01.25.09
Posted in America, Free/Libre Software, Law, Patents at 11:21 am by Dr. Roy Schestowitz
“The genesis of this [patent trolling] idea was when I was at Microsoft. We had a problem with patent liability. All these people were coming to sue us or demand payment. And Bill (Gates) asked me to think about if there was a solution.” —Nathan Myhrvold, WSJ: Transcript: Myhrvold of Intellectual Ventures
THIS is a quick rundown through developments which have potential to affect the playing field.
Government Intervention
Lincoln memorial
The pro-software patents folks at IP Watchdog recognise the fact that the battle over patents is one that can determine the outcome in Freedom’s triumph over proprietary oppression. The author also speaks about the role which the new president plays:
It has already come to light that President Obama is interested in moving the United States federal government away from proprietary software to open source solutions. I am not sure this ought to a top priority that is so important that it is on his mind during his first 48 hours in Office, but it is apparently ahead of a lot of things.
[...]
A little more than 21 months ago the United States Supreme Court issued its decision in Microsoft v. AT&T, but not much has been written about this decision, at least not when you compare it with the amount that has been written about the other patent decision that was issued the same day by the Supreme Court, namely the obviousness decision in KSR v. Teleflex. The lack of coverage for the Microsoft/AT&T case is no doubt at least in part due to the fact that KSR v. Teleflex was so highly anticipated, and completely jumbled the law on obviousness to a point where you cannot get a patent on an invention if you actually thought the invention would work.
In order to facilitate proliferation of Free software, Obama will also need to look into a serious patent reform and elimination of software patents — a point that was stressed here:
Tech to Obama: Think patent reform
[...]
Repealing software patents could give a much-needed boost to the tech industry in troubled economic times. Software patents affect all developers, commercial vendors, and open source hobbyists alike. Patents restrict what functionality we can include in our applications, how our programs can interoperate, and how and where they can be deployed. In turn, this affects every computer user, by limiting features, raising prices, and slowing the pace of progress.
It seems as though things are changing gradually, but there will be barriers if the maximalists are being put in charge. It’s a point that we raised some days ago.
DOJ Gets Another Copyright Cop
[...]
Among the tech community, there was some belief that the Obama administration understood some of the key issues, such as the damage done by draconian copyright laws — and they had shown that with the way they went about running their campaign. However, there’s an increasing realization that the techies on the campaign are entirely separate from the policy people now involved in the administration. First there was the appointment of one of the RIAA’s top lawyers as associate attorney general, and now comes news that Neil MacBride, the BSA’s antipiracy enforcer, has also been appointed to a high level role in the Justice Department.
Academic Intervention
Nature, which is a highly respected journal, has published a very important article. Despite the fact that it speaks of biology as an example, it argues against intellectual monopoly.
Abstract
A new survey shows scientists consider the proliferation of intellectual property protection to have a strongly negative effect on research.
Introduction
A system of intellectual property (IP) rights can encourage inventions by scientists and help promote the transformation of research achievements into marketed products. But associated restrictions on access can reduce utilization of inventions by other scientists. How is this trade-off working out in practice?
Here is the truth right from the horse’s mouth:
A Patent-Holding Software Engineer Explains Why Software Patents Harm Innovation
It’s no surprise that many technologists and engineers dislike software patents — even as their company’s execs and lawyers push them to get more patents. Stephen Kinsella highlights an anonymous comment from a software engineer who clearly works for IBM (though he doesn’t come out and say that directly), where he explains how IBM actively encourage engineers to file for as many patents as possible (it rewards them with monetary bonuses).
There are other new findings and articles which make similar assertions. The following article even points a finger at IBM, claiming that the company’s lust for patents is only providing ammunition to patent trolls. [via Digital Majority]
The reason patent trolling is so profitable is that over the last quarter century the courts have expanded patenting into new areas like software and business methods, and dramatically lowered the bar for receiving a patent. As a result, patents that would have been rejected 30 years ago (like this ridiculous patent on removing white space from database entries, which IBM received earlier this month) are now routinely approved by the Patent Office. As a result, patent trolls are able to buy up low-quality patents by the truckload. Even though the vast majority of the patents won’t survive legal challenges, defendants can’t take the chance that one of them might survive and force the firm into a 8- or 9-figure settlement.
Patent trolls make good poster children for the patent system’s dysfunctions, but focusing too much on them ignores the fact that abusing the patent system is a game played by large companies as well. For example, Verizon managed to extort tens of millions of dollars from Vonage to settle a lawsuit over an absurdly broad Internet telephony patent. Verizon, of course, isn’t a “patent troll,” but a competitor interested in hobbling an up-and-coming competitor. Any patent reform needs to address the Verizons of the world too, not just the NTPs.
Over at Glyn Moody’s blog, there is proof that backlash against intellectual monopolies has proven effective.
This is extraordinary. It equates those who wish – legitimately – to minimise intellectual monopolies as the moral equivalents of counterfeiters. In other words, the intellectual monoplists seem to regard *any* threat to their fat-cat lifestyle as illegal, almost by definition.
The good news is that by identifying those against intellectual monopolies as this “second threat” on a par with counterfeiting is proof of just how successful we are becoming.
That’s basically a way of saying that those who challenge bad laws or ‘dare’ to see them as illegitimate are now “criminals”. It is a nice method for shielding broken laws that are often acquired by stakeholders and put in place not because of logic.
A positive adjustment is no rebellion; it’s a simple case of striving to restore sanity, just as women needed to fight for equality and slaves needed to resist slavery in order for it to end. To suppress opposition is akin to banning organisation of labour unions. This characterises a broken democracy and deprivation of free speech.
For a little more context, worth seeing is this opinion piece from Mike Masnick.
One of our readers, Virginia, alerted us to a report concerning a gathering of US IP Attaches (basically, the US gov’t’s international copyright cops that we send around the world to try to enforce draconian IP policy), in which they spend most of the time complaining about how countries around the world don’t agree with the US’s view on intellectual property and are quick to ignore it when possible. In fact, those countries often don’t even want to invite their US counterparts to meetings because they’re “too aggressively pro-IP.”
More here:
Nations ranging from Brazil to Brunei to Russia are failing to properly protect the intellectual property assets of US companies and others, and international organisations are not doing enough to stop it, seven IP attachés to the US Foreign and Commercial Service lamented recently.
Meanwhile, an industry group issued detailed recommendations for the incoming Obama administration’s changes to the US Patent and Trademark Office.
Other News
As further reading material on this broad subject, one might also consider:
1. CES: TiVo CEO sees end of legal fight as catalyst
TiVo Inc (TIVO.O) Chief Executive Tom Rogers hopes his next day in court will give him the legal leverage to sign new cable and satellite partnerships that can boost subscribers to its digital video recorder service.
New licensing agreements with operators in the U.S. and overseas may become easier to score, once TiVo puts behind a long battle with EchoStar and the Dish Network (DISH.O) satellite TV service.
2. TTB Technologies Files Patent Application
TTB Technologies announced it has filed a continuation patent application entitled “Electronic Advertising Device and Method of Using the Same,” with claims covering methods of and devices for delivering entertainment services for free to individuals in exchange for the individuals providing identifying information and thereby displaying targeted advertisements based on the identifying information provided.
3. Vlingo’s CEO Fires Back at Nuance Over Patent Lawsuit—Says ‘When they Couldn’t Win Yahoo’s Business, This Was Their Reaction
As soon as news broke Tuesday that Burlington, MA-based Nuance Communications was suing Harvard Square startup Vlingo for allegedly infringing one of Nuance’s speech-recognition patents, I requested an interview with Dave Grannan, Vlingo’s CEO. Grannan, who came to Vlingo from Nokia last year, has spent quite a bit of time with Xconomy in the past, talking about Vlingo’s speech-to-text technology and its deal with Yahoo, which is using the disputed software for its oneSearch with Voice mobile search service.
In summary, things are definitely happening. Not much has changed, but some things might change very slightly pretty soon. It is agreed among academics that intellectual monopolies are harmful, programmers do not want them, and the new administration in the United States probably requires their elimination in order to support a software reform at the very least. █
Permalink
Send this to a friend
01.24.09
Posted in DRM, Microsoft at 8:28 pm by Dr. Roy Schestowitz
Defective, by design, by Microsoft
“We’ve had DRM in Windows for years. The most common format of music on an iPod is “stolen”.”
–Steve Ballmer, Microsoft CEO
QUITE A FEW ARTICLES about this have been circulating, so it’s probably worth bringing up the core of the news:
Microsoft yesterday unveiled its MSN Mobile Music service – and a surprise return to digital rights management (DRM).
As expected, there is some strong critique already:
While this is just a relatively small service offered only in the UK, it’s the perfect example of why Microsoft can’t get it right when it comes to competing with Apple’s iTunes Music Store. The key to success is offering a consistent user experience, with one single store. It doesn’t make sense to have each national Microsoft branch to start its own music service, with independent pricing and restrictive DRM schemes. Microsoft is laying off 5000 people, and looking for other means to cut costs?
I say, quit this pointless music store before it’s even open, and because of this saving, maybe a few more folk can keep their jobs. I’d say, get your priorities straight.
Microsoft seems somewhat out of touch because, as pointed out here, music DRM is on its way to the grave.
Last week’s agreement between Apple and the major record companies to eliminate DRM (copy protection) in iTunes songs marks the effective end of DRM for recorded music. The major online music stores are now all DRM-free, and CDs still lack DRM, so consumers who acquire music will now expect it without DRM. That’s a sensible result, given the incompatibility and other problems caused by DRM, and it’s a good sign that the record companies are ready to retreat from DRM and get on with the job of reinventing themselves for the digital world.
In the movie world, DRM for stored content may also be in trouble. On DVDs, the CSS DRM scheme has long been a dead letter, technologically speaking. The Blu-ray scheme is better, but if Blu-ray doesn’t catch on, this doesn’t matter.
Why is Microsoft so desperate to have DRM? Platform lock-in is likely to be among the causes. But that’s another story which we’ll revisit in the future. Comes vs Microsoft exhibits, for example, show that Bill Gates intended to also use “security as a lock-in.” █
“We’ve been very focused on producing a DRM system. [...] We think DRM is important”
–Robbie Bach, Microsoft President
“DRM is the future.”
–Steve Ballmer, Microsoft CEO
Permalink
Send this to a friend
Posted in Apple, IBM, Intellectual Monopoly, Marketing, Novell, Oracle, SCO, Videos, Virtualisation at 7:31 pm by Dr. Roy Schestowitz
NOVELL’S TECHNICAL officer takes stock and provides an overview where he explains Novell’s strategy. The key separation that he makes is as follows:
The four areas were:
1. Leadership. Why our products lead the industry.
2. Delivery. In the “engine room”—how we build those products, what processes result in leadership, and our commitment to interoperability as a design point in every product.
3. Incubation. How we take breakout ideas and make them into businesses.
4. Strategy and Vision. Fossa, our overarching technical strategy. Novell is an industry leader in next generation technologies and standards.
Interestingly enough, this post comes from “neomadness” instead of “ibruce” (Ian Bruce, Novell’s PR Director). What happened to Ian Bruce? Is he no longer editing these for the CTO blog? Is there a bigger untold story?
Read the rest of this entry »
Permalink
Send this to a friend
Posted in GNU/Linux, HP, Novell, SLES/SLED at 4:35 pm by Dr. Roy Schestowitz
THERE was very little in the news regarding SUSE. Very little. In fact, SJVN gave Novell/SUSE some flak by referencing us in an article about Microsoft's demise, which is partly because of GNU/Linux.
Novell, on the other hand, while still struggling with getting out of the service business and back into being a pure operating system and software play, continues to make more and more money from Linux. This, I might add, is happening despite the fact that Novell doesn’t have a good reputation with many Linux users.
Here is a new press release that mentions SLES at SAP. It’s primarily about an HP Alliance, though.
The joint offering from SAP and HP was announced in May 2008. (See May 5, 2008 press release, titled “Reliable and Affordable SAP(R) Business All-in-One Solution with SAP(R) MaxDBTM Database and SUSE Linux Enterprise from Novell to Be Preconfigured, Pretested and Preinstalled on HP Systems.”) It was designed specifically for the demands of midsized companies to provide them with a comprehensive, cost-effective, turnkey offering. Partners specifically have found value in the offering because of the quick implementation and the fact that the solution is preinstalled, pretested, preconfigured and comes with a clear implementation methodology which supports smooth projects. This allows them to offer the comprehensive, proven and reliable product that their customers want.
H-P and SLE* already get together where laptops (or sub-notebooks) are involved and here is an article that covers this. (H-P is moving towards customised Ubuntu, too)
The processor pulls Windows XP along nicely; booting up to the point at which I could launch the video player took a little over a minute. Most netbooks don’t have the horsepower to run Vista, thus the older operating system. Some come with the option to have a Linux distro as your out-of-the-box OS. The Mini 1000 doesn’t offer that option, but another model, the Mini Mi, has similar tech specs plus a Linux OS that HP calls “Mobile Internet.” HP’s warning: The Linux command line interface is disabled on that edition.
Matthew Richards, a “senior program manager of Novell’s SUSE Appliance Program” according to his disclosure, wrote an article for IDG and CNET expands on it.
Despite this promise, software has long sought to replicate physical goods: mass-produced with customization, if any, coming post-sale by a system integrator or other consultant. This has helped churn out billion-dollar software companies such as Oracle, SAP, and Microsoft, but it has failed to satisfy customer demand for a tailored fit.
I’m therefore hugely impressed by Novell’s Suse Studio, an innovative way to enable both standardization and customization of a Linux distribution.
Novell’s PR blog wrote about this too.
Turbolinux
There was an article in English which states that “Turbolinux, China Telecom contractor to develop pay systems,” but it requires a subscription to be read. █
Permalink
Send this to a friend
Posted in Microsoft, Security, Servers, Windows at 12:37 pm by Dr. Roy Schestowitz
Warpath of Web destruction
TWO DAYS ago I was unable to use the Internet properly. This network’s DNS servers came under massive attack at a time when hundreds of millions of Windows zombies ran rampant. It’s neither a new problem [1, 2] nor does affect just the network that I’m on. There are similar complaints and status reports out there on the Web right now.
Potential Latency on Network Solutions DNS
There is a spike in DNS query volumes that is causing latency for the delay in web sites resolving. This is a result of a DDOS attack. We are taking measures to mitigate the attack and speed up queries
—————-
There may be some latency on Network Solutions DNS Severs and some queries may be timing out. This may include instances when someone types a domain name into a browser and the website will temporarily not resolve. Network Solutions Operations is working on optimizing the DNS queries and investigating the issue.
There is nothing that prevents a determined cracker (or a gang of them) from taking down DNS globally [18, 19], especially given Windows botnets of biblical proportions . This almost happened 2 years ago and there are still no effective defenses in place. The same goes for the scale of botnets — a solution to which Microsoft cannot deliver.
“Microsoft slammed over security advice
US COMPUTER Emergency Readiness Team (US-CERT) has warned that Microsoft’s advice about how to beat the Downadup worm is flawed.
And things are getting worse before they get better.
A security expert has managed to transfer the digital signature of one Windows program to another, without invalidating the signature. Didier Stevens, who presented the attack in his blog, exploited the fact that Microsoft’s Authenticode code signing standard accepts the vulnerable MD5 hash algorithm. Stevens used this to generate two programs which have identical code signatures, but behave differently.
How long can this chaos [1, 2, 3] go on for? Many related news (2006-2008, re: DNS) are added as references below. █
What if aircrafts accepted Microsoft quality control?
_____
[1] Open source DNS server takes on BIND
Four companies led by Dutch non-profit NLnet Labs have launched an open source, Linux-compatible DNS (Domain Name System) server. “Unbound,” which is also sponsored by VeriSign, Nominet, and Kirei, claims to offer a validating, recursive, and caching DNS server that is faster than the open source DNS mainstay BIND.
[2] VeriSign Takes Aim at Open Source DNS
Now VeriSign, the company that runs that .com and .net domains, is aiming to provide an open source alternative to BIND, called Unbound.
[3] SocialDNS: Free Domains for a Free Internet
John Sullivan (FSF) invited me to present in this mailing list the SocialDNS project (http://www.socialdns.net).
I am very interested in obtaining feedback from the GNU community because we want to submit our project to the Free Software Directory soon.
[4] DNS Patches Slow Servers, but Fast Action Is Advised
Microsoft issued a mea culpa about its DNS update on July 17, saying that the patch was crippling some machines running its Windows Small Business Server suite. Then, on July 25, it said the patch could also affect some network services on systems running Windows Server 2008, Windows Server 2003 and Windows 2000. In both instances, Microsoft detailed work-arounds.
[5] DNS poisoners hijack typo domains
People arrive at these pages when the domain name they request is unavailable, because, for example, they mistyped the URL. ISPs use this redirection method, known as Typosquatting, to advertise free domains or competing products. In the present case, however, clients don’t arrive on the Typosquatter pages, but on pages with a crafted trojan.
[6] Microsoft DNS fix causes trouble for some
The Microsoft Corp. released a DNS fix in its patch slate for July, but the company seems to have problems just getting it to end users. Moreover, some users of the DNS fix have experienced additional difficulties.
So far, since Microsoft’s DNS fix was issued on July 10, there have been two separate problems associated with its installation.
[7] H D Moore has NOT been owned
From the “half truths that journo’s tell” file:
I’ve been following the Kaminsky DNS cache exploit issue closely since it was first announced – and no doubt so has everyone else in the security business. As such I was surprised to read a headline this morning that said that Metasploit founder H D Moore (and yes Virginia, there is a Santa Claus and I run Metasploit on a test machine too – who doesn’t?) had been ‘owned’ (should’ve been p’wned I think) by the DNS flaw.
The story is not true – at least according to H D Moore who claims he was misquoted by the journalist in question.
“In a recent conversation with Robert McMillan (IDG), I described a in-the-wild attack against one of AT&T’s DNS cache servers, specifically one that was configured as an upstream forwarder for an internal DNS machine at BreakingPoint Systems,” H D Moore wrote in a blog post. “Shortly after our conversation, Mr. McMillan published an article with a sensationalist title, that while containing most of the facts, attributed a quote to me that I simply did not say. Specifically, `”It’s funny,” he said. “I got owned.”
[8] SUBJECT: Microsoft SWI blog inaccuracies
As you know, 3 weeks ago I published my paper, “Microsoft Windows DNS Stub Resolver Cache Poisoning” (http://www.trusteer.com/docs/Microsoft_Windows_resolver_DNS_cache_poisoning.pdf),
simultaneously with Microsoft’s release of MS08-020 (http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx). A day later, Microsoft’s Secure Windows Initiative (SWI) team published their blog entry for MS08- 020 (http://blogs.technet.com/swi/archive/2008/04/09/ms08-020-how-predictable-is-the-dns-transaction-id.aspx).
Unfortunately, the SWI blog entry contains two serious mistakes. The first mistake is an inaccurate description of the PRNG used for the Microsoft Windows DNS client transaction ID. The second mistake is SWI’s claim that “attackers cannot predict a guaranteed, known-next TXID exactly even with this weakness”.
I contacted Microsoft about those mistakes, and while Microsoft did not refute my statements, they also refused to revise the blog entry. On one hand, I am inclined to tag this as a simple unwillingness on the side of the vendor to revise its materials and admit its mistakes. On the other hand, I cannot ignore the fact that the two mistakes, when combined, result in misleading the blog reader about the nature and the severity of the problem.
[...]
This is in stark contrast to SWI’s claims. Furthermore, Microsoft did have the full paper (actually, a draft of it which contains all the relevant technical information) well before the SWI blog was published. So the problem here is not an issue of SWI not having access to the paper when they wrote their blog entry.
[9] Microsoft preps 133 patches for Windows DNS hole
Microsoft is working on 133 separate updates for the problem, Budd wrote.
[10] Microsoft DNS Server Attacks Continue
The concept enables malicious users to run code remotely under the system privileges generally granted to the DNS service itself.
[11] Microsoft: Patch for critical DNS flaw may be ready by 8 May
The cmopany has been under pressure to address the flaw, reported last week, since software that exploits it has now been widely disseminated, and criminals are beginning to use it in attacks.
[12] Attack code raises Windows DNS zero-day risk
At least four exploits for the vulnerability in the Windows domain name system, or DNS, service were published on the Internet over the weekend, Symantec said in an alert Monday.
[13] Cybercrooks exploiting new Windows DNS flaw
Cybercrooks are using a yet-to-be-patched security flaw in certain Windows versions to attack computers running the operating systems, Microsoft warned late Thursday.
[14] Microsoft’s advisories giving clues to hackers
How’s this for a new twist on the old responsible disclosure debate: Hackers are taking advantage of information released in Microsoft’s pre-patch security advisories to create exploits for zero-day vulnerabilities.
[15] DNS security improves as firms tool up to tackle spam
Infoblox’s survey found that the number of internet-facing DNS servers increased from 9m in 2006 to 11.5m in 2007, indicative of the overall growth of the internet. Percentage usage of the most recent and secure version of open-source domain name server software – BIND 9 – increased from 61 per cent to 65 per cent over the last year. Use of BIND 8, by contrast, dropped from 14 per cent in 2006 to 5.6 per cent this year. Usage of the Microsoft DNS Server on web-facing systems also fell, decreasing to to 2.7 per cent in 2007 from five per cent last year.
[16] Use of rogue DNS servers on rise
The paper estimates roughly 68,000 servers on the Internet are returning malicious Domain Name System results, which means people with compromised computers are sometimes being directed to the wrong Web sites — and often have no idea.
[17] New shield foiled Internet backbone attack
ICANN has yet to determine the exact techniques used in the February attack. The incident will be discussed at a meeting of DNS root server operators later this month, the organization said.
[18] Zombie botnets attack global DNS servers
Hackers launched a sustained attack last night against key root servers which form the backbone of the internet.
Security firm Sophos said that botnets of zombie PCs bombarded the internet’s domain name system (DNS) servers with traffic.
“These zombie computers could have brought the web to its knees,” said Graham Cluley, senior technology consultant at Sophos.
[19] EveryDNS, OpenDNS Under Botnet DDoS Attack
The last time the Web mob (spammers and phishers using botnets) decided to go after a security service, Blue Security was forced to fold and collateral damage extended to several businesses, including Six Apart.
[20] Homeland Security sees cyberthreats on the rise
To test the nation’s response to a cyberattack, the Department of Homeland Security plans to hold another major exercise, called Cyberstorm II, in March 2008, Garcia said. A first such exercise happened early last year.
[21] Perspective: Microsoft security–no more second chances?
As if Homeland Security Secretary Michael Chertoff didn’t have enough on his plate.
Not only has he had to deal with Katrina and Osama. Now he’s also got to whip Steve Ballmer and the crew at Microsoft into shape. If past is prologue, that last task may be the most daunting of all.
[22] U.S. cyber counterattack: Bomb ‘em one way or the other
If the United States found itself under a major cyberattack aimed at undermining the natio’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source.
[23] US plans for cyber attack revealed
Permalink
Send this to a friend
Content is available under CC-BY-SA