Years ago a friend told me to keep a patent idea book. He said get a notebook with printed page numbers and at the start of each entry write the date, the idea and draw a line. If you want to add to it, use the next entry location and never ever update an existing entry. That book has killed a few bad patents so far.
That friend has several patents on the best selling chip of the time (Am/FM radio chip). He also has a patent on using morse code to talk to a device even though it had been patented nearly a century before.
I have found that people can't guess sizes of rooms very well that were brought up in metric countries while people brought up with feet tend to get a more correct answer in rooms with walls less than 5 meters. There also seems to be a bit of a concept burned into peoples brains where numbers are of some sizes are ignored. People will say 10 to 12 but not 11 or 13 for some reason. 14 seems to be skipped in favor of 15.
Sendmail is doing stuff but I don't think its the right direction.
Vixie from ISC was involved in many of the early proposals.
The problem is 1) If you can 100% auth a sender, spamers will be authed which is pointless because its easy to go register 100 new domains with keys (once you figure out how to do it) but it will be a real pain for startups and small businesses. So the spamers win on that count. 2) People are hung up on forwarding. All the fast and light systems can't cope with forwarding. The heavy crypto ones can but they are expensive. 3) People want plausible deniability with email and spamers want total deniability.
I'm under the impression that this should have been done by doing a dns lookup on $REV_IP_QUAD.$USER._at.$DOMAIN. The result is that it works (dns bl prove that), its trivial and requires very little work on anyones part (unlike SPF which is far more complex). That would solve the light issue but it breaks forwarding but if I send you a message and you forward it to someone else, my dns can log their system asking me if its legit. I don't see that as a problem.
I like the ability to have anyone in the world to be able to send me a message even if I've never heard from them before but I don't like ads. The problem is that there is no way to tell the difference.
Throwing a layer on to make billy more money isn't going to make spam go away, its just going to cost the spamers a bit more and everyone else lots more. Also the way most spam ops work is they find a sucker to pay them $1000 to $10,000 to send out messages so tacking on $.001 would up the top end to $20k to get certified spam into your mail box. No thanks.
As far as bing parinoid, well yes maybe, but a decade ago a team from MSFT were tring to convince me that it would be good to have the entire govt pay them per message. The current stuff only covers a few existing patents. It does not cover all current and future patents they may get (or be processing) and what protections are there that they won't change their minds? To get out of most of their current patent agreements, all they have to do is sell the patents to one of their many parterners and the contracts all end.
As someone that lived through the 1st open source IP wars, I'll take paranoid over naive.
Years ago when X.400 was the in thing, Microsoft wanted to own email. The servers, the clients, the messages and collect a per message fee just like the post office.
Can you explain why they don't think they can do this now?
Now they have a huge patent base thats building up and they are going to use it to kill off the other options.
This stuff scares me because its their way of taking control. They were a major player in the Gossip email systems and they lost out to SMTP. Now they have a sneakly way to undo that.
I'll take spam and forged email over paying MSFT $.25 a message.
Microsoft is going to kill Samba and they are going to kill it hard and I expect the Samba team members may end up losing their houses to cover the damages.
The bigest problem is the Samba team is also sitting on some potential patents they could use to hit Microsoft with a 100 billion dollar clue stick if for no other reason than to keep them in line.
This is one of the problem with software and business patents... they don't have any prior art to search so everything they see is new.
Another thing is they are very limited in where they can search. If I patent something and they do a google search to see if its already out there, they could be telling my competitors about my invention and that is a problem for the patent office.
The solution to the problem is to get someone like the EFF to sue the dirctor of the patent office for the actions of one of the inspectors.
You make several good points but there still seems to be some massive confusion about why we "backup" data.
The main reasons are: 1) recover short term data loss (i.e. does rm move it to the trash?) 2) recovery of bad hardware (disk, power supply dies and kills the box) 3) disaster recovery (tornado, earth quake, building fires) Each of the three have different requirements and one solution doesn't fit all unless its real expensive.
For example for #1, a big hard disk with a slow mirror of the main file server works great. For #2 its very handy to have your backup on site or at least accessible For #3, a different county or state or country can make sense but its impractical for other backups for nearly any but the largest of businesses.
Most companies I know of can't manage to get their off site backups out the door less than once a month, getting them to plan for their business to be off line for a few weeks seems to be a problem thats just to hard so they just will ride out the storm if it happens which is sad since its easy to fix some of these problems with a cheap server somewhere and rsync.
for a given algorithm, it is computationally infeasible to find two different messages that produce the same message digest.
This is the trick to figure out if MD5 is secure in how you use it. If I'm using md5 to sign a 4 character string, then md5 is secure for that reason because there are no collisions in the 4 billion input strings (its insecure because I can reverse it because I easily do 2^32 md5s)
There are a number of applications where md5 is still secure. One of them is hmac since the sending end controls the random seed and there isn't any place to inject and funny bits.
This isn't a killer for md5. Its a killer for md5 in some cases but not all. For now I'm going to continue to use md5 for a number of uses and one of them is integrity checking of what I downloaded from open source binaries. If they can hack the web site to put a virus in the binary, can't they also update the md5 displayed on the web site? In which case its a great tool to verify the download is what was on the web site. I have binary checkers that use md5 to make sure my binaries aren't corrupted on my systems. Right now I md5 every binary that gets backed up I may consider adding a seed to the front of the md5 I use. Someone may come up with a funny RH7 binary of ps that has the same md5 as the stock one, but they aren't going to come up with one that has the same hash that also has the same hash when I tack on "xyzzy" on the front.
If you want to see why a loser pays system is bad, look at Australia. Its more sue happy than most of the US but the large companies are rarely the target. A individual can't afford to sue any large company and class action suits that would clearly win the US never get brought up. Small claims are handled by one of the way too many tribunals and as a result way to minor situations between individuals end up in court.
The accreditation baords are just another scam. A decade ago or so, someone got busted for running a school that was selling degrees. He ended up starting an accredidation agency and then would go to the state schools and take $20,000 from each department.
I was in a program that wasn't acredited at a large midwest uinversity. They were close but not quite there and I wanted to find out more so I called the jokers. I asked what other schools where acredited and they mentioned a few that had worse programs. I asked about well known schools and they weren't. Then I called MIT and Stanford and asked their Engr dept how their programs were acredited. MIT wasn't and Stanford was only through the state. Makes me wonder what that money goes for.
Isn't that SW (aka ANH pre edits): good ANH: Lame?
The last one I saw was the rehack of Star Wars when it 1st hit the theaters. After Lucas messed up a move I watched too many times when it first came out, I decided hes not seeing any more of my money. I haven't even seen the last one on cable TV.
The 1st heard about this from someone at a GPS meeting run by the NSF (Dr Parkinson was the speaker). I don't have any literature references on it but I've seen a number of things over the years to reinforce that is what some of the smaller corrections are there for since they are just untested theories at this point.
As far as new physics, i don't think this new. When Newton was trying to figure out how to figure out calculus so he could come up with equations to figure out how gravity pushed on everything, he learned that the equations just reduced to the basics that we use today where two things pull on each other in a straight line. 99.99999+% of the time that works. While we have math that shows gravity takes the direct approach, We don't know what path gravity really takes, it could be a line between the objects, a ellipsoid like the Frenzel zone or some thing else. What is clear is there are a few examples where our current theories of gravity are missing something. As far as I know the examples are limited to 1) pendulum and eclipses, 2) deep space probes slowing down, 3) Odd time changes orbiting atomic clocks and 4) deep misc space oddities (events near black holes, how spirals form in galaxies).
Like which old days? The ancient ones or the early ones a hundred years ago? The ancient ones weren't has high and noble as you might be thinking if you've read any of the recent reports on how they games used to be played. The St Louis olympics 100 years ago were so corrupt that it makes the modern antics of the IOC look tame.
If you look at many countries laws about using the olympic symbols, you will find they aren't covered under trademark law. Its covered under other laws that specifically cover the olympic themes.
The change in the clock dt is encoded in some of the parameters to the ephemeris equation. I think Jupiter's orbit is like the 6th parameter and the odd drifts are entered in the last two arguments.
Keep in mind that the pendulum experiments can't be reproduced every time as well. I'm guessing it has something to do with gravity having some sort of Frenzel zone and you have to be in the right spot in it to see the effect.
The effect is there on the GPS clocks. Its clear that something funny is going on but only some times and so far the experiment hasn't been consistently duplicated which is the traditional hallmark of bad science so I expect this problem isn't getting the attention it deserves. I also expect this is the last major breakthrough in basic science that could be done in a basement and its clear that if you can explain what the heck is going on, some people in Stockholm will give you a prize
One of the problems is that to get any better measurements, you need a decent clock and every clock I know about seem to be changed by gravity from a simple windup to the best atomic clocks.
My mother needs this but she fond a different solution that only cost something like $500,000 for 2 operations on each eyeball. Thanks to her addction to Virginia slims, she can't see any more but thanks to so expiermental surgey that is only needed by tobacco druggies, she can see again. How many people can afford to have their eyeballs layers separated, encouraged to regrow and then put back together by a huge team of surgeons?
The 6809E was more of a 16 bit CPU than the 8088 was. It was the 1st MPU designed to run programs written by a compiler. It was a true work of art. The os-9 operating system (which was co-designed by one of the chip designers) was also very clean with loadable modules that were checksumed.
I would love to see someone take the 6809 design and come up with a 64 bit version. Too bad Motorola dumped the 09 and never looked back. All the rest of the 6800 family seems primitve compared to the 09. Even the 68000 seemed to be a step backwards in some cases.
The same sort of stupidity is why they leave the crashed cars on the interstate for hours -- so they can give the insurance companies enough info so work it all out. One study showed that a major block on an interstate can cost a million dollars a minute in other peoples time.
See the MSFT ELUA for details on how to cover your backside when its not your patent. I don't know how many hours of conversations you've had with IP attys. but I've clocked up enough to know that the primary trend in open source IP attitudes are outdated and will result in team leaders getting sued. The major difference between now and decade ago is that a decade ago there was a chance the developer could come out of a law suit keeping his house. Now I don't think thats true.
What this work provies is the chance isn't trivial to compute. Assume the latest kernel tarballed is md5ed. If I created a hacked version that has a backdoor and I want to put this on a cracked mirror, I would need to install my code and then find some other bits to change to get the same md5. In throey I could just pick 128 bits that don't matter and change them till I get the same md5. The older theorys were that it would be close to a 1 in 2^128 chance of picking bits to give the same. This work may show an easy way to pick the values of the bits or something else. MD5 is very uniform but there are some cases where its not quite right.
Depending on what yoru doing with md5, this may not be an issue at all.
Your comment about the GPL means its meaningless with submarine patents. The author can make no such guarantee so the GPL doesn't protect anyone. It could but it doesn't. Thats why its obsolete. Now it can't even deliver on some of its early goals which is to make sure that if you use GPLed software, then anything it is linked against can be supported forever. Two cases where that clerly doesn't work is Linksys special linux (and a few other AP makers are doing the same) and the 3com NBX. Both have linked GPLed software and not provided source according to the license and neither are going to and no one has the power or desire to enforce the GPL in thouse cases.
The open source comunity can either deal with the reality of this issue or they can deal with it later when their assessts are at stake.
Slashdot Mirror
Years ago a friend told me to keep a patent idea book. He said get a notebook with printed page numbers and at the start of each entry write the date, the idea and draw a line. If you want to add to it, use the next entry location and never ever update an existing entry. That book has killed a few bad patents so far.
That friend has several patents on the best selling chip of the time (Am/FM radio chip). He also has a patent on using morse code to talk to a device even though it had been patented nearly a century before.
I have found that people can't guess sizes of rooms very well that were brought up in metric countries while people brought up with feet tend to get a more correct answer in rooms with walls less than 5 meters. There also seems to be a bit of a concept burned into peoples brains where numbers are of some sizes are ignored. People will say 10 to 12 but not 11 or 13 for some reason. 14 seems to be skipped in favor of 15.
Sendmail is doing stuff but I don't think its the right direction.
Vixie from ISC was involved in many of the early proposals.
The problem is
1) If you can 100% auth a sender, spamers will be authed which is pointless because its easy to go register 100 new domains with keys (once you figure out how to do it) but it will be a real pain for startups and small businesses. So the spamers win on that count.
2) People are hung up on forwarding. All the fast and light systems can't cope with forwarding. The heavy crypto ones can but they are expensive.
3) People want plausible deniability with email and spamers want total deniability.
I'm under the impression that this should have been done by doing a dns lookup on $REV_IP_QUAD.$USER._at.$DOMAIN. The result is that it works (dns bl prove that), its trivial and requires very little work on anyones part (unlike SPF which is far more complex). That would solve the light issue but it breaks forwarding but if I send you a message and you forward it to someone else, my dns can log their system asking me if its legit. I don't see that as a problem.
I like the ability to have anyone in the world to be able to send me a message even if I've never heard from them before but I don't like ads. The problem is that there is no way to tell the difference.
Throwing a layer on to make billy more money isn't going to make spam go away, its just going to cost the spamers a bit more and everyone else lots more. Also the way most spam ops work is they find a sucker to pay them $1000 to $10,000 to send out messages so tacking on $.001 would up the top end to $20k to get certified spam into your mail box. No thanks.
As far as bing parinoid, well yes maybe, but a decade ago a team from MSFT were tring to convince me that it would be good to have the entire govt pay them per message. The current stuff only covers a few existing patents. It does not cover all current and future patents they may get (or be processing) and what protections are there that they won't change their minds? To get out of most of their current patent agreements, all they have to do is sell the patents to one of their many parterners and the contracts all end.
As someone that lived through the 1st open source IP wars, I'll take paranoid over naive.
Years ago when X.400 was the in thing, Microsoft wanted to own email. The servers, the clients, the messages and collect a per message fee just like the post office.
Can you explain why they don't think they can do this now?
Now they have a huge patent base thats building up and they are going to use it to kill off the other options.
This stuff scares me because its their way of taking control. They were a major player in the Gossip email systems and they lost out to SMTP. Now they have a sneakly way to undo that.
I'll take spam and forged email over paying MSFT $.25 a message.
That strikes me as utterly walking into a law office and screaming, "Sue me!"
If they want to get into the media game (and they do in a big way), its also a way to find out which independent stations are ripe to be bought out.
I'll say it again...
Microsoft is going to kill Samba and they are going to kill it hard and I expect the Samba team members may end up losing their houses to cover the damages.
The bigest problem is the Samba team is also sitting on some potential patents they could use to hit Microsoft with a 100 billion dollar clue stick if for no other reason than to keep them in line.
This is one of the problem with software and business patents... they don't have any prior art to search so everything they see is new.
Another thing is they are very limited in where they can search. If I patent something and they do a google search to see if its already out there, they could be telling my competitors about my invention and that is a problem for the patent office.
The solution to the problem is to get someone like the EFF to sue the dirctor of the patent office for the actions of one of the inspectors.
You make several good points but there still seems to be some massive confusion about why we "backup" data.
The main reasons are:
1) recover short term data loss (i.e. does rm move it to the trash?)
2) recovery of bad hardware (disk, power supply dies and kills the box)
3) disaster recovery (tornado, earth quake, building fires)
Each of the three have different requirements and one solution doesn't fit all unless its real expensive.
For example for #1, a big hard disk with a slow mirror of the main file server works great.
For #2 its very handy to have your backup on site or at least accessible
For #3, a different county or state or country can make sense but its impractical for other backups for nearly any but the largest of businesses.
Most companies I know of can't manage to get their off site backups out the door less than once a month, getting them to plan for their business to be off line for a few weeks seems to be a problem thats just to hard so they just will ride out the storm if it happens which is sad since its easy to fix some of these problems with a cheap server somewhere and rsync.
for a given algorithm, it is computationally infeasible to find two different messages that produce the same message digest.
This is the trick to figure out if MD5 is secure in how you use it. If I'm using md5 to sign a 4 character string, then md5 is secure for that reason because there are no collisions in the 4 billion input strings (its insecure because I can reverse it because I easily do 2^32 md5s)
There are a number of applications where md5 is still secure. One of them is hmac since the sending end controls the random seed and there isn't any place to inject and funny bits.
This isn't a killer for md5. Its a killer for md5 in some cases but not all. For now I'm going to continue to use md5 for a number of uses and one of them is integrity checking of what I downloaded from open source binaries. If they can hack the web site to put a virus in the binary, can't they also update the md5 displayed on the web site? In which case its a great tool to verify the download is what was on the web site. I have binary checkers that use md5 to make sure my binaries aren't corrupted on my systems. Right now I md5 every binary that gets backed up I may consider adding a seed to the front of the md5 I use. Someone may come up with a funny RH7 binary of ps that has the same md5 as the stock one, but they aren't going to come up with one that has the same hash that also has the same hash when I tack on "xyzzy" on the front.
If you want to see why a loser pays system is bad, look at Australia. Its more sue happy than most of the US but the large companies are rarely the target. A individual can't afford to sue any large company and class action suits that would clearly win the US never get brought up. Small claims are handled by one of the way too many tribunals and as a result way to minor situations between individuals end up in court.
The accreditation baords are just another scam. A decade ago or so, someone got busted for running a school that was selling degrees. He ended up starting an accredidation agency and then would go to the state schools and take $20,000 from each department.
I was in a program that wasn't acredited at a large midwest uinversity. They were close but not quite there and I wanted to find out more so I called the jokers. I asked what other schools where acredited and they mentioned a few that had worse programs. I asked about well known schools and they weren't. Then I called MIT and Stanford and asked their Engr dept how their programs were acredited. MIT wasn't and Stanford was only through the state. Makes me wonder what that money goes for.
Isn't that
SW (aka ANH pre edits): good
ANH: Lame?
The last one I saw was the rehack of Star Wars when it 1st hit the theaters. After Lucas messed up a move I watched too many times when it first came out, I decided hes not seeing any more of my money. I haven't even seen the last one on cable TV.
The 1st heard about this from someone at a GPS meeting run by the NSF (Dr Parkinson was the speaker). I don't have any literature references on it but I've seen a number of things over the years to reinforce that is what some of the smaller corrections are there for since they are just untested theories at this point.
As far as new physics, i don't think this new. When Newton was trying to figure out how to figure out calculus so he could come up with equations to figure out how gravity pushed on everything, he learned that the equations just reduced to the basics that we use today where two things pull on each other in a straight line. 99.99999+% of the time that works. While we have math that shows gravity takes the direct approach, We don't know what path gravity really takes, it could be a line between the objects, a ellipsoid like the Frenzel zone or some thing else. What is clear is there are a few examples where our current theories of gravity are missing something. As far as I know the examples are limited to 1) pendulum and eclipses, 2) deep space probes slowing down, 3) Odd time changes orbiting atomic clocks and 4) deep misc space oddities (events near black holes, how spirals form in galaxies).
Like which old days? The ancient ones or the early ones a hundred years ago? The ancient ones weren't has high and noble as you might be thinking if you've read any of the recent reports on how they games used to be played. The St Louis olympics 100 years ago were so corrupt that it makes the modern antics of the IOC look tame.
If you look at many countries laws about using the olympic symbols, you will find they aren't covered under trademark law. Its covered under other laws that specifically cover the olympic themes.
The change in the clock dt is encoded in some of the parameters to the ephemeris equation. I think Jupiter's orbit is like the 6th parameter and the odd drifts are entered in the last two arguments.
Keep in mind that the pendulum experiments can't be reproduced every time as well. I'm guessing it has something to do with gravity having some sort of Frenzel zone and you have to be in the right spot in it to see the effect.
It is noticed. Thats why your GPS receiver is using a 12th order polar coordinate equation to figure out the time drift of the sats.
The effect is there on the GPS clocks. Its clear that something funny is going on but only some times and so far the experiment hasn't been consistently duplicated which is the traditional hallmark of bad science so I expect this problem isn't getting the attention it deserves. I also expect this is the last major breakthrough in basic science that could be done in a basement and its clear that if you can explain what the heck is going on, some people in Stockholm will give you a prize
One of the problems is that to get any better measurements, you need a decent clock and every clock I know about seem to be changed by gravity from a simple windup to the best atomic clocks.
My mother needs this but she fond a different solution that only cost something like $500,000 for 2 operations on each eyeball. Thanks to her addction to Virginia slims, she can't see any more but thanks to so expiermental surgey that is only needed by tobacco druggies, she can see again. How many people can afford to have their eyeballs layers separated, encouraged to regrow and then put back together by a huge team of surgeons?
The 6809E was more of a 16 bit CPU than the 8088 was. It was the 1st MPU designed to run programs written by a compiler. It was a true work of art. The os-9 operating system (which was co-designed by one of the chip designers) was also very clean with loadable modules that were checksumed.
I would love to see someone take the 6809 design and come up with a 64 bit version. Too bad Motorola dumped the 09 and never looked back. All the rest of the 6800 family seems primitve compared to the 09. Even the 68000 seemed to be a step backwards in some cases.
The same sort of stupidity is why they leave the crashed cars on the interstate for hours -- so they can give the insurance companies enough info so work it all out. One study showed that a major block on an interstate can cost a million dollars a minute in other peoples time.
See the MSFT ELUA for details on how to cover your backside when its not your patent. I don't know how many hours of conversations you've had with IP attys. but I've clocked up enough to know that the primary trend in open source IP attitudes are outdated and will result in team leaders getting sued. The major difference between now and decade ago is that a decade ago there was a chance the developer could come out of a law suit keeping his house. Now I don't think thats true.
What this work provies is the chance isn't trivial to compute.
Assume the latest kernel tarballed is md5ed. If I created a hacked version that has a backdoor and I want to put this on a cracked mirror, I would need to install my code and then find some other bits to change to get the same md5. In throey I could just pick 128 bits that don't matter and change them till I get the same md5. The older theorys were that it would be close to a 1 in 2^128 chance of picking bits to give the same. This work may show an easy way to pick the values of the bits or something else. MD5 is very uniform but there are some cases where its not quite right.
Depending on what yoru doing with md5, this may not be an issue at all.
Your comment about the GPL means its meaningless with submarine patents. The author can make no such guarantee so the GPL doesn't protect anyone. It could but it doesn't. Thats why its obsolete. Now it can't even deliver on some of its early goals which is to make sure that if you use GPLed software, then anything it is linked against can be supported forever. Two cases where that clerly doesn't work is Linksys special linux (and a few other AP makers are doing the same) and the 3com NBX. Both have linked GPLed software and not provided source according to the license and neither are going to and no one has the power or desire to enforce the GPL in thouse cases.
The open source comunity can either deal with the reality of this issue or they can deal with it later when their assessts are at stake.