<buzzword-compliant />

The Dalai Lama:“If I had not been a monk,” he said last weekend, “I would have become an engineer.”

Ray Ozzie has a lot to say about the Eolas v. Microsoft case. And he thinks he knows of some prior art that trumps Eolas' claim. He should–he created it.

There's a vulnerability in Sendmail that allows remote attacks by buffer-overflow. The security hole could be used for denial of service attacks against e-mail routing infrastructure.

This is just the latest problem with Sendmail, which has had other similar vulnerabilities (this is the third this year).

But you never hear about sendmail attacks in the press, now do you? And the patch for the problem was ready for deployment within 5 days of the bug being reported on the Full-Disclosure list.

I got a quick look at the keynote at Sun's SunNetworking conference in San Francisco this morning, from my desk here in Baltimore. The view was courtesy of Simon Phipps and his PowerBook and iSight camera, via a wireless LAN connection at Moscone, to me on Apple's iChat A/V.

This convergence of wireless networking and audio-video realtime conferencing is waaaay cool. It is portentous, in the same classs of developments as camera/phones and moblogging. It's like peer-to-peer TV news.

I had been in doubt about how well my iSight camera was working with my old reliable G4 Cube; despite being able to conference within my LAN, my attempts to conferene with an old colleague had been discouraging. I was convinced the problem was the speed of the G4's bus, or processing speed, or (worse yet) its cable modem connection being too slow.

It turns out, however, that it's his problem.

My column on Eolas has gone live on the eWeek site. Read it and weep.

Bill Joy is leaving Sun to “persue other interests.” Joy is the father of BSD Unix, and had a hand in many of Sun's most important innovations, including Java.

So what are those “other interests”?

The victory of Eolas Technologies in its patent infringement lawsuit against Microsoft, as I noted yesterday (”Termination Dust for Web Apps?”) has a lot of people in the open source and standards commmunity as well. Ten years of standards development is about to be upended, it seems, by a one-person company with no product except a passle of patents licensed from the University of California.

It seems ironic that the University of California was on the other end of the stick some time back when it was sued by AT&T for patent infringement for its development of BSD Unix–a case which it won, and which put a substantial amount of Unix technology into the public domain. Now, it's putting the same open source community on the spot again–unless, of course, Eolas and UC act to allow open source development based on their patents to continue, or a higher court overturns the decision against Microsoft.

The patents that Eolas claims are disturbingly broad in scope, and would seem to be undermined by significant “prior art” elsewhere in the software world/.

Of course, the Patent and Trademark Office (PTO) is incapable of screening effectively for patents that infringe on unpatented (but copyrighted) work, because there's no link between the patent and copyright systems–patents are governed by the Department of Commerce, and copyrights by the Library of Congress (which isn't even in the executive branch, to my knowledge). And the PTO is woefully understaffed, underfunded (it operates solely on the funds it takes in in patent fees) and, based on the evidence, just plain full of idiots to begin with.

Copyrights are relatively easy to enforce than patents (especially when it comes to software), and not as damaging to innovation. It's easier for the poor downtrodden masses to file for a copyright (you don't need a lawyer to do it), and copyright is protected by common law in most cases. Patents, on the other hand, are generally available to anybody who can pay the lawyers to fill out the forms cryptically enough, and they not only prevent copying but can be used to prevent innovation by others.

The threat posed by software patents extends to Europe as well, where the EU has been considering a new law governing them. If passed there, it could be a spanner in the works for everybody. As Simon Phipps says: “Without a legal protection for standards against retrospective attack by software patents we will suffer death by a thousand gold-diggers as we try to navigate into the massively-connected future. ”

There are two ways to fix the disconnect between patents and coyrights. The first way is to unify the patent and copyright systems, either by some sort of shared knowledge base (or by patent inspectors using a search engine to look for prior art as part of the patent approval process, which they rarely do). But as Otter said in Animal house, “that could take years, and cost millions of lives.”

The other way is simpler: ban software patents. Period. And that's a move I can get behind.

The victory of Eolas in its patent-infringement suit against Microsoft–to the tune of more than a half-billion dollars–is knocking the rest of the Internet software industry (and the open source community) for a loop. Eolas' patent, licensed to it by the University of California system, covers web “plugins” and “applets”–any software that runs inside the web browser.

As a result, Microsoft is going to have to rewrite parts of Internet Explorer. The changes will impact any company that depends on client-side code in web applications–like Java, ECMAScript, JavaScript, Quicktime, Flash, RealAudio…the list is a long one. It could affect Netscape and Mozilla, too, as they have plugin implementations of their own. And W3C standards could be thrown into a crisis as well, as the “OBJECT” and “SCRIPT” tags in HTML (as Noel Bergman pointed out in an Apache mailing list) may be seen as in violation of the patent.

When software depends on standards to advance, how does it go anywhere when software patents can be used to essentially hold standards hostage?

My old colleague Steve Gillmor apparently got a lot of grief about his RSS obsession, thanks to a posting by the Scobleizer (there's a reason he's got that knickname, after all). Without context, Steve's RSS boosterism may seem to border on the bizarre to some. But it's easy to understand once you put all the other pieces together.

For those of you who haven't been fully indoctrinated yet, RSS (which, depending on which faction of the XML wars you belong to, stands for Really Simple Syndication or RDF Site Summary) is an XML format most commonly used to “syndicate” content (usually web content, as in news “feeds” or weblog entries)–as part of a paid or free subscription to a specific content source. RSS “feeds” are pulled in by a piece of software and rendered for a user to read directly (as with RSS newsreaders like AmphetaDesk and Ranchero's NetNewsWire, and blogging software like Radio), or processed to be posted to a web page.

At least, that's what they're used for now. Because of the way they work, RSS feeds could concievably be the delivery vehicle for any number of things. Radio already uses them to deliver media downloads–subscribe to, for instance, Adam Curry's weblog feed, and you'll get an occasional video “enclosure” download to your hard drive.

In fact, RSS is potentially a great way to deliver web services to user's desktops as well. What if they were used as the subscription vehicle for web services–to, say, syndicate an interface to a movie schedule database, or a context-sensitive connection to an online bookseller?

There's already a similar implementation of a “channel” based content delivery system that's widely distributed: Sherlock in Mac OS X 10.2 uses “channels” to deliver web services to the desktop. Sherlock uses an Apple-specific API for its web services that governs how they're presented on the client–but what if that information were just provided in the description tag for an RSS feed item, and the link was to the backend web service instead of Jow Blow's latest weblog entry?

There are already some web services being delivered as RSS. An early example of this is Google Alert (which uses the Google Web APIs to generate an RSS feed of a specific Google search, updating it daily); Radio allows users to do something similar with its “Googlebox” code.

Amazon already has an “associate” program that uses links from other people's websites–but what if it delivered a web service-based front end, through an RSS feed?

Or, what if Microsoft issued all of its security patches via an RSS feed that was consumed by the OS itself at start-up?