I do not understand why the editors tout this as bad. Finally, Cyberpatrol has made an ethical decision: cutting off the lies, the bribing of voters by promises, and the use of very effective technique of discrediting the other candidate.
Now if we had a Beowulf cluster of these..
You can't patent this because ..
on
Patent Warfare
·
· Score: 1
.. there is prior art.
(I know, you CAN patent it despite prior art, but it wouldn't hold up in court.)
Breaking the box won't help you if they use asymmetric keys I mean RSA. In order to read the messages from the box, you would need to steal the key at the other end (FBI), or brute force it.
They also would want to add a signature to everythign they transfer, I guess.
However, things will get really funky once the FBI key or the NSA backdoor key(aka "key recovery technology") will be broken - all the documents that were deemed secure will suddenly become readable.
Mitnick might have used identity theft himself so that is why he might have an opinion on this.
While complete transparency may seem cool, one danger is that this technique is abused by "bad" governments. Interestingly, if you lead this thought to the logical conclusion: Should a society intentionally allow loopholes for covert activities or terrorism - As a kind of negative feedback and control against bad things in society ?
On a completely different venue of attack, if only your DNA prooves that you are yourself, what if someone manipulates your records so that they show someone else is yourself ?
What this comes down to is that the method of assigning merits in the form of assets( goods and money ) to people is in itself very vulnerable,
especially if merits are assigned over a logn time.
and how would those aliens hide among US if we did DNA tests ?
Actually patents are quite cheap if you write them up yourself ( less than 1k$ ).
What costs money is financing the time a person has to spent to communicate with the patents office, and, in Europe, the worst fees are for creating valid translations( but for open source, filing in one language should be enough ).
Why Open Source doesn't patent is because they usually don't intend to sue.
If Open Source intended to do this, just a few patents on the right spot would be enough.
How about an Open Patents project which requires licensees to assign patents based on Open Patents
to Open Patents Projects ?
The point is that you didn't [do what Amazon had done ].
Patents should be the result of research, and the patent should be an incentive for the researcher to reveal the innovation so everyone can profit from it. Amazon hasn't done much research unless you count reading the cookie specs and code examples and "html for dummies". Amazon didn't share any information for example source code in their patent text.
If the point was to do something first,
you could patent the first stop onto moon and sue everyone doing it. You could patent crossing the road first and sue everyone doing it again.
That's nonsense.
FYI:
The claims in the patent fall into the following groups:
Claim 1, the actual description of the patent:
1. A distributed hosting framework operative in a computer network in which users of client machines connect to a content provider server, the framework comprising:
a routine for modifying at least one embedded object URL of a web page to include a hostname pretended to a domain name and path;
a set of content servers, distinct from the content provider server, for hosting at least some of the embedded objects of web pages that are normally hosted by the content provider server;
at least one first level name server that provides a first level domain name service (DNS) resolution; and
at least one second level name server that provides a second level domain name service (DNS) resolution;
wherein in response to requests for the web page, generated by the client machines the web page including the modified embedded object URL is served from the content provider server and the embedded object identified by the modified embedded object URL is served from a given one of the content servers as identified by the first level and second level name servers
Claims 2 to 5 simply describe a standard way of loadbalancing.
Claims 6 to 11 describe the part of the loadbalancing that is actually smart; especially claim 8 sounds ok:
8. The hosting framework as described in claim 7 wherein the overflow control mechanism includes a min-cost multicommodity flow algorithm
Claims 12 to 34 concern themselves with rewriting the URL. This hasn't got much technical merits, as it has been done before akamai for all kinds of mirror sites. The majority of claims can stand only as side-claims to claim 1.
Of these claims, the fingerprinting thing in claim 28/29 has some merit.
28. The method as described in claim 26 wherein the given function is a hash function.
29. The method as described in claim 23
wherein the modified URL also includes a fingerprint value generated by applying a given function to the embedded object.
An interesting side note is that claim 1 is so broad that it applies to doubleclick.com too.
If you would ask me to judge on this, I might grant them rights on claim 1 in conjunction with claim 8 or claim 29. Everything else is nothing but side claims, and claim 1 is too broad. I mean, I could invent this any day.
I'm sure there are companies looking for a C/php developer here in Munich.
There actually IS a similar program in Germany, but with a twist that makes a difference: a minimum wage for foreign programming labor that is HIGHER that what is paid to a fair part of the programmers here.
Yesterday, Leon B. was arrested in N.Y. for learning the DeCSS by heart.
It seems that he is viewed as a threat, since he has been known to enjoy reciting the source code in public, and hearsay has it he is even muttering it in his sleep.
Maybe it is ok to lock him up. I mean, you lock up dangerous lunatics too.
If anyone has more news about Leon, I'd liek to hear from him.
Obviously you have no clue why Linux stuff comes as source files, not as precompiled binaries.
See, Linux runs on all kind of processors, not just on your new PIII or K-whatever which are x86 compatible. Precompiled binaries don't run there.
Maybe you should look into a career as a M$ accountant ?
Why should/. upgrade it's hardware when it isn't forced to use m$ bloatware which forces this ?
That my line does just happen not to be hype - Did you read how Intel was looking for applications/developers that required their new faster processors ?
Well, no expert here, but I read that the code/data segment thing is more often used in Intel+??Dos than on ???+Unix hosts. And on ??Dos, the practice is to put variables that have been initialized into the code segment as well.
Humm, an even better point: you don't need to replace stuff in the code segment.
It might be enough to just hand back the right parameters.
So for example, it might work like this(guessing):
setuid program checks parameters
setuid program attempts to print "you are not allowed to suid root".
setuid program local variables, which are stored on the stack, are filled different values.
the changed values cause the setuid program to continue operation and give you root.
I see that this would work only with some specific setuid code.
The string handling in C is just bad. C should never have been used for systems programming. For example, if functions with an elided(sp?) argumentlist (..)
like scanf and printf are so dangerous to the stack, why do they have to use the same stack ?
From my own experience, it is not possible, or say, not easy, to install M$ security patches if you have other plugins/security tools installed for the program that needs patching.
What is the worst thing is you don't even get say, a compiler warning or error message, programs just close down.
I think you can have a server running on any port > 1024. I guess your passwordless or passwordweak accounts are vulnerable too. Of course it would be obvious that the server is running, but you could rename it to "telnet" or "less".
I use VMware for switching to Linux for compiling simple C programs, and for looking up the C documentation and other docus.
This pretty much removes the need to buy a C compiler, and using Linux you get compilers for other languages too.
I'm not sure this would work for real programming but I guess you could set up a linux to win crosscompiler following Mumit Khans instructions, add in samba file sharing between your vm'ed linux and the win2z, and Presto! you are set up.
It doesn't matter whether Flash VOS is vaporware - the fun thing about patents is that you can patent anything without having a working or halfway working model.
You just need to be able to draft the machine.
Actually, allowing patents like this might be for the good of mankind, since the patent would expire, allowing anyone to make the invention - unfortunately it doesn't work like this, patent offices will grant additional patents for when the invention is actually realized or in their words, improved.
The whole business sucks since the practice of patenting is lightyears off the nice-sounding arguments that patents are good for economy and everyone.
Anyone with too much money want to patent some of my ideas that I get after 2 beers and a vodka ?
Slashdot Mirror
Now if we had a Beowulf cluster of these ..
(I know, you CAN patent it despite prior art, but it wouldn't hold up in court.)
I wouldn't be surprised if some people at M$ were actually looking foreward to seeing CmdrTaco(tm) running Outlook on Linux.
However, things will get really funky once the FBI key or the NSA backdoor key(aka "key recovery technology") will be broken - all the documents that were deemed secure will suddenly become readable.
Historians, Peeps, ARCHIVE NOW, and read later.
While complete transparency may seem cool, one danger is that this technique is abused by "bad" governments. Interestingly, if you lead this thought to the logical conclusion: Should a society intentionally allow loopholes for covert activities or terrorism - As a kind of negative feedback and control against bad things in society ?
On a completely different venue of attack, if only your DNA prooves that you are yourself, what if someone manipulates your records so that they show someone else is yourself ?
What this comes down to is that the method of assigning merits in the form of assets( goods and money ) to people is in itself very vulnerable, especially if merits are assigned over a logn time.
and how would those aliens hide among US if we did DNA tests ?
You think too: Hey can hit it too like your real dog ?
that it is completely unclear from the claim list what exactly is patented as new.
Is it the RCS-style document locking ?
Doing this over this internet ?
Assigning an author and reviewers ?
Basically this is like patenting your recipe for potato-peppermint-with-the-odd-vegetable-thrown-in -soup.
What costs money is financing the time a person has to spent to communicate with the patents office, and, in Europe, the worst fees are for creating valid translations( but for open source, filing in one language should be enough ).
Why Open Source doesn't patent is because they usually don't intend to sue.
If Open Source intended to do this, just a few patents on the right spot would be enough.
How about an Open Patents project which requires licensees to assign patents based on Open Patents to Open Patents Projects ?
Patents should be the result of research, and the patent should be an incentive for the researcher to reveal the innovation so everyone can profit from it. Amazon hasn't done much research unless you count reading the cookie specs and code examples and "html for dummies". Amazon didn't share any information for example source code in their patent text.
If the point was to do something first, you could patent the first stop onto moon and sue everyone doing it. You could patent crossing the road first and sue everyone doing it again.
That's nonsense.
One-Click-Crash. :-)
hey how much money do you want from me so I get 50% of that patent if you patent it ?
I'm serious !
btw., contact me if you want to work around this, or set up a free patent that protects the legal and intended trick to work around this.
The claims in the patent fall into the following groups:
Claim 1, the actual description of the patent:
1. A distributed hosting framework operative in a computer network in which users of client machines connect to a content provider server, the framework comprising: a routine for modifying at least one embedded object URL of a web page to include a hostname pretended to a domain name and path; a set of content servers, distinct from the content provider server, for hosting at least some of the embedded objects of web pages that are normally hosted by the content provider server;
at least one first level name server that provides a first level domain name service (DNS) resolution; and
at least one second level name server that provides a second level domain name service (DNS) resolution;
wherein in response to requests for the web page, generated by the client machines the web page including the modified embedded object URL is served from the content provider server and the embedded object identified by the modified embedded object URL is served from a given one of the content servers as identified by the first level and second level name servers
Claims 2 to 5 simply describe a standard way of loadbalancing.
Claims 6 to 11 describe the part of the loadbalancing that is actually smart; especially claim 8 sounds ok:
8. The hosting framework as described in claim 7 wherein the overflow control mechanism includes a min-cost multicommodity flow algorithm
Claims 12 to 34 concern themselves with rewriting the URL. This hasn't got much technical merits, as it has been done before akamai for all kinds of mirror sites. The majority of claims can stand only as side-claims to claim 1.
Of these claims, the fingerprinting thing in claim 28/29 has some merit.
28. The method as described in claim 26 wherein the given function is a hash function.
29. The method as described in claim 23 wherein the modified URL also includes a fingerprint value generated by applying a given function to the embedded object.
An interesting side note is that claim 1 is so broad that it applies to doubleclick.com too.
If you would ask me to judge on this, I might grant them rights on claim 1 in conjunction with claim 8 or claim 29. Everything else is nothing but side claims, and claim 1 is too broad. I mean, I could invent this any day.
I'm sure there are companies looking for a C/php developer here in Munich.
There actually IS a similar program in Germany, but with a twist that makes a difference: a minimum wage for foreign programming labor that is HIGHER that what is paid to a fair part of the programmers here.
Yea, that would be cool
It seems that he is viewed as a threat, since he has been known to enjoy reciting the source code in public, and hearsay has it he is even muttering it in his sleep.
Maybe it is ok to lock him up. I mean, you lock up dangerous lunatics too.
If anyone has more news about Leon, I'd liek to hear from him.
Maybe you should look into a career as a M$ accountant ?
Why should /. upgrade it's hardware when it isn't forced to use m$ bloatware which forces this ?
That my line does just happen not to be hype - Did you read how Intel was looking for applications/developers that required their new faster processors ?
Humm, an even better point: you don't need to replace stuff in the code segment. It might be enough to just hand back the right parameters.
So for example, it might work like this(guessing):
- setuid program checks parameters
- setuid program attempts to print "you are not allowed to suid root".
- setuid program local variables, which are stored on the stack, are filled different values.
- the changed values cause the setuid program to continue operation and give you root.
I see that this would work only with some specific setuid code.The string handling in C is just bad. C should never have been used for systems programming. For example, if functions with an elided(sp?) argumentlist (..) like scanf and printf are so dangerous to the stack, why do they have to use the same stack ?
What is the worst thing is you don't even get say, a compiler warning or error message, programs just close down.
and see whether the GNU really has no opinion under which jurisdiction(s) the GPL is to be interpreted :-)
before someone else patents the almost-obvious ..
I think you can have a server running on any port > 1024. I guess your passwordless or passwordweak accounts are vulnerable too. Of course it would be obvious that the server is running, but you could rename it to "telnet" or "less".
I use VMware for switching to Linux for compiling simple C programs, and for looking up the C documentation and other docus. This pretty much removes the need to buy a C compiler, and using Linux you get compilers for other languages too. I'm not sure this would work for real programming but I guess you could set up a linux to win crosscompiler following Mumit Khans instructions, add in samba file sharing between your vm'ed linux and the win2z, and Presto! you are set up.
-nt
It doesn't matter whether Flash VOS is vaporware - the fun thing about patents is that you can patent anything without having a working or halfway working model. You just need to be able to draft the machine. Actually, allowing patents like this might be for the good of mankind, since the patent would expire, allowing anyone to make the invention - unfortunately it doesn't work like this, patent offices will grant additional patents for when the invention is actually realized or in their words, improved. The whole business sucks since the practice of patenting is lightyears off the nice-sounding arguments that patents are good for economy and everyone. Anyone with too much money want to patent some of my ideas that I get after 2 beers and a vodka ?
This /. article is blody useless without the URL of Sokolevs writings.