Re: Software patents

[INTERLOG ACCOUNT <starsend interlog com>]

> 
> Yes, I agree, but this is a sort of "use their own policies against them"
> strategy. Say we stipulated that the paptents would be licensed for free
> use by any software that passed the Debian Free Software Guidelines. That
> includes all BSD-licensed software. If we had a significant bank of
> patents, we could persuade other patent holders to cross-license.
> 

Well lets start by creating a list of things that we could patent.

kernel level network seperation. 
This is something I was thinking of. For things like routers and firewalls
the ability of the kernel to detect more than one network card, and allocate
a network stack for each card. It probably requires major changes to the
networking sub-section. Up to it Alan?

Kernel Socket transfers.
In routers once a connection is made, the bulk of the real work is 
transfering data from kernel-space up to user-space then back down to 
kernel space to be shipped to another computer. This is the job of a 
proxy server. Adding the ability to tell the networking system to bypass
the user space transfer and just send it out to the other network would 
speed up routing.

Virtual Networks
This is a routing trick, where one computer will answer packets for multiple
address. This probably can't be patented, but it might be a selling point
for linux. My computer answers as three different computers depending on
who is on the other side of the modem.

Network Reporting System
Again this is probably not patentable, but have a cron job that periodically
gathers all relevent data, creates one big tarball, and send it via ftp 
transfer to a user. This could be extended to look for specific patterns
in data, and send warning messages if people try to break in.

Kernel Level Access Matrix 
This is an extension of ACLS. Instead of having a single list, set up a
matrix. Deny access to events. An example: root suing to bobs id might
be allowed, but to sues id, the access requires password protection, while
root is not allowed to su to bills id altogether. This is an added layer 
of protection against attack. Even if someone can get root access, you can
limit what root access can do. Things that root can't do would be given
to other ids.

Encryption Server
This is an idea me and someone else were seriesly throwing around once.
It will require changes to the networking subsystem so that it does a table
lookup on outgoing and incoming ip addresses, If the ip is present in the 
table, a redirection to a encryption/authentication module is done. 

The second part is a daemon that sits on a port. If the daemon gets a message
requesting encryption services, the daemon adds the ip to the table, sets
up the proper encryption module, and returns a key, to the requesting client.
All traffic is then encrypted between your machine, and the client machine.
The daemon would impliment protocols for periodic key exchange also.

The third part is a client that requests encryption. This would have to be
a daemon also, since it would have to respond to key exchanges. The daemon
could respond to requests by applications or simply request encryption for
all communication services. It would also build the table for outgoing 
encryption.

Secure Linux Workstation/Servers.
This is putting everything above together. This is really a product not
a patentable idea.

Linux Virtual Machine
This is an application jail. Think of a chroot jail with some holes.
Specifically holes to /lib /usr/lib /usr/local/lib ... . The idea is to
have a small complete linux core system that everything can access, then 
have a jail for every application. Thus if a person gets into the mail
subsystem, they won't be able to change your cgi scripts because they
are in a seperate jail cell that mail can't access.


Real Time Networking Communication
Seperate the Networking subsection altogether, and place it into the real-time
linux scheduling system. Consider the situation where I'm running a nuclear
facility with my linux workstation. Because it does very little most of the
time, I also have it setup as the quake server. If a communication from the
nuclear facility comes, it should get priority over the quake server.
This again would require seperate network stacks, but we add a priority 
scheduling to each network stack seprately. Real world applications are in
multidomain firewalls, where you want to give priority to internal-internal
traffic, and not to internal-internet traffic. 


Preconfigured Specialized Distributions
This probably can't be patented but the idea here is to have several highly
desirable configurations. Examples Linux Workstation or servers, Linux
as a bastion host, linux as a proxy server, linux for artists, linux, the
internet box. These won't be ultimate distributions for the hacker, it will
be specialized distributions for people that don't want to know how to 
configure linux. This is like rpm or dpkg packaging, but taking it one
step further, where you get an entire distribution of the OS as a single
package. The main problem my friends have with linux is its configuration for
what is really very common configurations.

Linux Workstation - The ultimate wordprocessor box, with internet capabilities.
Linux Server - http, ftp, email, news, ping ident, ntime, etc ... with a svga
config box letting you configure everything.
Linux Proxy Server - Linux, a proxy server, and a config script.
Linux for Artists - Linux, Gimp, Povray, other freeware for artists??
Linux for Scientists - Linux, stats packages, finite element analysis, etc ...
Linux for Hackers - Linux, all the development tools you would ever want?

Once you have the main packages setup you add "upgrade packages". Add internet
capabilities to the Hacker box. Add scientific package to Workstations.



						That's All Folk's
						Merry Christmas/ Happy Hannika
						Let the New Year Begin.

						B.T.