He has mentioned a couple of times that after his MBA, he might not go back to do kernel stuff but work on X instead. Imagine Alan Cox and Keith Packard working together in a sanely organized development community! X.org might really take off.
Please check your basic facts before posting. They use cookies to ensure that NOBODY can vote twice. This is STATE-OF-THE-ART hardened hacker-proof COMPUTER SECURITY TECHNOLOGY!!!
..., whose mistake caused the security hole, gets identified, can he be held at least partially responsible for any deaths that occurred during this outage?
I hate to tell you this but it actually sort of does this already.
According to Andrew Morton, it does not. I don't find the link ATM, but it is easy to verify that it does not: Just do
dd if=/dev/zero of=x, stop it when the file has a size of a gigabyte, and compare free swap before and after. There was no change for me at all. The trick is that kernel has a "touched only once"-logic. When this is the case for a file, the kernel decides it is unlikely the file will be accessed a second time, and thus prefers throwing it out of the cache instead of swapping something else out.
(As far as I understand, he and Thorsten Kleinjung wrote most of the software used, and did most of the work in the project, while the other institutions were rather donating computing time.)
I happen to know him a little, as one of my friends is his student, and another one was. If you think mathematicians are crazy, Franke is more than that. When you talk to him, he will usually just continue to stare at the piece of paper he has directly in front of his eyes (Nobody knows why he isn't wearing glasses.) and think of that as a normal way of communicating. His office consists of 3 huge desks (plus a computer desk); on each of them there is huge bunch of completely unorganized papers lying around, mixed with empty yoghurt cans.
His mathematical skill is enormous, he has done research in quite a lot of different areas of mathematics (analysis, algebraic geometry, algebraic topology, category theory), but he never bothers at all with making his results well-known. (In fact, at least one time he actually had to be persuaded to even publish his result, which got immediately accepted in Inventionaes, the most highly regarded journal in pure mathematics.) He even couldn't be bothered to apply for a much better-payed position at another university in Germany when he was almost urged to do so.
Anyone who knows him will burst out laughing when he reads that he supposedly said "I'm very proud of all these individuals from around the world and their efforts to solve this first factoring challenge." and all this other stuff in that paragraph of the article. I bet the author of this press release desperately tried to get some phrases longer than 5 words out of his mouth, gave up, and then decided to just make up all the quotes.
Now with his mathematical skills, number factoring is (in his own opinion) a rather dull activity. The reason he is doing this is that he expects an economic breakdown soon, and he thinks of his knowledge in number-factoring as an assurance against the coming job crisis. (Of course, his position is guaranteed by the German state until his retirement.)
But if you manage to get along with him, he is actually quite nice and extremely helpful.
All those C string functions are todays source of plague. Even though I'm not Miguel de Icaza it's obvious that we should move to something new.
Yeah, it is completely obvious that the kernel should be re-written in a high level language, such as C#, python or pike. The only thing to argue about is whether to use GTK- or QT-bindings for the splash screen.
Has anybody done the work to setup PCH in a project built with the standard GNU Makefile tools autoconf/make/header? I tried it once, but didn't see a good solution to get the dependencies right. Of course, genuine support for it by automake would be great.
...so while I am not completely against lots of forking, it seems worthwile to reexplain the problems with it:
The more standardized the installed Linux kernels around the world are, the easier it is for application developers to develop and test for all Linux platforms.
Why do you think don't we have an Oracle certification for Debian? Because the debian vanilla kernel is different enough from the RedHat kernel that all their testing is invalidated. Also, remember that there is not even a standardized way to test whether a certain feature is available way in an installed kernel.
I think Linus Torvalds himself is always underestimating the importance of his vanilla kernel. His claim is always that it is not very important for a patch to be "in", as everyone who needs it can apply it himself. But as a matter of fact, it doesn't make sense to make an application dependent on a kernel feature, unless this feature is part of the vanilla kernel. Or unless you are willing to develop for "RedHat only", at which point the/. crowd will certainly cry foul.
The other point is, of course, that many forks imply a diversion of kernel development resources.
For the record, one of the reasons Andrew Morton has given for accepting the 4G/4G patch into -mm is that he is aware that distributions will need it anyway, and he doesn't want to have distribution kernels diverge from vanilla as quickly as in 2.4. (Actually, now that objrmap is in -mm, it might not be necessary any more.)
Sorry, but I don't understand any of your points. I understand that you think usability cannot be studied wihtout paying money, and you repeat that about five times, but I haven't found a single argument in favor of that in your post.
Unlike software development via open source usability is something that is not easily done without money.
No. 1.
Usability virtually requires money because of the way that it is done.
No. 2.
Usability is much more than doing surveys, or talking to people, or just watching people.
So please, what is it, then?
What is needed is a fully funded usability study.
No. 3
To get reliable data, you often need to motivate people with money.
No. 4. But the Grok-doc project has the chance to have people motivated simply because they want to do what they are supposed to do. The way I imagine this to happen, is that when Geek mum wants to print her e-mail in the Linux box geek has set up, instead of showing her how to do it he lets try to do it herself, watches her, and then reports what he found on the Grok-doc wiki. I also don't see your point that none of the geeks would be willing to do this. So many linux geeks help their friends etc. with linux issues all the time, then it is really not much more of a time investment to let watch them a little with what they are trying to do, and then report the findings on the Wiki later.
whereas usability labor costs money.
No. 5.
Do we really want research that covers everything, in an unstructured WiKi environment?
Yes, we want research that covers everything in a self-organizing and self-structuring WiKi environment. Why are WiKis "unstructured"? Do you really think wikipedia.org is unstructured? I haven't yet seen a better way to organize information coming from many many sources than a Wiki.
Maybe you are right that usability studies without funding will never work. But you haven't given any reason for that claim. And people probably have said the same thing about programming an entire OS kernel 10 years ago.
Well, I am not a legal expert, but there are examples of invalid clauses in licenses. I'll reply regarding the situation in Germany, but the same may be true in many other places.
E.g., if you sell a product, and you disclaim all warranty somewhere down in the EULA, without any advertising of this clause, then that clause is simply invalid. The whole license still applies, but gets applied as if it had not contained that clause. A similar rule applies to forbidding reverse engineering of products.
Apart from such specific regulations, anything in a treaty or a license that is "sittenwidrig" (s.th. like "against common moral standards", yes, the word is as weird as that) is simply invalid. (This is only applied in pretty extreme cases, I think.)
So the law protects your treaty and licenses by enabling you to enforce them, but it doesn't do so with closed eyes regardless of the content.
If I want to release my code under a license that says you must do 50 jumping jacks before you can modify/compile/install/distribute it, why can't I?
I think there is little case law deciding 50 jumping jacks are "sittenwidrig" I am afraid.
Yes, the author does talk a lot about slowing down the release cycle. You are right that the only concrete suggestion he makes is just about changing the patch distribution method.
But that suggestion (distributing the patches encrypted to all subscribers, and then publishing the decryption key) is so ridiculous that of course it didn't make it into either the main part of his article, nor into the slashdot summary: He wants to speed-up the patch installment. But this only saves the 5 minutes to download a patch, which are of course the smallest part of the time it takes to install a patch for a competent sysadmin that does some minimal testing before rolling it out. (And for a non-competent sysadmin that lazily waits 2 months until he gets horrified by reports about exploits, too.)
Pretty much the only change would be that the encrypted patch carries the message for the sysadmin: "Hey, wake up, there will be a patch to install tomorrow." The same effect could be achieved by a short notice on the relevant security mailing list. And I think there is a good reason why vendors excactly do NOT do that.
I find the game to be not only fun but also rife with philosophical implications. It reinforces certain lessons of everyday philosophy, for instance the importance of trying hard (my games vary widely in quality, depending on effort and attention) and maintaining some humility (just when I think I've gotten good, someone comes along and wipes the board with me).
But then he goes on to make a discussion about platonism that could IMHO be made much better (and would be more interesting) in relation to mathematics.
It hapens that I have just (about two hours ago) written a short essay on how to improve in another board game. What I didn't dare saying there is that you cannot seriously improve in go without trying to improve get an overall positive attitude towards life, somehow trying to be on top of it.
I would certainly have loved to see a chess player's take on that topic. Chess is probably still a little more competitive than go (in the Western culture), and they might well know more about it than we go players do.
Where I live (Germany), we have plenty of such traffic lights. Contrary to the sensationalist/. reply, this hasn't caused any accident or has made people start running the red lights by habit. To the contrary, they work well.
An effctive alternative is a traffic light that is red and turn green a fixed amount of time after an approaching car has come to a certain distance. Those who were going too fast have to stop, others can drive on smoothly.
...for the typical desktop workload would come from a better cooperation between applications, glibc, and the kernel.
Let me start by claiming that optimizing desktop performanceis all about optimizing I/O patterns (contrary to what all Gentoo users think:P). My KDE startup is about three times as fast when I everything is in the disk cache, so it is clear where the bottleneck. (Just try logging in to KDE after boot, then log out and log in again.) A concentrated effort of
passing on the right hints from KDE via glibc to the kernel (e.g. an madvise() call when loading executables giving the hint that probably most part of the file will be needed later on),
trying some anticipatory reading of config files/libraries etc. from startkde where it is known that they will be needed, and that they are hopefully laying contigiously on the disk,
optimizing disk layout for the common access patterns
would IMHO make a far bigger difference for the desktop experience than optimizing compiler flags by using gentoo or using a preemptible kernel.
There has been a lot of discussion about this on the kde-optimize list (with Andrew Morton participating), so maybe we can hope that KDE 3.3 will offer some improvements.
As an aside, yes, we all hate the windows registry, but I think we should admit that for boot time optimization it is the right thing to do (having everything in one file that is layed out in one contigious block on the disk.)
Did he make any effort to alert the creators of the software before he published the info? Not that I could tell from the linked info.
Well. The "exploits" he published are so trivial that the company certainly knew about them being possible (see my other post here). Any hacker caring about this product would be able to find them. In such a case, I agree that the responsible is to educate the public about the flaws.
Unless he is lying extremely grossly (about which we would have gotten to know about it by now), I really cannot see how there can be a "other side" that is worth hearing.
I read his originial analysis
(in french) of this antivirus software which, according to him, prompted the charges of "counterfeiting". This article contains a description of the software, a section about "exploits" (you will agree about my question marks in a minute), a section where he demonstrates false positives, a test against a couple of known viruses, a short section about 2 points he liked about the software, then a list of detailed suggestions to improve the product, and finally an epilogue on the response from the company.
Probably didn't like the first suggestion for improvement "First of all: stop making believe that Viguard can do miracles." (The other suggestions are completely technical.) But let's focus on section 2, containing the 6 "exploits":
2.2 Deactivating Viguard by simulating the mouse-clicks with which a human would deactivate it
2.3 Just use TerminateProcess() (the windows equivalent of kill -9 if I understand correctly)
2.4 Add the md5sum of the trojan to an (unencrypted) whitelist of md5sums maintained by Viguard
2.5 In each directory, Viguard maintains a file "certify.bvd" which lists all known-good executables in this directory, "encrypted" by a XOR with a fixed key. So a virus just has to install itself in a new directory along with the appropriate certify.bvd file.
2.6 "For a good laugh": Rename a virus from.exe to.bat
2.7 Almost the same as 2.5.
All completely trivial. The only thing that comes close to the counterfeiting charges is that he offered programs for download that decrypt the configuration file and the certify.bvd files (both "encrypted" by XOR with a constant and short byte sequence).
If IBM gets granted this declaratory judgement, this has very little impact on the whole case (from its legal side, that is). Why? Because in front of the court, while SCo has talked about copyright infringement, it has always stressed and recently completely moved it's focus on the contract dispute with IBM (alleging it violated its trade secrets).
So this declaratory judgement that IBM is not infringing copyright is very tangent to the SCO vs IBM case. But of course, it would give very nice munition against the SCO out-of-court FUD, which is probably why IBM is asking for it. It might also have an impact on SCO vs google etc., I don't understand the issue well enough to judge this.
Also, that IBM is filing for this judgement now doesn't mean that the judge will rule on this next week. AFAI understand, this judgement will just be part of the final ruling on the case.
If you do it without encryption or without a checksum then you're probably not infringing. Same if you avoid binary encoding.
That's not how I read the claims. The basic claims are 1, 10, 18, 26, 35, 40. Adding encryption or checksums to storing the data structures as cookies are covered by separate claims, always listed in addition to the basic claims.
The whole point of this patent is IMO what they call "schema data". By this they mean having a separate file that describes the data structure used in the cookies, so that the way the data structures can be changed without changing the code en/de-crypting the cookie. (Claim 1.) Unless someone is using such a metafile describing the data structure, and has written a generic cookie parser that is controlled by this metafile, I am pretty sure he will not be infringing the patent. This is, of course, not revolutionary, but it's definitely much better software design than the typical PHP/MySQL web site.
Adding versioning of the data structures is claim 7. Claim 26 is then about using this data to generate personalized web pages from the cookie data without any database lookups.
So, IMHO this patent isn't that silly. You most likely don't have to "work around" it just because you are storing some structured user data in cookies, it is to the contrary very unlikely that you are infringing it.
Definitely, all posts here have missed the "schema data" aspect so far. Maybe there is prior art for this, but if there is, noone has pointed out any so far.
I think the only good reason to be against this patent is to be against software patents in general. Which I am, btw:)
"Content is more important than..."
on
CSS for the LDP?
·
· Score: 1
This may sound like a flamebait, but I think the FSF pages are a prime example for this misguided principle. It's only recently that they added menus (and on www.gnu.org they still got it wrong by putting it on the right instead of the left where everyone expects it), and according to theGNU/FSF Web Site Guidelines they are still frowned upon.
The general attitude of not caring about the layout, and just putting in the content, leads to pages which have far tooo long lines in typical browser windows (I thought that latex had spread the news that lines should not have more than 66-68 letters), have the ugly "ul" lists as the main structural ingredient, and makes the whole site (there's actually quite a lot of content there) pretty hard to navigate.
But I am pretty sure that they support lynx well, yeah. Don't want to troll, but I think Linus Torvalds' quote recommending to print out the GNU coding standards just once (so that you can burn them) applies to their Web Site Guidelines equally well. It should be time that the 90s and the news that a well-layoutet presentation actually helps to communicate the content (instead of "just distracting from it") reaches every web site author out there, even if he only uses emacs on console for his daily work.
Is that the same nation in which I have driven for almost a day without being able to listen to a single radio station? Where, in a region as cold as Michigan, well-insulated windows with double glazing are still not the norm? Where a state with 20 million inhabitants could end up fearing about having enough electricity? Where the typical highway is in such a bad state that you would almost wish the speed limit was 60 mph instead of 70? I must also have missed that high-tech public transportation system...and, ahem, vote counting, ahem...
Slashdot Mirror
What a pedant I am that I do consider you a pedant without even looking up "pedant" in a dictionary...
He has mentioned a couple of times that after his MBA, he might not go back to do kernel stuff but work on X instead. Imagine Alan Cox and Keith Packard working together in a sanely organized development community! X.org might really take off.
Please check your basic facts before posting. They use cookies to ensure that NOBODY can vote twice. This is STATE-OF-THE-ART hardened hacker-proof COMPUTER SECURITY TECHNOLOGY!!!
Now I finally understand that acronym: General purpose unit!
..., whose mistake caused the security hole, gets identified, can he be held at least partially responsible for any deaths that occurred during this outage?
"captive" is mentioned in the package list, so it seems they included it.
According to Andrew Morton, it does not. I don't find the link ATM, but it is easy to verify that it does not: Just do dd if=/dev/zero of=x, stop it when the file has a size of a gigabyte, and compare free swap before and after. There was no change for me at all. The trick is that kernel has a "touched only once"-logic. When this is the case for a file, the kernel decides it is unlikely the file will be accessed a second time, and thus prefers throwing it out of the cache instead of swapping something else out.
Q: What does kst stand for?
A: The 'k' in kst stands for the same thing as the K in KDE. (ie, the letter after J and before L). The 's' and the 't' have a similar explanation.
I happen to know him a little, as one of my friends is his student, and another one was. If you think mathematicians are crazy, Franke is more than that. When you talk to him, he will usually just continue to stare at the piece of paper he has directly in front of his eyes (Nobody knows why he isn't wearing glasses.) and think of that as a normal way of communicating. His office consists of 3 huge desks (plus a computer desk); on each of them there is huge bunch of completely unorganized papers lying around, mixed with empty yoghurt cans.
His mathematical skill is enormous, he has done research in quite a lot of different areas of mathematics (analysis, algebraic geometry, algebraic topology, category theory), but he never bothers at all with making his results well-known. (In fact, at least one time he actually had to be persuaded to even publish his result, which got immediately accepted in Inventionaes, the most highly regarded journal in pure mathematics.) He even couldn't be bothered to apply for a much better-payed position at another university in Germany when he was almost urged to do so.
Anyone who knows him will burst out laughing when he reads that he supposedly said "I'm very proud of all these individuals from around the world and their efforts to solve this first factoring challenge." and all this other stuff in that paragraph of the article. I bet the author of this press release desperately tried to get some phrases longer than 5 words out of his mouth, gave up, and then decided to just make up all the quotes.
Now with his mathematical skills, number factoring is (in his own opinion) a rather dull activity. The reason he is doing this is that he expects an economic breakdown soon, and he thinks of his knowledge in number-factoring as an assurance against the coming job crisis. (Of course, his position is guaranteed by the German state until his retirement.)
But if you manage to get along with him, he is actually quite nice and extremely helpful.
Yeah, it is completely obvious that the kernel should be re-written in a high level language, such as C#, python or pike. The only thing to argue about is whether to use GTK- or QT-bindings for the splash screen.
Has anybody done the work to setup PCH in a project built with the standard GNU Makefile tools autoconf/make/header? I tried it once, but didn't see a good solution to get the dependencies right. Of course, genuine support for it by automake would be great.
The more standardized the installed Linux kernels around the world are, the easier it is for application developers to develop and test for all Linux platforms. Why do you think don't we have an Oracle certification for Debian? Because the debian vanilla kernel is different enough from the RedHat kernel that all their testing is invalidated. Also, remember that there is not even a standardized way to test whether a certain feature is available way in an installed kernel.
I think Linus Torvalds himself is always underestimating the importance of his vanilla kernel. His claim is always that it is not very important for a patch to be "in", as everyone who needs it can apply it himself. But as a matter of fact, it doesn't make sense to make an application dependent on a kernel feature, unless this feature is part of the vanilla kernel. Or unless you are willing to develop for "RedHat only", at which point the /. crowd will certainly cry foul.
The other point is, of course, that many forks imply a diversion of kernel development resources. For the record, one of the reasons Andrew Morton has given for accepting the 4G/4G patch into -mm is that he is aware that distributions will need it anyway, and he doesn't want to have distribution kernels diverge from vanilla as quickly as in 2.4. (Actually, now that objrmap is in -mm, it might not be necessary any more.)
Unlike software development via open source usability is something that is not easily done without money.
No. 1.
Usability virtually requires money because of the way that it is done.
No. 2.
Usability is much more than doing surveys, or talking to people, or just watching people.
So please, what is it, then?
What is needed is a fully funded usability study.
No. 3
To get reliable data, you often need to motivate people with money.
No. 4. But the Grok-doc project has the chance to have people motivated simply because they want to do what they are supposed to do. The way I imagine this to happen, is that when Geek mum wants to print her e-mail in the Linux box geek has set up, instead of showing her how to do it he lets try to do it herself, watches her, and then reports what he found on the Grok-doc wiki. I also don't see your point that none of the geeks would be willing to do this. So many linux geeks help their friends etc. with linux issues all the time, then it is really not much more of a time investment to let watch them a little with what they are trying to do, and then report the findings on the Wiki later.
whereas usability labor costs money.
No. 5.
Do we really want research that covers everything, in an unstructured WiKi environment?
Yes, we want research that covers everything in a self-organizing and self-structuring WiKi environment. Why are WiKis "unstructured"? Do you really think wikipedia.org is unstructured? I haven't yet seen a better way to organize information coming from many many sources than a Wiki.
Maybe you are right that usability studies without funding will never work. But you haven't given any reason for that claim. And people probably have said the same thing about programming an entire OS kernel 10 years ago.
Give them a try.
E.g., if you sell a product, and you disclaim all warranty somewhere down in the EULA, without any advertising of this clause, then that clause is simply invalid. The whole license still applies, but gets applied as if it had not contained that clause. A similar rule applies to forbidding reverse engineering of products.
Apart from such specific regulations, anything in a treaty or a license that is "sittenwidrig" (s.th. like "against common moral standards", yes, the word is as weird as that) is simply invalid. (This is only applied in pretty extreme cases, I think.)
So the law protects your treaty and licenses by enabling you to enforce them, but it doesn't do so with closed eyes regardless of the content.
If I want to release my code under a license that says you must do 50 jumping jacks before you can modify/compile/install/distribute it, why can't I?
I think there is little case law deciding 50 jumping jacks are "sittenwidrig" I am afraid.
But that suggestion (distributing the patches encrypted to all subscribers, and then publishing the decryption key) is so ridiculous that of course it didn't make it into either the main part of his article, nor into the slashdot summary: He wants to speed-up the patch installment. But this only saves the 5 minutes to download a patch, which are of course the smallest part of the time it takes to install a patch for a competent sysadmin that does some minimal testing before rolling it out. (And for a non-competent sysadmin that lazily waits 2 months until he gets horrified by reports about exploits, too.)
Pretty much the only change would be that the encrypted patch carries the message for the sysadmin: "Hey, wake up, there will be a patch to install tomorrow." The same effect could be achieved by a short notice on the relevant security mailing list. And I think there is a good reason why vendors excactly do NOT do that.
...as it would make such a sweet valentine's day present...
I find the game to be not only fun but also rife with philosophical implications. It reinforces certain lessons of everyday philosophy, for instance the importance of trying hard (my games vary widely in quality, depending on effort and attention) and maintaining some humility (just when I think I've gotten good, someone comes along and wipes the board with me).
But then he goes on to make a discussion about platonism that could IMHO be made much better (and would be more interesting) in relation to mathematics.
It hapens that I have just (about two hours ago) written a short essay on how to improve in another board game. What I didn't dare saying there is that you cannot seriously improve in go without trying to improve get an overall positive attitude towards life, somehow trying to be on top of it.
I would certainly have loved to see a chess player's take on that topic. Chess is probably still a little more competitive than go (in the Western culture), and they might well know more about it than we go players do.
An effctive alternative is a traffic light that is red and turn green a fixed amount of time after an approaching car has come to a certain distance. Those who were going too fast have to stop, others can drive on smoothly.
Let me start by claiming that optimizing desktop performanceis all about optimizing I/O patterns (contrary to what all Gentoo users think :P). My KDE startup is about three times as fast when I everything is in the disk cache, so it is clear where the bottleneck. (Just try logging in to KDE after boot, then log out and log in again.) A concentrated effort of
- passing on the right hints from KDE via glibc to the kernel (e.g. an madvise() call when loading executables giving the hint that probably most part of the file will be needed later on),
- trying some anticipatory reading of config files/libraries etc. from startkde where it is known that they will be needed, and that they are hopefully laying contigiously on the disk,
- optimizing disk layout for the common access patterns
would IMHO make a far bigger difference for the desktop experience than optimizing compiler flags by using gentoo or using a preemptible kernel.There has been a lot of discussion about this on the kde-optimize list (with Andrew Morton participating), so maybe we can hope that KDE 3.3 will offer some improvements.
As an aside, yes, we all hate the windows registry, but I think we should admit that for boot time optimization it is the right thing to do (having everything in one file that is layed out in one contigious block on the disk.)
Well. The "exploits" he published are so trivial that the company certainly knew about them being possible (see my other post here). Any hacker caring about this product would be able to find them. In such a case, I agree that the responsible is to educate the public about the flaws.
I read his originial analysis (in french) of this antivirus software which, according to him, prompted the charges of "counterfeiting". This article contains a description of the software, a section about "exploits" (you will agree about my question marks in a minute), a section where he demonstrates false positives, a test against a couple of known viruses, a short section about 2 points he liked about the software, then a list of detailed suggestions to improve the product, and finally an epilogue on the response from the company.
Probably didn't like the first suggestion for improvement "First of all: stop making believe that Viguard can do miracles." (The other suggestions are completely technical.) But let's focus on section 2, containing the 6 "exploits":
-
2.2 Deactivating Viguard by simulating the mouse-clicks with which a human would deactivate it
- 2.3 Just use TerminateProcess() (the windows equivalent of kill -9 if I understand correctly)
- 2.4 Add the md5sum of the trojan to an (unencrypted) whitelist of md5sums maintained by Viguard
- 2.5 In each directory, Viguard maintains a file "certify.bvd" which lists all known-good executables in this directory, "encrypted" by a XOR with a fixed key. So a virus just has to install itself in a new directory along with the appropriate certify.bvd file.
- 2.6 "For a good laugh": Rename a virus from
.exe to .bat
- 2.7 Almost the same as 2.5.
All completely trivial. The only thing that comes close to the counterfeiting charges is that he offered programs for download that decrypt the configuration file and the certify.bvd files (both "encrypted" by XOR with a constant and short byte sequence).So this declaratory judgement that IBM is not infringing copyright is very tangent to the SCO vs IBM case. But of course, it would give very nice munition against the SCO out-of-court FUD, which is probably why IBM is asking for it. It might also have an impact on SCO vs google etc., I don't understand the issue well enough to judge this.
Also, that IBM is filing for this judgement now doesn't mean that the judge will rule on this next week. AFAI understand, this judgement will just be part of the final ruling on the case.
That's not how I read the claims. The basic claims are 1, 10, 18, 26, 35, 40. Adding encryption or checksums to storing the data structures as cookies are covered by separate claims, always listed in addition to the basic claims.
The whole point of this patent is IMO what they call "schema data". By this they mean having a separate file that describes the data structure used in the cookies, so that the way the data structures can be changed without changing the code en/de-crypting the cookie. (Claim 1.) Unless someone is using such a metafile describing the data structure, and has written a generic cookie parser that is controlled by this metafile, I am pretty sure he will not be infringing the patent. This is, of course, not revolutionary, but it's definitely much better software design than the typical PHP/MySQL web site.
Adding versioning of the data structures is claim 7. Claim 26 is then about using this data to generate personalized web pages from the cookie data without any database lookups.
So, IMHO this patent isn't that silly. You most likely don't have to "work around" it just because you are storing some structured user data in cookies, it is to the contrary very unlikely that you are infringing it. Definitely, all posts here have missed the "schema data" aspect so far. Maybe there is prior art for this, but if there is, noone has pointed out any so far.
I think the only good reason to be against this patent is to be against software patents in general. Which I am, btw:)
The general attitude of not caring about the layout, and just putting in the content, leads to pages which have far tooo long lines in typical browser windows (I thought that latex had spread the news that lines should not have more than 66-68 letters), have the ugly "ul" lists as the main structural ingredient, and makes the whole site (there's actually quite a lot of content there) pretty hard to navigate.
But I am pretty sure that they support lynx well, yeah. Don't want to troll, but I think Linus Torvalds' quote recommending to print out the GNU coding standards just once (so that you can burn them) applies to their Web Site Guidelines equally well. It should be time that the 90s and the news that a well-layoutet presentation actually helps to communicate the content (instead of "just distracting from it") reaches every web site author out there, even if he only uses emacs on console for his daily work.
*runs*