Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Monday April 24 2017, @07:31AM   Printer-friendly
from the one-step-forward,-two-steps-back dept.

The USPTO (Patent and Trademark Office) has updated its Public Patent Application Information Retrieval (Public-PAIR) service so that it no longer supports HTTPS (secure) access. From the announcement with emphasis added:

Public PAIR Maintenance and Outage

The USPTO will be performing maintenance on the Public Patent Application Information Retrieval (Public Pair) beginning at 12:01 a.m., Friday, April 21 and ending at 2 a.m., Friday, April 21 ET.

During the maintenance period, Public PAIR will be unavailable.

Immediately after the maintenance, users will only be able to access Public PAIR through URLs beginning with HTTP, such as http://portal.uspto.gov/pair/PublicPair. Past URLs using HTTPS to access Public Pair, such as https://portal.uspto.gov/pair/PublicPair, will no longer work.

Can anyone explain why there would be this seemingly backwards move to insecure communications?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by Soylentbob on Monday April 24 2017, @02:45PM (3 children)

    by Soylentbob (6519) on Monday April 24 2017, @02:45PM (#498865)

    Not on any sort of large scale (especially when combined with a government non-military budget), it isn't.

    According to this [imperialviolet.org] link, Google switching to https for gmail saw an increase of less than 1% CPU usage, less than 10kb of memory per connection and less than 2% of network load increase. The load is only significant at all on session start, so downloading any bigger artifact should skew the numbers in favour of https.

    Isn't XP out of maintenance already?

    Yes, but that doesn't stop quite a large number of people who think "it's been always been good enough, why would I change?", or that they don't have enough money for a more modern computer, or any number of other BS excuses, from using it.

    The website was operating with https before, so old servers shouldn't be the problem here.

    But if I got your post correct, you wanted to state that incompetence and botched up processes could be a driving factor for this decision, and that is something I can believe easily.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 1) by fyngyrz on Monday April 24 2017, @07:17PM (2 children)

    by fyngyrz (6567) on Monday April 24 2017, @07:17PM (#499010) Journal

    1% is not a minor power footprint impact for such installations in aggregate. That's also only with modern hardware. Not every installation meets that 1% cost.

    • (Score: 2) by Soylentbob on Monday April 24 2017, @08:19PM (1 child)

      by Soylentbob (6519) on Monday April 24 2017, @08:19PM (#499034)

      That's also only with modern hardware.

      The article was from 2010 (7 years ago), I don't think hardware from that time still counts as modern anymore. The AES instruction set [wikipedia.org] for x86 was proposed 2008, so it was very likely not available in Google Servers 2010, but should very likely be available on most servers in use today. Therefore the

      less than 1%

      should go down again considerably. If they are running their servers actually on > 7 year old hardware, they should consider an upgrade; if they are running a big infrastructure, the savings in electricity will soon outweigh the investment in new CPUs

      • (Score: 1) by fyngyrz on Monday April 24 2017, @11:02PM

        by fyngyrz (6567) on Monday April 24 2017, @11:02PM (#499087) Journal

        The article was from 2010 (7 years ago), I don't think hardware from that time still counts as modern anymore.

        Okay, but modern... how modern do we have to be? More to the point, how modern are we?

        I have an 8GB/8-core (dual 4-core XEON) from 2008. It's a pretty good workhorse, and there's no particular reason to retire it because of that. It's not my daily driver anymore (that's a 64GB/12...24-core from 2009, not too far down the hardware road from the 8-core, actually), but the 8-core does host a bunch of websites.

        Personally speaking, I'm really not with the program when it comes to throwing out hardware that works well, particularly if the suggested justification is to get more efficient at something I don't really see a whole lot of need to do in the first place. Nor do I see any reason to run the machine harder just so no one can possibly see that the web page visitors are looking at a timeline from 1800, or that they are interested in my SDR software, my text markup language, etc.

        Passwords and the like, sure. Medical, email and financial data too. For those who deal with them. Perhaps porn, if one shames easily.

        The rest? Frankly, it strikes me as leaning well towards the paranoid.

        By far, I see the main problem for us in terms of (KnowingStuff == PowerOverUs == DangerToUs) as coming directly from the government, and as the voters are't willing to rein them in worth a frog's fart, well, I can only draw the conclusion they're not very serious about any of this anyway. Amazon knows what I surf for? I just can't bring myself to really care. They're no threat to me.

        Perhaps someone will convince me someday. That'd be interesting.