewarded?
One Way Public Relationship
The important part of this patent is not the "relationship" aspect. It's actually the "one-way" part. Particularly interesting is claim 15:
15. A method as described in claim 14, wherein the one or more one-way public relationships enable the user to express interest in the objects without establishing mutual friend relationships with owners of the objects.
Facebook and Twitter have taken the approach of showing mutual relationships (or at least they did when I last paid attention to them). A college kid with more alcohol than intelligence sets their profile picture to be an obscene gesture. They like a well-known children's book. When some other user goes to the book's page, they are shown the list of fans, complete with obscene gestures.
Even without showing that mutual relationship on the company's page, the information is still stored internally, and may be easily accessible to third-party applications. That's a bit of a privacy problem, isn't it?
Microsoft's technique sidesteps the privacy and reputation issue completely, by only building a list of one-way relationships, and never a reversal (as in claim 18). Is it obvious to a software engineer? Sure, in retrospect. Every time a Facebook user annoys a Facebook employee, what stands in the way of a conveniently embarrassing leak?
There is no requirement that patented solutions be particularly difficult. Even the simple realization that relationships should be stored one-way brings a slew of problems. Popularity can no longer be directly measured (without making the database uglier). Sending notices to a particular entity's fans becomes much harder, since there's no central list of users. There's effort involved, and such effort should be rewarded.
Patents were 12 years, when I were young
And what country was that in, out of curiosity?
Patents were 12 years, when I were young. No one owns an idea. It is the distorting cult of narcissism, which has eaten a hole through the middle of this civilisation, to believe such.
To believe what? That patents lasted 12 years? I don't see the point you're trying to make.
By the time a particular design is patented, it's undergone a lot of refinement from a simple idea. That investment of time and labor is significant, usually taking several years and/or tens of thousands of dollars. It certainly constitutes a "contribution to productivity". The patent holders seek repayment for their work (like wages), rather than "rent", and indeed some don't even seek monetary returns at all (as with Google's MapReduce patent). To take your real estate analogy to its logical conclusion, you're assuming that all buildings and landscaping are magically preexisting, and there's no investment in the property. In reality, real estate is sold based on its preexisting natural condition and also whatever improvements have been made. A $100,000-dollar improvement to a home may only raise the value by $75,000. Is it wrong or abusive that those who want to stay in such a building short-term might pay to do so? Is it wrong that by appealing to many people who all want use of the building, a landlord may recoup their investment?
Intellectual property has a significant intellectual component. Nullifying the chance for such an investment to be returned is abusive.
Input devices and displays have long been shown to work best in different positions. Nobody wants to stare down at a display all day, or stretch forward to touch their screen all day.
Touch screens are nice for certain situations, but they won't replace keyboards in general.
The patent is for managing net-boot machines. That's useful for large numbers of similar machines, like a big corporation or a big cluster. It has almost nothing to do with virtualization, nothing to do with time management, and nothing to do with load distribution.
Then there's a few more details getting in the way. The patent was files in 2006, about five years before the Xserve line was discontinued.
If the technology were to be used by Apple internally, there'd be no need to patent it. It'd really only be useful for managing the data center itself, so why disclose their internal tools to competitors more than 5 years ahead of time?
Finally, there is a replacement for Xserve, announced in November. It's the Mac Pro Server. Not quite the same, but certainly enough to manage a corporation.
More or less, this is why I am a supporter of software patents. After spending the time, effort, and money to take a one-paragraph idea and make it something concrete, I want to be able to try to sell it myself without seeing some big company copy it freely. Likewise, I don't want to be holding up progress by my own greed. I'd rather see reasonable time limits for patents in the software field.
With a physical device, 20 years is a reasonable time to take a product from prototype design to an established product. There's about 2 years to get a financial backer, 3 to set up a supply line, 5 to get a market foothold, and about 10 to have a chance to become popular.
With software, 20 years is ridiculously long. It takes about a year to get enough funding/friends to make a working prototype, two years to find some early adopters, and another two years to revise the program into something successful. After that point, a particular program/library is likely the reference implementation, and will probably end up widely licensed.
In my opinion, software patents contribute a vital part of software innovation. Software patents with reasonable time limits help guarantee that the creator of a particular algorithm has a chance to profit from it, before it's reverse-engineered by another company. There's other ways to accomplish this goal, such as copyright restrictions, market regulation, and good old corporate bullying. Each of those gets more scary to me than the last.
</soapbox>
I was sincere about that first statement, too. I like the idea. Actual BitTorrent sucks for it, though, because so much of the protocol's designed to enforce fairness among untrusted parties. The net-boot machines could all assume each other to be well-behaved, without worrying about sharing ratios or throttling.
An interesting approach. Now to protect it from patent trolls, you just need to patent it (and offer free licenses if you want). Posting here does not invalidate patent claims, because your one-paragraph summary is nowhere near precise enough to be considered a working design specification.
Patents cover implementations, not ideas. Patent trolls get patents on implementations that are either unspecific (easily overturned on review) or unavoidable.
For example, the patent on LZW compression affected all GIF-creating programs, because they all followed the exact same algorithm. No other algorithm is known to produce compatible results, so the patent was unavoidable. Had the patent in question simply covered all forms of lossless compression, PNG could never have been created, until a lawsuit had the broad patent overturned.
Patent trolls want unavoidable patents, but they're hard to get. They require actually inventing something useful, so they're expensive. Trolls will also look for broad patents, and hope they can pressure people to license the technology before a lawsuit sets things straight.
The only implementation detail in your comment is the use of BitTorrent, which isn't unavoidable as there are other distributed technologies that would work better in a net-boot environment. Being so broad in itself, a patent troll need only take your idea, add some trivial (but novel) condition, and apply for a patent.
on the fly
Like storing the contents of a web crawl. The row key is the URL, the column is the crawl timestamp, and the cell contains the page (or keywords). That's a column created on the fly. Another application off the top of my head is storing access logs, where each row is a date, each column is a person, and each cell contains a resource they accessed. Having two billion columns is hardly excessive (in theory) for a suitably-large application.
Cassandra, like BigTable and HBase, is not the same as a traditional RDBMS. It's also a column-oriented DBMS. Since each group of columns is stored separately, there's no performance impact to having extra columns. Columns that aren't needed (like old crawls in the example above) simply aren't loaded into memory. What's bad design for an RDBMS is perfect for Cassandra or HBase.
You seem to misunderstand the doctrine of fair use.
But if you circumvent a security device in order to exercise a "fair use" then you are safe.
"Fair use" is not a defense against a DMCA claim. It's a poor defense against a copyright infringement claim. This lawsuit is because Hotz broke a protection mechanism, not because he copied copyrighted materials (though I expect that issue to be raised if/when the courtroom fireworks start).
As to the primary purpose of the exploit, that's probably going to be up to a judge. Sure, everybody close to the jailbreaking scene knows it's for the sake of running a custom machine, but to Sony, it's a blatant avenue for piracy. Even a good purpose is only useful if Hotz is accused of selling/trafficking the exploit. The main problem comes from breaking the protection in the first place, and I see little defense for that (though IANAL).
I hope the case dies quickly and favorably here and now. If Sony can't show jurisdiction, or can't pull off any other illusion to show this case is justified, then there's another abusive lawsuit on record. It's more ammunition against the DMCA, and less painfully expensive than fighting up to the Supreme Court.
Jailbreaking a phone is not actually in any law. Section 1201(a)(1) of the DMCA authorizes the Librarian of congress to make specific exceptions every three years. Jailbreaking is one of those exceptions currently in effect, but only for the purposes of switching carriers or "interoperability" between legally-purchased programs.
Even if his code were covered by an exception, Section 1201(a)(2) prevents him from making his tools available to the public. The people using such tools may be accused of "trafficking" such tools, and face legal problems of their own.
I remember well a particular quote from 1998: The DMCA passed. Run. Run and hide.
"Fair use" is irrelevant with regards to section 1201 of the DMCA, which covers breaking copy-protection schemes. The unlock-to-change-carriers is a specific exemption, from the Librarian of Congress. The DMCA authorizes the LoC to make exceptions every three years to prevent abuses of copyright law. The Librarian determines what kinds of copy protection may be broken, for specific purposes.
The VCR case predates the DMCA, and is a shining example of how the DMCA screws over consumers. Back when that ruling occurred, the burden was on the copyright holder to show that the accused actually copied their intellectual property.
The DMCA changed that. Now, any form of encryption, no matter how trivial or ineffective, is considered a protection mechanism, and if you break a protection mechanism, you're assumed to be copying. This is a much lighter burden of proof, and it tramples uses that are obviously legitimate. Thank the WIPO.
The right to petition is just that: The right to petition. Please point out where in the Constitution every government employee is given the right to publicly release confidential information.
The union analogy is false, because there is no indication that having a union-loving employee will cause any harm. In contrast, allowing disgruntled government employees access to classified material weakens the trust in that classification. Part of the point of diplomatic cables is that nations can communicate without worrying about other nations knowing what was said. Without trust that those communications are secret, communication stops, and diplomacy breaks down.
Of course there are different stories told to everyone, but it's not because the government is intending to lie to the people. The intent is to plan actions before revealing them to other nations. That's why traditionally these materials have been fairly easy for anyone with proper clearance to access. Now it's obvious that can't be the case anymore.
There is definite harm in having security risks accessing secure material. That's why I used the pyromaniac analogy. There is definite harm in giving a pyromaniac unfettered access to flammable materials.
The idea that everyone should have access to everything is naive. Perhaps we should allow 6-year-olds to drive a car and vote? Anything less is discrimination!
Maybe I'm overreacting. Maybe it's just the government that can't have secrets. In that case, let's release the complete personal and social history of everyone who enters public office. Why stop there? Let's release all the personal details of every government employee! Everyone should have a right to know how many speeding tickets their mailman has received!
Perhaps that's too personal. Instead, let's just openly publish every detail on how to produce a working nuclear missile!
Where does it stop? Secrecy is a vital part of running a nation, like it or not. Sure, some things are kept secret wrongfully, and there is legal precedent for the limited leaking of classified information for the public good. Widespread releases are not intended for the public good. They're intended to embarrass the United States government, and disrupt normal actions. They're the actions of a disgruntled employee, not a defender of democracy.
No he didn't. That was already known.
Nothing was exposed though, except personal information. Palin's use of personal email accounts had been known for quite a while before the account was hacked, and was already under investigation.
All this guy did was cause trouble, criminally.
...And that somehow makes it better that he accessed someone's email account without authorization?
The people executed in North Korea are convicted criminals. Just a reminder.
no one was physically harmed
I take it you've never gotten a phone call at 4:00 AM on an "business use only" line saying "you're a worthless sack of shit and I can't wait to see your death on the news". Four days and zero hours of sleep later, there's definitely "physical harm" involved.
The article only mentions that Palin's family got only "abusive emails and phone calls". There's no mention of threats, but it wouldn't surprise me if there were. That quote above was told to me by someone whose number had been given to a single psychopath. I can only imagine that a widespread leak would be worse.
What happens when those petitions go unheeded?
What happens when the opposed policy is praised by other governments and people in high regard?
What happens when an already-disgruntled government employee with access to confidential documents sees one too many things go against them?
There's no infringement on free speech here. Any government employee can express any opinion they like about the government. That's never been in question. Instead, government employees who might be a security risk get moved away from confidential information, just like any sane person would move a pyromaniac away from flammable items. It's not an infringement of a perceived right to "say or do anything, anywhere, anytime, with no consequences". It's common sense.
You missed mentioning union dues, getting forced into whatever decisions the union makes for you, and tenured teachers who haven't updated their material in 15 years, beyond what the state mandates. Those complaints come from my local high school science teacher, and are the majority of what I remember from his hour-long speech on why he hates the teacher's union.
My preferred solution: Kill off the union, and raise taxes to actually pay teachers what they're worth. Abandon tenure in favor of standardized tests including things that have been corrected. Solicit local donations of supplies/services (and mention where they came from) rather than following the lowest bidder.
Unfortunately, any political support for my plan disappears at "raise taxes".
Maybe it's time for me to actually get a new phone. This bag's pretty heavy.
1. "Only following contract/orders" is no excuse, as every single professional organisation will tell you; 2. SSNs/local equivalents are subject to regulation in many jurisdictions. The law trumps your contract.
The law in our jurisdiction, as stated by our lawyers, does not require any kind of notification unless a threshold number of users are affected, and their protected information leaves a reasonable authorized area. There is no definition for an authorized area. The law doesn't affect us, so the contract has more restrictive limits, cutting back the authorized area to just our company.
So I'm supposed to trust your competence here even though you're demonstrably incompetent when it comes to the simpler task of correct logging.
I think I showed myself perfectly competent. We were looking for a given condition that triggered a rare bug. We were unable to reproduce the bug in test cases. I logged everything relevant, and caught the bug. The logs were then stripped of all protected information. According to all applicable legal restrictions, even that's unnecessary.
The correct procedure is to issue a notice to anyone whose data you are handling of: (i) what you did wrong; (ii) what you believe the impact was and why; (iii) and how it was corrected.
The correct procedure, according to all applicable laws, is to do our jobs. If and only if a large release (or breach) occurs, we are required to go through the notification process only if it's likely that protected data could be accessed. Such a process is very expensive, to the point where a single incident would have bankrupted our company back then. Obscene privacy to the point of killing innovation is useless.
The correct procedure in an ideal world is to have a unique identifier for every person for every place they want it. SSNs only have one billion combinations, and the easy ones (123-45-6789) get used all the time. Then, every institution using that number could record its use, and there would be a central place where it could be monitored. The whole thing would be funded by leprechauns, powered by unicorns, and secured with magic pixie dust.
The correct procedure, according to my opinion, is to screw over every idiot who fights against a national ID number. My company had no relation to Social Security, and indeed no financial-history need at all. We used the SSN as a global identifier, because it's the best there is in the United States for correlating personal records across different sources.
This applies even when your hubris makes you 100% sure that nothing could possibly have gone wrong.
Fortunately, you aren't in charge. The law (and common sense) requires that we follow appropriate procedures based on a risk assessment. If a heavily-encrypted hard drive is stolen, there's practically no chance the data is public. If we learn the data is somehow public, we must respond accordingly. We proceed based on knowledge, not fear.
Then people have something to work with in the event that you were wrong and data was leaked.
You mean like the note in the operations log saying I modified the other log? How about the note in my supervisor's notebook where I explained "I'm going to just log all of X to find what's triggering the bug"?
The correct procedure here is to incorporate test users in the production database, carefully marked and maintained by testing staff acting within prescribed limits as regular users, not to randomly select a customer as a guinea pig for fixing your bugs.
We tried that for two days first. Test cases didn't trigger the bug.
Developers are by policy permitted special access to these records alone.
Not when it's another company's data source, to which we're only allowed access by the aforementioned contract, and we can't change anything. Sure, we made our te
It doesn't matter if I did or not (though I did), because in my company had contracts authorizing us to use the data however we wanted. I'm fairly sure we could run the SSNs across a 6-foot-tall marquee in the office and been legally clear, as long as no visitors were in the office.
All the logs were stored on encrypted volumes anyway, in known locations. Since the information never (because of preexisting security) left the company, no reporting was needed. Then there's the time where my team intentionally bypassed security layers to view other personal (protected) numbers, because we needed to see what they looked like to understand a production-only bug...
My point is that storing recorded information is ridiculously easy, and recording information is part of the job. Google was intending to collect basic wifi information (ESSID and channel, as I recall), and ended up storing a lot more than that (probably to try to only run the vans once). I've long since lost interest in the details of this case, but I'd assume Google vans just stored everything they received, and processed it later. That intermediate storage, never meant to be used or released to the public, would constitute "eavesdropping" under loosely-worded laws.
Hi. I'm a software engineer. A few months ago, I dumped a few million social security numbers to a log file. It sure is a good thing I turned off that logging before I switched projects.... Of course, it was turned on for five days until that happened, and nobody realized that SSNs were part of that log.
Life with data is difficult. Fields of "arbitrary data" are logged, sometimes publicly. There's nothing any reasonable person or company can do to stop it. The best they can hope for is that they've hired ethical people who will respect the limits of what they should and should not see.
s/\d{3}-\d{2}-\d{4}/SSN-SS-NSSN/g
What I'm saying is that these things involve effort, and unless you were personally involved with the projects, you are in no position to dismiss them as trivial.
I've worked on a few patents myself. One in particular took all of 15 minutes to get the basic idea, and six years to get details worked out to the point of being "almost" patentable. Last I heard, the cost was almost $100,000. When the patent's done, it will read as something completely simplistic and obvious, along the lines of "take X, map to Y, compute Z, map back to X".
So if there's a particular limit on effort involved, where do you draw the line? 300 man-hours? 100? 5?
How is some arbitrary limit on "labor" supposed to prevent lowering the bar? Instead, it just raises the cost of stupid patents, because now there's a minimum about of wages that need to be paid to researchers, even for simple patents that will be predecessors to others.
>> Facts do not start out as opinions. Facts are unchanging truths of the reality we live in. Whether they are known to humans or not does not change their truth. A fact, observed through the biased eyes of an opinion may or may not be recorded truthfully. It's kind of like how yellow fish look chartreuse when the water's green. Replacing the water helps, as long as the new water's more clear.
To restate my signature in the same analogy: Cleaning fish tanks reveals so many brighter colors.
Once "intellectual property" becomes for intents and purposes indistinguishable from real estate, it represents a form of abusive coercion...
...which is another opinion.
What does the 1970's have to do with wanting returns on my investments?
Animation delivered in the context of HTML/HTTP
I honestly don't know what this is referring to. Perhaps it's the LZW patent, representing 6 years of theoretical work into compression algorithms, and only coincidentally used for GIF images. If it's something else, please let me know.
One-Click
Upon re-examination by the USPTO, Amazon's patent covering placing an online order by a single action was determined to have about a quarter of its claims novel. Upon resubmission, the revised patent, including methods for client identification and authentication, were accepted. The patent also includes specific designs and workflows for storing credentials securely on a server for use later, without violating security policies.
Dating via photos
It's not just dating via photos. It's psychological research into what features people tend to find physically attractive, combined with the latest research into facial recognition algorithms. Rather than saying "Find me a girl who describes herself as pretty", you can pick a few girls you like, and the software will find others with similar features, including other preferences as well. Sure, it's shallow and biased, but it's much closer to how humans themselves behave. An important milestone in digital image processing has been reached, as the result of many many hours of research. Should that not be rewarded?
One Way Public Relationship
The important part of this patent is not the "relationship" aspect. It's actually the "one-way" part. Particularly interesting is claim 15:
15. A method as described in claim 14, wherein the one or more one-way public relationships enable the user to express interest in the objects without establishing mutual friend relationships with owners of the objects.
Facebook and Twitter have taken the approach of showing mutual relationships (or at least they did when I last paid attention to them). A college kid with more alcohol than intelligence sets their profile picture to be an obscene gesture. They like a well-known children's book. When some other user goes to the book's page, they are shown the list of fans, complete with obscene gestures.
Even without showing that mutual relationship on the company's page, the information is still stored internally, and may be easily accessible to third-party applications. That's a bit of a privacy problem, isn't it?
Microsoft's technique sidesteps the privacy and reputation issue completely, by only building a list of one-way relationships, and never a reversal (as in claim 18). Is it obvious to a software engineer? Sure, in retrospect. Every time a Facebook user annoys a Facebook employee, what stands in the way of a conveniently embarrassing leak?
There is no requirement that patented solutions be particularly difficult. Even the simple realization that relationships should be stored one-way brings a slew of problems. Popularity can no longer be directly measured (without making the database uglier). Sending notices to a particular entity's fans becomes much harder, since there's no central list of users. There's effort involved, and such effort should be rewarded.
Patents were 12 years, when I were young
And what country was that in, out of curiosity?
Patents were 12 years, when I were young. No one owns an idea. It is the distorting cult of narcissism, which has eaten a hole through the middle of this civilisation, to believe such.
To believe what? That patents lasted 12 years? I don't see the point you're trying to make.
It's irrelevant to the current issue, but I think software patents should have shorter life spans. Of course, that has its own problems.
pre-existing... resources
By the time a particular design is patented, it's undergone a lot of refinement from a simple idea. That investment of time and labor is significant, usually taking several years and/or tens of thousands of dollars. It certainly constitutes a "contribution to productivity". The patent holders seek repayment for their work (like wages), rather than "rent", and indeed some don't even seek monetary returns at all (as with Google's MapReduce patent). To take your real estate analogy to its logical conclusion, you're assuming that all buildings and landscaping are magically preexisting, and there's no investment in the property. In reality, real estate is sold based on its preexisting natural condition and also whatever improvements have been made. A $100,000-dollar improvement to a home may only raise the value by $75,000. Is it wrong or abusive that those who want to stay in such a building short-term might pay to do so? Is it wrong that by appealing to many people who all want use of the building, a landlord may recoup their investment?
Intellectual property has a significant intellectual component. Nullifying the chance for such an investment to be returned is abusive.
My Model M has never failed me.
Except that one time when it only caused an ugly bump, rather than kill my opponent. I mostly blame my aim for that.
Input devices and displays have long been shown to work best in different positions. Nobody wants to stare down at a display all day, or stretch forward to touch their screen all day.
Touch screens are nice for certain situations, but they won't replace keyboards in general.
The patent is for managing net-boot machines. That's useful for large numbers of similar machines, like a big corporation or a big cluster. It has almost nothing to do with virtualization, nothing to do with time management, and nothing to do with load distribution.
Then there's a few more details getting in the way. The patent was files in 2006, about five years before the Xserve line was discontinued.
If the technology were to be used by Apple internally, there'd be no need to patent it. It'd really only be useful for managing the data center itself, so why disclose their internal tools to competitors more than 5 years ahead of time?
Finally, there is a replacement for Xserve, announced in November. It's the Mac Pro Server. Not quite the same, but certainly enough to manage a corporation.
<soapbox>
More or less, this is why I am a supporter of software patents. After spending the time, effort, and money to take a one-paragraph idea and make it something concrete, I want to be able to try to sell it myself without seeing some big company copy it freely. Likewise, I don't want to be holding up progress by my own greed. I'd rather see reasonable time limits for patents in the software field.
With a physical device, 20 years is a reasonable time to take a product from prototype design to an established product. There's about 2 years to get a financial backer, 3 to set up a supply line, 5 to get a market foothold, and about 10 to have a chance to become popular.
With software, 20 years is ridiculously long. It takes about a year to get enough funding/friends to make a working prototype, two years to find some early adopters, and another two years to revise the program into something successful. After that point, a particular program/library is likely the reference implementation, and will probably end up widely licensed.
In my opinion, software patents contribute a vital part of software innovation. Software patents with reasonable time limits help guarantee that the creator of a particular algorithm has a chance to profit from it, before it's reverse-engineered by another company. There's other ways to accomplish this goal, such as copyright restrictions, market regulation, and good old corporate bullying. Each of those gets more scary to me than the last.
</soapbox>
I was sincere about that first statement, too. I like the idea. Actual BitTorrent sucks for it, though, because so much of the protocol's designed to enforce fairness among untrusted parties. The net-boot machines could all assume each other to be well-behaved, without worrying about sharing ratios or throttling.
An interesting approach. Now to protect it from patent trolls, you just need to patent it (and offer free licenses if you want). Posting here does not invalidate patent claims, because your one-paragraph summary is nowhere near precise enough to be considered a working design specification.
Patents cover implementations, not ideas. Patent trolls get patents on implementations that are either unspecific (easily overturned on review) or unavoidable.
For example, the patent on LZW compression affected all GIF-creating programs, because they all followed the exact same algorithm. No other algorithm is known to produce compatible results, so the patent was unavoidable. Had the patent in question simply covered all forms of lossless compression, PNG could never have been created, until a lawsuit had the broad patent overturned.
Patent trolls want unavoidable patents, but they're hard to get. They require actually inventing something useful, so they're expensive. Trolls will also look for broad patents, and hope they can pressure people to license the technology before a lawsuit sets things straight.
The only implementation detail in your comment is the use of BitTorrent, which isn't unavoidable as there are other distributed technologies that would work better in a net-boot environment. Being so broad in itself, a patent troll need only take your idea, add some trivial (but novel) condition, and apply for a patent.
Sorry, but it's just another idea.
Installing anything to the desktop rather defeats the purpose of a net-boot environment, no?