There's also the little problem that, since the 3D effect isn't solid enough to make compulsory all the time, they added the adjustment switch. Boom. Instant platform fragmentation without releasing a single peripheral. It's rather like the plight of 'PhysX' on the PC: because its use depended on hardware that few people had, no game developer could afford to make it a core part of their game. Those who did support it treated the physics capability as, essentially, just a graphics enhancement that allowed more realistic debris and the like, rather than standard faked/pre-animated equivalents. Had everyone had it, there would have been room to make physics effects a core part of games in interesting ways. Since that couldn't be assumed, though, they could really only use 'PhysX' exclusive capabilities in ways that had easy fallbacks, which meant confining it to graphical gimmicks.
Given the extraordinary broadness and obviousness of the patents mentioned in the filing, It would appear that an extraordinary variety of software released in the past ~25 years, probably including Android, does violate them. It would also appear that none of them should have been granted.
'the “display of a webpage’s content before the background image is received, allowing users to interact with the page faster,”' Wow. Feel the innovation...
Any time you claim that "consumers don't understand..." or "consumers need to be educated about..." you Have A Problem.
Most of the time, you are just engaged in the corporate equivalent of teenage whining about being misunderstood. Sorry. Your product is not, in fact, a special flower, misunderstood by the uncaring public. They just don't like it very much.
On occasion, you have in fact created something so new, unique, or ahead-of-its-time that its utility is not yet well understood. Unfortunately for you, while this is more likely to ensure you a spot in history, it also usually means that you are the sucker who did the R&D and then ran out of money while waiting for customers to wake up; and, when they eventually did, somebody else was far better situated to fulfill the demand. Sorry.
Frankly, I'm going to suggest that the 3DS falls into option #1. The public understands "3D" perfectly well(in specialized theaters we've had some degree of it for what, 50 years?); but has also learned by experience that 90% of "3D" is gimmicky crap that costs more and frequently delivers less.
I'm assuming that some sort of ill-designed(but checkbox-filling) 'encryption' implementation would be one of the flaming hoops. There seems to be good reason to believe that what Sony did was magnificently ineffective; but that an entity of their size, handling credit cards(across multiple jurisdictions, no less) almost certainly checked every checkbox on the magic list of security cure-alls...
Given that the product mentioned is marketed as an enterprise firewall setup, and that they explicitly mention no proxy configuration; but not no client configuration, I'd say that a slight variant of #3 would likely be the order of the day.
Installing your own CA as trusted on machines you control is pretty easy, and not legally problematic, and once you do that you can generate certs for any domain, on the fly, that the client will trust without a word of complaint. I'm sure that the techniques for reliably and transparently grabbing the SSL session before it starts, and setting yourself up as the MitM took some doing to get working properly; but generating valid-looking certs for any domain, when you control the clients, is not the hard part(it might well lead to amusing results if somebody tries to use portable Firefox or similar, which won't have the corporate CA as trusted, and suddenly sees an error on every SSLed page...).
Unless whoever in legal wrote/checked out B&N's statement is a complete moron, I assume that that particular line is attached to the broader claim that Microsoft is using patents that are either invalid, overbroad, or irrelevant; but excessively expensive/time consuming to challenge, to do that.
As you say, patents are supposed to confer an exclusive right to the holder; but(given the seriously uneven quality of patents granted, and the substantial expense of litigation) the allegation that a company is using its patent portfolio to illegitimately assert exclusive control to which it is not entitled certainly seems to be well within the realm of plausible.
It will take slogging through each patent to know for sure; but the strange 'linux violates our patents, we just won't say exactly which ones' game that MS played for a number of years doesn't fill me with optimism concerning the sound foundation and good faith of their android-related claims...
Given that Sony seems to have their autopilot set to "amateur hour" some days, anything is possible; but I'd assume that something like the signing keys would be a secret, stored in an HSM, and accessible only with the cooperation of a number of people. Putting that in any one person's hands would be nuts...
Users are an asset(unless your site is purely a hobby for your amusement); but, in sites that feature any sort of user interaction, some assets have a net negative value.
If a user is bad enough to drive others away, getting rid of them is the strategy that maximizes the size of your userbase. Once you factor in the fact that users vary in level of quality, terminating the undesirables starts to look even more attractive.
For websites that are of the simple 1 user interacting with some interface/body of data/whatever, sure, it doesn't make sense to drive off anybody who isn't actively destructive. If community dynamics come into it, though, you will quickly run into the fact that some people will bleed a community dry and then tubgirl its shriveled husk. If you want a userbase, you don't want them.
Are you implying that wasting time on slashdot is abnormal behavior for a fungus? The haploid glomeromycetes that fused to form my zygospore were always hassling me about it: "Are you going to sit there reproducing asexually in front of the computer like some pathetic diploid man-child all your life? Why don't you grow a fruiting body, and make something of yourself?"
This file... Apparently, the timestamped location log database file was a locally-generated composite of RF signals the phone received, and nearby locations that were provided from Apple's database(Requests for which, of course, would in no way inform Apple of the user's location at a given time...). That particular file doesn't seem to have been sent back, in large part because much of it would be redundant.
However, particularly in points 3(linked above) and 8(following) of their apologia, they admit to collecting location data in a previously undisclosed way.
"8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data?
Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years."
"3. Why is my iPhone logging my location?
The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."
The alternate possibility(no more comforting in terms of competence) is that they have backups; but their system suffers from some comparatively deep-seated or systemic fucked-upitude. If they trusted the client or something equally dumb, all the backups in the world wouldn't save them from having to make some rather time-consuming changes and then test them...
If their online systems' security depends on all clients playing by a specific set of rules, it is Broken.(even barring custom firmware, PS3s communicate over the internet via reasonably normal protocols, so it isn't as though the public-facing infrastructure was ever invisible to PCs running whatever people wanted them to run).
Especially for something as large and potentially valuable as 77 million accounts, many with cards on file, there would just be no way that you could make the client secure enough to serve as a trusted part of your security system: your pirate will give up if you can't flash a firmware in software or do a relatively simple mod-chip install. A more serious hacker might be willing do dump some ROMs, if possible, maybe snoop bus traces if they can get to them, install mod chips that require SMT skills, etc. For 77 million accounts, though, you have to consider the possibility that somebody would commission a serious forensic teardown of your system, decapping, microscopes, and the lot.
I'm assuming that the credit card portion of the system had to pass PCI DSS tests, which would presumably mean some form of encryption in use. Presumably, though, it didn't preclude some sort of boneheaded-but-efficient(since, after all, PSN CC information would presumably be being retrieved a lot for casual game purchases and the like) storage of the keys/credentials in some vulnerable spot.
I'm guessing the "sending the list of nearby cell towers and wifi APs(in a totally-you-guys-can-trust-us-that's-why-we-didn't-bother-to-tell-you) 'anonymized and encrypted' form back to Apple so that they can build their 'crowdsourced database'" behavior was not just a bug...
Maintaining a local cache of recent location references is a common trick to speed up GPS fixes(even dedicated GPS chips commonly have a sliver of cap-backed RAM for the purpose); but the silently sending those data to Apple bit is pretty dodgy by any stretch.
The press release does mention that client proxy configuration is not needed, so clearly those boxes are more sophisticated than the quite-explicitly-and-by-design man in the middle that is the classic proxy server; but they fail to say that no client configuration is needed, which one would have expected, were it the case, to be touted as a feature.
I suspect that doing DPI on SSLed traffic requires that the client be configured to trust certificates generated with a key that the firewall has access to, so that it can catch a client's SSL connection attempt, set itself up as the client to which the remote host establishes a connection, inspect the resulting plaintext, and then encrypt it with its own key so that the client doesn't notice anything amiss.
Because any trusted CA can, without a warning being issued, sign for any domain, the technique comes up as a serious problem with SSL security whenever a CA does something stupid(as with Comodo) or shows clear organizational tendencies toward evil(as with Etisalat). In a corporate/institutional context, pushing your own in-house CA as trusted is fairly trivial, so the bar would be a lot lower than pulling it off in the wild...
I'm inclined to be pessimistic. The economics of interoperability(along with the fact that any stupid proprietary connector gimmicks with have $5 adapters on ebay within the week) seem to be winning, sharply reducing the number of genuinely non-interoperable oddities in the world; but the rise of relatively cheap cryptographic lockdown/DRM mechanisms seems to have replaced them in a number of their former applications. Obfuscation/pointless redesigns/stupid proprietary connectors were a waste of time and money; but were also comparatively simple to defeat, particularly if interest was great enough(the venerable IBM PC, of course, only became ubiquitous once a reverse-engineered BIOS became available). Cryptographic locks, on the other hand, are Hard.
Imagine if Compaq's task had been, rather than cleanrooming the BIOS, dealing with the fact that the BIOS was well known; but only BIOSes signed with an IBM private key would work...
It shows up behind the scenes a fair bit, because it replaced GDI as Microsoft's native spooler format as of Vista, and "Vista certified" printers are required to work with that(not necessarily by replacing the Postscript RIP with an XPS one; but at least supporting it on the driver level); but I'm fairly sure that I've never seen one in the wild, outside of a few of the newer pages on Microsoft's own site. I can't comment on its technical merits, or lack thereof; but it seems to lag somewhere behind the internationally unrenowned.djvu format when it comes to document distribution.
I see that you are trying to write an anti-microsoft post. Would you like the Microsoft(r) Social Media Assistant, a Native feature of Genuine IE9, to help you with that?
We have the best laws money can buy, citizen.
Maybe they can get Sony's advertising guys to do promotion for the new model...
There's also the little problem that, since the 3D effect isn't solid enough to make compulsory all the time, they added the adjustment switch. Boom. Instant platform fragmentation without releasing a single peripheral. It's rather like the plight of 'PhysX' on the PC: because its use depended on hardware that few people had, no game developer could afford to make it a core part of their game. Those who did support it treated the physics capability as, essentially, just a graphics enhancement that allowed more realistic debris and the like, rather than standard faked/pre-animated equivalents. Had everyone had it, there would have been room to make physics effects a core part of games in interesting ways. Since that couldn't be assumed, though, they could really only use 'PhysX' exclusive capabilities in ways that had easy fallbacks, which meant confining it to graphical gimmicks.
Given the extraordinary broadness and obviousness of the patents mentioned in the filing, It would appear that an extraordinary variety of software released in the past ~25 years, probably including Android, does violate them. It would also appear that none of them should have been granted.
'the “display of a webpage’s content before the background image is received, allowing users to interact with the page faster,”' Wow. Feel the innovation...
Any time you claim that "consumers don't understand..." or "consumers need to be educated about..." you Have A Problem.
Most of the time, you are just engaged in the corporate equivalent of teenage whining about being misunderstood. Sorry. Your product is not, in fact, a special flower, misunderstood by the uncaring public. They just don't like it very much.
On occasion, you have in fact created something so new, unique, or ahead-of-its-time that its utility is not yet well understood. Unfortunately for you, while this is more likely to ensure you a spot in history, it also usually means that you are the sucker who did the R&D and then ran out of money while waiting for customers to wake up; and, when they eventually did, somebody else was far better situated to fulfill the demand. Sorry.
Frankly, I'm going to suggest that the 3DS falls into option #1. The public understands "3D" perfectly well(in specialized theaters we've had some degree of it for what, 50 years?); but has also learned by experience that 90% of "3D" is gimmicky crap that costs more and frequently delivers less.
I'm assuming that some sort of ill-designed(but checkbox-filling) 'encryption' implementation would be one of the flaming hoops. There seems to be good reason to believe that what Sony did was magnificently ineffective; but that an entity of their size, handling credit cards(across multiple jurisdictions, no less) almost certainly checked every checkbox on the magic list of security cure-alls...
Given that the product mentioned is marketed as an enterprise firewall setup, and that they explicitly mention no proxy configuration; but not no client configuration, I'd say that a slight variant of #3 would likely be the order of the day.
Installing your own CA as trusted on machines you control is pretty easy, and not legally problematic, and once you do that you can generate certs for any domain, on the fly, that the client will trust without a word of complaint. I'm sure that the techniques for reliably and transparently grabbing the SSL session before it starts, and setting yourself up as the MitM took some doing to get working properly; but generating valid-looking certs for any domain, when you control the clients, is not the hard part(it might well lead to amusing results if somebody tries to use portable Firefox or similar, which won't have the corporate CA as trusted, and suddenly sees an error on every SSLed page...).
Unless whoever in legal wrote/checked out B&N's statement is a complete moron, I assume that that particular line is attached to the broader claim that Microsoft is using patents that are either invalid, overbroad, or irrelevant; but excessively expensive/time consuming to challenge, to do that.
As you say, patents are supposed to confer an exclusive right to the holder; but(given the seriously uneven quality of patents granted, and the substantial expense of litigation) the allegation that a company is using its patent portfolio to illegitimately assert exclusive control to which it is not entitled certainly seems to be well within the realm of plausible.
It will take slogging through each patent to know for sure; but the strange 'linux violates our patents, we just won't say exactly which ones' game that MS played for a number of years doesn't fill me with optimism concerning the sound foundation and good faith of their android-related claims...
Ummm. Pay-per-view sensation?
Given that Sony seems to have their autopilot set to "amateur hour" some days, anything is possible; but I'd assume that something like the signing keys would be a secret, stored in an HSM, and accessible only with the cooperation of a number of people. Putting that in any one person's hands would be nuts...
Users are an asset(unless your site is purely a hobby for your amusement); but, in sites that feature any sort of user interaction, some assets have a net negative value.
If a user is bad enough to drive others away, getting rid of them is the strategy that maximizes the size of your userbase. Once you factor in the fact that users vary in level of quality, terminating the undesirables starts to look even more attractive.
For websites that are of the simple 1 user interacting with some interface/body of data/whatever, sure, it doesn't make sense to drive off anybody who isn't actively destructive. If community dynamics come into it, though, you will quickly run into the fact that some people will bleed a community dry and then tubgirl its shriveled husk. If you want a userbase, you don't want them.
Are you implying that wasting time on slashdot is abnormal behavior for a fungus? The haploid glomeromycetes that fused to form my zygospore were always hassling me about it: "Are you going to sit there reproducing asexually in front of the computer like some pathetic diploid man-child all your life? Why don't you grow a fruiting body, and make something of yourself?"
This file... Apparently, the timestamped location log database file was a locally-generated composite of RF signals the phone received, and nearby locations that were provided from Apple's database(Requests for which, of course, would in no way inform Apple of the user's location at a given time...). That particular file doesn't seem to have been sent back, in large part because much of it would be redundant.
However, particularly in points 3(linked above) and 8(following) of their apologia, they admit to collecting location data in a previously undisclosed way.
"8. What other location data is Apple collecting from the iPhone besides crowd-sourced Wi-Fi hotspot and cell tower data? Apple is now collecting anonymous traffic data to build a crowd-sourced traffic database with the goal of providing iPhone users an improved traffic service in the next couple of years."
From Apple's own flack piece...
"3. Why is my iPhone logging my location? The iPhone is not logging your location. Rather, it’s maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested. Calculating a phone’s location using just GPS satellite data can take up to several minutes. iPhone can reduce this time to just a few seconds by using Wi-Fi hotspot and cell tower data to quickly find GPS satellites, and even triangulate its location using just Wi-Fi hotspot and cell tower data when GPS is not available (such as indoors or in basements). These calculations are performed live on the iPhone using a crowd-sourced database of Wi-Fi hotspot and cell tower data that is generated by tens of millions of iPhones sending the geo-tagged locations of nearby Wi-Fi hotspots and cell towers in an anonymous and encrypted form to Apple."
The alternate possibility(no more comforting in terms of competence) is that they have backups; but their system suffers from some comparatively deep-seated or systemic fucked-upitude. If they trusted the client or something equally dumb, all the backups in the world wouldn't save them from having to make some rather time-consuming changes and then test them...
Never. Trust. The. Client.
If their online systems' security depends on all clients playing by a specific set of rules, it is Broken.(even barring custom firmware, PS3s communicate over the internet via reasonably normal protocols, so it isn't as though the public-facing infrastructure was ever invisible to PCs running whatever people wanted them to run).
Especially for something as large and potentially valuable as 77 million accounts, many with cards on file, there would just be no way that you could make the client secure enough to serve as a trusted part of your security system: your pirate will give up if you can't flash a firmware in software or do a relatively simple mod-chip install. A more serious hacker might be willing do dump some ROMs, if possible, maybe snoop bus traces if they can get to them, install mod chips that require SMT skills, etc. For 77 million accounts, though, you have to consider the possibility that somebody would commission a serious forensic teardown of your system, decapping, microscopes, and the lot.
I'm assuming that the credit card portion of the system had to pass PCI DSS tests, which would presumably mean some form of encryption in use. Presumably, though, it didn't preclude some sort of boneheaded-but-efficient(since, after all, PSN CC information would presumably be being retrieved a lot for casual game purchases and the like) storage of the keys/credentials in some vulnerable spot.
My DARE officer told me that hash is illegal, and my health teacher says that salt causes high blood pressure...
I'm guessing the "sending the list of nearby cell towers and wifi APs(in a totally-you-guys-can-trust-us-that's-why-we-didn't-bother-to-tell-you) 'anonymized and encrypted' form back to Apple so that they can build their 'crowdsourced database'" behavior was not just a bug...
Maintaining a local cache of recent location references is a common trick to speed up GPS fixes(even dedicated GPS chips commonly have a sliver of cap-backed RAM for the purpose); but the silently sending those data to Apple bit is pretty dodgy by any stretch.
The press release does mention that client proxy configuration is not needed, so clearly those boxes are more sophisticated than the quite-explicitly-and-by-design man in the middle that is the classic proxy server; but they fail to say that no client configuration is needed, which one would have expected, were it the case, to be touted as a feature.
I suspect that doing DPI on SSLed traffic requires that the client be configured to trust certificates generated with a key that the firewall has access to, so that it can catch a client's SSL connection attempt, set itself up as the client to which the remote host establishes a connection, inspect the resulting plaintext, and then encrypt it with its own key so that the client doesn't notice anything amiss.
Because any trusted CA can, without a warning being issued, sign for any domain, the technique comes up as a serious problem with SSL security whenever a CA does something stupid(as with Comodo) or shows clear organizational tendencies toward evil(as with Etisalat). In a corporate/institutional context, pushing your own in-house CA as trusted is fairly trivial, so the bar would be a lot lower than pulling it off in the wild...
It would probably be unethical to suggest arson, so I won't.
The closest thing that I can think of is "Poe's Law. And yes, I am parodying something, rather than being an actual fascist.
I'm inclined to be pessimistic. The economics of interoperability(along with the fact that any stupid proprietary connector gimmicks with have $5 adapters on ebay within the week) seem to be winning, sharply reducing the number of genuinely non-interoperable oddities in the world; but the rise of relatively cheap cryptographic lockdown/DRM mechanisms seems to have replaced them in a number of their former applications. Obfuscation/pointless redesigns/stupid proprietary connectors were a waste of time and money; but were also comparatively simple to defeat, particularly if interest was great enough(the venerable IBM PC, of course, only became ubiquitous once a reverse-engineered BIOS became available). Cryptographic locks, on the other hand, are Hard.
Imagine if Compaq's task had been, rather than cleanrooming the BIOS, dealing with the fact that the BIOS was well known; but only BIOSes signed with an IBM private key would work...
It shows up behind the scenes a fair bit, because it replaced GDI as Microsoft's native spooler format as of Vista, and "Vista certified" printers are required to work with that(not necessarily by replacing the Postscript RIP with an XPS one; but at least supporting it on the driver level); but I'm fairly sure that I've never seen one in the wild, outside of a few of the newer pages on Microsoft's own site. I can't comment on its technical merits, or lack thereof; but it seems to lag somewhere behind the internationally unrenowned .djvu format when it comes to document distribution.
I see that you are trying to write an anti-microsoft post. Would you like the Microsoft(r) Social Media Assistant, a Native feature of Genuine IE9, to help you with that?