Foofoobar writes "Just when you thought all was safe on the crazy patent front, Microsoft has come out of the obvious patent closet to file patent number 7617530, which basically duplicates the functionality of 'sudo' which is found in all Linux systems. PJ over at groklaw has a wonderful writeup on the entire fiasco."
As usual, you need to look at the claims of the patent. For example these points dont really cover sudo:
1. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.
2. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising: determining multiple accounts capable of permitting a task not permitted by an account of a current user wherein the determining is based on criteria comprising: frequency of use; association with the current user; and indication of sufficient but not unlimited rights; receiving indicators for the multiple accounts capable of permitting the task; presenting a graphical user interface, the graphical user interface having: multiple account regions, each account region identifying one of the multiple accounts capable of permitting the task; an authenticator region capable of receiving an authenticator for one of the multiple accounts capable of permitting the task; receiving, through the graphical user interface, the authenticator for one of the multiple accounts capable of permitting the task; and responsive to receiving the authenticator for one of the accounts capable of permitting the task, packaging, into a computer-readable package, the received authenticator and the account capable of permitting the task associated with the authenticator, the package effective to enable authentication of the account capable of permitting the task.
3. The media of claim 2, where the each account region comprises a name identifying one of the multiple accounts capable of permitting the task.
4. The media of claim 2, where the each account region comprises a graphic identifying one of the multiple accounts capable of permitting the task.
5. The media of claim 2, further comprising permitting the task.
6. The media of claim 2, further comprising authenticating the account capable of permitting the task and, responsive to authenticating the account capable of permitting the task, temporarily elevating rights of the current user to that of the account capable of permitting the task effective to permit the task.
7. The media of claim 2, wherein rights of the account of the current user are limited by controlled-access software.
8. The media of claim 7, wherein the task is prohibited by the controlled-access software prior to authentication of the account capable of permitting the task and wherein the controlled-access software refrains from prohibiting the task in response to authentication of the account capable of permitting the task.
Thanks for telling us that those claims are too complicated for you to read. Please make sure to put that on your resume, because if I was a potential employer looking to hire you for anything even remotely technical, I'd want to know that you give up whenever a discussion gets remotely above the complexity of "M$ sux0rz."
Since when do programmers need to be patent lawyers? Patents are written in fluent legalese, not plain $HUMANLANGUAGEOFYOURCHOICE.
Law is the programming language for the system of society. The problem is, rather than doing exactly what you told it to do, regardless of whether that's what you wanted it to do, the system makes every possible effort to interpret the code in such a way so that it doesn't have to do what you instructed it to do.
Thanks for telling us that those claims are too complicated for you to read. Please make sure to put that on your resume, because if I was a potential employer looking to hire you for anything even remotely technical, I'd want to know that you give up whenever a discussion gets remotely above the complexity of "M$ sux0rz."
That's not a technical description: it's legalese. I've done my share of technical writing, ranging from scientific journals articles to user and developer documentation, but I'd never be able to get away with producing such incomprehensible gibberish.
by Anonymous Coward
on Wednesday November 11, @09:25PM (#30068678)
As an ex-programmer/technical writer who is now a lawyer who's also worked at the USPTO as an examiner (during law school), I feel I must weigh in on the language issue. Patents and patent applications are neither technical documents nor legalese. They are a unique and bizarre hybrid of the two which, quite frankly, I think no one understands. The claims, specifically, since the specification is sometimes actually intelligible in a meaningful way. Everyone (examiners, phositas, judges, lawyers) has trouble dealing with claims and their meanings. The fact that we require pre-litigation court hearings to determine what a claim means (Markman hearings) AFTER the USPTO has already reviewed and approved the claims, which requires determining what the claim means, should be a sufficiently strong indicator that the current style of writing for patents is uncommunicative and ineffective.
To speak more directly to software patents, the USPTO doesn't recognize such a thing literally. Moreover, in general the PTO doesn't look upon the software field as a true technical/engineering discipline, and so looks down upon software/programming expertise in it's examiners. If it appears that the PTO doesn't know a thing about how software works or what is out there as prior art, it is because generally it doesn't know a thing. The field of endeavor isn't recognized or utilized, and examiners often interpret claims to avoid dealing with software (as they don't have the background knowledge to know how to begin researching the prior art).
Software may or may not be patentable ideologically, but as long as the field is given short shrift and basically sneered at by the PTO, no patent process will make sense for the majority of software/business method patents.
The big industry writes them up just as protection from patent trolls and then collude to keep small competition out (ie Microsoft was threatening that Linux was stepping on its patents back in the day).
Patents were made to spawn innovation - bypassing secretive guilds by incentivizing the opening of knowledge to public domain in exchange for a limited time monopoly. Projects and society are way too fluid now to keep many inane details secret anyway. There needs to be a study of which types of patents coming in provide useful knowledge to the People, and which majority are just wastes dumps of text - and amend the system accordingly.
I would urge the USA to do this now, while it is the leading superpower in which others follow suit. It may have been to our advantage in the past, but not so in the future, imo.
No, they don't. Only one independent claim (i.e., 1, 2 or 9) has to apply (at least it's like that in Europe), or an independent claim along with some dependent claims if you want a stronger case because then the claims become more specific and hence hopefully more distant from the prior are (e.g., 2 and 3, or 2 and 7 and 8).
This isn't exactly sudo.
That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.
That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.
Indeed. In fact, this patent reminds me more of PolicyKit (which is GUI-based) than sudo. See screenshot [wikipedia.org], which almost exactly matches how I visualised the patent after reading the initial claims.
According to patent law, the above example of murder-by-verbiage is supposed to help third-parties implement the invention described, but the language employed is clearly designed to accomplish the exact opposite. I think it's time to put the patent system out of its misery.
In an attempt to patent a thing rather than the software itself, they say:
One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
In other words, it's not the operation itself, or the software, but the actual _disc_ that they're claiming. The medium, not the message, as it were. At least it's a physical thing.
I don't know if "downloaded software" would violate the patent, or if they'd try to claim that having it on the server's discs would violate it. (Surely they wouldn't try to claim that your hard disc on which you've downloaded it would violate the patent, would they?)
Where's your analysis of the degree to which this "isn't exactly sudo"? It's pretty damn close. If it comes down to the degree of "exactly," please provide some examples from patent case law that show that the degree of difference here is sufficient for the two programs not to be close enough to the same that sudo, had it been invented after this patent, wouldn't violate said patent.
I'm nothing like a patent attorney. But my understanding is that if someone invents a special right-angle shovel, and patents it, you're going to be in trouble even if your shovel head is only at an 80 degree angle rather than 90 degrees. If not at 80, certainly at 89.
Besides, this patent ends with language claiming that the method of implementation is only the preferred one, while the patent covers other methods of implementation of the same underlying concept. And in which sense is the underlying concept even a few degrees different from what sudo does? Your analysis?
Adding a GUI is no more "creative" and "non-obvious" than adding "on the Internet".
Then again, it might be non-obvious to Microsoft. Does anyone remember if Microsoft XENIX had a sudo equivalent? It would be nice to use something from them from a quarter-century ago as prior art.
Remember that they all have to apply. This isn't exactly sudo.
Not correct. Of the claims you listed, 1, 2, and 9 are independent claims and can stand alone. A competitive product that incorporated just the elements of, say, claim 9, would violate this patent. A prior art product that included the elements of claim 1 would invalidate claim 1 as an independent claim, but not necessarily the combinations of claim 1 and claim 13 or claim 1 and claim 14. Unless the dependent claims 13 and 14 were subsequently judged to be obvious in light of the earlier product that demonstrated claim 1.
To an aggressive patent prosecutor, "exactly" has nothing to do with it. The approach is "We've got this patent, see? Pay us the money or we'll sue until you're out of business".
Except, gksudo doesn't come up in response to a failed security authentication. gksudo comes up because the control panel knows it needs administrator permissions and explicitly calls gksudo. gksudo is not sitting around behind the scenes, watching for authentication failures.
This patent was filed more than four years ago, in April of 2005. This filing predates Red Hat's announcement of PolicyKit by about a year. And PolicyKit probably wouldn't cover this even if it predated the Microsoft concept because it doesn't meet the "automatic" criteria, AFAIK.
And for anyone thinking that this is a patent on sudo, it is not. It also is not a patent on Apple's AuthorizationExecuteWithPrivileges, though it is much closer to that. It differs from the Mac OS X design in that it:
Executes when the privilege violation occurs without requiring the app to be aware. This is, of course, a really dangerous idea for reasons I'll get into momentarily.
Displays a list of accounts with the appropriate privilege. This is arguably not that useful on most OSes, but it is important if you have a rights system that is way too complicated....
It further differs from sudo in that it presents a GUI (in addition to the two ways above).
Regarding launching a GUI window when a privilege violation occurs, this is precisely why Windows got the "Allow or Deny" reputation it got. You really don't want to authorize every little action. Further, when it comes to a typical desktop environment, a rights system should not be so complex that there are more than about two classes of users anyway---those who have the rights to modify system files and those who are limited to their own files. Therefore, something like sudo, PolicyKit, AuthorizationExecuteWithPrivileges, etc. is generally a much better design because it puts the application in control of the experience and allows you to run a series of actions with elevated privileges, forcing apps to be designed with proper privilege separation, and reserving elevated privileges for only the minimum portion of the code necessary. The Windows "automatically throw up a GUI when you get a permission denied" design has a significant risk of creating user indifference towards important security notifications, which results in a significantly less secure system in the long run.
Also, I'm under the impression (based on the patent) that Windows is temporarily elevating the privileges of the application itself, which means that you now have a much larger chunk of code that must be checked for security holes, lest malicious individuals co-opt the application for nefarious purposes. Such a design also makes it very hard to adequately use code signing to ensure the authenticity of the code running with elevated privileges, thus allowing security holes in the app to readily be exploited and turned into the equivalent of root holes just by the user clicking "Allow".
In short, it's a terrible security design filled with myriad fundamental design flaws, all codified in a patent filing for all to mock. I certainly won't lose sleep over this patent getting approved. No one should reasonably want to implement the sort of security architecture that would violate this patent.
If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.
Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.
If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.
Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.
You've said this in at least two different posts, yet failed to indicate what those do that this patent covers. For example, OSX doesn't present an interface with a "selectable help graphic", the selection of which causes display of other accounts that have a right to permit the task, based on frequency of use, association with the user, and an identified higher-rights account that can permit the task. And that's just three of the limitations of claim 1. I doubt gksudo does them either.
Yeah, going to have to agree here. Not only is it specifically an interface brought up after you've tried to do something you're not allowed to (which is what makes it "not sudo"), this interface will give you a list of users who ARE allowed to do it (rather than just the admin account), which is what separates it from all the other implementations of this kind of security that I know of (eg cash registers that stop and require manager intervention or Windows's earlier "You look like you're trying to install a program, would you like to be administrator?" popup).
It is not uncommon to pop up the sudo dialog in response to a permission-denied error from exec(). Therefore this patent does describe already-existing art. You and a dozen other posters seem to think the error detection has to be in the same process that actually does the access violation.
Wait, you su back? You do realize that that leaves your root session in the background and complete accessible, right? The proper way to "unsu" is to just exit the shell (exit, ^D, etc).
...with Windows' lax control of permissions allowing just about anybody to run as a super user, surely they should have a patent for "sudon't" which would probably be infinitely more useful?
I am the original author of "priv", which came before sudo, and I didn't see any mention of it. This utility was published in Unix World back in 1987, and basically did the same thing. Does this mean "priv" is exempt from this patent?
If you're going to claims something copies 'sudo' with 'Linux' please realize that sudo copies su which was around long before Linux.
sudo has more features than su, yes. Everything that 'copies' sudo has more features as well.
Although the patent in this case does not copy sudo, or gksudo or OSX. The patent covers something that detects an authorization (NOT AUTHENTICATION) failure and gives an opportunity to elevate privileges and continue rather than denying the request.
su, sudo, gksudo and the OS X applet all require knowledge in advance that elevated privileges are required.
Do I think the difference is worth patenting? No, its the next logical step. However, if you're going to rant and rave about what Microsoft is patenting, at least realize they aren't patenting a clone of something you've been using for years.
You only make the rest of the OSS world look stupid to the powers that be when you rant and rave and you are completely ignorant of whats being done. We lose credibility and get written off as raving lunes when you respond like this. So please, shut the hell up.
It's US patent system's fault, not Microsoft. They have to file these to cover their own ass. And actually I haven't ever seen MS patent trolling, they've even gave their patents to organizations which purpose is to keep them open. Even the TomTom vs. Microsoft case was because TomTom attacked MS first and they had to counter.
And actually I haven't ever seen MS patent trolling,
Their shakedown of camera vendors and threats to OS implementors over the VFAT patents are a classic case of patent trolling.
The technology covered by the patents no longer has any intrinsic value, because nobody uses OSes that don't support long filenames. The only reason to use the long/short filename conversion in VFAT is purely circular: to ensure compatibility with VFAT itself.
Thus, these patents only remaining purpose in life is to create a barrier to entry in the markets that Microsoft operates in. The technology covered by them is is providing no end-user benefit, and consumers are paying royalties and getting nothing in return other than a less competitive market.
copyright doesn't protect against duplicating functionality - only copying the exact binaries/source code. If I want to write my own sudo replica, copyright doesn't stop me... but a patent would.
That is one of those statements where both sides shout "EXACTLY", and then stare at each other.
I presented this argument to someone just the other day, but here it is again: Mathematicians develop insanely difficult and complex algorithms all the time, and must share their work in the public domain because you can't copyright or patent mathematics. Not a formula, I'm talking about full algorithms, logical procedures, proofs and so on. Algorithms which have changed the world by such orders of magnitude that no matter how novel and amazing some little piece of code looks to the programmer, compared to the work of mathematicians it is almost always will come up looking pretty much completely trivial.
Imagine if someone had patented the fast fourier transform? Or any number of a virtually infinite set of unique and groundbreaking algorithms that have literally changed the course of science. Technology and science would be weaker for it, you might not even have a job with a computer in front of you.
Now why is it that sequences of logical steps, algorithms, when developed by mathematicians are anybodies game, and yet when a programmer or a software company comes up with an algorithm, a sequence of logical steps no different to the ones in the field of mathematics, it is suddenly different and needs monopoly rights granted to the author? Do you honestly think that novel method 3.57a to make database requests in a unique way is as important to the world as something like the fft? Or the Kalman filter?
Get over yourselves programmers, your code is not special, logic is logic, patenting a logical procedure is about as wrong as it gets in my books. If you develop code and it is useful, you are going to be the foremost expert in your new system. You will make money without a patent. The problem is this isn't about putting food on the table, this is about geeks who fancy themselves Knuth thinking they ought to be millionaires.
If you have a copy of his source code and duplicate product in another language, you'll get your clock cleaned in court. To effectively copy the other guys software, the best defense would be to have no knowledge whatsoever of his code.
Historically everyone in software has been copying everyone else all along. Things were fine before patents became all the rage. Imagine is Apple had patented the GUI in 1984. The windows GUI couldn't have been developed patent free until 1999. It's an absurd idea, no matter how much I currently dislike windows dominance. And, yes, I do realize Apple stole the GUI from Xerox...
The problem being you can engineer your way round a patent on a specific innovative break design in a car. Trying to work around a patent with a flowchart with a note reading "slows car down" is pretty much impossible.
After skimming the patent, this sounds more like it's more like prompting for sudo. If this were Linux, it would be something like:
"You need to use sudo to run this program. Would you like to use sudo? y / n"
This is a very specific patent and most certainly wouldn't cover sudo, but rather the automatic detection of the need for it and a very detailed description of the GUI built on it. It's almost like the people writing about the patent didn't bother to read it...
Not true. This is an ISSUED patent; see the patent number: 7,617,530. You can also check its status in public pair (http://portal.uspto.gov/external/portal/pair): 10-21-2009 ISSUE.NTF Issue Notification 1 10-01-2009 IFEE Issue Fee Payment (PTO-85B) 1 10-01-2009 LET. Miscellaneous Incoming Letter 1 10-01-2009 WFEE Fee Worksheet (PTO-875) 2 10-01-2009 N417 EFS Acknowledgment Receipt 2 08-24-2009 NOA Notice of Allowance and Fees Due (PTOL-85) 10
I'll draw your attention to the first and last lines in the excerpt from the file wrapper.
claims (Score:5, Informative)
As usual, you need to look at the claims of the patent. For example these points dont really cover sudo:
1. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to present a user interface in response to a task being prohibited based on a user's current account not having a right to permit the task, the user interface comprising: information indicating the task and an entity that attempted the task; a selectable help graphic wherein responsive to receiving selection of the selectable help graphic, the computer-readable instructions further cause the computing device to present the information; identifiers, each of the identifiers identifying other accounts having a right to permit the task, wherein the identifiers presented are based on criteria comprising: frequency of use; association with the user; and indication of sufficient but not unlimited rights; one of the identifiers identifies a higher-rights account having a right to permit the task, wherein the one of the identifiers comprises: a graphic identifying the higher-rights accounts associated with the user; and a name of the higher-rights account; an authenticator region capable of receiving, from the user, an authenticator usable to authenticate the higher-rights account having the right to permit the task, wherein: the authenticator comprises a password, and the authenticator region comprises a data-entry field configured to receive the password.
2. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising: determining multiple accounts capable of permitting a task not permitted by an account of a current user wherein the determining is based on criteria comprising: frequency of use; association with the current user; and indication of sufficient but not unlimited rights; receiving indicators for the multiple accounts capable of permitting the task; presenting a graphical user interface, the graphical user interface having: multiple account regions, each account region identifying one of the multiple accounts capable of permitting the task; an authenticator region capable of receiving an authenticator for one of the multiple accounts capable of permitting the task; receiving, through the graphical user interface, the authenticator for one of the multiple accounts capable of permitting the task; and responsive to receiving the authenticator for one of the accounts capable of permitting the task, packaging, into a computer-readable package, the received authenticator and the account capable of permitting the task associated with the authenticator, the package effective to enable authentication of the account capable of permitting the task.
3. The media of claim 2, where the each account region comprises a name identifying one of the multiple accounts capable of permitting the task.
4. The media of claim 2, where the each account region comprises a graphic identifying one of the multiple accounts capable of permitting the task.
5. The media of claim 2, further comprising permitting the task.
6. The media of claim 2, further comprising authenticating the account capable of permitting the task and, responsive to authenticating the account capable of permitting the task, temporarily elevating rights of the current user to that of the account capable of permitting the task effective to permit the task.
7. The media of claim 2, wherein rights of the account of the current user are limited by controlled-access software.
8. The media of claim 7, wherein the task is prohibited by the controlled-access software prior to authentication of the account capable of permitting the task and wherein the controlled-access software refrains from prohibiting the task in response to authentication of the account capable of permitting the task.
9. One or more computer-readable media having co
This is why software patents shouldn't be allowed (Score:5, Funny)
...because I couldn't bothered reading all that shit.
Parent
Re:This is why software patents shouldn't be allow (Score:5, Funny)
I couldn't bothered reading all that shit.
Oddly enough, that is exactly what the patent examiner said.
Parent
Re:This is why software patents shouldn't be allow (Score:5, Insightful)
Since when do programmers need to be patent lawyers? Patents are written in fluent legalese, not plain $HUMANLANGUAGEOFYOURCHOICE.
Parent
Re:This is why software patents shouldn't be allow (Score:5, Insightful)
Law is the programming language for the system of society. The problem is, rather than doing exactly what you told it to do, regardless of whether that's what you wanted it to do, the system makes every possible effort to interpret the code in such a way so that it doesn't have to do what you instructed it to do.
Parent
Re:This is why software patents shouldn't be allow (Score:5, Insightful)
Thanks for telling us that those claims are too complicated for you to read. Please make sure to put that on your resume, because if I was a potential employer looking to hire you for anything even remotely technical, I'd want to know that you give up whenever a discussion gets remotely above the complexity of "M$ sux0rz."
That's not a technical description: it's legalese. I've done my share of technical writing, ranging from scientific journals articles to user and developer documentation, but I'd never be able to get away with producing such incomprehensible gibberish.
Parent
Re:This is why software patents shouldn't be allow (Score:5, Informative)
As an ex-programmer/technical writer who is now a lawyer who's also worked at the USPTO as an examiner (during law school), I feel I must weigh in on the language issue. Patents and patent applications are neither technical documents nor legalese. They are a unique and bizarre hybrid of the two which, quite frankly, I think no one understands. The claims, specifically, since the specification is sometimes actually intelligible in a meaningful way. Everyone (examiners, phositas, judges, lawyers) has trouble dealing with claims and their meanings. The fact that we require pre-litigation court hearings to determine what a claim means (Markman hearings) AFTER the USPTO has already reviewed and approved the claims, which requires determining what the claim means, should be a sufficiently strong indicator that the current style of writing for patents is uncommunicative and ineffective.
To speak more directly to software patents, the USPTO doesn't recognize such a thing literally. Moreover, in general the PTO doesn't look upon the software field as a true technical/engineering discipline, and so looks down upon software/programming expertise in it's examiners. If it appears that the PTO doesn't know a thing about how software works or what is out there as prior art, it is because generally it doesn't know a thing. The field of endeavor isn't recognized or utilized, and examiners often interpret claims to avoid dealing with software (as they don't have the background knowledge to know how to begin researching the prior art).
Software may or may not be patentable ideologically, but as long as the field is given short shrift and basically sneered at by the PTO, no patent process will make sense for the majority of software/business method patents.
AC for obvious reasons.
Parent
Kill software patents (Score:5, Interesting)
The big industry writes them up just as protection from patent trolls and then collude to keep small competition out (ie Microsoft was threatening that Linux was stepping on its patents back in the day).
Patents were made to spawn innovation - bypassing secretive guilds by incentivizing the opening of knowledge to public domain in exchange for a limited time monopoly. Projects and society are way too fluid now to keep many inane details secret anyway. There needs to be a study of which types of patents coming in provide useful knowledge to the People, and which majority are just wastes dumps of text - and amend the system accordingly.
I would urge the USA to do this now, while it is the leading superpower in which others follow suit. It may have been to our advantage in the past, but not so in the future, imo.
Parent
Re:claims (Score:5, Informative)
Remember that they all have to apply.
No, they don't. Only one independent claim (i.e., 1, 2 or 9) has to apply (at least it's like that in Europe), or an independent claim along with some dependent claims if you want a stronger case because then the claims become more specific and hence hopefully more distant from the prior are (e.g., 2 and 3, or 2 and 7 and 8).
This isn't exactly sudo.
That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.
Parent
Just like PolicyKit (Score:5, Informative)
That's true. It's still a crappy patent application though, since it basically covers showing a password dialog box with eligible user accounts (along with some details about their associated privileges) when an operation requires elevated privileges.
Indeed. In fact, this patent reminds me more of PolicyKit (which is GUI-based) than sudo. See screenshot [wikipedia.org], which almost exactly matches how I visualised the patent after reading the initial claims.
Parent
Re:claims (Score:5, Insightful)
Oh no, I've gone cross-eyed.
According to patent law, the above example of murder-by-verbiage is supposed to help third-parties implement the invention described, but the language employed is clearly designed to accomplish the exact opposite. I think it's time to put the patent system out of its misery.
Parent
Interesting circumlocution (Score:4, Insightful)
In an attempt to patent a thing rather than the software itself, they say:
One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
In other words, it's not the operation itself, or the software, but the actual _disc_ that they're claiming. The medium, not the message, as it were. At least it's a physical thing.
I don't know if "downloaded software" would violate the patent, or if they'd try to claim that having it on the server's discs would violate it. (Surely they wouldn't try to claim that your hard disc on which you've downloaded it would violate the patent, would they?)
Parent
Re:claims (Score:5, Insightful)
Where's your analysis of the degree to which this "isn't exactly sudo"? It's pretty damn close. If it comes down to the degree of "exactly," please provide some examples from patent case law that show that the degree of difference here is sufficient for the two programs not to be close enough to the same that sudo, had it been invented after this patent, wouldn't violate said patent.
I'm nothing like a patent attorney. But my understanding is that if someone invents a special right-angle shovel, and patents it, you're going to be in trouble even if your shovel head is only at an 80 degree angle rather than 90 degrees. If not at 80, certainly at 89.
Besides, this patent ends with language claiming that the method of implementation is only the preferred one, while the patent covers other methods of implementation of the same underlying concept. And in which sense is the underlying concept even a few degrees different from what sudo does? Your analysis?
Parent
Re:claims (Score:5, Insightful)
Adding a GUI is no more "creative" and "non-obvious" than adding "on the Internet".
Then again, it might be non-obvious to Microsoft. Does anyone remember if Microsoft XENIX had a sudo equivalent? It would be nice to use something from them from a quarter-century ago as prior art.
Parent
Re:claims (Score:4, Informative)
Not correct. Of the claims you listed, 1, 2, and 9 are independent claims and can stand alone. A competitive product that incorporated just the elements of, say, claim 9, would violate this patent. A prior art product that included the elements of claim 1 would invalidate claim 1 as an independent claim, but not necessarily the combinations of claim 1 and claim 13 or claim 1 and claim 14. Unless the dependent claims 13 and 14 were subsequently judged to be obvious in light of the earlier product that demonstrated claim 1.
To an aggressive patent prosecutor, "exactly" has nothing to do with it. The approach is "We've got this patent, see? Pay us the money or we'll sue until you're out of business".
Parent
Re:claims (Score:5, Informative)
Parent
Re:This IS already being done in Linux (Score:5, Insightful)
This patent was filed more than four years ago, in April of 2005. This filing predates Red Hat's announcement of PolicyKit by about a year. And PolicyKit probably wouldn't cover this even if it predated the Microsoft concept because it doesn't meet the "automatic" criteria, AFAIK.
And for anyone thinking that this is a patent on sudo, it is not. It also is not a patent on Apple's AuthorizationExecuteWithPrivileges, though it is much closer to that. It differs from the Mac OS X design in that it:
It further differs from sudo in that it presents a GUI (in addition to the two ways above).
Regarding launching a GUI window when a privilege violation occurs, this is precisely why Windows got the "Allow or Deny" reputation it got. You really don't want to authorize every little action. Further, when it comes to a typical desktop environment, a rights system should not be so complex that there are more than about two classes of users anyway---those who have the rights to modify system files and those who are limited to their own files. Therefore, something like sudo, PolicyKit, AuthorizationExecuteWithPrivileges, etc. is generally a much better design because it puts the application in control of the experience and allows you to run a series of actions with elevated privileges, forcing apps to be designed with proper privilege separation, and reserving elevated privileges for only the minimum portion of the code necessary. The Windows "automatically throw up a GUI when you get a permission denied" design has a significant risk of creating user indifference towards important security notifications, which results in a significantly less secure system in the long run.
Also, I'm under the impression (based on the patent) that Windows is temporarily elevating the privileges of the application itself, which means that you now have a much larger chunk of code that must be checked for security holes, lest malicious individuals co-opt the application for nefarious purposes. Such a design also makes it very hard to adequately use code signing to ensure the authenticity of the code running with elevated privileges, thus allowing security holes in the app to readily be exploited and turned into the equivalent of root holes just by the user clicking "Allow".
In short, it's a terrible security design filled with myriad fundamental design flaws, all codified in a patent filing for all to mock. I certainly won't lose sleep over this patent getting approved. No one should reasonably want to implement the sort of security architecture that would violate this patent.
Parent
Much more specific than the summary suggests (Score:5, Informative)
If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.
Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.
Re:Much more specific than the summary suggests (Score:4, Informative)
If I'm reading the patent right, they've actually applied for protection of the UAC popup system that appears in Vista and Win7. There's no unqualified patent on user account privilege escalation. Indeed, "su" would be explicitly outwith this patent's claims, as it's specifically about bringing up an interface to escalate when the system determines that escalation will be required, not about escalating manually before the task is attempted.
Top marks to the Groklaw article for providing a thorough explanation for how they can't get a patent on something they're not trying to get a patent for.
macos x has been doing this since its inception.
gksudo has been around for a long time as well.
this is NOT new.
Parent
Re:Much more specific than the summary suggests (Score:4, Insightful)
Perfectly good examples of prior art that the author of that article skipped in favour of a content-less rant.
Parent
Re:Much more specific than the summary suggests (Score:5, Insightful)
macos x has been doing this since its inception.
gksudo has been around for a long time as well.
this is NOT new.
You've said this in at least two different posts, yet failed to indicate what those do that this patent covers. For example, OSX doesn't present an interface with a "selectable help graphic", the selection of which causes display of other accounts that have a right to permit the task, based on frequency of use, association with the user, and an identified higher-rights account that can permit the task. And that's just three of the limitations of claim 1. I doubt gksudo does them either.
Parent
Re:Much more specific than the summary suggests (Score:5, Informative)
Yeah, going to have to agree here. Not only is it specifically an interface brought up after you've tried to do something you're not allowed to (which is what makes it "not sudo"), this interface will give you a list of users who ARE allowed to do it (rather than just the admin account), which is what separates it from all the other implementations of this kind of security that I know of (eg cash registers that stop and require manager intervention or Windows's earlier "You look like you're trying to install a program, would you like to be administrator?" popup).
Parent
Re:Actually the summary is basically correct (Score:4, Insightful)
It is not uncommon to pop up the sudo dialog in response to a permission-denied error from exec(). Therefore this patent does describe already-existing art. You and a dozen other posters seem to think the error detection has to be in the same process that actually does the access violation.
Parent
Using a *NIX desktop would suck... (Score:4, Funny)
Re:Using a *NIX desktop would suck... (Score:5, Funny)
Meh, I rarely use sudo. I guess I'm just not too used to it. So su me.
Parent
Re:Using a *NIX desktop would suck... (Score:4, Insightful)
Wait, you su back? You do realize that that leaves your root session in the background and complete accessible, right? The proper way to "unsu" is to just exit the shell (exit, ^D, etc).
Parent
"patent this obvious idea" (Score:5, Funny)
Patent Office: "Rejected."
Microsoft: "sudo patent this obvious idea"
Patent Office: "Okay."
With apologies to xkcd [xkcd.com].
They didn't get it on their first try... (Score:5, Funny)
MS: Grant me this patent.
USPTO: No!
MS: Sudo grant me this patent.
USPTO: Okay...
Re: They didn't get it on their first try... (Score:4, Funny)
It seemed necessary...
Parent
It's the other way round actually... (Score:5, Funny)
...with Windows' lax control of permissions allowing just about anybody to run as a super user, surely they should have a patent for "sudon't" which would probably be infinitely more useful?
I have prior work (Score:5, Interesting)
Dear Newbs, su came before sudo (Score:5, Informative)
If you're going to claims something copies 'sudo' with 'Linux' please realize that sudo copies su which was around long before Linux.
sudo has more features than su, yes. Everything that 'copies' sudo has more features as well.
Although the patent in this case does not copy sudo, or gksudo or OSX. The patent covers something that detects an authorization (NOT AUTHENTICATION) failure and gives an opportunity to elevate privileges and continue rather than denying the request.
su, sudo, gksudo and the OS X applet all require knowledge in advance that elevated privileges are required.
Do I think the difference is worth patenting? No, its the next logical step. However, if you're going to rant and rave about what Microsoft is patenting, at least realize they aren't patenting a clone of something you've been using for years.
You only make the rest of the OSS world look stupid to the powers that be when you rant and rave and you are completely ignorant of whats being done. We lose credibility and get written off as raving lunes when you respond like this. So please, shut the hell up.
Re:Penalties (Score:5, Insightful)
It's US patent system's fault, not Microsoft. They have to file these to cover their own ass. And actually I haven't ever seen MS patent trolling, they've even gave their patents to organizations which purpose is to keep them open. Even the TomTom vs. Microsoft case was because TomTom attacked MS first and they had to counter.
Patent system is the one to blame.
Parent
Re:Penalties (Score:5, Funny)
There are too many sudo-intellectuals running it, that's why.
Parent
Re:Penalties (Score:5, Funny)
$ make me a patent
make: *** No rule to make target `me'. Stop.
$ sudo make me a patent
Okay!
$
Parent
Re:Penalties (Score:5, Funny)
http://xkcd.com/149/ [xkcd.com]
Parent
Re:Penalties (Score:5, Funny)
You're use of the word "genious" is brillant.
Parent
Re:Penalties (Score:5, Insightful)
Parent
Re:Penalties (Score:5, Insightful)
And actually I haven't ever seen MS patent trolling,
Their shakedown of camera vendors and threats to OS implementors over the VFAT patents are a classic case of patent trolling.
The technology covered by the patents no longer has any intrinsic value, because nobody uses OSes that don't support long filenames. The only reason to use the long/short filename conversion in VFAT is purely circular: to ensure compatibility with VFAT itself.
Thus, these patents only remaining purpose in life is to create a barrier to entry in the markets that Microsoft operates in. The technology covered by them is is providing no end-user benefit, and consumers are paying royalties and getting nothing in return other than a less competitive market.
Parent
Re:Penalties (Score:5, Informative)
Parent
Re:Penalties (Score:5, Informative)
I don't condemn all software patents.
I do. Copyright protects software, there's no need for patent protection.
Parent
Re:Penalties (Score:5, Insightful)
That is one of those statements where both sides shout "EXACTLY", and then stare at each other.
Parent
Re:Penalties (Score:5, Insightful)
I presented this argument to someone just the other day, but here it is again: Mathematicians develop insanely difficult and complex algorithms all the time, and must share their work in the public domain because you can't copyright or patent mathematics. Not a formula, I'm talking about full algorithms, logical procedures, proofs and so on. Algorithms which have changed the world by such orders of magnitude that no matter how novel and amazing some little piece of code looks to the programmer, compared to the work of mathematicians it is almost always will come up looking pretty much completely trivial.
Imagine if someone had patented the fast fourier transform? Or any number of a virtually infinite set of unique and groundbreaking algorithms that have literally changed the course of science. Technology and science would be weaker for it, you might not even have a job with a computer in front of you.
Now why is it that sequences of logical steps, algorithms, when developed by mathematicians are anybodies game, and yet when a programmer or a software company comes up with an algorithm, a sequence of logical steps no different to the ones in the field of mathematics, it is suddenly different and needs monopoly rights granted to the author? Do you honestly think that novel method 3.57a to make database requests in a unique way is as important to the world as something like the fft? Or the Kalman filter?
Get over yourselves programmers, your code is not special, logic is logic, patenting a logical procedure is about as wrong as it gets in my books. If you develop code and it is useful, you are going to be the foremost expert in your new system. You will make money without a patent. The problem is this isn't about putting food on the table, this is about geeks who fancy themselves Knuth thinking they ought to be millionaires.
Parent
Re:Penalties (Score:5, Insightful)
If you have a copy of his source code and duplicate product in another language, you'll get your clock cleaned in court. To effectively copy the other guys software, the best defense would be to have no knowledge whatsoever of his code.
Historically everyone in software has been copying everyone else all along. Things were fine before patents became all the rage. Imagine is Apple had patented the GUI in 1984. The windows GUI couldn't have been developed patent free until 1999. It's an absurd idea, no matter how much I currently dislike windows dominance. And, yes, I do realize Apple stole the GUI from Xerox...
Parent
Re:Penalties (Score:5, Interesting)
The problem being you can engineer your way round a patent on a specific innovative break design in a car.
Trying to work around a patent with a flowchart with a note reading "slows car down" is pretty much impossible.
Hence it kills innovation, not encourages it.
Parent
Re:Penalties (Score:5, Insightful)
Math equations can be brilliant and stunningly innovative yet they can't be patented. Why should software be any different?
Parent
Re:Penalties (Score:4, Insightful)
Patenting sudo is a slight legitimate error?
Damn. I want some of that anti-guilt thing you are taking.
Parent
Re:Penalties (Score:5, Funny)
No, it was a typo.
They patented *sume*. Long 'e' by the way.
Parent
Re:Penalties (Score:5, Informative)
After skimming the patent, this sounds more like it's more like prompting for sudo. If this were Linux, it would be something like:
"You need to use sudo to run this program. Would you like to use sudo? y / n"
This is a very specific patent and most certainly wouldn't cover sudo, but rather the automatic detection of the need for it and a very detailed description of the GUI built on it. It's almost like the people writing about the patent didn't bother to read it...
Parent
Re:Stop with the alarmist headlines already (Score:4, Informative)
Not true. This is an ISSUED patent; see the patent number: 7,617,530. You can also check its status in public pair (http://portal.uspto.gov/external/portal/pair):
10-21-2009 ISSUE.NTF Issue Notification 1
10-01-2009 IFEE Issue Fee Payment (PTO-85B) 1
10-01-2009 LET. Miscellaneous Incoming Letter 1
10-01-2009 WFEE Fee Worksheet (PTO-875) 2
10-01-2009 N417 EFS Acknowledgment Receipt 2
08-24-2009 NOA Notice of Allowance and Fees Due (PTOL-85) 10
I'll draw your attention to the first and last lines in the excerpt from the file wrapper.
That said, the claims DO NOT cover sudo.
Parent