Re: IBM patents,
IBM has an interesting, and quite unique strategy regarding IP. About 20-25% of IBM patents are software patents, and IBM uses this patent portfolio to protect open source projects, especially Linux (http://www.linuxplanet.com/linuxplanet/opinions/7034/1). Also, IBM historically abandons a large portion of its issued patents (http://www.patentlyo.com/patent/2012/03/ibms-patent-abandonm...), and the abandoned patents become prior art, protecting everybody.
That's a valid point. I still don't understand why there is no (afaik) "general public patent" mechanism of some kind : a procedure to make someone claim a patent on behalf of general public.
This would certainly stops patent trolls, and avoid making people suspicious when you claim "protective patents" as you describe.
Not to be melodramatic, but as someone still in a day job this whole patent mess seriously does discourage me from taking the leap and risking everything to try to invent something meaningful only to get hit with a patent troll lawsuit just as we start to find our feet.
Don't worry. The patent trolls only come after you earned a lot of money (who wants to sue a poor company) at which point you should be able to throw enough money at some lobbyist in dc to make the issue go away.
The problem with blocking common passwords is that quite often you just end up creating a new set of common passwords.
I had to set up a management system a while back, and given the sensitivity of the data, it seemed prudent to block passwords such as "password" and "123456". The result? The most common password was "drowssap", even after an email explaining why they needed to use strong passwords.
I could have gone back and added something for permutations of common passwords, extended my exclusion list or any number of other solutions, but it seems like every time you find a way to stop a user being a security problem, they find another way.
I remember a paper, from Microsoft I think, where the proposed method was to keep a list of all passwords and prevent any password to be used more than X times. This way no password becomes common. But it would likely be frustrating for users who try to find a password (like trying to find a username on Hotmail: everything is taken!).
IANAL, but foreknowledge of patent infringement can triple damage liability right? So is just having the headline of this story on the front page of HN enough to cause problems for the entire HN community?
This comment is a little problematic. Despite the INAL qualifier, you seem to be offering legal advice or strategy. Secondly the logic is stretched,... viz: "enough to cause problems for the [entire] HN community?" Clearly for all of the non-infringing HN readers, and those for whom Ignorance is [not] bliss, here might be some interest in it. That being said, the point is a fair issue to raise. But a better note might be: check with counsel.
These frivolous software patents are actually a blessing in disguise and will ultimately be their own undoing. As more and more "patents" are filed and trolls do their best to sue people into compensation, the media song & dance will get stronger and policy makers will sit up and take note. Then it's just a matter of time until blanket reforms are made.
Blanket reforms will never happen in real world, because we're talking about huge quantities of money involved - a blanket reform the way, say, "many people would like it", would cause a sudden big loss to loss to big & powerful entities.
If I'm based outside of the US and my servers are outside of the US, these software patents would not affect me and I could implement them without risk?
I understand the site could be blocked from US browsing but that would seem extreme, especially if I registered a country TLD like .co.uk.
In plain English, I don't these patents apply to my country (UK) and are not enforceable here. But I could be wrong.
How could there not be prior art for this? I know that patents are more specific than the title of the patent, but if the patent isn't general enough to cover prior cases of blocking common passwords, then the patent doesn't even protect anything for the patent's authors. If it is general, then it is surely an invalid patent, even by US patent office standards. Very confusing.
I get why you'd want to check for weak or common passwords, but why not just require passwords to contain numbers/special characters? It may be a pain in the butt, but it takes users' lack of care for security out of the equation.
time to reform the patent review process. there is so much energy wasted fighting patent trolls. furthermore, this produces nothing, it just leaches on the wealth creation efforts of others.
For serious systems-based access, it's been key-based auth for most of the past decade. Even embedded systems (switches, routers, load balancers, DD-WRT-based WiFi routers) offer SSH key-based auth.
Key management presents its own set of problems, but most are vastly preferably to using poorly-selected passwords on a myriad of sites.
[+] [-] utopkara|13 years ago|reply
[+] [-] oelmekki|13 years ago|reply
This would certainly stops patent trolls, and avoid making people suspicious when you claim "protective patents" as you describe.
[+] [-] Lasher|13 years ago|reply
[+] [-] mdkess|13 years ago|reply
[+] [-] tomjen3|13 years ago|reply
[+] [-] angersock|13 years ago|reply
[+] [-] m8urn|13 years ago|reply
[+] [-] Fletch137|13 years ago|reply
I had to set up a management system a while back, and given the sensitivity of the data, it seemed prudent to block passwords such as "password" and "123456". The result? The most common password was "drowssap", even after an email explaining why they needed to use strong passwords.
I could have gone back and added something for permutations of common passwords, extended my exclusion list or any number of other solutions, but it seems like every time you find a way to stop a user being a security problem, they find another way.
[+] [-] omh|13 years ago|reply
[+] [-] antninja|13 years ago|reply
[+] [-] ahi|13 years ago|reply
[+] [-] npc|13 years ago|reply
[+] [-] eurleif|13 years ago|reply
[+] [-] 001sky|13 years ago|reply
[+] [-] ryanhuff|13 years ago|reply
[+] [-] redact207|13 years ago|reply
[+] [-] s8qnze982y|13 years ago|reply
[+] [-] m8urn|13 years ago|reply
[+] [-] RyanONeill1970|13 years ago|reply
If I'm based outside of the US and my servers are outside of the US, these software patents would not affect me and I could implement them without risk?
I understand the site could be blocked from US browsing but that would seem extreme, especially if I registered a country TLD like .co.uk.
In plain English, I don't these patents apply to my country (UK) and are not enforceable here. But I could be wrong.
[+] [-] xiaoma|13 years ago|reply
Edit: Well, who knows? Try it and see. Even in the worst case, you can almost certainly cut a deal.
[+] [-] JohnsonB|13 years ago|reply
[+] [-] Vivtek|13 years ago|reply
That's the problem. The patent system puts all the risk on inventors, none on IP holders.
[+] [-] thyrsus|13 years ago|reply
[+] [-] thomasfrank09|13 years ago|reply
[+] [-] danielnicollet|13 years ago|reply
[+] [-] gonzo|13 years ago|reply
[+] [-] dredmorbius|13 years ago|reply
For serious systems-based access, it's been key-based auth for most of the past decade. Even embedded systems (switches, routers, load balancers, DD-WRT-based WiFi routers) offer SSH key-based auth.
Key management presents its own set of problems, but most are vastly preferably to using poorly-selected passwords on a myriad of sites.