Knocking the site over intentionally
Summary: Information about some of the most recent DDOS attacks against this Web site and the steps to be taken next
THERE is a long history of DDOS attacks against Techrights, going back to 2008 or thereabouts. There were also press articles about DDOS attacks against the site (based on evidence provided to journalists upon request). Pinpointing who’s to blame for an attack is a lot harder than combating an attack (one way or another) and holding someone accountable is virtually impossible. People don’t just give themselves away so willing.
Over the past week there was a new pattern of DDOS attacks and they came from AWS servers, so I was able to file abuse reports and pursue this complaint (still work in progress). At this stage I am still hoping to see who or what group (or company) is behind it. This is clearly malicious.
Over the past few months I lost a lot of time (maybe hundreds of hours) due to DDOS attacks. It’s financially damaging and emotionally exhausting. I have been privately advised to file a report with the Dutch authorities over various DDOS attacks, which some told me might be connected to the EPO (or particular high-level staff at the EPO). Nonetheless, these efforts are usually a waste of time (I last tried around 8 years ago), so I did not bother. It’s a patience-draining experience that usually yields no results at all. It’s mostly symbolic. I did plan to write about this at some later stage and I even told one person that I might write more about intricate details of the attacks one day, maybe after the storm is settled at the EPO (giving too much information away usually helps the attacker). Today I would like to share some information about recent DDOS attacks and patterns that were noticed. This is information that won’t help the attacker; rather, it might discourage the attacker.
Referring to our DDOS complaints (IP addresses of the EPO hammering on our server quite heavily) and my recent “tweet”, one person told me that “The EPO IU is based in Munich but that doesn’t really tell you anything about what IP addresses are going to appear on traffic from the EPO.
“As far as [I'm] informed much of the EPO’s IT infrastructure is located in the Hague (Rijswijk) office. So even Internet traffic from Munich may be routed through a proxy in the Hague and appear with a Netherlands IP address. In any case the IU (in Munich) could presumably delegate tasks to an IT department (which could be based in the Hague).
“But the fact that you seem to be identifying IP addresses assigned to the EPO is in itself revealing.
“A lot of EPO addresses begin with 145.64 [...] You can find many of the address blocks in the db-ip.com database. For example: https://db-ip.com/all/145.64.0
“But it’s important to note that the geographical location nominally associated with the EPO IP address (e.g. Rijswijk/Hague) doesn’t really tell you where the user of the IP address is physically located (e.g. whether in Munich or the Hague).”
More technical information about the nature of the DDOS-induced strain can be published when the storm at the EPO is over. I can only speculate about who’s behind the attacks and weigh the probabilities. There is no ‘smoking gun’ just yet.
Some things, like the nature of attacks on this site, can be published upon key events, such as key facts about SIPO/Željko Topić corruption being published after a defamation trial reveals that allegations have merit and are most likely true. It would be safer for Techrights to limit sharing of information temporarily and to do so (against accusations or retaliatory tactics) only until perceived foes are powerless and widely scrutinised.
“You could try filing a criminal complaint with the Dutch authorities,” one person told me. “It seems that they have take action against DDOS attacks in the past.
“The EPO will probably try to hide behind its “immunity” but that should not protect it in this case as DDOS is not part of its official functions.”
DDOS attacks are very hard to analyse for original sources, speaking as a system administrator here. As far back as pre-2010 I have tried complaining to British authorities and it never led to the slightest of actions. They don’t even know what DDOS means, until or unless it attacks some major business or a governmental institution. Experience teaches that it’s a waste of time to even initiate action and I already have a big battle with BT (since March) and another one brewing with Amazon (over the latest DDOS against Techrights). Amazon will hopefully unmask (perhaps under increasing pressure) the identity of the account behind it all. This needs to happen soon, maybe this week.
“You may be right,” wrote to us another person with some background in this area. “It’s probably easier just to block the addresses.” Well, it’s not always possible, not with AWS anyway (far too many IP addresses).
Speaking again with one who is familiar with the EPO’s network, I begin to consider filing a complaint directly with the EPO. “As mentioned previously,” wrote to us one person, “as far as we can determine, most officially registered EPO addresses begin with 145.64.
“See here: http://bgp.he.net/AS28756#_prefixes
“Also here: https://ipinfo.io/AS28756
The E-mail addresses listed for the Network Administrators at the EPO under the second link above are rather clear.
email@example.com (that’s Wolfgang Herler) will soon be contacted.
We found two further E-mail addresses here:
firstname.lastname@example.org (that’s Niek de Ruiter).
There is also an “impersonal” E-mail address for Network Administration:
Once I get to the bottom of the DDOS attacks from Amazon AWS I may also make time to file a detailed complaint to the above addresses, complete with a list of offending EPO IP addresses (which automatically got banned by our security software/defences, based on their erratic behaviour). █
Send this to a friend
Another checkmate against software patents in the United States
Summary: More patent news from the United States, again serving to indicate that software patents over there are getting weak (harder to defend in court or acquire from the patent office)
The fall of software patents is very much real. It’s all sorts of patents that are affected by the Alice ruling (software patents and business methods being the primary examples), but we wish to focus on software because there is something unique to it, patents being abstract, software being infinitely copyable (copies of copies), and software being reducible to mathematics, making some patents impossible to work around. The other day we saw this effort to re-examine patents. “US Patent and Trademark Office will issue reexamination certificates rejecting all claims in US patents 7,138,061, 7,381,327 and 7,410,571.” Biotage is fighting against patents that have been used against it, so there is certainly some eagerness to challenge US patents right now. Many do, in fact, get invalidated at the end. Patents are therefore declining in terms of their value, as we shall show tomorrow in a separate article.
Recently, just around the middle of this month, the Court of Appeals for the Federal Circuit (CAFC) “Tightened [it] Squeeze on Software Patents,” to quote The Recorder. This invalidation of a software patents quickly made it into the press, with even corporate media coverage, which is rare. Here is the EFF’s response and some views from a rather subjective site, Patently-O. There is analysis from a Law Professor at the University of Iowa College of Law and another professor, Kevin Emerson Collins from Washington University Law School.
“There is much to celebrate here.”As always, one can immediately tell how nervous the parasites are becoming based on lawyers’ firms with their responses or ‘damage control’. It’s all over the place, especially in lawyers’ news and analysis sites, e.g. [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11].
The National Law Journal went with the headline “It’s a ‘Scary’ Post-’Alice’ World for Software Patents”. To quote a key paragraph: “In the year since the seminal U.S. Supreme Court ruling in Alice v. CLS Bank International, courts and the U.S. Patent and Trademark Office increasingly have nullified inventions involving computers or the Internet. Robert Sachs, a San Francisco intellectual property partner in Fenwick & West, has studied the trend.”
“Another Software Patent Falls to ‘Alice’,” said another headline from The Recorder.
The Williamson/Citrix case, or “Williamson v. Citrix Online” as some might refer to it in the future, is quite important, albeit not as important as the Alice case (Alice Corp. v. CLS Bank) because it’s not a SCOTUS ruling.
Check out the headline from patent maximalists: “The trend is clear in the US, says leading observer: software patent protection is diminishing – and fast” (faster than we could ever dream of).
When the worst patent maximalists, IAM, publish “software patent protection is diminishing – and fast”, it really does mean something.
There is much to celebrate here. It is truly another barrier for software patents in the US and as Fenwick & West LLP put it, “Federal Circuit Creates New (Non-Alice) Hurdle For Software Patents”. These patent lawyers (Fenwick & West LLP) also wrote that the “Supreme Court rebukes Federal Circuit on patent inducement”.
Other patent lawyers’ sites took a ‘hopeful’ approach, going with headlines such as “Hope for Computer-Related Patents”. This is another law firm with selective reporting and cherry-picking, designed to shift attention to cases that are favourable to their agenda.
They quote Justice Kimberly Moore, U.S. Court of Appeals for the Federal Circuit, as saying: “Let’s be clear: if all of these claims, including the system claims, are not patent-eligible, this case is the death of hundreds of thousands of patents, including all business method, financial system, and software patents as well as many computer implemented and telecommunications patents.”
Yes, indeed. So where is the hope for lawyers?
Alice was recently cited in this high-profile case which makes a headline again. It says that a “group of computer-based technology patent holders told the U.S. Supreme Court to hear Ultramercial Inc.’s appeal of a decision that invalidated its online advertising patent as an abstract idea, saying the high court must clarify the standards for analyzing whether an idea qualifies as abstract.”
This isn’t actually about computer scientists; rather, these are “computer-based technology patent holders,” which basically means a bunch of folks defending their own wealth.
Regarding business methods, an article titled “The status of business method patents” was recently published, saying that “Alice v. CLS Bank dealt a blow to business method patents.”
“Business method patents have a checkered history,” they claim. “They were once very much in vogue—numerous such patents issued, and many of them were litigated. Then, about two years ago, Congress enacted a special procedure that made it easier to challenge business method patents in the U.S. Patent and Trademark Office (USPTO). Then, in June 2014, the Supreme Court case Alice v. CLS Bank dealt a blow to business method patents.”
Patent boosters keep complaining about Alice. They are distracted and they acknowledge that “the IP licensing market slowed down in 2014″.
Quoting the opening bits from patent maximalists: “This uncertainty is due to a number of well publicized factors. The industry spent the first half of 2014 awaiting the Supreme Court’s decision in the controversial Alice v. CLS Bank decision. Once the Court announced its decision in June 2014, the industry spent the second half of the year analyzing its impact, particularly its impact to the Inter Partes Review process. Although the IPR provision in the America Invents Act admirably intended to increase efficiency by weeding out patents that shouldn’t have been issued, it has instead dramatically decreased efficiency and disrupted the objective patent valuation methods historically used throughout the industry.”
Well, that surely is a good thing, unless one is a patent lawyers like the majority of the voices above. At least they too are admitting that there is considerable impact after Alice. When even the biggest patent maximalists are willing to admit that software patents are in trouble, then surely software patents are in trouble. █
Send this to a friend
Summary: A look at the bias of one of the most overzealous sites for and by patent lawyers
THE bias of patent lawyers can be amusing at times. Over at IAM ‘magazine’, a notorious maximalist of patents (we have fished out some truly ridiculous articles from there over the years; search this site for “iam” to find many dozens of examples), it is being said: “It’s not just Google whose US patent grants rates have soared – it’s been a similar story for Apple & Qualcomm too.”
“Sadly, it is them who write in corporate media or (mis)inform authors in corporate media.”These are very large companies that dominate the mobile market and want to guard their domination using patents. It’s monopolisation and it’s not based on merit. Apple and Qualcomm are both exceptionally notorious as patent aggressors. In this so-called ‘magazine’ (glorified name), one of the maximalists, Joff Wild, uses the word “superpowers” to describe patent stockpiling. IAM’s intention is of course to glorify such a practice.
Over at India, where software patents are generally not allowed, IAM hopes that software and pharmaceutical patents will become possible. To quote the relevant part: “The proposed Trans-Pacific Partnership (TPP) has grabbed its fair share of headlines in both Asia and the Americas after the US House of Representatives’ dramatic rejection of a key part of the package. But although intellectual property features prominently in the deal, it may not have much of an impact on Asia’s overall IP climate even if it is passed. That’s because China and India – commonly cited as two of the most important (and problematic) markets in the region – are not party to the TPP. They are, however, both participating in negotiations for another trade agreement, the Regional Comprehensive Economic Partnership (RCEP), and recently leaked documents show that India’s policies on software and pharmaceutical patents are firmly on the agenda.”
TPP is a massive scam and those who oppose the TPP are often lied to, a common propaganda being that we need TPP to compete with China. In reality, TPP is mostly about corporate power over everything, enhancing the already-excessive protections that super-rich people have enjoyed for decades.
IAM is not alone, but it is one of the worst offenders, as we have pointed out over the past 7 or so year. Watch Reuters using phrases like “create patents”, as seen in this new article [1, 2]. It says that ‘U.S. researchers to create patents ranging from new software,” but people don’t create patents, people create something and can then apply for a monopoly on it (if eligible in their country). Treating patents like objects is not unusual; IAM stands for “Intellectual Asset Management”, so they treat patents like an “assets”.
Don’t ever expect to get an objective account in patents lawyers’ press. Sadly, it is them who write in corporate media or (mis)inform authors in corporate media. █
Send this to a friend
Summary: Some numbers to show what goes on in sites that do not share information about their visitors (unlike Windows-centric sites which target non-technical audiences)
THE common perception of GNU/Linux is that it is scarcely used, based on statistics gathered from privacy-hostile Web sites that share (or sell) access log data, embed spyware in all of their pages, and so on. Our sites are inherently different because of a reasonable — if not sometimes fanatic — appreciation of privacy at both ends (server and client). People who read technical sites know how to block ads, impede spurious scripts etc. These sites also actively avoid anything which is privacy-infringing, such as interactive ‘social’ media buttons (these let third parties spy on all visitors in all pages).
Techrights and Tux Machines attract the lion’s share our traffic (and server capacity). They both have dedicated servers. These are truly popular and some of the leaders in their respective areas. Techrights deals with threats to software freedom, whereas Tux Machines is about real-time news discovery and organisation (pertaining to Free software and GNU/Linux).
The Varnish layer, which protects both of these large sites (nearly 100,000 pages in each, necessitating a very large cache pool), handles somewhere between a gigabyte to 2.5 gigabytes of data per hour (depending on the time of day, usually somewhere in the middle of this range, on average).
The Apache layer, which now boasts 32 GB of RAM and sports many CPU cores, handled 1,324,232 hits for Techrights (ranked 6636th for traffic in Netcraft) in this past week and 1,065,606 for Tux Machines (ranked 6214th for traffic in Netcraft).
Based on VISITORS Web Log Analyzer, this is what we’ve had in Techrights:
Unknown: (e.g. bots/spiders): (23.0%)
As a graph (charted with LibreOffice):
Tux Machines reveals a somewhat different pattern. Based on
grepping/filtering the of past month’s log at the Apache back end (not Varnish, which would have been a more sensible but harder thing to do), presenting the top 3 only:
One month is as far as retention goes, so it’s not possible to show long-term trends (as before, based on Susan’s summary of data). Logs older than that are automatically deleted, as promised, for both sites — forever! We just need a small tail of data (temporarily) for DDOS prevention. █
Send this to a friend
Vladimir Putin loves puppies!
Summary: The ‘Microsoft loves Linux’ nonsense cannot be put to rest, as that tired old lie keeps resurfacing in the media
Linking to a rather poor article from Matt Weinberger (saying that “Microsoft is working with its most bitter enemies”), iophk, our reader, called it “entryism.”
“Also,” he wrote, “can any normal person or team even build one of the containers from source? I thought not. Between stuff like systemd and certain containers, we’re seeing a new kind of closed, proprietary software.”
“Between stuff like systemd and certain containers, we’re seeing a new kind of closed, proprietary software.”
–iophkWeinberger wrote another article a short moment ago. It’s the latest Microsoft puff piece with the “Microsoft loves Linux” mythology. After Russinovich glorification (the man who pretends there is a “new Microsoft” and also openwashes Windows) we inevitably see this rather bizarre new article in which Microsoft wants to sell us the illusion that it stopped attacking Linux, despite attacking it on many ways, e.g. UEFI ‘secure’ boot, patent lawsuits, bribes etc. As a reminder, see these posts (a series of six) from a few months ago:
Microsoft hates GNU/Linux. When it participates it’s in order to make Linux Windows-dependent (see Hyper-V for instance) or devour the platform in various other ways so as to make Microsoft’s non-Windows cash cows take over, in due course. This has nothing to do with Free/libre software as trying to make it proprietary software-dependent is not a contribution. It’s derailment. █
Send this to a friend
Summary: Finally reaching another noteworthy milestone for this site, which is approaching one decade in age and has accomplished some important goals
WIKI AND BLOG posts combined would probably approach 20,000 pages, plus some pages in Drupal and in static HTML (exhibits, PDF files, IRC logs, etc.), but as far as the blog posts are concerned, we are now at 19,000, which is a very large number. Google to estimated have indexed 73,000 unique pages for Techrights, plus 9,200 for Boycott Novell. Thanks to all those who have supported us over the years. Readers are the motivation. There is a lot more to come, no matter the growing number of DDOS attacks against us (we have just upgraded our hardware to help defend against them). █
Send this to a friend
Confirmed: European public money wasted attacking the public’s right to know the truth
Summary: The EPO President — or anyone who is referred to as ‘appointing authority’ — finds himself even deeper in a scandal as he silently attacks the very same people whom he pretends to negotiate with by contracting spies from London (to maliciously target British journalists)
THERE is a very large number of cracking attempts against Techrights at the moment (far more than usual). There is definitely also a DDOS attack against Techrights and the pattern can be demonstrated (it comes in waves), starting days ago. Readers have been writing about the site being down, the database being down, etc. because these attacks took the site down many times over the weekend. As a fairly experienced professional in this area (I do this for a living, focusing on sites and servers), even I am struggling. Babysitting the server and aggressive filtering became imperative, making the composition of new articles a secondary priority at best. As we have pointed out before, many of these issues started when we began criticising the EPO and showing corruption in it. Other sites that criticise the EPO report similar issues and the EPO has undoubtedly blocked Web sites critical of the EPO.
We finally have the EPO’s admission that it hired a military-connected company to spy on critics (including Techrights, based on our sources). This ought to do the EPO’s already-poor reputation no favours. This may also be illegal. If the EPO has the guts to hire a military-connected company to spy on critics, it wouldn’t be much of a stretch to also attempt cracking (forcibly gaining access to data).
The EPO is now paying (European taxpayers’ money) to military-connected company called ‘Control Risks’. We’ve been told they spy on us specifically, but we imagine they might also spy on IP Kat (Google-hosted).
“According to a comment received on her earlier post,” wrote IP Kat, “Merpel understands that the European Patent Office has responded by means of the following internal Communiqué to the concern about reports that Control Risks (who describe themselves as “an independent, global risk consultancy specialising in helping organisations manage political, integrity and security risks in complex and hostile environments”) has been commissioned by the EPO to investigate staff members…”
Here is the full text:
Investigative Unit and external firms
Regarding questions raised in recent publications and blogs
Some recent publication and blogs have questioned the participation of an external firm in EPO activities related to the Investigative Unit. I want to clarify that because the EPO Investigative Unit is rather small in terms of staffing, we need to be able to contract external companies to support our fact finding enquiries. This is one reason why an external firm can be chosen in regard to an investigation, operating within the regulatory framework of the EPO, under the full supervision of the Investigative Unit.
The European Patent Office cannot comment on specific internal investigation cases. This lack of comment is to protect the integrity of any such case and protect the interest of all parties concerned. However I would like to remind the Office has a duty of care to its employees including to investigate allegations of harassment against them by other employees. Investigations can only take place following specific allegations, made by EPO staff or external parties, and these investigations are independently and objectively carried out by the Investigative Unit, under its sole responsibility.
The investigation process of the EPO follows the best international standards and allows persons to be heard, to respond and to defend themselves against any allegations, before any conclusion of misconduct would be reported to the employee’s appointing authority. Only in any case where a serious misconduct is confirmed by the Investigative Unit, a disciplinary case could be instigated where the subject has a further right to be heard before a disciplinary committee and before any subsequent decision on a sanction would be taken.
In 2014, the Investigative Unit received 68 allegations of misconduct (-23% compared to 2013), 50% being already rejected as insufficiently specified.
So the EPO has in fact just confirmed, internally, that it hired spies (the London-based ‘Control Risks’) and it’s known who the targets are. Merpel’s response to it (remember they’re based near London) is this: “Merpel welcomes this response, but regrets that it was made only internally, when the concern raised was much more widespread, and wonders what the EPO Communications department is up to. She notes that, although it is only stated that an “external firm” has been engaged, the Communiqué appears in essence to confirm the original reports concerning Control Risks.”
Well, another important point from Merpel is that “the Investigative Unit (and by extension, Control Risks) has the power to invade the privacy of the subject to an extent that would cause uproar if it happened in a national patent office or in any private enterprise operating within the EU.”
This is not over. We will revisit this subject again and we will do our best to get to the bottom of this. Given the EPO’s appointment of thugs, bullies and alleged criminals to top positions, readers shouldn’t be reluctant to assume the worst. █
Send this to a friend
Promoting the “will code for food” myth
Summary: Dishonest generalisations and baseless deductions portray the Free/Open Source software communities as a nasty place that leads to poverty and despair
Stephen Walli, one of Microsoft’s longest-standing moles in Free/Open Source software communities (we wrote about it even in 2008), joined Microsoft, left Microsoft (acting as a mole for a while), joined Microsoft again (in a more senior position, again as a sort of top mole), then left Microsoft again because Microsoft is shutting down 'open' so as to quit pretending it cares about Free/Open Source software. How long before Walli re-joins Microsoft (the third time around)? He is now at HP.
Weird articles from Walli are the rule rather than the exception. He occasionally mocks those who are not friendly to Microsoft’s agenda or are friendly towards the FSF/GNU/GPL/copyleft/Free software. Being a Microsoft booster, mole, etc. Walli does not do much to hide his affiliation. He is an on-and-off employee (salaried) of Microsoft and this new article from him, hosted by a Red Hat-run site (he habitually posts there), is attempting to preach what Free/Open Source software communities should be like. We find it disturbing whenever Microsoft people try to preach to Free/Open Source software communities what these communities should be like, especially because Microsoft is constantly attacking Free/Open Source software communities. That’s like the Pope explaining to Muslims how they should behave, or vice versa.
Yesterday we saw some guy called Derrick Wlodarz (not familiar with him) posting a vicious attack piece against Free/Open Source software communities. He uses misleading comparisons (apples versus oranges), selective quoting (even of trolls) and all sorts of old smears against migrations to GNU/Linux. It’s a really ugly piece of work and this anti-Linux piece comes from BetaNews, where trolling against GNU/Linux is common (usually it’s from Mr. Fagioli). “He holds numerous technical credentials from Microsoft,” Wlodarz says about himself. So here again we have the Microsoft bunch smearing Free/Open Source software communities, exploiting the fact that Free/Open Source software communities work out in the open, unlike proprietary software companies where everything happens secretly and marketing people help hide the nasty elements. Microsoft boosting in Wlodarz’s articles is quite the standard though; just look at his latest articles, titled “Migrating from Windows Server 2003: 12 best practices straight from the trenches”, “Windows RT: Did it really die? Absolutely not and here’s why”, and “Windows Phone 8.1: Why I ditched Android and couldn’t be happier” (not a single positive thing to say about Free/Open Source software, only negative things). Using
systemd resistors to badmouth Linux (and by extension Free software) is just so easy, especially because the debate has been so open, as is always the case in the Free/Open Source software world.
“Some of the world’s wealthiest companies are using and also producing Free/Open Source software.”Last but not least, there is some FUD today in the Financial Times (FT is widely distributed). Longtime Microsoft booster Richard Waters attacks Free software in the FT and spreads this attack to other sites too. His premise is wrong and biased. It’s the “can’t make money from FOSS” smear. It is very baseless, it shows his ignorance, demonstrates bad research, and perhaps bad faith (he is loyal to Microsoft and has a long history of such hostility towards FOSS).
Many proprietary software companies are dying every day because they are not financially viable. Just because one Free software-based (not really FOSS, but FOSS-based) company died Microsoft boosters think they can legitimately generalise and make it seem as though supporting Free/Open Source software means being poor. Some of the world’s wealthiest companies are using and also producing Free/Open Source software. I myself have always made a living only by writing Free software; my wife does too. █
Send this to a friend
« Previous entries Next Page » Next Page »