Microsoft is currently using patents in their strategy to destroy competitors. This is designed to allow them to make more profit on less development. By definition, anything which helps Microsoft is partly bad for the consumer. The only possible other explanations are that a) Microsoft is wrong about what is good for them or b) it's a double bluff. Neither of which seems likely.
All you need to do is to publish it clearly and openly. This establishes prior art which makes it impossible to patent. It's better to patent and donate to a FOSS patent pool, for example, but publishing is still a big thing.
Much better is spamgourmet. There are several things which are key and are missing from the hotmail implementation.
there is no master address; every address has a code.
addresses are unilmited. This means you can use a separate email address for every correspondent. This means you can work out exactly which correspondent gave away your email address
addresses last by default for 20 mails; enough for a simple correspondence, but not enough to fill your mailbox before you realise and delete the address
you can have per-address permitted senders with no limit.
I guess the hotmail implementation is an advance, I'm sure it's a bit better integrated than spamgourmet, which is a volunteer service, but without the features mentioned above I don't think most people will find the hotmail implementation will give the benefit needed for the extra effort required. You will end up with several commercial correspondents on your main mailbox and you will never know which one it was that sold or leaked your email address to the spammers so you won't be able to do anything about it?
At that point they wouldn't care about the quality of the results. The consumers would be stuck with their results since they would be the only game in town. In fact they would likely do things like forcing you to go through click through ads to get to searches and making the best search mechanisms only work with IE. There are real reasons for anti-trust laws and they should be applied strongly to Microsoft which is fundamentally an abusive company much more than many others.
Its just another example of the mine field that software patents cause.
I agree 100%; definitely patents for software are a bad idea.
But that statement is only HALF of what he said. He later said that there are a lot of patents which might be found to apply to Theora (and OGG) which no one has sought to enforce (yet), but which could be found to apply as soon as those patents are acquired by some patent troll. (paraphrasing).
The thing is that he explicitly states that those patents are the same ones as "might" apply to other MPEG-LA standards. However, the implication is that he or someone knows what patent is being infringed but won't tell. The patent owner has admitted that they know about the use of their patent but are keeping it secret. That becomes something which, if it came out in a patent lawsuit, would probably damage the case and might lead to effective claims of patent misuse.
This makes it pretty clear that use of Theora and WebMD is not a likely target of a lawsuit. Instead the chosen strategy is FUD. The correct way to deal with that is to go ahead and use the standard and ignore the spreaders of FUD. In the very worst case, because it is a published standard and because they have made no published statement about which patents are infringed and, especially, because they have refused to answer explicit questions about it, the maximum damages for the patent use are likely to be extremely limited.
In summary; the MPEG-LA is making statements about the other standards for a reason. That reason is to damage those standards. They get their money from licensing, so, following the money, the likely reason that they want to damage those standards is that they won't get license fees. The very fact that the MPEG-LA says that these "might" be subject to license fees without actually charging them is pretty strong evidence that these standards are not in fact subject to license fees.
Ozer: It sounds like you’ll be coming out and basically saying that to use Ogg, you need to license it from MPEG LA. Is that correct?
Horn: That is not what we said. We said no one in the market should be under the misimpression that other codecs such as Theora are patent-free. Whether MPEG LA would offer a license for such rights is a different matter and has not been determined. If the market would find convenience in a single license to address these intellectual property needs, then MPEG LA would be interested in providing one as it has for other codecs.
He explicitly says that he's not saying that you need a patent license for Ogg.
we already know that theora and WebMD have patents against them for which there are absolutely free licenses
This is basically an admission from the MPEG LA that there are no patents to worry about in those standards whilst they try to pretend it is the opposite.
it's their own call to provide the service and anyone else's call to take them up on the offer.
I do believe in self responsibility. Most of the time, the people just have to take responsibility for their own ignorance. However, it's quite likely that the technical people on the side providing the communications service know more and should know better. If they knowingly fail to warn people that they know are being put into danger then that is negligent and they are responsible. That they do this in their own self interest is even worse.
If you use encryption on Gmail you lose the entire benefit since you become unable to search the mails. You end up with a slightly inconvenient IMAP server. You might as well just get a traditional Unix mail instead.
Nicolae Ceausescu was shot dead and dead people cannot rule. Nicolae Ceausescu never ruled the Czech Republic so obviously guns saved the Czechs from Nicolae.
If he's intelligent enough to be asking about insider problems then he's intelligent enough to to write out a CV and quit. He may even be intelligent enough to identify the manger responsible for the anger; find a "barely legal" monitoring system targeted at that manager and identify a way to get him fired or arrested. Never rule out human solutions.
I guess you have noticed this thing called a "phone bill" that you pay. This is made from billing records and traditionally was directly related to the calls you made (nowaday's, with flat rate, it's more complex than that). Every telephone exchange in existence automatically records the outgoing calls you make. Even 99% of PBXs (with the exception of a few where the users deliberately throw away the information).
I wonder if volunteers messing around in this area are not generally doing lots of harm. At the very least try to give your users plausible deniability by offering your lines for use by both gamers and professionals or please warn them to try from somewhere they won't be traced to. E.g. warn your users to use a public connection or try to tap into the line of someone else who isn't willing to join the protests (best of all a security official's line - getting the suspicion spread around will help other people to get off by denying they knew about the calls). The same goes for all the stuff like ESR was doing in Iran. If it doesn't look like commercial HTTPS you shouldn't be using it without at least basic identity hiding measures. These measures are very difficult for non techical people, so just rushing in and providing support at the last moment is a disaster. Instead the safer way has to be to provide locals with training in advance.
I'm a bit loath to criticise here since I think it's very important that people do something and don't just sit on the sidelines, but I wish the people trying to organise communications were just a little more careful.
How many lawyers do you have, how much do you pay them, and how good are they?
Hi; I'm mrnobo1024's partner in this. Our IP budget for 2011 is about 10MUSD, but for 2012 we have dedicated 85 billion dollars. That may seem quite a bit, but you should know a) that the dollar is expected to fall to about 10% of it's current value and b) we also have a bunch of suits lined up against companies using MS Windows. This still means that we have 80% of the top lawyers in IP working directly for us and will have well over a billion 2010 dollars to go after the MPEG-LA licensee list.
We even have a deal with Google to take over their VP2 patents (which cover H.264 and the MPEG-LA doesn't have access to; look it up).
(for a truth value which demonstrates complete partnering synergies with the truth value of mrnobo1024's post)
I read that as SQL injection points or equivalent. I don't think he means deliberately placed back doors. He's clearly a bit of a novice on some aspects of the security.
I was going to say that; if they are making most of their business online then they are an IT company; they just haven't realised it yet. However, it seems like in fact they probably do most business over the phone and in shops so I will actually say that it's good that they stood up and admitted what happened. Hopefully they learned and next time they'll get someone competent to run their online store.
dragging back in whatever lowest bidder contractor they used.
We are discussing here a "top notch" IT team.
a) they wouldn't have used a lowest bidder in the first place
b) once they know the URL they would be able to use one of the Apache filtering modules or a feature of their load balancer to block that URL
c) once they captured the URL that caused the break in they could just fix the code themselves; being top notch they won't be using anything they don't have the code to.
Even a slightly less than top notch company will have a support contract and in the case of a less than immediate response will have a notice like "waiting for Oracle support to respond"; "up as soon as Microsoft can fix IIS" which is the kind of thing which tends to get these companies to do a very quick fix.
Making a published suggestion to do something, especially suggesting how, precludes someone else patenting that thing. In other words, simply by saying something he's actually doing something more valuable to humanity than patenting!
basic forensic ability to work out what's going on
Sure, your system may be compromised. Sure; the first replacement system may be compromised again. During the compromise of the second you should get enough logs that the third (or at worst fifth time) you come back, all the zero day attacks the attacker is using have gone.
Anyone can lose a few hours of outage. To be down for a day and have to start begging for mercy is not a sign that their IT "skills are formidable"
I think as a special exception in this particular case I can fill in 2 for you.
2.0 Make a site about a new Congressional initiative to privatize Nuclear war.
2.1 provide demos for small money with hacked Nuclear bombs
2.2 embezzle the billions the enemy give you to destroy Tashkent
alternatively.
2.0 put up government policies for sale
2.1 actually implement the policies via hacked congress/senate computers
2.2 get awards and celebrity for improving government transparency
2.3 use new found celebrity to get on TV in China or elsewhere outside the US and earn hard currency.
It has been quite painful to get Ubuntu working on my netbook.
Given that you don't seem to be happy doing that, why would you do it? Buy a system with Linux pre-installed. I was surprised how easy they are to get off price comparison sites. You wouldn't buy a bare laptop and then install Windows. Why should you do something different for Linux??
Once you code a solution to your defect, the proposed fix still has to be submitted, and may not be accepted by the developers. This could continue on for months, or even years of never implementing your fix. The onus is on your org, then, to repeatedly merge in changes, recompile, retest, and re-release your forked code base.
That's why you get a support contract with Red Hat. Yes, it costs money, it may even be more expensive than the equivalent MS system (though you probably will end up supporting many more users for the same system) but it will be pretty much rock solid. This is basically the exact case that their enterprise support works for.
The problem, of course, is we don't know whether VP8 will stay royalty free either with the patent threats hanging over it.
Which specific patent threats? I'm not talking bullshit random "there might be a patent threat somewhere hiding under the wardrobe" patent threats. I'm talking threats with a patent number and a "you are infringing, pay up or else" letter attached to them.
Let me make a patent "threat". There might be a secret H.264 patent that which I might have heard of which which will maybe suddenly come to life next year. If you don't pay me a million Euros for every device you have I might not use my (possibly existing or possibly not existing) influence to divert this threat that may (or may not) appear later.
Anybody can do that. If you fail to specifically notify someone who has put a public implementation out for free, what they have done wrong you aren't fulfilling your duties as a patent holder wanting to collect royalties.
And with Google refusing to indemnify users of the spec, and refusing to take legal action to get a legal opinion (from a court - what are those called?) that it violates no patents, one can't be sure whether MPEG-LA's rumbling has any basis in fact.
Strangely enough the MPEG-LA also provides no indemnification and has failed to "legal action to get a legal opinion". What Google provides, for free, is a license for all patents known to be used in the WebM standard, exactly the same as the MPEG-LA charges for.
What is interesting is; what is the source for your ideas? Where did you even get the idea that Google is "refusing to take legal action"? It's impossible to prove a negative and it's impossible to take action against widespread innuenduo. No judge will grant an open statement that "no patents are infringed". At best they could act to say "patent number XYZ was not infringed. You should look over that source agan and see if it's not trying to mislead you over a bunch of other things.
Mountain rescue helicopters need training time too. Proper training sometimes means doing things aimlessly and relaxedly trying different things as they occur to you. Any rules against trying things will limit that. Sometimes sensibly (e.g. a rule against flying within a couple of meters during training - it's needed in real life, but it's very dangerous to practice properly) but practicing hovering at the right height to create a wind sounds exactly the right thing for mountain rescue pilots to do. Getting an expert spotter to tell you if you are flying at the right height is superb. People need to lighten up.
a) I'm assuming that this was a military sponsored and authorized operation. If it came from the US it was probably authorized under the "War on Terror". If you get "collateral damage" during a military operation you are typically not going to get any compensation at all.
b) That would be a really fun lawsuit. Imagine Ford delivered a car which had a particularly dangerous fuel tank and the US used that as part of a plot to assassinate a world leader. Would Ford then be able to sue for image damage?
c) Taking b a bit further. This may be a message from the US military to Microsoft. If you do not begin to sort your software out we will screw you. I doubt it has escaped notice that lots and lots of US secrets have been stolen from Windows computers recently.
d) Taking b and c a little further. If they have a vulnerability like this ready for public release, then the Israeli and US government have lots more problems they know of held in reserve. If I were a US "cyber security" planner, I would be desperately trying to think how I could begin to get my country migrated to some more secure systems. This kind of threat might be a beginning.
In summary; the only chance Microsoft will say anything about this is if they are extremely stupid. Possible but unlikely.
Slashdot Mirror
Microsoft is currently using patents in their strategy to destroy competitors. This is designed to allow them to make more profit on less development. By definition, anything which helps Microsoft is partly bad for the consumer. The only possible other explanations are that a) Microsoft is wrong about what is good for them or b) it's a double bluff. Neither of which seems likely.
All you need to do is to publish it clearly and openly. This establishes prior art which makes it impossible to patent. It's better to patent and donate to a FOSS patent pool, for example, but publishing is still a big thing.
I guess the hotmail implementation is an advance, I'm sure it's a bit better integrated than spamgourmet, which is a volunteer service, but without the features mentioned above I don't think most people will find the hotmail implementation will give the benefit needed for the extra effort required. You will end up with several commercial correspondents on your main mailbox and you will never know which one it was that sold or leaked your email address to the spammers so you won't be able to do anything about it?
At that point they wouldn't care about the quality of the results. The consumers would be stuck with their results since they would be the only game in town. In fact they would likely do things like forcing you to go through click through ads to get to searches and making the best search mechanisms only work with IE. There are real reasons for anti-trust laws and they should be applied strongly to Microsoft which is fundamentally an abusive company much more than many others.
Its just another example of the mine field that software patents cause.
I agree 100%; definitely patents for software are a bad idea.
But that statement is only HALF of what he said. He later said that there are a lot of patents which might be found to apply to Theora (and OGG) which no one has sought to enforce (yet), but which could be found to apply as soon as those patents are acquired by some patent troll. (paraphrasing).
The thing is that he explicitly states that those patents are the same ones as "might" apply to other MPEG-LA standards. However, the implication is that he or someone knows what patent is being infringed but won't tell. The patent owner has admitted that they know about the use of their patent but are keeping it secret. That becomes something which, if it came out in a patent lawsuit, would probably damage the case and might lead to effective claims of patent misuse.
This makes it pretty clear that use of Theora and WebMD is not a likely target of a lawsuit. Instead the chosen strategy is FUD. The correct way to deal with that is to go ahead and use the standard and ignore the spreaders of FUD. In the very worst case, because it is a published standard and because they have made no published statement about which patents are infringed and, especially, because they have refused to answer explicit questions about it, the maximum damages for the patent use are likely to be extremely limited.
In summary; the MPEG-LA is making statements about the other standards for a reason. That reason is to damage those standards. They get their money from licensing, so, following the money, the likely reason that they want to damage those standards is that they won't get license fees. The very fact that the MPEG-LA says that these "might" be subject to license fees without actually charging them is pretty strong evidence that these standards are not in fact subject to license fees.
Ozer: It sounds like you’ll be coming out and basically saying that to use Ogg, you need to license it from MPEG LA. Is that correct?
Horn: That is not what we said. We said no one in the market should be under the misimpression that other codecs such as Theora are patent-free. Whether MPEG LA would offer a license for such rights is a different matter and has not been determined. If the market would find convenience in a single license to address these intellectual property needs, then MPEG LA would be interested in providing one as it has for other codecs.
This is basically an admission from the MPEG LA that there are no patents to worry about in those standards whilst they try to pretend it is the opposite.
it's their own call to provide the service and anyone else's call to take them up on the offer.
I do believe in self responsibility. Most of the time, the people just have to take responsibility for their own ignorance. However, it's quite likely that the technical people on the side providing the communications service know more and should know better. If they knowingly fail to warn people that they know are being put into danger then that is negligent and they are responsible. That they do this in their own self interest is even worse.
If you use encryption on Gmail you lose the entire benefit since you become unable to search the mails. You end up with a slightly inconvenient IMAP server. You might as well just get a traditional Unix mail instead.
Nicolae Ceausescu was shot dead and dead people cannot rule. Nicolae Ceausescu never ruled the Czech Republic so obviously guns saved the Czechs from Nicolae.
If he's intelligent enough to be asking about insider problems then he's intelligent enough to to write out a CV and quit. He may even be intelligent enough to identify the manger responsible for the anger; find a "barely legal" monitoring system targeted at that manager and identify a way to get him fired or arrested. Never rule out human solutions.
I guess you have noticed this thing called a "phone bill" that you pay. This is made from billing records and traditionally was directly related to the calls you made (nowaday's, with flat rate, it's more complex than that). Every telephone exchange in existence automatically records the outgoing calls you make. Even 99% of PBXs (with the exception of a few where the users deliberately throw away the information).
I wonder if volunteers messing around in this area are not generally doing lots of harm. At the very least try to give your users plausible deniability by offering your lines for use by both gamers and professionals or please warn them to try from somewhere they won't be traced to. E.g. warn your users to use a public connection or try to tap into the line of someone else who isn't willing to join the protests (best of all a security official's line - getting the suspicion spread around will help other people to get off by denying they knew about the calls). The same goes for all the stuff like ESR was doing in Iran. If it doesn't look like commercial HTTPS you shouldn't be using it without at least basic identity hiding measures. These measures are very difficult for non techical people, so just rushing in and providing support at the last moment is a disaster. Instead the safer way has to be to provide locals with training in advance.
I'm a bit loath to criticise here since I think it's very important that people do something and don't just sit on the sidelines, but I wish the people trying to organise communications were just a little more careful.
How many lawyers do you have, how much do you pay them, and how good are they?
Hi; I'm mrnobo1024's partner in this. Our IP budget for 2011 is about 10MUSD, but for 2012 we have dedicated 85 billion dollars. That may seem quite a bit, but you should know a) that the dollar is expected to fall to about 10% of it's current value and b) we also have a bunch of suits lined up against companies using MS Windows. This still means that we have 80% of the top lawyers in IP working directly for us and will have well over a billion 2010 dollars to go after the MPEG-LA licensee list.
We even have a deal with Google to take over their VP2 patents (which cover H.264 and the MPEG-LA doesn't have access to; look it up).
(for a truth value which demonstrates complete partnering synergies with the truth value of mrnobo1024's post)
I read that as SQL injection points or equivalent. I don't think he means deliberately placed back doors. He's clearly a bit of a novice on some aspects of the security.
I was going to say that; if they are making most of their business online then they are an IT company; they just haven't realised it yet. However, it seems like in fact they probably do most business over the phone and in shops so I will actually say that it's good that they stood up and admitted what happened. Hopefully they learned and next time they'll get someone competent to run their online store.
dragging back in whatever lowest bidder contractor they used.
We are discussing here a "top notch" IT team.
a) they wouldn't have used a lowest bidder in the first place
b) once they know the URL they would be able to use one of the Apache filtering modules or a feature of their load balancer to block that URL
c) once they captured the URL that caused the break in they could just fix the code themselves; being top notch they won't be using anything they don't have the code to.
Even a slightly less than top notch company will have a support contract and in the case of a less than immediate response will have a notice like "waiting for Oracle support to respond"; "up as soon as Microsoft can fix IIS" which is the kind of thing which tends to get these companies to do a very quick fix.
Making a published suggestion to do something, especially suggesting how, precludes someone else patenting that thing. In other words, simply by saying something he's actually doing something more valuable to humanity than patenting!
A "top notch" IT team will have
Sure, your system may be compromised. Sure; the first replacement system may be compromised again. During the compromise of the second you should get enough logs that the third (or at worst fifth time) you come back, all the zero day attacks the attacker is using have gone.
Anyone can lose a few hours of outage. To be down for a day and have to start begging for mercy is not a sign that their IT "skills are formidable"
* at the cost of a short term outage;
2.0 Make a site about a new Congressional initiative to privatize Nuclear war.
2.1 provide demos for small money with hacked Nuclear bombs
2.2 embezzle the billions the enemy give you to destroy Tashkent
alternatively.
2.0 put up government policies for sale
2.1 actually implement the policies via hacked congress/senate computers
2.2 get awards and celebrity for improving government transparency
2.3 use new found celebrity to get on TV in China or elsewhere outside the US and earn hard currency.
system76 ships to Canada. I heard good things about them online but have no personal experience.
It has been quite painful to get Ubuntu working on my netbook.
Given that you don't seem to be happy doing that, why would you do it? Buy a system with Linux pre-installed. I was surprised how easy they are to get off price comparison sites. You wouldn't buy a bare laptop and then install Windows. Why should you do something different for Linux??
Once you code a solution to your defect, the proposed fix still has to be submitted, and may not be accepted by the developers. This could continue on for months, or even years of never implementing your fix. The onus is on your org, then, to repeatedly merge in changes, recompile, retest, and re-release your forked code base.
That's why you get a support contract with Red Hat. Yes, it costs money, it may even be more expensive than the equivalent MS system (though you probably will end up supporting many more users for the same system) but it will be pretty much rock solid. This is basically the exact case that their enterprise support works for.
The problem, of course, is we don't know whether VP8 will stay royalty free either with the patent threats hanging over it.
Which specific patent threats? I'm not talking bullshit random "there might be a patent threat somewhere hiding under the wardrobe" patent threats. I'm talking threats with a patent number and a "you are infringing, pay up or else" letter attached to them.
Let me make a patent "threat". There might be a secret H.264 patent that which I might have heard of which which will maybe suddenly come to life next year. If you don't pay me a million Euros for every device you have I might not use my (possibly existing or possibly not existing) influence to divert this threat that may (or may not) appear later.
Anybody can do that. If you fail to specifically notify someone who has put a public implementation out for free, what they have done wrong you aren't fulfilling your duties as a patent holder wanting to collect royalties.
And with Google refusing to indemnify users of the spec, and refusing to take legal action to get a legal opinion (from a court - what are those called?) that it violates no patents, one can't be sure whether MPEG-LA's rumbling has any basis in fact.
Strangely enough the MPEG-LA also provides no indemnification and has failed to "legal action to get a legal opinion". What Google provides, for free, is a license for all patents known to be used in the WebM standard, exactly the same as the MPEG-LA charges for.
What is interesting is; what is the source for your ideas? Where did you even get the idea that Google is "refusing to take legal action"? It's impossible to prove a negative and it's impossible to take action against widespread innuenduo. No judge will grant an open statement that "no patents are infringed". At best they could act to say "patent number XYZ was not infringed. You should look over that source agan and see if it's not trying to mislead you over a bunch of other things.
The fact that you don't like OOXML [..] doesn't make it not open.
Nor does the fact that it was written in English, nor the fact that it is sometimes printed on white paper. Why bother mentioning these things?
What makes it not open is that
Looking at H.264 it's not as bad as OOXML in many ways, but the patent problem is much worse. It badly needs to die.
Mountain rescue helicopters need training time too. Proper training sometimes means doing things aimlessly and relaxedly trying different things as they occur to you. Any rules against trying things will limit that. Sometimes sensibly (e.g. a rule against flying within a couple of meters during training - it's needed in real life, but it's very dangerous to practice properly) but practicing hovering at the right height to create a wind sounds exactly the right thing for mountain rescue pilots to do. Getting an expert spotter to tell you if you are flying at the right height is superb. People need to lighten up.
a) I'm assuming that this was a military sponsored and authorized operation. If it came from the US it was probably authorized under the "War on Terror". If you get "collateral damage" during a military operation you are typically not going to get any compensation at all.
b) That would be a really fun lawsuit. Imagine Ford delivered a car which had a particularly dangerous fuel tank and the US used that as part of a plot to assassinate a world leader. Would Ford then be able to sue for image damage?
c) Taking b a bit further. This may be a message from the US military to Microsoft. If you do not begin to sort your software out we will screw you. I doubt it has escaped notice that lots and lots of US secrets have been stolen from Windows computers recently.
d) Taking b and c a little further. If they have a vulnerability like this ready for public release, then the Israeli and US government have lots more problems they know of held in reserve. If I were a US "cyber security" planner, I would be desperately trying to think how I could begin to get my country migrated to some more secure systems. This kind of threat might be a beginning.
In summary; the only chance Microsoft will say anything about this is if they are extremely stupid. Possible but unlikely.