decoration decoration

When you want to know more...
For layout only
Site Map
About Groklaw
Legal Research
ApplevSamsung p.2
Cast: Lawyers
Comes v. MS
Gordon v MS
IV v. Google
Legal Docs
MS Litigations
News Picks
Novell v. MS
Novell-MS Deal
OOXML Appeals
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v Novell
Sean Daly
Software Patents
Switch to Linux
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.

Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal

User Functions



Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.

What's New

No new stories

COMMENTS last 48 hrs
No new comments


hosted by ibiblio

On servers donated to ibiblio by AMD.

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Monday, January 19 2004 @ 09:13 AM EST

It's free. No doubt you've heard Microsoft is offering Services for Unix free. Now you can use 90% of your Linux applications on Windows. Your dreams are coming true. 90%. So quit switching to Linux, you guys. They must think we like GNU/Linux software because of the applications.

Um, didn't Uncle Darl preach that giving software away is anticapitalistic? Destroying the economy and all that? I could have sworn he said that. Anyway, Microsoft is doing it.


Later, they say, Services for Unix could be integrated into Windows, because their license with SCO allows them to do that. Could be. Erm, does 'later' mean after they destroy all Linux competition in the server space, by any chance?

And guess who they are partnering with to bring you this product? Vintela. Does the name sound vaguely familiar? Yes, that Vintela, the privately held Canopy Group company. Oh my.

And guess how long they've been holding hands and working together? Two years.

Two years of work to give the end product away. Why, it's positively a threat to the economy. Somebody write your Congressman, quick. This must be stopped before it spreads. Free software, indeed. That's not the American Way.

When you read the "benefits" of this product they worked so hard on, a lot of things fall into place. Your blood pressure won't fall, though, that's for sure. It's positively bone-chilling.

Services for Unix software "helps integrate Unix and Windows and supports migrations of Unix applications to the Microsoft platform", according to Linux Insider. Free sounds perfect to Laura DiDio, when it's Microsoft doing it:

"'Free is a smart strategy,' says Laura DiDio, an analyst with the Yankee Group.

"'Microsoft is trying to make good and trying to make better with its customers. I'm impressed with what they are doing. They have learned from their mistakes and they don't want to repeat the sins of past years.' One of those sins, DiDio says, was changes in the company's software licensing program, which served to alienate users.

"Microsoft also has enhanced integration with Active Directory, which will allows users to manage NIS domains from the Microsoft directory. The integration, along with applications from third-party vendors, will help Microsoft flesh out its emerging identity management strategy. . . .

"One such partner, Vintela, has upgraded its Vintela Authentication Services (VAS) for Services for Unix 3.5. The VAS software runs on Unix servers and workstations and uses Kerberos or LDAP for authentication instead of NIS.

"'Ours is a NIS migration strategy, you don't run NIS on your network any longer,' says Matt Peterson, CTO for Vintela. 'We are the holy grail of identity management. People want integration not synchronization [between Unix and Windows].'

'Microsoft's Oldroyd said Services for Unix would remain a separate product and there are no immediate plans to bundle it or build it into the Windows operating system even though Microsoft has the right to do so under a licensing agreement it signed with The SCO Group last year."

People want integration? What people? I don't want that, thanks. But like it or not, they have a plan. Here's how it works, according to Microsoft's explanation:

"For the last two years, Vintela worked with Microsoft Corporation to create Vintela Authentication Services (VAS), an interoperability product that UNIX and Linux system administrators can use to seamlessly integrate their authentication needs with the user management tools in the Active Directory® directory service. With Microsoft Windows Services for UNIX you can extend Active Directory to store UNIX account information for users and groups, which provides cost savings by reducing the number of management points for user accounts. . .

"VAS provides the ability to recognize UNIX users of Windows Services for UNIX in real time and integrate their UNIX accounts—plus a Kerberos network authentication system and the LDAP protocol—with Active Directory, a central component of the Windows platform. Active Directory implements the Kerberos 5 protocol authentication standard to provide a high level of security. VAS uses Kerberos encryption to help protect sensitive user credentials from being seen 'in the clear' and to extend network and user security to all platforms.

"VAS extends the reach of Active Directory to UNIX and Linux systems, so administrators can centralize their user identity authentication needs within Windows. VAS extends that reach even further with Services for UNIX 3.5. The result is a secure, easy-to-use solution for managing a single user identity natively in Active Directory across a mixed UNIX, Linux, and Windows environment.

"According to Grettenberger, Services for UNIX 3.5, combined with VAS identity management, is a best-of-breed authentication solution for customers who are integrating Windows, UNIX, and Linux environments.

"With a VAS-enhanced user authentication solution, the customer realizes a complete migration to Active Directory while retaining all the advantages of the feature-rich Services for UNIX tools. Combined, VAS 2.2 and Services for UNIX 3.5 solve the migration problem from UNIX Network Information System (NIS) to Active Directory. NIS is a naming and administration system for UNIX networks. . . .

"Using NIS, each host client or server computer in a system has knowledge about the entire system. A user at any host can get access to files or applications on any host in the network with a single user identification and password. With NIS clients, Services for UNIX helps solve interoperability issues between UNIX and Windows with tools such as the Two-way Password Synchronization and Server for NIS components, which reduce system administration time by centralizing network management across UNIX and Windows platforms.

"'Using VAS as the second stage in a migration process is compelling for those who have used Services for UNIX to import user accounts to Active Directory and wish to migrate from NIS-based identity management,' says Grettenberger. 'Together, the Vintela and Microsoft products securely bridge the gaps that prevent network management across UNIX, Linux, and Windows-based computers. VAS and Services for UNIX offer an interoperability solution in which access control is determined by enterprise policies instead of by platform. . . .Some enterprise organizations have standardized their business infrastructures on Microsoft products, specifically Windows 2000 Server and Windows Server 2003, Windows XP, and the numerous programs associated with them. . . Therefore, it is only natural that a new centralized authentication and management system would employ Windows Active Directory instead of a UNIX or Linux alternative."

From Linux to Active Directory. Why would anyone want to go that direction? Linux accounts under the thumb of Microsoft. Can I get a second opinion before you schedule this surgery, please? Maybe I'm not looking at it from the DRM perspective, the way Daddy Microsoft would like me to. If I make that mental adjustment and realize what's good for Microsoft is good for me, then I notice the bottom line "benefit":

"Because VAS fully integrates with Kerberos encryption, VAS-enabled UNIX servers become full participants in the Windows-based identity management and authentication infrastructure. Therefore, many Microsoft management and reporting tools automatically become available to UNIX users. All users have logon accounts and passwords in Active Directory so they can securely access critical systems and applications across all platforms, eliminating the need for custom-built password synchronization scripts. Having one directory for identity management—instead of multiple directories or synchronization scripting—reduces costs. . . .

"Consolidating information into the central Active Directory repository means that user account information also can be managed from a central location, across multiple cities, states, or countries. Centralization yields a consistent approach to administration, better compliance with information security, and a standard administrative interface that reduces administrator-training requirements."

So. That's the plan, Stan. Centralization of your passwords and stuff. Under Microsoft's thumb. And watchful eye. With maybe some RIAA and Warner Bros. friends happy if they DRM everyone on Planet Earth even if it means destroying some very important things for the rest of us. Like privacy. And our security. And freedom.

Do they really expect to sell the idea that going to Microsoft from any Unix environment will *increase* security? And putting all your sensitive data in one place. Yes, that'll increase security, for sure. Not. Privacy? Well, a man who reportedly has cameras in his house keeping an eye on his guests wherever they go probably doesn't grok the concept.

In short, Microsoft would like to be your Big Brother. You can pay him later.


MS and Canopy Group's Vintela Offer to Reduce Your Security For Free | 326 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 11:29 AM EST
I knew that it would end up being another Microsoft's scheme to hurt its
competitors when it was called OpenNT and Interix. Can I have Laura's job,

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 11:36 AM EST
Wow! So now I can use <A
code</A> to emulate Linux on Windows!

Seriously though.. nobody migrates just for the heck of it, people aren't going
to move to Windows just so they can run Unix applications.

(Nor are they going to move to Linux to do the same.. Re: Why Linux hasn't
taken over completely)

[ Reply to This | # ]

Well, one thing is now illegal
Authored by: SkArcher on Monday, January 19 2004 @ 11:38 AM EST
If this goes anywhere near a hospital computer in the UK its a breach of
regulations. Time for me to pitch Linux to the medical database departments. Not
that I wasn't already doing that, but this is good news.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: fjaffe on Monday, January 19 2004 @ 11:38 AM EST
I wonder if this detailed integration with Active Directory uses information
that Microsoft refuses to make available to others, or for which it wants
exhorbinant fees and unreasonable conditions under the licenses that so few
companies are willing to sign up for. Does anyone know?

Is this one more way of adhering with the letter of the consent agreement, but
not complying with the spirit?

[ Reply to This | # ]

Which is why Unix needs to be GPL'd or BSD'd
Authored by: Anonymous on Monday, January 19 2004 @ 11:39 AM EST
. . . or Microsoft should do what Apple did and rewrite the whole thing on top
of BSD. Only THEN would I believe in Microsoft security.

Didn't old Caldera once say it wanted to GPL Unix but it had too many
copyrights? Well, after SCO get shredded, maybe whoever is left with Unix should
make the effort to get those coyrights assigned to the FSF, however long it

[ Reply to This | # ]

IBM's Linux Portal
Authored by: keanu on Monday, January 19 2004 @ 11:40 AM EST
I just now discovered the linux portal on Never thought of surfing to
an IBM linux page, but now I just clicked on an ad on linuxtoday.

Have a look. Interesting things what IBM thinks of linux.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Ares_Man on Monday, January 19 2004 @ 11:42 AM EST
<some_remote_form_of_sarcasm>Why would anyone want to run evil free open
source applications on Windows anyway? Aren't open source apps inferior,
anyway? I guess it's not the apps that matter, it's the OS! I guess it makes
good business sense to sell your soul to Microsoft so that you can get a sweet
taste of what FOSS has to offer while being safe from the possibility of being
infected by its viral properties.</some_remote_form_of_sarcasm>

<misquote>"Open Source Software is a viral cancer that will destroy
the economy and the world. Oh, by the way, would you like to run some of it on
Windows?" -- Bill Gates

[ Reply to This | # ]

Backfiring ?
Authored by: Anonymous on Monday, January 19 2004 @ 11:43 AM EST
Admins here have been ordered to look in to SFU with an eye toward easing the
transition from Windows to Linux.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Cambo on Monday, January 19 2004 @ 11:46 AM EST
<<'Microsoft's Oldroyd said Services for Unix would remain a separate
product and there are no immediate plans to bundle it or build it into the
Windows operating system even though Microsoft has the right to do so under a
licensing agreement it signed with The SCO Group last year.">>

Does that sound like a note of caution to you? It does to me. I get the
impression that they are hedging their bets slightly, in view of Novell's
assertion that SCOX had no right to grant M$ that license!

By keeping Services for Unix as a seperate, FREE, downloadable add-on, at least
M$ will be able to discontinue or remove it if neccessary.


[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 11:48 AM EST
This might be a realistic solution to centralized account management between
Windows and Unix. Is there some other viable strategy for a large enterprise
that I'm unaware of? Because I investigated every solution I could find, and I
talked to RedHat, Sun, and Microsoft. I can't find a Unix/Windows account
integration setup that doesn't use Windows as the master, and is actually a
viable solution for a company of nontrivial size.

Perhaps you're suggesting that I set up a Samba PDC? And when Microsoft
deliberately breaks the functionality with the next service pack, I can't
install a security update, and no one can log in. Or they break it subtly so
that it appears to work at first and only breaks after I've had time to upgrade
every machine. They've done it before, it's how they operate. I have to expect
it from Microsoft.

It doesn't please me to think of Unix machines authenticating and authorizing
users based on a MS setup. But I need a viable solution that works on Solaris,
Linux, and Windows. I want the lowest TCO, which is why I want centralized
account management in the first place. Any conceivable way it could break
catastrophically needs to be prevented or the system will never be approved.
(and if I'm not honest about the risks, it's my head)

[ Reply to This | # ]

Another great Microsoft control scheme
Authored by: seeks2know on Monday, January 19 2004 @ 11:49 AM EST
Thanks for showing us what Microsoft is really seeking to accomplish.

By centalizing all security within Windows, all of the rest of the servers
becomes slaves under the Windows server's control. Of course, given
Microsoft's history in the area of security and uptime availability, I can't
imagine why anyone would be interested.

How often do we see Windows servers compromised by worms and viruses? Can you
be confident that your enterprise security will be protected by Microsoft?

How often will you need to update the Windows OS and reboot? Since this machine
is the single point of access control for the enterprise, how much will the
company's productivity suffer?

But to the degree that Microsoft is successful, they exert a much higher degree
of control within the organizations that do adopt this.

Of course, if Linux and UNIX developers worked like Micorsoft has in the past
(i.e.; DR-DOS, Microsoft Messenger, etc.), then they would make some trivial
changes that would break this interoperability. :)

It's a great thing that we don't think the same way.

"Convictions are more dangerous enemies of truth than lies." -
Friedrich Nietzsche

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Ares_Man on Monday, January 19 2004 @ 11:52 AM EST
Consolidate all your UNIX system passwords into one .NET passport for free. :P

This seems like yet another potential MS "embrace and extend" tactic
to me.

[ Reply to This | # ]

Not a real news article
Authored by: k4_pacific on Monday, January 19 2004 @ 11:54 AM EST
Of course Services for Unix is a two way street that can be used to migrate
towards Unix/Linux...

Microsoft Offers Linux Migration Software for Free

By Suzie Lennox
Hydraulic Press News Services

REDMOND, WA - Microsoft has made available for download from its website Windows
Services for Unix. Previously, the product sold for $99, but has been made
available for free to help companies to migrate away from Windows towards
Linux-based solutions. The latest release features improved performance and
broader support for Win32 APIs.

Windows Services for Unix is a compatibility layer that runs on Linux to allow
legacy Win32 applications to be compiled and used on Linux. For applications
which cannot be compiled, it features an emulation package similar to WINE, but
with all of the hidden APIs implemented and with support for .NET web services.
Additionally, it also features a suite of GUI-based Linux administration tools
patterned off the GUI applications used to configure Windows 2000.

"We at Microsoft listen to our customers, and many are telling us they
want to run Linux," said Microsoft spokeswoman Sharon Fudd. Fudd added,
"With that in mind, we developed and released Windows Services for Unix.
Services for Unix enables seasoned Windows developers and administrators to
readily adapt their skills to the increasingly popular Linux operating
system." With this product, Microsoft points out, they hope to carve out
a niche for themselves in the increasingly Linux dominated information
technology industry.

Microsoft had developed a reputation among IT professionals that they were
unwilling to help them deal with portability and security issues. In a recent
survey of technology professionals, two-thirds of all respondents said they
would like to replace Windows with Linux throughout their enterprise. Of those
who reponded this way, a whopping 97% felt that Microsoft was not doing enough
to help them migrate to Linux.

"The real motivation behind this release is the portability issue,"
Fudd adds. "Our customers want to run their applications on a variety of
platforms, and this package enables them to do so."

Following the release of Windows Service for Unix, SuSE Inc., experienced what
it initially thought was a distributed denial-of-service attack on its FTP
mirrors around the world. When it realized that it was actually throngs of
legitimate downloads by persons eager to get rid of Windows, SuSE issued a
statement telling everyone to "pace yourselves, there is plenty of Linux
to go around."

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 11:57 AM EST
Microsoft only has schemes to hurt it's competitors these days, they certainly
can't innovate and create something new. They most certainly will give
interoperability with UNIX away for free until they own so much of the server
market that they can safely recoup their expense by increasing the cost for
Windows (and yes, Services for UNIX will definitely be integrated forcing
everyone to pay for it whether they need it or not.)


[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: svyerkgeniiy on Monday, January 19 2004 @ 12:01 PM EST
I can understand your apprehension about Microsoft moving into this area, given
their Roman-esque approach to conquest, but I think there are deeper meanings
behind this move. Notwithstanding Microsoft's (and SCO's) hypocrisy where
"free software is a cancer" except when given away by proprietary
companies, to me this seems a larger shift than you might think.

For years and years and years Microsoft has steadfastly refused to provide any
real link to the non-Microsoft world. Why not have COM on UNIX? Why not mount
and browse NFS shares under Windows? Why can't Macs participate in
ActiveDirectory? Absolutely no technological reason, just Microsoft's
paranoia. But now... suddenly you can.

To me this seems like they're realizing that customers are willing to shift
away from Windows if it means they can't integrate other OSes. Whole countries
are shuffling off Microsoft's proprietary coil. It seems like a form of, shall
we say, competitive response? An enemy they can't squash or dominate must be
competed with.

As for the ActiveDirectory part, well that's something that will be highly
attractive to businesses. It's the businesses that want all the centralized
control and administration that ActiveDirectory brings; I can verify that
because my clients have networks that are so locked down that I can't download
an EXE-- even in a ZIP file-- without having someone with authority do it for
me. Microsoft won't really control this, nor have access to it, they're just
providing companies the means to do it with. Do the security control models
mesh well? Probably not, as is typical with MS design. But it might stop
people from hopping to linux as quickly if they can have some linux machines
integrated into their networks without changing absolutely EVERYTHING.

BTW, it's free software but it's not OPEN software. So it won't ruin the
economy according to those crrrrazzzzy economists because no one else can take
the actual code. And you do pay for it with Windows, or perhaps you already did
when you bought Windows 95 and they put all that cash in the bank.

So to me it seems like it's the response of a company scared into competing and
providing a useful product.


[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 12:04 PM EST
Sounds like it's time to start up another antitrust investigation. MS got
nailed (albeit far too gently) for trying to take over the browser market with
"free" software, so how is trying to take over the server market --
while conspiring with Canopy Group companies (and possibly others) for the
software and litigation tools to do it -- any different?

As for Ms. Didio, as PJ implied, she says "free" is OK for MS, but
not Open Source. The English language is rich in words to describe someone who
does what she does, starting with hypocrite. She must believe no one can
recognize a writer whose journalistic integrity begins and ends with her

[ Reply to This | # ]

The Open alternative: LDAP
Authored by: Anonymous on Monday, January 19 2004 @ 12:06 PM EST
In a truly mixed shop (not a -migrating- shop), LDAP would seem to be the way to
go. Just about everything can authenticate against an LDAP server these days,
and the protocol is truly lightweight and well understood.

At my college we use LDAP for Linux login authentication, Windows login
authentication, Netscape webmail authentication, and for many web

[ Reply to This | # ]

Meet Bill - your power made big brother.
Authored by: Anonymous on Monday, January 19 2004 @ 12:16 PM EST
Perhaps Microsoft felt by helping to fund the litigation against Linux by proxy,
and obtain a license from SCO - it would have a legal instrument to put Linux
code into it's products without having to honor the GPL. It strikes me as a
great way for Microsoft to rip off some code.

To give some insight to into the mind of Bill Gates and why this is certainly
plausable - here's a neat link:

A wonderful transcript of Gates. Very bright man, except he seems to have a
problem understanding what words mean.

Here's more:

Meet your new big brother.

[ Reply to This | # ]

Free Today , but Tomorrow?
Authored by: lightsail on Monday, January 19 2004 @ 12:20 PM EST
SFU is free now, but at what point will buying "client licenses"
become a necessity?

What will a "Microsoft SFU 5.0 client license for Windows 2005
server" cost?

This could be a means to migrate organizations to Exchange or other MS servers
instead of Unix based products.

Will SFU allow you to use DRM Office 2003 documents? Will you need to purchase
Office for Unix 2005 to keep extend functionality?

[ Reply to This | # ]

Free about what it's worth...
Authored by: Anonymous on Monday, January 19 2004 @ 12:27 PM EST
From an admin and programmer point of view, how much effort is VAS, really? It's
  1. an additional set of LDAP parameters for Active Directory (template available for free on the Internet)
  2. Kerberos (interoperational if "extended" out of the box),
  3. a Microsoft Management Console extension allowing easy editing of the new LDAP parameters.
  4. an LDAP - NIS exporter (a simple LDIF parser works)
  5. a method for decrypting the MS passwords and exporting crypt() passwords to the NIS file.
  6. Oh - and the NIS server code from BSD.
That's what - a day's work? Two? Plus testing, I suppose. Of course, no-one except MS can get it done, because authentication protocols (step 5) are exempted from the settlement IIRC.

VAS changes little except in a NIS environment - Samba-3 with winbind does the rest already. In fact, if they paid Canopy more than a pittance for this work, I'd say it was a backhand payout.

[ Reply to This | # ]

Canopy Group's Vintela?
Authored by: Anonymous on Monday, January 19 2004 @ 12:28 PM EST
Hmm... I wonder if Vintela is one of the nine companies that have licensed
Microsoft's protocols?

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 12:29 PM EST
I think MS should have named the product "Services and Tools For
Unix" so the abreviation would be "STFU".

[ Reply to This | # ]

  • SNAFU - Authored by: bstadil on Monday, January 19 2004 @ 01:35 PM EST
Fun, fun, fun!
Authored by: davcefai on Monday, January 19 2004 @ 12:33 PM EST
1. Think about it. Now you can get a Blue Screen of Death while running a Linux
application. I rather miss the things.

2. I'm running out of keyboards. I have to stop drinking coffee while reading

[ Reply to This | # ]

But not FREE as in LIBRA
Authored by: Anonymous on Monday, January 19 2004 @ 12:35 PM EST
I have not seen any indication that MS has open-sourced this product.

It therefore provides all the risks that their proprietary OS has.
Additionally we can now infect our FOSS applications with MS code by running
them on top of it.

Unless the Services for UNIX 3.5 code is OPEN (and even then the MS OS can reach
up from below), one runs a substantial risk by coupling FOSS applications so
closely with such a (OS privileged) product from a vendor that has been found
guilty of using illegal practices to compete.

Little true security here. Move on.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Ares_Man on Monday, January 19 2004 @ 12:41 PM EST
Since, I only have access to Windows at work here, I do use Open Office, GIMP,
and GCC on Windows.

[ Reply to This | # ]

Migration bridge
Authored by: phrostie on Monday, January 19 2004 @ 12:52 PM EST
i realize that quite often i take an overly simplified view of things, but what
microsoft has done is very similar to the OpenCD project. It seems to me that
this Migration tool can go both ways.

existing MS shops can use it to start testing Linux/OSS. once they are ready,
the final jump will be relitivly painless. does anything in the licence of the
MS unix tools prevent this?

it will also be interesting how long it takes them to figure this out? recheck
the licence terms every few weeks and see how long it takes them to change the
licence to add a catch.

Oh I have slipped the surly bonds of DOS
and danced the skies on Linux silvered wings.

[ Reply to This | # ]

Piercing the vile ones
Authored by: Sunny Penguin on Monday, January 19 2004 @ 01:00 PM EST
I do not have the exact quote, but I remember our <sarcasm> favorite CEO
</sarcasm> telling us "The SCO Group has not had any talks with
Microsoft outside of normal market operations" or something like that.
Can anyone find the exact quote?
It seems that Canopy was doing the conspiracy while The SCO Group
<sarcasm> knew nothing </sarcasm>.

Another reason to "pierce the veil" (or vile in this case)

SCO directly to jail, do not collect two hundred dollars.
BTW - I could never become a Lawyer.(I ID ten tee)

[ Reply to This | # ]

Vintela and SCO
Authored by: Anonymous on Monday, January 19 2004 @ 01:00 PM EST
Vintelas products are sold by SCO. Very interesting.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: jonabbey on Monday, January 19 2004 @ 01:05 PM EST

Well, of course Microsoft wants Active Directory to be the One Ring To Rule Them All.. that's been obvious for years. The fact that they are now providing the tools to actually make AD useful for managing Unix and Linux systems isn't something to be so paranoid about, I don't think. Of course MS will do what's in their best interest. Of course signing on to run your enterprise with Microsoft software gives them great leverage over you. There's nothing new here.

As I mentioned in another post, it's possible to run a data-mastering service on Unix and just send data over to Active Directory to maintain password synchronization. We've been running in that mode for years, using our home-built Java Directory Mastering Suite (Ganymede -- our servers are down today for a power outage, should be up this evening CST) to handle our NIS, DNS, and AD mastering.

You always have choices, even if MS does make it hard to do some interoperability operations (locked password hashes) for arguably valid security reasons.

Finally, if you're interested in NIS-to-LDAP migrations, check out Luke Howard's PADL Software down in Australia. Luke is the author of RFC 2307 for supporting NIS clients with an LDAP server schema, and he has contributed code to Samba TNG as well. I don't think anyone knows more about NIS on LDAP than Luke does.

[ Reply to This | # ]

SCO Cross-Marketing?
Authored by: Anonymous on Monday, January 19 2004 @ 01:08 PM EST
Does anyone else expect that there will be some big privacy violations coming
out of this> In other words, customers who sign up to start using Vintela's
'product' will suddenly find that their contact information has been passed to
SCO, which will ask whether they have paid their SCO taxes? And then of course
Vintela will answer all technical support quesitons with "I'm sorry, but
we don't support customers who are using pirated versions of UNIX. Please pay
your SCO tax and call back."

[ Reply to This | # ]

Novell has had this ability for some time...
Authored by: Anonymous on Monday, January 19 2004 @ 01:09 PM EST
Novell has had this capability for quite some time, but it uses eDirectory
instead of AD (duh!). They just recently released an update to the Nsure (note
the capital N, get used to it linux folks) that allows integration of Linux,
Windows, Notes, SAP, ... (the list goes on) user accounts under one umbrella,
but still allows local control. Nice thing is, eDirectory runs quite well on....

I am an old Novell hand, and for many years now, they have been preaching the
mantra of making it all work, together. Not as an attempt to take over, but to

Since this is a legal info site, let me throw this into the ring. Check out
what is happening to the site.

[ Reply to This | # ]

OT: More FUD with careful backpeddling
Authored by: fjaffe on Monday, January 19 2004 @ 01:10 PM EST
Saw this article, Global legal action looms over use of Linux on Financial Times.

Favorite quote

McBride - SCO is: "trying to work through these things without going to court".

Personally, I have to say I find that somewhat hard to believe. I guess "work through" means, if you pay us our extortion money, we won't go to court with you.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 01:13 PM EST
Has anyone dissected the EULA associated with this product?

[ Reply to This | # ]

Completed Phase 1: FUD, Preparing Phase 2: Embrace and Extend
Authored by: Anonymous on Monday, January 19 2004 @ 01:15 PM EST
"Embrace and Extend" comes to mind ... as does "When Microsoft
brings you flowers, they'll be decorating your grave."

While I, like most Groklaw'ers (Groklawyers?), wouldn't blink if Redmond, WA
was smote from the face of the planet tomorrow, exactly what did the FOSS
community really expect Microsoft to do? Allow Linux to nibble away at market
share for a decade or so until MS was left without a customer base?

I don't think the Unix Services project is much of a surprise, and by the
description above, it sounds fairly tame. Further, I think the overwhelming
opposition to the package is a bit misguided, since MS has reasonably abandoned
all hope of winning back the Linux evangelists.

Think about Microsoft strategies for a moment ... OK?

SFU is one tool in a huge toolkit they're going to unveil over the course of
three to five years. Microsoft knows better than anybody, you can't win a
market overnight with just a single product. I'll repeat for the sake of
clarity: People like those who read Linux Journal and Groklaw aren't the
customers they expect to get with this product.

MS didn't 'own' the World Wide Web with just IE. In fact, IE versions 2 and
3 never matched up favorably against the comparable Netscape Navigator versions,
and it wasn't until IE 4 that MS really gained a firm grip on the market. Not
coincidentally, by the release of IE 4, the 'companion' products required to
'embrace and extend' were infecting the back office and desktops: Internet
Information Server, FrontPage, and FrontPage Extensions.

Looking back further, there is the model of MS Office. The Office product line
didn't just appear out of a cloud of smoke. It was very carefully planned and
pieced together to systematically overtake WordPerfect, Lotus 123, etc ... It
took about a full decade to evolve into the bloated talking paperclip that it is

What SFU is positioned to do is - first and foremost - stop the bleeding.
Microsoft now holds a card to counter one of the most powerful FOSS packages
available: Samba. Is it the same thing? No. But to an individual who isn't
versed in Unix'ese, it sure does sound a lot like Samba in reverse. SFU gives
Microsoft an 'in' to a generation of point-and-click system administrators who
run Apache on Linux for speed and stability, but aren't proficient enough to
administer sub-services for Apache such as users and domain (aliases).

There is an old saying that seems to be pretty popular amongst old wiring closet
hacks, "If the only tool you have is a hammer, all your problems are going
to look like nails." In other words, get the right tool for the job. I
assert that the number of wiring closets and server rooms around the globe which
run hybrid installations with various flavors of Windows, Linux, and other OSes
is far, far greater than many people suspect.

What many seem to not acknowledge, despite the Halloween papers, this SFU
project, and the Red Hat box in the court room plea, is that Microsoft has
/already overcome/ the single, biggest challenge to beating back the threat of
Linux, which was recognizing Linux as a threat. Now that the Redmond area is
over the initial shock that someone would dare enter their market space, they
can now throw considerable time and effort (and billions and billions of dollars
doesn't hurt) into squashing it.

SFU will be a cornerstone, a 'glue', to ease the integration and management of
hybrid networks. Think of it as your typical Microsoft bastardization of
something that kind-of (but doesn't really) resemble Samba and a healthy dose
of PERL. Once Microsoft has convinced a sizeable number of point-and-click
admins to administer Linux via Windows with SFU, and not pursue the alternate
route of Windows via Linux with Samba, MS will dump a slick interface on top of
it, roll in a couple of 'snap-ins' to administer Apache, BIND, and Sendmail,
maybe another 'snap-in' or two to easily start and stop your System V managed
services, and so on and so on. Once MS has proved they've suitably 'embraced'
Linux by integrating everything about into the MMC (Microsoft Management
Console), /then/ they'll actually unveil all the crap to try and kill it.

In any event, I posit that if _IBM_ had released SFU, everyone here would be
100% in favor of it and declare it the greatest thing since sliced bread. ;-)

Windows 95 had The Rolling Stones.
Windows XP had Madonna.

I'm placing my bet that Longhorn has Bachman-Turner Overdrive ...

"You Ain't Seen Nothing Yet"

[ Reply to This | # ]

License fees for Linux logins?
Authored by: Anonymous on Monday, January 19 2004 @ 01:27 PM EST

... so if you need a user license for each Active Directory login, now MS
can charge your enterprise for each time a user logs in to your Linux or
Unix boxes.

[ Reply to This | # ]

Another Media report
Authored by: Anonymous on Monday, January 19 2004 @ 01:30 PM EST
The Ft now has an article on the SCO case. looks looks primarily to be Darl quotes though. FT Story

[ Reply to This | # ]

Oh Dear
Authored by: Nick_UK on Monday, January 19 2004 @ 01:32 PM EST
Make my blood boil yes.

But far worse is the situation we have now...if, IF SCO get anything from the
courts, then who will be the main player? M$, of course.

Now, I know all the facts are against SCO and their wild claims, but the LAW is
an ass sometimes, and stranger things have happened (remember OJ?).

This could be the start of the beginning of the end of a free Internet (free, as
in beer).


[ Reply to This | # ]

Other Great Free Offers
Authored by: Anonymous on Monday, January 19 2004 @ 01:40 PM EST
An old woman offers Snow White a juicy red apple.

Jim Jones offers his congregation some refreshing Kool-Aid.

Picard offers the Borg an interesting geometry puzzle.

The Greeks offer the Trojans a magnificent wooden horse.


[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 01:45 PM EST
This announcement is the sound of only one foot step. The route is too
long to fully describe here. There are other foot steps because M$ is
coolly executing its business plan (this thesis has legal import).

As for the impact on non-M$ users, the enabling technology was first
distributed in Windows 2000 and would appear irrelevant to most
groklaw readers. I was concerned when it escaped the public
discourse surrounding the M$ case. However, M$ has prepared for the
current foot step:

First, M$ borrowed OSF's (now OG's) DCE RPC and extended it just
enough to be incompatible with the DCE standard used by other server
vendors. Specifically, it is one-way interoperable with M$ in control.

Second, M$ borrowed MIT's Kerberos and, yep, extended it just enough
to be incompatible. See above.

Third, M$ borrowed LDAP, and you know the pattern.

All the above is commonly characterized as middleware. These are
necessary for authentication, authorization, file system sharing, etc.
between computers. Now, people might appreciate my longterm view.

Thus, ever since Windows 2000, M$ has been in the enviable position of
interoperating just enough with computers from other vendors that the
other vendors' computers will not "work" with M$. Other than
the Judgement Decree, M$ appears to be raising no legal concerns and
marketing sucessfully but not innovating unless to create barriers for

Now, back to the current step, M$ is bundling the capability to run UNIX/
FSF applications on its OS, and M$ is bundling the capability of managing
UNIX/Linux security/identity with its OS. M$ avoids triggering the GPL
until someone else to destroys the GPL.

Ignoring history and morality, you might do the same...if DOJ allows it.
Remember, end users pay for the best choice for themselves according
to standard micro economic theory (sorry, in a free market, ideology
eventually loses). If M$ works with other OSs but other OSs do not work
with M$, you can draw your own conclusions.

As for the next M$ steps, I am smug that M$ will really knock your socks
off with their bold moves.

[ Reply to This | # ]

Canopy companies no longer listed...
Authored by: kuwan on Monday, January 19 2004 @ 01:45 PM EST
I just took a look at Canopy's web site to check the list of Canopy-
infected companies and I can no longer find any mention of them. What
happened to all of their "portfolio companies?"

Maybe their companies have been taking too much heat from the SCO
lawsuit. Can anybody find the list of Canopy companies? or is it gone

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: the_flatlander on Monday, January 19 2004 @ 01:49 PM EST
VAS extends the reach of Active Directory to UNIX and Linux systems
Extends the reach? Just say "no."

Of course, this is an improvement; in the past Micro$oft has sought to charge me big bucks to reduce my security. Still, and all, I can do without it. Nice try though, Bill, really.


[ Reply to This | # ]

Hey, *I* like it because of the software...
Authored by: anthonyrcalgary on Monday, January 19 2004 @ 01:49 PM EST
There's nothing wrong with MS doing this.

Think about it... Apple supports UNIX-ish software, and all the other vendors
support it by virtue of being a UNIX themselves. Microsoft is the only one that
didn't. And now they're doing something wrong by making something a lot of
people desperately want a free add-on for the OS? And this move increases
compatability with other stuff?

I'm sorry, but I can't see a thing wrong with that. *I* use Linux primarily
for the software. Windows is more convenient, and FreeBSD is a better OS. Will I
use Windows now? I dunno. I can't imagine paying for it, maybe on a laptop that
I can't build myself.

Free software is, to me, about making software available to everyone, even if
they use Windows. Now people can do that with much less effort. Good for

Their motives don't matter, to me, if it makes my life easier.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 01:53 PM EST
" In short, Microsoft would like to be your Big Brother. You can pay him

Pay with your soul and the reduction of your individuality.

1984 arrives a bit late courtesy of Microsoft and others that 'know' whats
best for you, reminds me of a tardy security patch for an OS, except this patch
will be applied universally without your approval.

rage against the dying of the light...

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 01:54 PM EST
Didn't Vintella spin off from SCO in or about Feb 2003?

[ Reply to This | # ]

MS saves the day!!
Authored by: Anonymous on Monday, January 19 2004 @ 02:02 PM EST
Wow... This is fantastic news. Microsoft once again
shows just how it's supposed to be done and opens
up new avenues for the enterprise.

I seriously think Microsoft has gone bananas. Linux
is just driving them batty.

[ Reply to This | # ]

Will Microsoft indemnify?
Authored by: Anonymous on Monday, January 19 2004 @ 02:07 PM EST
I heard a rumor that Novell might actually own the copyrights to UNIX. Will
Microsoft offer indemnification to protect me from a lawsuit if that turns out
to be true?

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: PJP on Monday, January 19 2004 @ 02:09 PM EST
This is an area that gets close to home for me, so I feel that I can comment on it. In this (very unusual) case, I think I may end up arguing for Microsoft (amazing, but true ...).

What Microsoft are doing is making their first inroads into Identity Management, which is the big thing at the moment for a lot of companies. Identity management goes way beyond keeping a username and password. It associates a resource with a set of policies. Those policies can be user specific, or they can be based on a group or role which an individual user can be associated with. This allows very fine grained control of what a user can do. It goes way beyond allowing a user to login to a given machine.

The problems with the existing solutions are:

  • They focus on web based applications - mainly because its easy to drop a plug-in into a web server to talk to the policy server to control al access at this convenient "choke point", and they use either the URL or cookies to pass the authentication credentials which is the next issue:

  • Passing authentication credentials around is difficult. HTTP is mostly ok because it has defined ways of passing extra data (cookies) and URLs can be manipulated to include the data id cookies don't work. Both of these do require the use of SSL of course for any real security.

    Beyond HTTP things are not so good. Most existing applications/systems have no standardized way of passing extra data, and most are missing the APIs to allow modules to be aded to control authentication and authorization outside the built-in controls.

    The end result is that I can set up a really nice identity control system to control access of web based applications, but I can't use it to login to or control actions on other systems (Windows, Unix, Linux, etc) or applications running on those systems.

    This is why portals are becoming so poular, they act as a web front-end to many applications, and also as a proxy through which users have to pass to get access -- another convenient choke point at which to appy identity server policy engine rules.

  • There are many different databases for user authentication, each system has its own, and they rarely acknolwege each other's existence. Each one wants to be master of the universe, and most have some sort of facility which can be used to intergate other, subsidiary data, but its very to find system which are designed to act as peers.

  • Some systems use standard databases, but then go ahead and use Microsoft-esque proprietary extensions. A good example being the Identity Server sold by Sun, which at first glance looks like it is based upon industry-standard LDAP, but on closer examination it becomes obvious that it is designed to only work with Sun's own LDAP server because of the dependencies on proprietary extensions in that server.

Because of these (and other) issues, actually deploying identity management for anything other than web based services is hard to impossibe. Many companies have deployed Active Directory - possibly not because they really wanted to, but because of the tie-in they have to Microsoft technologies, they have no choice. Whatever the reason, it is deployed, it was hard work, and it cost an an and a leg. AD is also a LDAP V3 compliant LDAP server, so having put in the investment, there is a strong tendancy to want to use this as the LDAP server for the corporation.

Because most of the Identity Management solutions on the market can/do use LDAP as their authentication and policy rule database there is a strong temptation to want to centralize all that is possible in Active Directory and use meta-directory techniques to handle the rest. Using meta-directories is a lot of hard work and a pain to keep up to date, its a moving target. Then you find out that your identity server of choice doesn't use pure LDAP (well, it does ... as far as the protocol goes, but expects some non standard things to happen in the server itself), so you end up having to run two LDAP servers, AD and some other, and hopefuly tying them together with meta directory. A complicated mess.

Of course none of this solves the problem of passing authentication credentials into other applications. There are various non-standard hacks to protocols, wrapping protocols in others etc. etc. None of it neat.

The answer has been around for a long time, and ignored by almost everyone - kerberos. Microsoft are the first company to take kerberos seriously, and implement it in anything less than a half-hearted fashion (take the MIT reference server, load it, take the MIT sample apps and load them). This takes care of passing credentials securely and easily, and the work required to modify applications to participate is standardized and relatively straightforward. Of course, Microsoft has to be Microsoft and use (legal) extentions which were not documented, or poorly documented, so that sort of took the edge off what was otherwise a really good move.

Having made the investment in their system and applications to use kerberos, in deploying a fairly competent database system with an LDAP interface (Active Directory), Microsoft are now well positioned to offer an identity management solution that goes well beyond the web-based solutions that others offer, they can apply it to any of their products that are not web based, but which do use kerberos authentication.

Even better, they have made an investemnt to provide hooks to all the other problem-children that people trying to implement identity service run into and one of the biggest ones is controling access to Unix. The NIS extensions they are offering solve a big part of this problem - NIS may well be officially dead as far as Sun is concerned, but it is still very widely used, and LDAP is stretched to replace a lot of NIS functionality as people who are moving from NIS to LDAP at Sun's bidding are finding out.

What Microsoft are doing with this Unix Services package goes way beyond a few compatability services -- it is the start of their bid to own the identity management space. And you know what? they just might succeed because their solution is much broader and mich better integrated with all sorts of systems which the other solutions can't match.

I have never been a Microsoft fan, and certainly not a cheerleader, but credit where credit is due.

Of course, whether this is a good thing or not is an entirely different question, one I think we all know the answer to - particularly when you begin to mix identity management with DRM, which I am convinced is the next move - but they will probably want to own identity management first -- and this is an excellent first step towards doing just that.

[ Reply to This | # ]

Stick to what you know PJ
Authored by: pitr256 on Monday, January 19 2004 @ 02:11 PM EST
Sorry PJ, you need to stop writing about stuff you obviously know very little

Integration is key for many businesses and many of these businesses rely on
Active Directory for the authentication of their "normal" desktop
systems. Right now if they have a mixed environment, they have two
authentication services and since they have a huge investment already in one,
why not use it if they can to authenticate their Linux systems. This is
especially true for any company that uses Exchange 200x.

That Microsoft is giving this away shows what a huge threat it thinks of Linux.

But overall, this is a good thing for businesses. It makes the addition of linux
machines to an existing MS network that much easier. Like the Bill Gates saying
goes, keep your friends close, but keep your enemy closer.

[ Reply to This | # ]

Already covered: Still Funny
Authored by: RedBarchetta on Monday, January 19 2004 @ 02:14 PM EST
I am pretty sure this was covered earlier, but for the sake of review I'd like to submit this. I'm always up for a good chuckle. Here is an article that covers a point vs. counter-point style debate over Linux.

It seems that the sensible Jan Stafford, one of the editors for sees the writing on the wall. The other pinhead editor doesn't. Here are some highlights:

Jan Stafford:

"Finding market research firms not beholden to Microsoft's big purse is like drawing an ace to complete your royal flush. It's possible, but the odds are against you."

"For example, recent Microsoft-funded reports by International Data Corp. and Forrester Research's Giga unit found, separately, that Linux costs more in development and total cost of ownership (TCO) than Windows. For proof that enterprise Linux outdoes Windows in the ways that matter, the only reliable source is the corporate IT pro who has used both platforms."

"Windows breaks frequently. Linux doesn't. That's the main reason corporations are switching from Windows to Linux."

"U.K.-based trampoline vendor Super Tramp has saved 20,000 British pounds (about $35,000) and experienced no downtime in the 18 months since the company migrated from Windows to Linux, said Rick Timmis, IT director at Jardine Prentis UK Ltd., Super Tramp's parent company. His decision to migrate to Linux was cinched when Microsoft introduced its Volume Licensing Program; under the program, the company would have had to pay 20,000 pounds "to remain static" with an unstable system."

"Although no existing OS is bulletproof, Linux is a lean OS, and its open source foundation enables users to remove features and tweak the kernel relatively easily."
Now for the counter-point from Paul Gillin, TechTarget Editor-in-Chief:

"But Linux's success is coming at the expense of Unix, not Windows. Linux is going to kill commercial Unix."

"International Data Corp. recently reported that Windows actually grew its share in the server market, from 50.5% in 2001 to 55.1% in 2002. Meanwhile, the Unix market has shrunk by 40% during the last two years, according to IDC. Who is Linux hurting most?"

"But Linux is not a threat to Windows or even much of an alternative. Let's look at the argument about cost [..] Red Hat just raised prices to $179 a year to support a workstation Linux license, all the way up to $18,000 a year for a mainframe installation [..] IBM and all the other hardware companies are just waiting for customers to buy in to Linux so they can raise prices on support?"

"A wider variety of software is available for Windows than for Linux, meaning that IT managers have to spend less time looking for solutions and customizing the ones that they find. Microsoft's certification program ensures that graduates have at least a basic level of competency. This peace of mind is important.

"On reliability, there's no question that Linux has got a leg up on Windows"

Windows Server 2003 raised the bar again. It may not be "five 9s" reliability yet, but how many applications demand that level of uptime?"

"And for systems administrators who don't have a computer science degree, it's [Win2000] relatively simple to use."

Ok, now that I have had my laugh for the morning... it's time to walk the dog. Ciao.

[ Reply to This | # ]

How about XP for free?
Authored by: Anonymous on Monday, January 19 2004 @ 02:19 PM EST
For end users who care more about free as in beer (which are most of them), this
would be a much more powerful proposition than Unix for Windows, which is not
that interesting for the vast majority of Windows users. If/when Linux
significantly encroaches the desktop (20-30% market share), I wouldn't be at
all surprised if Microsoft will essentially give the OS away, and move towards a
service based model a la IBM and Redhat. Whether this is a monopolist practice
at this point would be debatable, as they could argue Linux companies do
precisely that.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 02:20 PM EST
People want integration? What people? I don't want that, thanks.
I don't know how often you've had to work with an existing infrastructure, but let me tell you, it's better to have technologies that integrate than ones that have no possible connections. Integration is the major focus of consulting, actually. A lot of times, it's the integration points that cost the most to bridge. While you can view this as a simple play by Microsoft to try to lure people away from Linux, don't mock the idea of integration.

I know that a lot of folks in these communities want to be purists and idealists about technology, about how it's licensed and created, but that's not always practical. I am an IT professional, and have been in this industry for 10 years. The great thing about the FOSS movement is that it gave a lot of freedom where there had been none before. But don't forget the libre part of this ideal, which is not just access to the source code, but a removal of limitations on how this technology is used. It's impractical to entirely cut out proprietary software, and I would have to drop FOSS software on both a pragmatic and philosophical level if the licensing forced me to abandon the proprietary solutions that I use to run my business today. And as far as the fact that this is Microsoft, it's just not wise to ignore Microsoft's infrastructures, since they are so ubiquitous.

From Linux to Active Directory. Why would anyone want to go that direction? Linux accounts under the thumb of Microsoft. Can I get a second opinion before you schedule this surgery, please?
I work for a Fortune 100 company. We have spent millions on our AD infrastructre. Flawed as AD is, we require it for our business needs. There's currently no other solution that will meet our requirements. If I can leverage all of the investments I've already made into that, it would help quite a bit. We have many servers, a team of people to manage the infrastructure, processes and procedures on how to handle maintenance and move/add/change requirests, and integration between it and many other directories including HR, links to Mainframe and Mini systems, UNIX, and others.

Again, I know that some people would tell me to abandon that investment because of the open philosophy. I would hope, however, that most would take the libre part of FOSS seriously and see that this kind of thing is just another useful tool to link my production systems together. Especially the idea that I can leverage all of what goes into my AD with my Linux systems.

Your point is that this is a way for Microsoft to eventually pull in these Linux systems and turn them into MS servers. I don't fear that. Linux is too useful for that. I find instead a reason to celebrate, as it's matured to the point where companies are making interoperability tools for these systems.

[ Reply to This | # ]

Links and more links... and in other news...
Authored by: eggplant37 on Monday, January 19 2004 @ 02:23 PM EST
I find it interesting to see that a definitely friendly relationship between
Darl and Bill has cropped up. I've said all along that I felt that MS was
behind this, however, now it seems that it's all true. MS will make things
easier to interoperate (sorta) with Unix and SCO will stir up the shit and take
the heat and furor away from MS's actions. How droll... how very droll.

In other news, I caught wind of this article:

on Seems FT is helping to spread the FUd by telling only
one side of the story. Someone needs to contact the editors and let them know
that Groklaw exists and can tell a wholly different side.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 02:27 PM EST
This will be very interesting. As a few people have already mentioned, Novell
sells (and has for longer than Microsoft, for that matter) a product that
competes with Active Directory. It's worked on all the platforms Microsoft is
touting for quite some time. It's also a much more effecient set up (from a
network utilization POV; although my information is a bit old, since I'm out of
the admin business, but MS rarely changes things like that for the better).
My curiousity is piqued, though. We've got Novell here gearing up for a breach
of contract lawsuit against SCO, partially involving a major deal with MS that
Novell is entitled to a major chunk of. We've got IBM over there bringing to
bear a major countersuit, partly involving an investigation of SCO's parent
group. And now we've got SCO's parent group involved in a major deal with
Microsoft, who's touting something that directly competes with an established
Novell product and now a newly purchased Novell buisiness (SuSE).

Somehow I think that when Novell files their breach of contract suit there'll
be some amount of discovery in there pointing at both MS and Canopy. Seeing
what this and the IBM countersuit bring to light in the next couple years is
going to prove to be vastly entertaining.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 02:28 PM EST
Hate to take up MS' side on this, but actually the proposed software solves a
real problem for many in enterprise computing, namely: "users can't
handle passwords."

The number one ticket type to hit our internal IT help desk (35,000+ users) are
password problems. Moving to a single password would be worth the savings in
help desk costs alone. (Even given MS products' shaky reliability.)

I'm not saying the MS products THE answer but there are quite a few people
looking for some sort of answer to this problem.

[ Reply to This | # ]

We've been here before -- Microsoft cannot be trusted
Authored by: Anonymous on Monday, January 19 2004 @ 02:34 PM EST
It's not hard to find previous examples where Microsoft has pretended to support a technology, while their real goal was to destroy it, or take control of it.

OS/2 was one obvious example.

Java was another, as demonstrated by these quotes from the evidence in the Sun vs Microsoft case:

Memo to Bill Gates from the manager responsible for Microsoft's Java strategy:

> When I met with you last, you had a lot of pretty pointed questions about Java, so I want to make sure I understand your issues/concerns....

> 1. What is our business model for Java?

> 2. How do we wrest control of Java away from Sun?

> 3. How do we turn Java into just the latest, best way to write Windows applications?

> 4. What are we doing to leverage/expose Windows to Java developers?

Microsoft's pricing strategy paper for its VJ++ development suite:

> The "strategic objective" of its new toolkit is to "Eliminate/contain cross-platform Java by growing the polluted Java market," "migrate and lock Java developers to Win32 Java," and ultimately to "kill cross-platform Java by grow[ing] the polluted Java market."

Statement by a Microsoft vice president:

> I would explicitly be different -- just to be different.... [W]ithout something to pollute Java more to Windows (show new cool features that are only in Windows) we expose ourselves to more portable code on other platforms.

Another Microsoft memo:

> At this point its [sic] not good to create MORE noise around our win32 java classes. Instead we should just quietly grow j++ share and assume that people will take advantage of our classes without ever realizing they are building win32-only java apps.

A third example was Microsoft's bait-and-hook support for Windows APIs on Unix (Bristol's Wind/U technology) as reported in this story from The Register:

> By 1996 Gates is wondering if "by creating cross-platform solutions we risk weakening the Windows franchise - hurting ourselves rather than let Netscape hurt us."

> Neault's staff are writing that they want "the WIN32 layer to be fairly mediocre in performance and feature coverage. We want it to be just good/cheap/timely enough to get a lot of people to use it," and that "we don't want it to work too well. A non-objective is total redeployment of Windows on Unix."

The idea was to push customers who relied on these APIs in the direction of Windows NT:

> Neault actually devised a list of technologies to "jerk" from the source, describing it as a "beautiful" list which removed "the technologies that third-parties are going to try their damnedest to put on Unix."

Or, as Microsoft's Jim Allchin put it:

> "What we're trying to do is to get Netops to add NT services to their existing Unix networks and to migrate over time all of their services to NT."

Given these past examples, only a fool would trust a free offer from Microsoft.

[ Reply to This | # ]

Why SCO bought license from MS?
Authored by: kberrien on Monday, January 19 2004 @ 02:38 PM EST
The Vintella auth stuff was sold from SCO to Vintella if I remember correctly.
Perhaps this explains (previous article, PJ question) why SCO bought the MS
license, to create this auth package.

Another interesting thing, regardless if you don't believe the MS proxy war
through SCO theories, we can see a definate connection between SCO, Canopy, and
MS towards Linux competition in terms of products.

Perhaps that makes the proxy war theories more possible, who knows....

[ Reply to This | # ]

CBR bites SCO
Authored by: Anonymous on Monday, January 19 2004 @ 02:39 PM EST

[ Reply to This | # ]

  • CBR bites SCO - Authored by: Anonymous on Monday, January 19 2004 @ 03:41 PM EST
Cygwin is already free
Authored by: Anonymous on Monday, January 19 2004 @ 02:40 PM EST
I'm surprised that in all this discussion no one has mentioned Cygwin! Cygwin,
which is now owned by RedHat, provides a Unix-like environment on all flavors of
Windows, to allow porting software over. It even includes an X server, which
Microsoft's SFU does not.

[ Reply to This | # ]

  • We have : ) - Authored by: Anonymous on Monday, January 19 2004 @ 03:12 PM EST
  • I installed SFU - Authored by: Anonymous on Monday, January 19 2004 @ 04:05 PM EST
    • I installed SFU - Authored by: Anonymous on Tuesday, January 20 2004 @ 01:29 AM EST
Story about the new SEC filings
Authored by: Anonymous on Monday, January 19 2004 @ 02:58 PM EST

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 03:07 PM EST
Hi All,
My experience with Services for Unix goes back a long way, and I happen to know
a bit about it's history and how it was created.

Essentially, it's a implementation of a BSD Unix that happens to use the NT
Kernel and Process scheduler as it's core, which is how it manages to integrate
with NT hardware. It runs as it's own subsystem (so when Win32 has died, it
keeps running, and vice versa). So long as the Win32 sub-system is quiet, it
can even benchmark similarly to standard Unix kernels.

The complete Posix2 specification is supported, and GCC is the compiler, along
with all the headers, etc, etc, that you would even need.

For such a long time, people have (such as myself) considered the Posix.1
implementation that they implemented and shipped to be a sham. Some Posix
porting experts setup Softway Systems, and set out to re-write the Posix1
implementation from scratch, and extend it to be fully Posix2 compliant.

Ultimately they did it, and towards the end of that process got purchased by
Microsoft. As far as I've ever been aware, this has been available for
purchase for ages, though something that they easily could have made available
for free.

My perception of this is that Microsoft would be very much of two minds about
this -- they don't want to risk users developing and entrenching themselves
with *REAL* Posix-type applications (remember - Win32 is *so* *not* Posix
compliant!), and then being forced to maintain this forever (I mean, how could
people prefer something not inven^H^H^H^H^H home-grown by Microsoft over
something like Win32??), but they have to do something about the flack over
"if I can't get there from here, then I'll just run Linux" type
noise. Ultimately, if it sells licenses, then so be it, right?

As a technical type, I'm excited. This tool goes both ways, and I'm going to
make the most of it -- I can now bring my OSS tools to my NT customers, and say
here - look at these apples. I can do it without having to do the Cywin
craziness. I can do it, and have them run fast. I can ensure that even if they
don't want to jump all the way in this week, that I can at least get their feet

Let's face it - Linux/BSD/Unix has a *lot* more market share to win than
windows does, and Linux/BSD people in particular are motivated, clever people.
Who wants to bet that we can make better, cleverer use of this tool? What's it
going to take so that users can say "No Take Backs!", and make it

I think that so long as *all* mainstream operating systems have a nice common,
publicly agreed up standard for program interfaces (eg: something like... Posix2
[like we have anything else that could fit the bill]), then I believe that it
will be possible to move applications back and forth. So long as that is
possible, then users' risk of vendor lock in is fundementally much lower.

[ Reply to This | # ]

TCO studies?
Authored by: Anonymous on Monday, January 19 2004 @ 03:15 PM EST
I wonder if all the wonderful analysts in the world of IT are going to do
studies into the TCO and ROI of usingthis system to migrate to Windows? Laura
Didio? That guy at Forbes? Anyone? ;^)

After all, when Linux is proposed as an enterprise system, they are happy to
shout about the costs involved in retraining, new skills etc, so surely the same
applies to people moving from Linux to Windows?

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 03:24 PM EST
And I thought I could use Samba to interconnect My Linux server with my Windows

You know, like configure Kerberos, configure SMB, add the Linux account to my
domain, and POW, I only need to create users on AD in order to access all my
Linux SMD shares on any of my linux servers.

Okay so it's not perfect and the Samba team says we shouldn't use it in
production. But you know what. I'll take a Linux/Samba in Beta mode over a
final version of the same M$ service any day. At lease, if it craps out, I know
I can get help from actually competent people...

Oh's free too.

No guns, no bombs...just brains
The way it should be.

[ Reply to This | # ]

Pay him later?
Authored by: DaGoodBoy on Monday, January 19 2004 @ 03:34 PM EST
No, pay him now...

First, look at the Services For Unix (SFU) FAQ:

http ://

"Q . What are the licensing requirements for Windows Services for UNIX?
"A. Server component client access license (CAL) requirements are governed by the Microsoft Windows Server™ 2003 or Windows 2000 End-User License Agreement. CALs are required to the extent that any Windows Server service is used."

Next, Check out the "Client Access Licensing Requirements" for Windows Server 2003: mspx

"With Windows Server 2003, CALs are no longer triggered based on the use of certain services but are instead based on access to and/or use of the server software."

Yes, Services for Unix no longer costs $99, but that was small change anyway. The real money is made because you still need to pay for a client access license (CAL) for a client to legitimately access the server. This is typical Microsoft.

For example, the SFU authentication bridge that allows Unix accounts to authenticate against Active Directory uses the Active Directory service and triggers the need for a CAL. You can pick your model of User CAL or Device CAL, but regardless you are obliged to pay for use.

Let's say you have an enterprise with 1000 users and hundreds of client systems running Linux/Unix systems. Since you now have all your authentication tied to the Windows Active Directory service, you are obliged to pay about $40 for the User CAL for each account, or $40,000 dollars. And if you get into a multi-year "Enterprise License Agreement" you will pay some amount yearly and then pay some more to "true up" your licenses after the inevitable contract ending audit.

If you've not dealt with software licensing, you might be surprised to know that most large companies hire employees whose only value to the company is to keep them compliant with license agreements. Put that in your TCO pipe and smoke it! Go Gnu!


[ Reply to This | # ]

  • Question.... - Authored by: Jude on Monday, January 19 2004 @ 05:03 PM EST
  • Pay him later? - Authored by: Anonymous on Monday, January 19 2004 @ 06:40 PM EST
  • Pay him later? - Authored by: Anonymous on Tuesday, January 20 2004 @ 12:17 AM EST
Authored by: Anonymous on Monday, January 19 2004 @ 03:42 PM EST
I wouldnt be surprised if Vintela's product was simply Samba 3 rebadged.

Samba 3 now has the capability to join an Active Directory Domain, to do
Kerberos Authentication, to authenitcate against LDAP etc. and has features that
make setting this up a heck of a lot less confusing than with Samba 2.x

I've never heard of Vintela before, and it seems rather timely that shortly
after Samba 3 is released with precisely the capabilites they claim, that this
product appears from nowhere.

There is nothing illegal about this - Samba is GPLed, but if Vintela have
modified it with MS proprietary code, they will have to release those changes to
the community. Lawsuits ahoy!

What Microsoft is deathly afraid of is for companies to turn MS's control on
its head, and make the MS servers the slaves, with a UNIX machine running Samba
3 as the primary Active Directory server.

Thats exactly what I am planning to do with our Windows network here, and I
imagine I am not the only one.

[ Reply to This | # ]

  • SAMBA 3 - Authored by: Anonymous on Monday, January 19 2004 @ 03:49 PM EST
Open Letter on Copyrights, From Darl McBride, CEO
Authored by: Anonymous on Monday, January 19 2004 @ 03:57 PM EST
The reference letter from Darl is interesting indeed. Especially the idea
embodied by the quote "SCO argues that the authority of Congress under the
U.S. Constitution to “promote the Progress of Science and the useful arts…”
inherently includes a profit motive, and that protection for this profit motive
includes a Constitutional dimension. We believe that the “progress of science”
is best advanced by vigorously protecting the right of authors and inventors to
earn a profit from their work.".

Not in his wildest dreams. But: Imagine if this notion would be supported by the
Courts and enforced. The GPL would be struck down. And programmers the world
over would collectively be owed thousands of trillions of dollars in back wages
because of unpaid overtime. Imagine the corporations that would be
systematically wiped from the face of the earth and the legions of patent and
copyright lawyers that would have to find honest jobs or go hungry.

And in the end: Open source would rein anyway!

[ Reply to This | # ]

MS Services for AIX next? (Dark humor)
Authored by: Sunny Penguin on Monday, January 19 2004 @ 04:21 PM EST
No wonder SCO wants the newest AIX source.....

SCO directly to jail, do not collect two hundred dollars.
BTW - I could never become a Lawyer.(I ID ten tee)

[ Reply to This | # ]

Is that Kerberos or "MS-kerberos"
Authored by: Totosplatz on Monday, January 19 2004 @ 04:41 PM EST
I imaging it is the embraced, extended and stolen
"MS-kerberos" rather than the legitimate, public,
Internationally Standard kerberos.

All the best to one and all.

[ Reply to This | # ]

One good thing about MS and Vintela's press release
Authored by: RedBarchetta on Monday, January 19 2004 @ 05:03 PM EST
I suppose you can draw one positive from this announcement.

It will take about 1 or 2 months of development time for the world of open source developers to develop something that is more secure, more useful, and certainly more customizable (read: conform to your wants/needs). Not that this isn't already available, or soon to be.

MS and Vintela can make all the announcements they want. In the end, the computing community knows that anything that Canopy, certainly Microsoft, touches is about as trustworthy as two jackals guarding a hen-house.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: tump on Monday, January 19 2004 @ 05:18 PM EST
Why is it so hard for people to see and understand that Microsoft will attempt to handle the open source movement the same way it's always handled ANY other type of business threat.

What's the typical way? Microsoft buys out a company and either A) starts selling the product itself, or B) kills it off. If neither option is available, they marginalize the competition. Getting away with this *is* their business.
The whole process we're seeing with SCO is the most complex iteration of this style. Step 1 is to establish ownership either through purchase or the court system or intimidation or whatnot and don't be fooled into thinking that this isn't happening. Linux is just the next Netscape.

The school bully didn't have to go through the court system to claim ownership of your lunch money - he only got away with what you let him get away with.

[ Reply to This | # ]

Who knows?
Authored by: Anonymous on Monday, January 19 2004 @ 05:24 PM EST
I have read posts saying Novell gets 95% of the Microsoft license fees;
however, SCO's own revised SEC filing appears to allow for no money
going to Novell.

This discrepency is a concern. If SCO claims all Sun and Microsoft fees
for itself in its latest representations to the SEC, why do outside parties
state Novell receives 95% of these payments?

SCO's two SEC filings provide me the only objective facts. I admit I do not
know whether Novell is going to see any license money.

[ Reply to This | # ]

  • Who knows? - Authored by: Anonymous on Monday, January 19 2004 @ 05:38 PM EST
  • Who knows? - Authored by: phrostie on Monday, January 19 2004 @ 05:55 PM EST
  • Who knows? - Authored by: phrostie on Monday, January 19 2004 @ 06:00 PM EST
  • Who knows? - Authored by: Anonymous on Monday, January 19 2004 @ 06:06 PM EST
  • Who knows? - Authored by: Anonymous on Monday, January 19 2004 @ 06:14 PM EST
OT: Financial Times - 'The Most Hated Man'
Authored by: jobsagoodun on Monday, January 19 2004 @ 05:33 PM EST
The FT have an article ( which unfortunatley is subscription only.
BUT the summary was good enough for me!

"Software industry finds new villain
Darl McBride, the most hated man in the software industry, will be nowhere in
sight when software developers converge on for the annual Linux World
convention. It is probably just as well. 19:31 | Read"

[ Reply to This | # ]

Just who/what is Laura DiDio ?
Authored by: Hygrocybe on Monday, January 19 2004 @ 05:55 PM EST
Time after time, I see the name of Laura DiDio praising Microsoft and its
products. I get the strong impression however that if the Linux community or
Linux software does something (usually for free) then it is wrong, but if
Microsoft does the same thing, then her stance seems to be that this is good and
'great for the American way'.

Right....I'll probably regret this, but would someone like to tell me who or
what Laura Didio is and why she is qualified to make the statements she does ?
She does not appear to work for Microsoft, or does she ? Does she have
computer qualifications other than personal interaction knowledge ? What on
earth is driving someone to make statements that (to me)fly in the face of what
is actually happening ? I could search the net, but I suspect many of Groklaw
readers will have a much better knowledge of the lady that I will find on the
net. Actually, come to think of it, asking this question might be useful for
the Groklaw data base and journalists in other countries asking the same

Lamington Nat Park

[ Reply to This | # ]

In it for the freedom?
Authored by: Anonymous on Monday, January 19 2004 @ 05:59 PM EST

This is an old strategy--split the opposition.

From where MS sits, some of the Enemy are in it for the Freedom, and some are in
it for the Unix, and some are in it for the (No) Money. So give them Unix for
No Money, and two thirds are happy. That isolates the Free as in Freedom

If you put the pieces together, it says Unix won't run on your network unless
Microsoft says it can. This is like Samba in reverse--a Primary Domain
Controller for Unix,
betting that it costs more to manage the network than
to the differential advantage of Unix over Windows box
by box.

If I had to guess.

Freedom was never even an also-ran in the
Enterprise world. This strategy will separate the
No Money Unices from the Free OSs for sure.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 06:33 PM EST
it's kinda weird how MS needed SCO licensing to get Services for Unix, since
it's based off OpenBSD, part of the family of BSD code that is supposedly
"untouchable" by SCO because of the earlier settlement during the
last big unix lawsuit war...

[ Reply to This | # ]

Rejoice! This is a Good Thing(tm).
Authored by: TobiasBXL on Monday, January 19 2004 @ 06:46 PM EST
Hi PJ,

I don't see why this MS give-away is so bad. Well, of course I'm aware of their intentions and motivations but everyone downloading and using this software has own intentions and motivations that mustn't necessarily be the same as Microsofts.

My own reason to give that software a try is the simple fact that I now have a free (as in"free beer") NFS client which would have otherwise cost me plenty. I can now use a central NFS server and connect both Windows 2000 clients and my Linux machines. This is opening grounds for Linux server machines in my organisation where there are up to date only Windows 2000 clients. As soon as the Linux servers are in place and integrated I can promote Linux clients too.

I guess 90% of users downloading that utility set didn't have in mind what Microsoft was asking them, prior to downloading... "No, I don't want to switch to Windows 2003 Server. I want to switch from Windows to Linux. Why the heck can't I state this in this stupid form?!"

So lean back. Enjoy the music and see how this free give-away benefits us and not them. :-)

Besides, anybody really thinking about actually using the server components like NIS on Windows is in for some nasty surprises. The software may be labeled with "3.5" but it should rather be "0.35pre_alpha". Stable isn't exactly the word I would use to describe their NIS try.


[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: SilverWave on Monday, January 19 2004 @ 07:00 PM EST

So this creature from hell would be called?

Suggestions please...


"Unless stopped I believe they will walk away from the rotten, decaying
corpse that is SCOG a lot richer" :-(

Stopped it is then.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: blinky on Monday, January 19 2004 @ 07:01 PM EST
Unix Services for Windows provides (From

Seamless Integration
Powerful SDK

Better Manageability
Robust Scripting Environment
Better Security Support
Improved Internationalization Support

Increased Availability
Faster Performance

So what does windows provide?

[ Reply to This | # ]

Linux ABI; where's our fee?
Authored by: Anonymous on Monday, January 19 2004 @ 07:26 PM EST
SCO is demanding money from Linux users for licencing of their ABI; if this is
based on the Linux ABI, can't Linus get a hefty fee from MS on the back of

An interested bystander

[ Reply to This | # ]

OT: SCO offers IP license in Oz./Nz
Authored by: Anonymous on Monday, January 19 2004 @ 07:45 PM EST

The SCO Group has started selling its intellectual property licence in Australia
and New Zealand, according to a company media release.

The licence costs $A999 per server processor and $A285 per desktop processor.

"By purchasing the license, customers are properly compensating SCO for
the UNIX source code, derivative UNIX code and other UNIX-related intellectual
property and copyrights owned by SCO as it is currently found in Linux,"
the release says.

[ Reply to This | # ]

Vintela product
Authored by: Anonymous on Monday, January 19 2004 @ 07:50 PM EST
What shows the ignoance and ineptitude of Canopy is that a GPL product exists
that already does this and has done so with stability for longer as they have
been in development with this VAS product. The Samba guys developed winbind
with the idea of allowing Samba servers to authenticate remote users through a
Windows DC and/or Active Directory (I reccomend you leave your AD in mixed
mode). Extending that even further, using the flavor of PAM (Pluggable
Authentcation Modules) that comes with most Linux distributions you can plug the
Linux systems' authentication into Active Directory via the Samba winbind
component. Thus, the Linux systems can authenticate locally and through Active
Directory as a given username requires.

This comes in real handy when you inherit a Windows environment and you wish to,
in a tightly integrated fashion, move critical and/or less than stable services
off of Windows and on to Linux (DHCP, DNS, Dial-Up, etc...). My Dial-up users
dialed into a Linux box (unknowingly to them) and used their Windows username
and password to authenticate. And as an admin, I never needed to know their
authentication credentials (to copy accounts) and never needed them to enter
their password for their account setup more than once.

All of the file servers, print servers, dial-up systems, and other authentacted
services ran silently on Linux as if they had been meant to all along. It was
only used with the IT staff, but Linux workstation access also authenticated
through AD.

The point is that this is not unique, it is not novel, and it is certainly not
innovative. IT professionals who need integration have had it for quite some
time. Purists will note that Samba can act as a Windows PDC and turn the whole
equation on its head.

As an IT manager that had to live with a legacy decision, I used Linux as the
first line of defense to protect and maintain the integrety and stability of the
Windows servers and workstations. No Windows service including Exchange touched
the Internet directly. Web sessions were transparently passed through Squid.
Exchanged talked to a border Postfix system (scoring/filtering SPAM and removing
viruses in and out and rejecting email for invalid users verfied real time on
the Exchange AD so it did not clog the Exchange queue - Exchange performs nicely
when it has nothing to do :). All ingress and egress went through a Linux
firewall and access control.

So from a Linux-Windows integration point of view this is nothing new nor
required. If you need to integrate Linux, it implies that you have accepted the
concept of GPL'ed software in the professional IT environment and thus what is
one more outstanding GPL product?

Woody <>

[ Reply to This | # ]

This Actually Has Value
Authored by: hbo on Monday, January 19 2004 @ 07:51 PM EST
Devil's advocacy here.

SFU solves a business problem. Having more than one authentication database sucks, and costs real dollars. NIS security sucks. NIS+ is more secure, but it's complex as hell, and not all clients will run NIS+, so you end up with NIS compatibility mode, which means you are still exposed to the horrific sunrpc drain bamage. Kerberos is a good solution for authentication, but you can't use $8/hr entry level admins to administer it. AD is comparatively easy to administer, and uses Kerberos underneath. The AD security model is actually pretty good, although the platform is highly suspect, both from a security point of view, and because you have to trust Microsoft so much.

There are authentication systems that use similar technologies to AD (basically LDAP + Kerberos) on Unix. I haven't seen them, but I'm willing to bet that reasonably usable GUIs exist for such systems. But because Microsoft controls Windows, none of them allow single sign-on. The exception that proves the rule is Samba 3.0, whose winbindd allows an AD user database to authenticate access to a Unix system. It does this on the Unix side, but your single database is still AD. Microsoft, as always, was very clever when they designed AD. The interface for clients is relatively open, which means it's easier for folks to authenticate against the AD than to get Windows to authenticate against some external database. (The first is hard and the second impossible. Thus, the first is easier.)

They are also being clever when they offer Unix API compatibility. After all, they are trying to get people to give up Unix and move to Windows. The point is not that a customer would move to Windows to take advantage of SFU, but that SFU makes it easier for them to do so for other reasons. It thus greases the skids for customers to fall into the iron grip of platform lock-in. They don't control Cygwin, and it has that nasty GPL attached to it besides, so they go for a BSD derived suite commercialized in a way that they are familiar with. But the main thing is they can control it for their benefit.

These guys fight dirty. It doesn't pay to underestimate them. It's also useful to understand their real strengths in the marketplace. Some of these are engineered by the aforementioned dirty tricks, but some they just stole from Apple and others. Those, however ill-gotten, are nevertheless real benefits that appeal to business. AD really is easier to administer. If you can fire a couple of sysadmins on the Unix side with high salaries, and replace them with one gum chewing undergrad, that increases their "value proposition." (I know, the sysadmins probably add value not considered in this analysis, and the undergrad probably can't handle the whole load, but this is how the proposition may appear to the CFO.)

"Even if you are on the right track, you'll get run over if you just sit there" - Will Rogers

[ Reply to This | # ]

Hey Didio.....
Authored by: RSC on Monday, January 19 2004 @ 08:40 PM EST
What the TCO of *free* MS Services for Unix?


An Australian who IS interested.

[ Reply to This | # ]

MS's version of "service"
Authored by: scott_R on Monday, January 19 2004 @ 09:09 PM EST
Is it just me, or does MS's and Billy Gate's version of service not match my
own? I mean, when I read most of their "articles" and
"recommendations", I feel serviced, no doubt about it.
Unfortunately, it seems to be the kind of "servicing" that requires
you to hold your ankles and not tell anyone about. :)

Maybe B.G. shoulda been a priest...

[ Reply to This | # ]

OT: Is Boies firm still involved?
Authored by: Anonymous on Monday, January 19 2004 @ 09:10 PM EST
Is Boies firm still involved in this mess?

The reason I ask, is it seems rather a long time since we last hard from them, and all the recent filings and appearances seem to involve others associated with SCO.

5 Dec 2003: Kevin McBride turns up to oral arguments (and this is the first we discover that Darl's brother was involved, although he had apparently been involved since at least February-ish). B
What's more - nobody from the firm SCO is paying millions too (Boies firm) even attends!

18 Dec 2003: Ryan Tibbitts, SCO's general counsel signs the Linux ABI and certification letter

12 Jan 2004: Ryan Tibbitts, signs the affidavit and certificate of compliance. Hasn't every previous filing by SCO, in SCO v IBM, been signed by Heise (?? - I'm not sure)

9 Feb 2004 (future): Ryan Tibbitts will accompany Chris Sontag and Darl McBride to do their dog and pony show at Harvard [whereas at SCOforum, we had Mark Heise, in substitute for Boies who was the original listed poster].

I don't put too much significance into any one event, but collectively, I'm thinking, perhaps that I'm starting to see a pattern.

What's happened to Boies, and Heise recently?

[ Reply to This | # ]

[Customer Demand] MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 09:27 PM EST
I hate to pour water on the conspiracy theories, but having _one_ centralized
directory is exactly what large corporations are clamoring for. It's a royal
pain to run two separate authentication domains. Being able to put everything
into one centralized LDAP server is exactly what customers want, and it appears
USFW and the Vintela product are doing exactly that. Now of course, I'd
personally prefer to use some other LDAP server besides Microsoft's Active Dir,
but if I were a mostly Microsoft site (which many are) the integration would be

From a product strategy point of view - having everyone migrate to your
repositories is a 'good thing' - I wouldn't expect anything less of Microsoft
or any other competitor in this space.

Sorry to bust the bubble on the conspiracy theory here. If there are
conspiracies (and who knows, maybe there are), this isn't it.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: BigTex on Monday, January 19 2004 @ 09:45 PM EST
This issue highlights the biggest challenge facing Linux....Ease of use or lack
there of. As a current MS user that desperately wants to move to Linux, ease of
use of MS products will keep me locked in and keep Linux at bay for the

Example: I have installed Lycroris Linux on an IBM Thinkpad that ran Win 95. I
did this in hopes of becoming familiar enough with Linux to dump Windows on all
of my machines. Now I am not a techie but proficient enough to network office
PCs, install software and act as the "tech Support" for my office.
Yet I cannot get Lycroris to talk to my windows machine even with built-in
SAMBA. My XP machine can see the Linux box but not the other way around. I
have posted to the BBs, surfed the web for work-arounds, emailed Linux pros all
to no avail. I even downloaded Open office but cannot install, MOUNT or
otherwise get the damn thing to run. I am relatively sharp and basically
fearless but ROOT, MOUNT and other Linux terms make no sense what-so-ever!

Here I am a fairly profcient guy who wants to leave MS. A guy the HATES Bill and
MS. A guy that has tried to install Mandrake and RedHat on old boxes with no
success. Until linux is as easy for me to use, install etc. as Windows Linux
will not win. Time is not on our side! This war will not just be won in the
back office but on the desktop as well.

MS knows that people will trade stabilty and security for ease of use. Remember
in many companies the guy writing the check to buy Hardware and Software is not
an IT guy. MS has a long and successful history in beating better products
through ease of use. Rememebr Win 1.0-3.x? Micro$oft out Mac'ed the
Macintosh, they Out-Netscaped Netscape and now they are trying to out-unix UNIX
and LINUX. The know that people will use their crappy offerings and give them
the crucial time they need to build a better or equal product that provides an
better user experice and ease of use.

Why did IE beat Netscape? because it was easier to came with Windows.
And eventhough the first 3 versions sucked, IE is the dominate browser. (I use
Firebird-BETA which is AWESOME but no one thinks it will dominate like IE.).
Look back at the history of Word & Excel. It is users like me that Linux
must appeal to and soon! While the successes in the backoffice are impresssive
this battle will be lost on the desktop! Non-techies like myself must be able to
easily install, manage and use Linux and its software or price, stabilty and
security will not be enough to win our hearts and minds.

The current MS moves highlight the well used strategy that Bill and Co. are
using. They are planning to make managing Linux/Unix as easy as using windows.
When they do this they will have Assimilated us all in manner befitting the

How do we keep this from happening? Make Linux easier to use than Windows XP
How do we do this? Take a page from their playbook...we out-Windows, Windows.

Everyone here knows OSS is the most effective way to build Best In Class
software. We need to focus that enery and skill on making Linux easier to use
then XP or even OS-X. When anyone can easily install and manage Linux then MS
is done! MS understands that the ease of use is their strength (along with a
monopoly and $50 Billion). If OS-X (Jaguar) ran on Intel/AMD machines right out
of the box, we would have a new dominate OS. Linux needs to be as good or
better ,from an ease of use standpoint, then OS-X.

I want to leave the clutches of MS but I need help? I cannot do it alone
easily. The FOSS community can stop MS in it's tracks if it makes Linux the
easiest, most stable and most secure OS out there. The clock is ticking...We
don't have until 2010, The year Linus perdicts a Linux desktop will be ready
for prime time. This war will be over, I fear by 2006. Once MS convinces the
masses and the IT guys that they can manage UNIX/Lunix easily with MS products
on MS Servers...we are going to be in big trouble.


PS: If someone wants to help me get this damn laptop runnig please email me @ I will call you back. I am in CST. THANKS!

[ Reply to This | # ]

ActiveDirectory and Linux
Authored by: Anonymous on Monday, January 19 2004 @ 10:26 PM EST
Actually this is not as bad as it seems, and I do NOT think that it will hurt
Linux the way people here think, at least not yet. In fact this could

Microsoft's strategy is simply to ease cost of migration from Linux and more
importantly, proprietary UNIX in order to make it easier for people to consider
Windows. Will they consider Windows? Lets consider the following:

1: While Microsoft claims TCO is cheaper with Windows, more people continue to
migrate to Linux from Windows than vice versa, despite interop problems.

2: NIS while simple to administrate is sorely lacking in many regards for large
networks (flat namespace, etc.) LDAP is better, and I applaud the attempt to
allow Linux clients to use AD.

3: IBM is working hard to ensure that there is full AD DC support in Samba,
ensuring that the accounts can always be migrated BACK to Linux.

This could very well backfire, as it also removes a number of obstacles to
integrating Linux workstations into a Windows environment. It also does not
sufficiently provide vendor lockin from a MS Perspective.

[ Reply to This | # ]

OT: MS takes on Teen
Authored by: Anonymous on Monday, January 19 2004 @ 11:10 PM EST
Microsoft Takes on Teen Over Web Site

Another sign of M$ plans of world domination.

Seems Microsoft can't take a joke, So...

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: elrond_2003 on Monday, January 19 2004 @ 11:20 PM EST
Link on computerwire (and other places) SCO's Evidence Begins to Unrave talks of someone trying to see through SCO's "evidence"

free as in speech.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Monday, January 19 2004 @ 11:20 PM EST
Hmmm, no wonder MS helps another Canopy Group company with a lawsuit seeking to
destroy the GPL. If they want to embrace and extend Active Directory to linux,
they'd it in the kernel--and that means they'd have to GPL the code. That
means everybody could see how it works, and what vulnerabilities and limitations
exist. There might even be (gasp!) third party patches to make it better and
more (such as crippling the .NET "features"). That's no way to run
a monopoly.

[ Reply to This | # ]

At Last!
Authored by: Anonymous on Monday, January 19 2004 @ 11:23 PM EST
AT LAST! Now I can get viruses, trojan horses and worms in my Linux
applications! I've felt so left out ... so lonely ... never any stories to
tell at parties ... Now I'm going to have cool war stories too!

[ Reply to This | # ]

Time for a VAS-ectomy
Authored by: Anonymous on Tuesday, January 20 2004 @ 01:21 AM EST
for Darl, Ralph, and their cohorts. We don't really want any more of their
type on the planet.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Tuesday, January 20 2004 @ 03:53 AM EST
So let me get this right. SCO sells M$ a UNIX license so
M$ can build a product that allows SCO users to migrate to
Windows. That makes business sense how? And then they go
and remove M$ from the list of competitors in their SEC


[ Reply to This | # ]

MS offers Trojan Horse for Free
Authored by: Anonymous on Tuesday, January 20 2004 @ 06:16 AM EST
Although I have no doubt that SFU will be useful for some administrator, it is a
trojan horse. If M$ is really interested in interoperability, the offer of
hosting accounts have to be bi-directional. What we get here is a lock-in where
you are forced to pay M$ for the privelege of hosting your data on your machine.
Nevermind the security problem, why will *nix administrators want to build their
home directories etc on M$ with all the associated trouble and hassle when there
is no tangible benefits?

If users want to have their files visible on both Linux and Windows without
incurring extra cost, try Samba. Its definitely more mature.

[ Reply to This | # ]

[OT]Microsoft gets green light to punish OS-less PC vendors
Authored by: bruce_s on Tuesday, January 20 2004 @ 06:30 AM EST

A Register article about the MS-DOJ "Seattlement" , which mentions that selling PCs without an OS get a reduction in the savings they recieve from MicroSoft when preinstalling their OS on the other PCs. The article is here

Bruce S.

[ Reply to This | # ]

His Billness on The Perils of Open Standards and The Joys of Customer Lock-in
Authored by: Wesley_Parish on Tuesday, January 20 2004 @ 07:16 AM EST

IBM planned to recover with a one-two punch, the first being in hardware, and the second in software. It wanted to build computers and write operating systems each of which would depend exclusively on the other for its new features. Competitors would be either frozen out or forced to pay hefty licensing fees. The strategy was to make everybody else's "IBM-compatible" personal computer obsolete.

The Road Ahead, Bill Gates, "Lessons From The Computer Industry", pg 62

In April 1987 IBM released its one-two punch, which was supposed to beat back the imitators. The "clone-killer" hardware was called the PS/2, and it ran the new operating system, OS/2.

The Road Ahead, Bill Gates, "Lessons From The Computer Industry", pg 65

[...] [IBM] would encourage the adoption of new versions of its operating systems by releasing hardware that required the new operating system software, or it would release operating system software that customers would need new hardware to run. That kind of strategy might've worked well for mainframes, but it was a disaster in the fast-moving personal computer market. IBM could still command somewhat higher prices for performance equal to its competitors'. but the world had discovered that lots of companies made IBM-compatible hardware, and that, if IBM couldn't deliver the right value, someone else would.

The Road Ahead, Bill Gates, "Lessons From The Computer Industry", pg 61

Some commentators like to conclude that IBM made a mistake working with Intel and Microsoft to create its PC. They argue that IBM should have kept the PC architecture proprietary and that Intel and Microsoft somehow got the better of IBM. But the commentators are missing the point. IBM became the central force in the PC industry because it was able to harness an incredible amount of innovative talent and entrepreneurial energy and use it to promote its open architecture.

The Road Ahead, Bill Gates, "Lessons From The Computer Industry", pg 57

IBM's early business decisions, which grew out of its rush to get the PC to market, made it easy for other companies to build compatible machines. The architecture was for sale. The microprocessor chips from Intel and Microsoft's operating system were available to any startup. This openness was a powerful incentive for component builders, software developers, and everybody else in the business.

The Road Ahead, Bill Gates, "Lessons From The Computer Industry", pg 55

To me, Microsoft's one-two punch with Palladium-Digital Rights Management and Longhorn, given that Bill Gates has expressed his awareness of what closing a previously open architecture will do, looks like deliberate corporate suicide. I find it hard to imagine how he can justify it.

Well, anyway, here's something to do - take this issue up with your investment advisor or whatever. Point out that Bill Gates knows pretty well what will happen to the value of Microsoft's stock once he starts the lock-in of Longhorn and DRM - from what Bill Gates himself says in "The Road Ahead", he knows exactly what is going to happen. Allow the investment advisor to discuss it with other investment specialists, etc. Then sit back and watch Microsoft backpedal like it's going out of style - either that, or face a lot more and a lot worse than it's previously imagined possible.

finagement: The Vampire's veins and Pacific torturers stretching back through his own season. Well, cutting like a child on one of these states of view, I duck

[ Reply to This | # ]

Authored by: johan on Tuesday, January 20 2004 @ 07:29 PM EST
"According to Grettenberger, Services for UNIX 3.5, combined with VAS identity management, is a best-of-breed authentication solution for customers who are integrating Windows, UNIX, and Linux environments. [my emphasis]
When I hear the expression "best-of-breed", I always think "pre-f**ked" (as in "you don't have to screw it up yourself, we have breed it for you").

Somehow this phrase is always used by a market-oid as a positive feature. The techies know it means that the product is an unholy bastard of marketing checklist items and so refrain from using it.

[ Reply to This | # ]

MS and Canopy Group's Vintela Offer to Reduce Your Security For Free
Authored by: Anonymous on Tuesday, January 20 2004 @ 07:58 PM EST
perhaps I've got my head on backwards, but it has always struck me that the
name of this "product":
Windows Services for Unix
is exactly BACKWARDS from what it actually is. What it really is is:
Unix Services for Windows
I.e., you now have unix(-like) services sitting on top of a windoze OS.

Can anyone explain why the original name makes any sense at all, other than as
more MS-style obfuscation. (and maybe the fact that it puts their name first in
the title, not that of the "enemy").

[ Reply to This | # ]

AD integration in Unix - better now than tomorrow
Authored by: Anonymous on Wednesday, January 21 2004 @ 05:53 AM EST
While the analysis of the legal affairs around SCO in this site are excellent,
most posters (and PJ, I'm afraid to add) have obviously no contact with IT
deployments with 10,000s of users.

Active Directory is one of the best directory and authentication solutions
available. Unix vendors have nothing that parallels it. There are no equivalent
Open Source solutions. Novell's eDirectory is on par, in parts it is better;
but when AD gets a tight integration into Unix authentication, that might give
MS the leading edge. And I'm all for it. Those who don't want it, should work
on an infrastructure that is as good as AD.

Disclaimer: I'm a CEO. I'm pro OSS, in fact I pour 10,000s of Euros every year
into OSS support. Our infrastructure is Linux based. (Personally, I'm using
Linux since 0.99.4) We are partners of Sun PS. We are partners of IBM GS. But we
are also partners of Microsoft. That's because we look for the best solution of
our customers, and not for a religion.

Joachim Schrod

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )