
Want to Block Common Passwords? Sorry, That is Patented - gnosis
http://xato.net/passwords/want-to-block-common-passwords-sorry-that-is-patented/
======
notatoad
We really need to start naming and shaming the people willing to have their
names listed on frivolous patents like this, and not just their employers. If
you're listed as an inventor on an unethical patent, you have violated the
implicit moral code of technologists and positioned yourself in opposition to
progress.

Michael Stephen Brown and Herbert Anthony Little: you are not good people.

~~~
sillysaurus
_We really need to start naming and shaming the people willing to have their
names listed on frivolous patents like this, and not just their employers. If
you're listed as an inventor on an unethical patent, you have violated the
implicit moral code of technologists and positioned yourself in opposition to
progress._

<http://paulgraham.com/6631327.html>

Paul's patent would seem frivolous now, but it wasn't then. By applying for a
patent, did he position himself in opposition to progress? Seems doubtful.

Here's another example: <http://www.google.com/patents/US5204966> This patent
was filed in 1990. I was two years old. The internet hardly existed then. Was
this patent frivolous? Should these inventors be punished according to your
ethics?

So what's our criteria for a frivolous patent? Perhaps "(a) it was filed since
2010, and (b) it covers some well-known technique." Yet that's completely
arbitrary. Punishing someone for violating an arbitrary moral code is a recipe
for evil.

~~~
comicjk
This brings up the problem of patent terms. At least in software, the ordinary
term of a patent is obviously much too long. Even granting a ten-year monopoly
would be onerous in this business; twenty is absurd - the technological
landscape can change completely in that time.

~~~
a3n
Devil's advocate: by allowing software patents, that might tend to _force_
technological change. You need to invent a new landscape if the current
landscape is illegal or onerous to operate in.

For the record, software patents annoy me and I don't think they should be
allowed.

~~~
Zuider
But the patents are so general in scope that they tend to preempt any
technological change.

What benefit is there in inventing a better mousetrap if the very idea of
causing inconvenience to vermin has been patented, and the only people beating
a path to your door are verm^H^H^H^H patent lawyers.

------
eksith
There are a couple of solutions (neither are "good" if you're worried about
being sued to oblivion ) :

1) Don't publicize how you reject passwords (this, obviously, won't work for
open source). You can reject with a generic "please choose a different one" or
something similar. Just vague enough to not directly show that you're reading
off a list of bad passwords.

2) Ignore the patent.

I'm a fan of 2, but fighting a troll alone is most definitely not an option.
If I do get sued, perhaps I can contact all other people who were also sued
(since trolls tend to fire shotgun lawsuits to see which ones buckle) and
fight back together to try and get the patent invalidated.

Meanwhile, I can write to congress (have all the others do the same) and wait
for it to have no effect whatsoever since, obviously, we all know that what
really kills American jobs is those damn immigrants /sarcasm.

~~~
hashmymustache
Yea it's a pretty ridiculous state we're in. Fortunately this patent was
probably filed defensively by RIM, but the moment they decide in the next 20
years that a branch could be more profitable by firing their employees and
siphoning some intellectual property into a litigious happy NPE, then any
group rejecting user passwords that look like p@ssword will be in violation
until the year 2031

~~~
caf
This would be the company that was once known tongue-in-cheek as "Lawsuits In
Motion".

------
davidroberts
Patents: Meant to encourage innovation, and now destroying it. Is there
anything lawyers touch these days that doesn't get irrevocably corrupted? Law
was supposed to protect rights and clarify correct behavior, not become a
profit center for parasites.

~~~
Zuider
It was always like this. The main way to become wealthy in ancient times was
through lawsuits. As soon as well meaning intentions are put into legal words,
they can be subverted.

------
throwawaykf
This has been posted here before, and I exchanged a couple of messages in the
comments section with the author to clarify some misconceptions. If you read
the claims (as everyone always should but nobody ever does), most of the
patents he mentions are actually pretty "decent", some of which are discussed
in the comments.

~~~
harshreality
Are any of those patents not algorithm, hence math, patents? Or, is your
argument that certain types of math patents are "decent" and should be
allowed? Because they're not (at least in theory), according to judicial
precedent; in practice, courts seem to have difficulty knowing math when they
see it.

~~~
throwawaykf
Your views are rooted in one of the more common misconceptions about so-called
software patents: None of them are algorithm patents, because you cannot
patent algorithms. What is patented is the application of certain algorithms
to solve a practical, real world problem. The algorithms involved are not
covered, and can freely be used for other purposes.

In this case, that happens to be preventing poor passwords. That is a
concrete, real-world problem, requiring practical solutions, which these
patents purport to provide (probably) novel, non-obvious variations of. For
example, one of the less "decent" patents uses (what seem to be) bloom filters
to track and test for poor passwords. This does not mean all uses of bloom
filters are covered by it. The claims specifically cover the method of using
bloom filters to test for bad passwords.

Really, it becomes clear what is covered when you simply read the claims.

~~~
harshreality
Mathematical equations representing (approximate) solutions to physics
problems are patentable, then? Let's turn the clocks back to 1900 and figure
out where we'd be technologically if every such "invention" had a 20-year
period of exclusivity.

~~~
throwawaykf
No, the application of those equations to practical problems is patentable. A
physics problem is not necessarily practical (2 frictionless spheres in a
vacuum are rolling towards each other...), but practical mechanical problems
necessarily have a physical aspect and frequently rely on results of solving
mathematical formulae. A patent on a mechanical solution may very well include
the solution of such equations, and always have. Funny, doesn't look to me
like the mechanical industry is stuck in the 1700s.

Edit: An early example of a mechanical "algorithm" patent -
<http://www.google.com/patents/US3765263>

~~~
harshreality
That patent is the sort of thing you're tasked with building in a mech-e
class, or as an abstract problem in a physics class. If it's patentable, then
one could say that the purpose of physics and engineering training is to build
things, patent them, and live off of the royalties, rather than to create
products people want to buy, competing in an open market.

The premise of your argument relies on the vague notion of what's a
"practical" problem and what's not. I don't think that's any more tenable than
any other defense of the current patent system I've ever seen. It's all vague,
and exchanges like this are pushing me to a more extreme position that all
patents are bogus, rather than granting that some "math" patents are connected
to specific practical problems and thus patentable.

------
apendleton
Would there be any obvious problems with defend-it-or-lose-it laws around
patents, like there already are around trademarks? Seems like it would kill
the submarine-patent market entirely, and would discourage companies from
bothering to file for patents they didn't plan on vigorously defending (I
could imagine drug companies continuing to file; software companies, not so
much).

I don't tend to hear this suggested in patent-reform discussions, though, so I
assume there's a reason not to go this route.

~~~
zerovox
Unless I'm mistaken, it certainly wouldn't stop patent trolls, who buy/keep
patents precisely so they can use them. The only thing it would stop is
companies holding patents for defensive reasons, who have no intention of
actively pursuing patent violators but who patent their ideas in-case they are
sued by a patent troll with a similar idea/patent. Google claims to follow
this in terms of open source projects[1].

[1]:<http://www.google.com/patents/opnpledge/>

~~~
jcromartie
But "defend it or lose it" means going after _all_ infringers, which patent
trolls certainly don't do. They are currently very selective about enforcing
their patents, choosing to assert where they will win.

~~~
chawco
I'm not sure it's completely practical, but this would have some interesting
interactions with obviousness -- if you need to sue half the industry, it may
say something about the obviousness of the patent itself.

~~~
Pwnguinz
Hindsight is 20/20. Everything is obvious, once someone already paves the way
to the solution.

This is why, in principle, there is the "prior art" clause. It's just not
enforced well enough in the software realm--but the mechanism to prevent
patenting something widely known _a posteriori_ does technically exist.

~~~
hashmymustache
Well the non-obvious requirement of patents to be granted in the first place
is defined such that experts in the field would not come up with it in
response to the problem it solves. This is not the case with most software
patents.

------
elvinj
There's a patent our there for just about any conceivable thing in computing.
I'm pretty sure commenting on HN articles is patented and we're in violation
right now. It's so ridiculous. No can ever really do anything with most of
them (except maybe troll companies with deep pockets or if you're building a
phone). I remember that 5 years ago when building a company people would still
ask whether you had patents. I don't think they still do, but those are just
my impressions.

~~~
randall
Oh they do. But now that's by the typically less sophisticated investors, in
my experience anyway.

~~~
rayiner
Like Google? <http://www.behav.io/> (recent IP/engineer acquisition).

"Nadav holds multiple patents in areas of social mobile networking, machine
learning, network algorithms, and sensor technologies. His work has been
featured in both academic and popular press (Technology Review,
Businessweek.com, Wall Street Journal, Wired UK, and The Associated Press,
among others), and received awards of recognition (including Best and
Distinguished Paper awards, Knight News Challenge, SXSW Accelerator, IPSN
Extreme Sensing Competition, and three Google Research Awards)."

~~~
claudius
But at least these seem to be patents that did require some effort, were
novelties at the time and appear to be useful – otherwise that list of awards
would be a list of awards you don’t want to receive.

There is nothing wrong with patenting truly new, truly sensible solutions to
actual problems, in my opinion. The problematic patents are the trivial ones
that currently swamp the software industry.

~~~
scromar
That's one of the issues though. Which patents are the "truly new" ones and
which are the "trivial ones"? It seems like many software patents seem obvious
in hindsight, a few years down the road, but they were not obvious at the time
of invention.

~~~
claudius
This is of course true, although there are really some rather trivial ones
even at the time of invention (or already outdated at the time of filing).

Maybe it would be helpful to adapt the protection period (20 years, IIRC) to
the rate of innovation in the industry?

------
danielrm26
How about "keeping bad things from happening"? That's only one level of
abstraction up from that. Could be lucrative.

~~~
thisishugo
How about a "Facility for preventing disasters."[1]

[1]<http://www.google.com/patents/EP0279864B1>

------
thyrsus
The "passwd" program on page 282 of the first edition of Wall & Schwartz
"Programming Perl", copyright 1990, would appear to constitute prior art to
most of these claims.

------
drakaal
Large companies patent everything that they use that doesn't have a patent
already. Better to have a patent for entry of text in to a form using a
keyboard than to pay a troll later.

But it is also mutually ensured destruction for fights between big companies.
You can't sue me for a billion dollars because you are infringing on 2 patents
for every on of yours I am infringing. Apple vs Samsung was an example of
this.

~~~
gav
Here's an example going back to the 80's when IBM shook down Sun[1]:

>> Finally, the chief suit responded. "OK," he said, "maybe you don't infringe
these seven patents. But we have 10,000 U.S. patents. Do you really want us to
go back to Armonk and find seven patents you do infringe? Or do you want to
make this easy and just pay us $20 million?"

[1] <http://www.forbes.com/asap/2002/0624/044.html>

------
nhebb
Is there a common repository of patent troll claims? It would be nice to have
a list of things to avoid, with workarounds where possible.

~~~
djkz
I'd stay away from looking up things you might infringe. You will be liable
for treble damages and most of the trivial things are probably patented by
somebody (<http://en.wikipedia.org/wiki/Treble_damages>).

~~~
eksith
This feels counter-intuitive to me. I understand why patents are tainted by
these, but how am I supposed to know if I'm not infringing if I don't research
the idea before shipping out? Shouldn't there be a way to make sure at least
it's sufficiently different to make sure I'm not repeating something?

~~~
drakaal
Your lawyer or a consultant does a technology audit. I used to do these on
behalf of VCS on young startups to ensure they had not infringed on a patent
that would put the investment at risk.

~~~
throwawaykf
Fascinating! Any comments on how difficult/easy you found it to do a thorough
search, and how often you found patents that you thought to be risks?

~~~
drakaal
At the time it was hard. There wasn't Google Patent search which is really
useful for checking these things.

Basically I would look at what patents the fledgling startup had filed. Make
sure they didn't suck, and that there wasn't lots of prior art.

You can be a start up and get bought for nothing more than a single patent
that someone wants, so making sure the patents you have are not going to fall
down when a bigger company wants them was important.

Often I would also be checking who beat the company to what ever they were
doing, and then check those people's patent portfolio.

We didn't worry much about things like the Fat32 patent, we worried about
things like hey, this isn't a real innovation these guys just read this other
guys thesis paper and knocked it off. (Like Nick at Summly did)

From there a VC could decide if they were going to double down or cut their
losses.

------
fishbacon
This site is completely unreadable at least on my iPad, why is tweeting and
Facebooking more important than the content!?

------
codeoclock
Surely you could just do it anyway, because there's no way a patent like that
would hold up in court if they tried to sue you. I realise though that
obviously it shouldn't happen in the first place, and doing it anyway could
incur legal costs.

~~~
okamiueru
Do you have the money for the legal counsel required to take it to court? If
you do, what about Joe and his new startup, he might just go for the suggested
settlement.

~~~
codeoclock
The fact that it would cost any money at all is completely ludicrous, any
judge with any basic concept of logic can see that it's an obvious development
of technology and therefore can't be patented. You shouldn't have to hire a
lawyer to prove that.

------
pixelcort
What about using a bloom filter of common passwords? It would prevent some
safe passwords from being used, but otherwise would allow for disallowing
unsafe passwords without holding a dictionary of them, potentially avoiding
existing patents.

------
colinshark
We shouldn't be able to patent any idea just by running it on a "processor and
memory".

I'm convinced that trademark and copyright gives us all the IP tools we need.
Patents can get f'ed.

------
droithomme
Oh great, now I have to remove this common and obvious functionality from all
the web sites I have any input to.

~~~
legierski
good luck!

------
bnegreve
This one in especially good:

 _Specifying a set of forbidden passwords_

How can one spend time and money for this?

------
kmfrk
Is there a go-to password list, if you still want to go ahead and use it?

~~~
saber_taylor
You'd probably set a chron with crack or John the Ripper which would come with
a small password list and do some common permutations and then lock accounts.
Ars Technica mentioned a RockYou.com password list that is now the go to list
for serious cracking. I think it would be hard to enforce this patent for
sysadmins who implement their own system.

