|
|
| MS and Canopy Group's Vintela Offer to Reduce Your Security For Free |
 |
|
Monday, January 19 2004 @ 09:13 AM EST
|
It's free. No doubt you've heard Microsoft is offering Services for Unix free. Now you can use 90% of your Linux applications on Windows. Your dreams are coming true. 90%. So quit switching to Linux, you guys. They must think we like GNU/Linux software because of the applications.
Um, didn't Uncle Darl preach that giving software away is anticapitalistic? Destroying the economy and all that? I could have sworn he said that. Anyway, Microsoft is doing it. Again. Later, they say, Services for Unix could be integrated into Windows, because their license with SCO allows them to do that. Could be. Erm, does 'later' mean after they destroy all Linux competition in the server space, by any chance? And guess who they are partnering with to bring you this product? Vintela. Does the name sound vaguely familiar? Yes, that Vintela, the privately held Canopy Group company. Oh my.
And guess how long they've been holding hands and working together? Two years. Two years of work to give the end product away. Why, it's positively a threat to the economy. Somebody write your Congressman, quick. This must be stopped before it spreads. Free software, indeed. That's not the American Way. When you read the "benefits" of this product they worked so hard on, a lot of things fall into place. Your blood pressure won't fall, though, that's for sure. It's positively bone-chilling.
Services for Unix software "helps integrate Unix and Windows and supports migrations of Unix applications to the Microsoft platform", according to Linux Insider. Free sounds perfect to Laura DiDio, when it's Microsoft doing it: "'Free is a smart strategy,' says Laura DiDio, an analyst with the Yankee Group.
"'Microsoft is trying to make good and trying to make better with its customers. I'm impressed with what they are doing. They have learned from their mistakes and they don't want to repeat the sins of past years.' One of those sins, DiDio says, was changes in the company's software licensing program, which served to alienate users.
"Microsoft also has enhanced integration with Active Directory, which will allows users to manage NIS domains from the Microsoft directory. The integration, along with applications from third-party vendors, will help Microsoft flesh out its emerging identity management strategy. . . .
"One such partner, Vintela, has upgraded its Vintela Authentication Services (VAS) for Services for Unix 3.5. The VAS software runs on Unix servers and workstations and uses Kerberos or LDAP for authentication instead of NIS.
"'Ours is a NIS migration strategy, you don't run NIS on your network any longer,' says Matt Peterson, CTO for Vintela. 'We are the holy grail of identity management. People want integration not synchronization [between Unix and Windows].'
'Microsoft's Oldroyd said Services for Unix would remain a separate product and there are no immediate plans to bundle it or build it into the Windows operating system even though Microsoft has the right to do so under a licensing agreement it signed with The SCO Group last year."
People want integration? What people? I don't want that, thanks. But like it or not, they have a plan. Here's how it works, according to Microsoft's explanation: "For the last two years, Vintela worked with Microsoft Corporation to create Vintela Authentication Services (VAS), an interoperability product that UNIX and Linux system administrators can use to seamlessly integrate their authentication needs with the user management tools in the Active Directory® directory service. With Microsoft Windows Services for UNIX you can extend Active Directory to store UNIX account information for users and groups, which provides cost savings by reducing the number of management points for user accounts. . .
"VAS provides the ability to recognize UNIX users of Windows Services for UNIX in real time and integrate their UNIX accounts—plus a Kerberos network authentication system and the LDAP protocol—with Active Directory, a central component of the Windows platform. Active Directory implements the Kerberos 5 protocol authentication standard to provide a high level of security. VAS uses Kerberos encryption to help protect sensitive user credentials from being seen 'in the clear' and to extend network and user security to all platforms.
"VAS extends the reach of Active Directory to UNIX and Linux systems, so administrators can centralize their user identity authentication needs within Windows. VAS extends that reach even further with Services for UNIX 3.5. The result is a secure, easy-to-use solution for managing a single user identity natively in Active Directory across a mixed UNIX, Linux, and Windows environment.
"According to Grettenberger, Services for UNIX 3.5, combined with VAS identity management, is a best-of-breed authentication solution for customers who are integrating Windows, UNIX, and Linux environments.
"With a VAS-enhanced user authentication solution, the customer realizes a complete migration to Active Directory while retaining all the advantages of the feature-rich Services for UNIX tools. Combined, VAS 2.2 and Services for UNIX 3.5 solve the migration problem from UNIX Network Information System (NIS) to Active Directory. NIS is a naming and administration system for UNIX networks. . . .
"Using NIS, each host client or server computer in a system has knowledge about the entire system. A user at any host can get access to files or applications on any host in the network with a single user identification and password. With NIS clients, Services for UNIX helps solve interoperability issues between UNIX and Windows with tools such as the Two-way Password Synchronization and Server for NIS components, which reduce system administration time by centralizing network management across UNIX and Windows platforms.
"'Using VAS as the second stage in a migration process is compelling for those who have used Services for UNIX to import user accounts to Active Directory and wish to migrate from NIS-based identity management,' says Grettenberger. 'Together, the Vintela and Microsoft products securely bridge the gaps that prevent network management across UNIX, Linux, and Windows-based computers. VAS and Services for UNIX offer an interoperability solution in which access control is determined by enterprise policies instead of by platform. . . .Some enterprise organizations have standardized their business infrastructures on Microsoft products, specifically Windows 2000 Server and Windows Server 2003, Windows XP, and the numerous programs associated with them. . . Therefore, it is only natural that a new centralized authentication and management system would employ Windows Active Directory instead of a UNIX or Linux alternative."
From Linux to Active Directory. Why would anyone want to go that direction? Linux accounts under the thumb of Microsoft. Can I get a second opinion before you schedule this surgery, please? Maybe I'm not looking at it from the DRM perspective, the way Daddy Microsoft would like me to. If I make that mental adjustment and realize what's good for Microsoft is good for me, then I notice the bottom line "benefit": "Because VAS fully integrates with Kerberos encryption, VAS-enabled UNIX servers become full participants in the Windows-based identity management and authentication infrastructure. Therefore, many Microsoft management and reporting tools automatically become available to UNIX users. All users have logon accounts and passwords in Active Directory so they can securely access critical systems and applications across all platforms, eliminating the need for custom-built password synchronization scripts. Having one directory for identity management—instead of multiple directories or synchronization scripting—reduces costs. . . .
"Consolidating information into the central Active Directory repository means that user account information also can be managed from a central location, across multiple cities, states, or countries. Centralization yields a consistent approach to administration, better compliance with information security, and a standard administrative interface that reduces administrator-training requirements."
So. That's the plan, Stan. Centralization of your passwords and stuff. Under Microsoft's thumb. And watchful eye. With maybe some RIAA and Warner Bros. friends happy if they DRM everyone on Planet Earth even if it means destroying some very important things for the rest of us. Like privacy. And our security. And freedom. Do they really expect to sell the idea that going to Microsoft from any Unix environment will *increase* security? And putting all your sensitive data in one place. Yes, that'll increase security, for sure. Not. Privacy? Well, a man who reportedly has cameras in his house keeping an eye on his guests wherever they go probably doesn't grok the concept. In short, Microsoft would like to be your Big Brother. You can pay him later.
|
|
|
|
| Authored by: Anonymous on Monday, January 19 2004 @ 11:29 AM EST |
I knew that it would end up being another Microsoft's scheme to hurt its
competitors when it was called OpenNT and Interix. Can I have Laura's job,
please?
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 11:36 AM EST |
Wow! So now I can use <A
HREF="http://www.deadly.org/article.php3?sid=20030927090008">BSD
code</A> to emulate Linux on Windows!
Seriously though.. nobody migrates just for the heck of it, people aren't going
to move to Windows just so they can run Unix applications.
(Nor are they going to move to Linux to do the same.. Re: Why Linux hasn't
taken over completely)
[ Reply to This | # ]
|
| |
| Authored by: SkArcher on Monday, January 19 2004 @ 11:38 AM EST |
If this goes anywhere near a hospital computer in the UK its a breach of
regulations. Time for me to pitch Linux to the medical database departments. Not
that I wasn't already doing that, but this is good news.[ Reply to This | # ]
|
| |
| Authored by: fjaffe on Monday, January 19 2004 @ 11:38 AM EST |
I wonder if this detailed integration with Active Directory uses information
that Microsoft refuses to make available to others, or for which it wants
exhorbinant fees and unreasonable conditions under the licenses that so few
companies are willing to sign up for. Does anyone know?
Is this one more way of adhering with the letter of the consent agreement, but
not complying with the spirit? [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 11:39 AM EST |
. . . or Microsoft should do what Apple did and rewrite the whole thing on top
of BSD. Only THEN would I believe in Microsoft security.
Didn't old Caldera once say it wanted to GPL Unix but it had too many
copyrights? Well, after SCO get shredded, maybe whoever is left with Unix should
make the effort to get those coyrights assigned to the FSF, however long it
takes.
[ Reply to This | # ]
|
| |
| Authored by: keanu on Monday, January 19 2004 @ 11:40 AM EST |
I just now discovered the linux portal on ibm.com. Never thought of surfing to
an IBM linux page, but now I just clicked on an ad on linuxtoday.
Have a look. Interesting things what IBM thinks of linux.
http://www-306.ibm.com/e-business/doc/content/lp/linux_everywhere.html[ Reply to This | # ]
|
| |
| Authored by: Ares_Man on Monday, January 19 2004 @ 11:42 AM EST |
<some_remote_form_of_sarcasm>Why would anyone want to run evil free open
source applications on Windows anyway? Aren't open source apps inferior,
anyway? I guess it's not the apps that matter, it's the OS! I guess it makes
good business sense to sell your soul to Microsoft so that you can get a sweet
taste of what FOSS has to offer while being safe from the possibility of being
infected by its viral properties.</some_remote_form_of_sarcasm>
<misquote>"Open Source Software is a viral cancer that will destroy
the economy and the world. Oh, by the way, would you like to run some of it on
Windows?" -- Bill Gates[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 11:43 AM EST |
Admins here have been ordered to look in to SFU with an eye toward easing the
transition from Windows to Linux.
[ Reply to This | # ]
|
- Backfiring ? - Authored by: Anonymous on Monday, January 19 2004 @ 12:29 PM EST
- Backfiring ? - Authored by: Anonymous on Tuesday, January 20 2004 @ 05:25 PM EST
| |
| Authored by: Cambo on Monday, January 19 2004 @ 11:46 AM EST |
<<'Microsoft's Oldroyd said Services for Unix would remain a separate
product and there are no immediate plans to bundle it or build it into the
Windows operating system even though Microsoft has the right to do so under a
licensing agreement it signed with The SCO Group last year.">>
Does that sound like a note of caution to you? It does to me. I get the
impression that they are hedging their bets slightly, in view of Novell's
assertion that SCOX had no right to grant M$ that license!
By keeping Services for Unix as a seperate, FREE, downloadable add-on, at least
M$ will be able to discontinue or remove it if neccessary.
Cambo
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 11:48 AM EST |
This might be a realistic solution to centralized account management between
Windows and Unix. Is there some other viable strategy for a large enterprise
that I'm unaware of? Because I investigated every solution I could find, and I
talked to RedHat, Sun, and Microsoft. I can't find a Unix/Windows account
integration setup that doesn't use Windows as the master, and is actually a
viable solution for a company of nontrivial size.
Perhaps you're suggesting that I set up a Samba PDC? And when Microsoft
deliberately breaks the functionality with the next service pack, I can't
install a security update, and no one can log in. Or they break it subtly so
that it appears to work at first and only breaks after I've had time to upgrade
every machine. They've done it before, it's how they operate. I have to expect
it from Microsoft.
It doesn't please me to think of Unix machines authenticating and authorizing
users based on a MS setup. But I need a viable solution that works on Solaris,
Linux, and Windows. I want the lowest TCO, which is why I want centralized
account management in the first place. Any conceivable way it could break
catastrophically needs to be prevented or the system will never be approved.
(and if I'm not honest about the risks, it's my head)[ Reply to This | # ]
|
- MS and Canopy Group's Vintela Offer to Reduce Your Security For Free - Authored by: Anonymous on Monday, January 19 2004 @ 11:59 AM EST
- MS and Canopy Group's Vintela Offer to Reduce Your Security For Free - Authored by: Anonymous on Monday, January 19 2004 @ 12:11 PM EST
- Yes, it's called eDirectory - Authored by: Anonymous on Monday, January 19 2004 @ 12:12 PM EST
- MS and Canopy Group's Vintela Offer to Reduce Your Security For Free - Authored by: Anonymous on Monday, January 19 2004 @ 12:33 PM EST
- LDAP? - Authored by: Anonymous on Monday, January 19 2004 @ 12:50 PM EST
- MS and Canopy Group's Vintela Offer to Reduce Your Security For Free - Authored by: jonabbey on Monday, January 19 2004 @ 12:55 PM EST
- Netware - Authored by: penguin_roar on Monday, January 19 2004 @ 12:59 PM EST
- Take a look at Novell's offering. - Authored by: Anonymous on Monday, January 19 2004 @ 05:19 PM EST
- MS and Canopy Group's Vintela Offer to Reduce Your Security For Free - Authored by: surak on Monday, January 19 2004 @ 11:28 PM EST
- LDAP offers cross-OS authentication and authorisation - Authored by: Anonymous on Tuesday, January 20 2004 @ 02:12 AM EST
- MS and Canopy Group's Vintela Offer to Reduce Your Security For Free - Authored by: Anonymous on Tuesday, January 20 2004 @ 11:32 AM EST
| |
| Authored by: seeks2know on Monday, January 19 2004 @ 11:49 AM EST |
Thanks for showing us what Microsoft is really seeking to accomplish.
By centalizing all security within Windows, all of the rest of the servers
becomes slaves under the Windows server's control. Of course, given
Microsoft's history in the area of security and uptime availability, I can't
imagine why anyone would be interested.
How often do we see Windows servers compromised by worms and viruses? Can you
be confident that your enterprise security will be protected by Microsoft?
How often will you need to update the Windows OS and reboot? Since this machine
is the single point of access control for the enterprise, how much will the
company's productivity suffer?
But to the degree that Microsoft is successful, they exert a much higher degree
of control within the organizations that do adopt this.
Of course, if Linux and UNIX developers worked like Micorsoft has in the past
(i.e.; DR-DOS, Microsoft Messenger, etc.), then they would make some trivial
changes that would break this interoperability. :)
It's a great thing that we don't think the same way.
---
"Convictions are more dangerous enemies of truth than lies." -
Friedrich Nietzsche[ Reply to This | # ]
|
| |
| Authored by: Ares_Man on Monday, January 19 2004 @ 11:52 AM EST |
Consolidate all your UNIX system passwords into one .NET passport for free. :P
This seems like yet another potential MS "embrace and extend" tactic
to me.[ Reply to This | # ]
|
| |
| Authored by: k4_pacific on Monday, January 19 2004 @ 11:54 AM EST |
Of course Services for Unix is a two way street that can be used to migrate
towards Unix/Linux...
Microsoft Offers Linux Migration Software for Free
By Suzie Lennox
Hydraulic Press News Services
REDMOND, WA - Microsoft has made available for download from its website Windows
Services for Unix. Previously, the product sold for $99, but has been made
available for free to help companies to migrate away from Windows towards
Linux-based solutions. The latest release features improved performance and
broader support for Win32 APIs.
Windows Services for Unix is a compatibility layer that runs on Linux to allow
legacy Win32 applications to be compiled and used on Linux. For applications
which cannot be compiled, it features an emulation package similar to WINE, but
with all of the hidden APIs implemented and with support for .NET web services.
Additionally, it also features a suite of GUI-based Linux administration tools
patterned off the GUI applications used to configure Windows 2000.
"We at Microsoft listen to our customers, and many are telling us they
want to run Linux," said Microsoft spokeswoman Sharon Fudd. Fudd added,
"With that in mind, we developed and released Windows Services for Unix.
Services for Unix enables seasoned Windows developers and administrators to
readily adapt their skills to the increasingly popular Linux operating
system." With this product, Microsoft points out, they hope to carve out
a niche for themselves in the increasingly Linux dominated information
technology industry.
Microsoft had developed a reputation among IT professionals that they were
unwilling to help them deal with portability and security issues. In a recent
survey of technology professionals, two-thirds of all respondents said they
would like to replace Windows with Linux throughout their enterprise. Of those
who reponded this way, a whopping 97% felt that Microsoft was not doing enough
to help them migrate to Linux.
"The real motivation behind this release is the portability issue,"
Fudd adds. "Our customers want to run their applications on a variety of
platforms, and this package enables them to do so."
Following the release of Windows Service for Unix, SuSE Inc., experienced what
it initially thought was a distributed denial-of-service attack on its FTP
mirrors around the world. When it realized that it was actually throngs of
legitimate downloads by persons eager to get rid of Windows, SuSE issued a
statement telling everyone to "pace yourselves, there is plenty of Linux
to go around."[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 11:57 AM EST |
Microsoft only has schemes to hurt it's competitors these days, they certainly
can't innovate and create something new. They most certainly will give
interoperability with UNIX away for free until they own so much of the server
market that they can safely recoup their expense by increasing the cost for
Windows (and yes, Services for UNIX will definitely be integrated forcing
everyone to pay for it whether they need it or not.)
-pooky[ Reply to This | # ]
|
| |
| Authored by: svyerkgeniiy on Monday, January 19 2004 @ 12:01 PM EST |
I can understand your apprehension about Microsoft moving into this area, given
their Roman-esque approach to conquest, but I think there are deeper meanings
behind this move. Notwithstanding Microsoft's (and SCO's) hypocrisy where
"free software is a cancer" except when given away by proprietary
companies, to me this seems a larger shift than you might think.
For years and years and years Microsoft has steadfastly refused to provide any
real link to the non-Microsoft world. Why not have COM on UNIX? Why not mount
and browse NFS shares under Windows? Why can't Macs participate in
ActiveDirectory? Absolutely no technological reason, just Microsoft's
paranoia. But now... suddenly you can.
To me this seems like they're realizing that customers are willing to shift
away from Windows if it means they can't integrate other OSes. Whole countries
are shuffling off Microsoft's proprietary coil. It seems like a form of, shall
we say, competitive response? An enemy they can't squash or dominate must be
competed with.
As for the ActiveDirectory part, well that's something that will be highly
attractive to businesses. It's the businesses that want all the centralized
control and administration that ActiveDirectory brings; I can verify that
because my clients have networks that are so locked down that I can't download
an EXE-- even in a ZIP file-- without having someone with authority do it for
me. Microsoft won't really control this, nor have access to it, they're just
providing companies the means to do it with. Do the security control models
mesh well? Probably not, as is typical with MS design. But it might stop
people from hopping to linux as quickly if they can have some linux machines
integrated into their networks without changing absolutely EVERYTHING.
BTW, it's free software but it's not OPEN software. So it won't ruin the
economy according to those crrrrazzzzy economists because no one else can take
the actual code. And you do pay for it with Windows, or perhaps you already did
when you bought Windows 95 and they put all that cash in the bank.
So to me it seems like it's the response of a company scared into competing and
providing a useful product.
--dv[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 12:04 PM EST |
Sounds like it's time to start up another antitrust investigation. MS got
nailed (albeit far too gently) for trying to take over the browser market with
"free" software, so how is trying to take over the server market --
while conspiring with Canopy Group companies (and possibly others) for the
software and litigation tools to do it -- any different?
As for Ms. Didio, as PJ implied, she says "free" is OK for MS, but
not Open Source. The English language is rich in words to describe someone who
does what she does, starting with hypocrite. She must believe no one can
recognize a writer whose journalistic integrity begins and ends with her
paycheck.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 12:06 PM EST |
In a truly mixed shop (not a -migrating- shop), LDAP would seem to be the way to
go. Just about everything can authenticate against an LDAP server these days,
and the protocol is truly lightweight and well understood.
At my college we use LDAP for Linux login authentication, Windows login
authentication, Netscape webmail authentication, and for many web
applications.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 12:16 PM EST |
Perhaps Microsoft felt by helping to fund the litigation against Linux by proxy,
and obtain a license from SCO - it would have a legal instrument to put Linux
code into it's products without having to honor the GPL. It strikes me as a
great way for Microsoft to rip off some code.
To give some insight to into the mind of Bill Gates and why this is certainly
plausable - here's a neat link:
http://www.usdoj.gov/atr/cases/f2000/gates6.pdf
A wonderful transcript of Gates. Very bright man, except he seems to have a
problem understanding what words mean.
Here's more:
http://cyber.law.harvard.edu/msdoj/trial.html#transcripts
Meet your new big brother.[ Reply to This | # ]
|
| |
| Authored by: lightsail on Monday, January 19 2004 @ 12:20 PM EST |
SFU is free now, but at what point will buying "client licenses"
become a necessity?
What will a "Microsoft SFU 5.0 client license for Windows 2005
server" cost?
This could be a means to migrate organizations to Exchange or other MS servers
instead of Unix based products.
Will SFU allow you to use DRM Office 2003 documents? Will you need to purchase
Office for Unix 2005 to keep extend functionality?
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 12:27 PM EST |
From an admin and programmer point of view, how much effort is VAS,
really? It's
- an additional set of LDAP parameters for Active
Directory (template available for free on the Internet)
- Kerberos
(interoperational if "extended" out of the box),
- a Microsoft Management
Console extension allowing easy editing of the new LDAP parameters.
- an LDAP
- NIS exporter (a simple LDIF parser works)
- a method for decrypting the MS
passwords and exporting crypt() passwords to the NIS file.
- Oh - and the NIS
server code from BSD.
That's what - a day's work? Two? Plus testing, I
suppose. Of course, no-one except MS can get it done, because authentication
protocols (step 5) are exempted from the settlement IIRC.
VAS changes little
except in a NIS environment - Samba-3 with winbind does the rest already. In
fact, if they paid Canopy more than a pittance for this work, I'd say it was a
backhand payout. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 12:28 PM EST |
Hmm... I wonder if Vintela is one of the nine companies that have licensed
Microsoft's protocols?[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 12:29 PM EST |
I think MS should have named the product "Services and Tools For
Unix" so the abreviation would be "STFU".[ Reply to This | # ]
|
- SNAFU - Authored by: bstadil on Monday, January 19 2004 @ 01:35 PM EST
| |
| Authored by: davcefai on Monday, January 19 2004 @ 12:33 PM EST |
1. Think about it. Now you can get a Blue Screen of Death while running a Linux
application. I rather miss the things.
2. I'm running out of keyboards. I have to stop drinking coffee while reading
GrokLaw.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 12:35 PM EST |
I have not seen any indication that MS has open-sourced this product.
It therefore provides all the risks that their proprietary OS has.
Additionally we can now infect our FOSS applications with MS code by running
them on top of it.
Unless the Services for UNIX 3.5 code is OPEN (and even then the MS OS can reach
up from below), one runs a substantial risk by coupling FOSS applications so
closely with such a (OS privileged) product from a vendor that has been found
guilty of using illegal practices to compete.
Little true security here. Move on.
[ Reply to This | # ]
|
| |
| Authored by: Ares_Man on Monday, January 19 2004 @ 12:41 PM EST |
Since, I only have access to Windows at work here, I do use Open Office, GIMP,
and GCC on Windows.[ Reply to This | # ]
|
| |
| Authored by: phrostie on Monday, January 19 2004 @ 12:52 PM EST |
i realize that quite often i take an overly simplified view of things, but what
microsoft has done is very similar to the OpenCD project. It seems to me that
this Migration tool can go both ways.
existing MS shops can use it to start testing Linux/OSS. once they are ready,
the final jump will be relitivly painless. does anything in the licence of the
MS unix tools prevent this?
it will also be interesting how long it takes them to figure this out? recheck
the licence terms every few weeks and see how long it takes them to change the
licence to add a catch.
---
=====
phrostie
Oh I have slipped the surly bonds of DOS
and danced the skies on Linux silvered wings.
http://www.freelists.org/webpage/cad-linux[ Reply to This | # ]
|
- Migration bridge - Authored by: Anonymous on Monday, January 19 2004 @ 03:17 PM EST
| |
| Authored by: Sunny Penguin on Monday, January 19 2004 @ 01:00 PM EST |
I do not have the exact quote, but I remember our <sarcasm> favorite CEO
</sarcasm> telling us "The SCO Group has not had any talks with
Microsoft outside of normal market operations" or something like that.
Can anyone find the exact quote?
It seems that Canopy was doing the conspiracy while The SCO Group
<sarcasm> knew nothing </sarcasm>.
Another reason to "pierce the veil" (or vile in this case)
---
SCO directly to jail, do not collect two hundred dollars.
BTW - I could never become a Lawyer.(I ID ten tee)[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:00 PM EST |
| Vintelas products are sold by SCO. Very
interesting. [ Reply to This | # ]
|
| |
| Authored by: jonabbey on Monday, January 19 2004 @ 01:05 PM EST |
Well, of course Microsoft wants Active Directory to be the One Ring To Rule
Them All.. that's been obvious for years. The fact that they are now providing
the tools to actually make AD useful for managing Unix and Linux systems isn't
something to be so paranoid about, I don't think. Of course MS will do what's
in their best interest. Of course signing on to run your enterprise with
Microsoft software gives them great leverage over you. There's nothing new
here.
As I mentioned in another post, it's possible to run a
data-mastering service on Unix and just send data over to Active Directory to
maintain password synchronization. We've been running in that mode for years,
using our home-built Java Directory Mastering Suite (Ganymede -- our servers are down
today for a power outage, should be up this evening CST) to handle our NIS, DNS,
and AD mastering.
You always have choices, even if MS does make it hard
to do some interoperability operations (locked password hashes) for arguably
valid security reasons.
Finally, if you're interested in NIS-to-LDAP
migrations, check out Luke Howard's PADL
Software down in Australia. Luke is the author of RFC 2307 for supporting
NIS clients with an LDAP server schema, and he has contributed code to Samba TNG
as well. I don't think anyone knows more about NIS on LDAP than Luke does. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:08 PM EST |
Does anyone else expect that there will be some big privacy violations coming
out of this> In other words, customers who sign up to start using Vintela's
'product' will suddenly find that their contact information has been passed to
SCO, which will ask whether they have paid their SCO taxes? And then of course
Vintela will answer all technical support quesitons with "I'm sorry, but
we don't support customers who are using pirated versions of UNIX. Please pay
your SCO tax and call back."[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:09 PM EST |
Novell has had this capability for quite some time, but it uses eDirectory
instead of AD (duh!). They just recently released an update to the Nsure (note
the capital N, get used to it linux folks) that allows integration of Linux,
Windows, Notes, SAP, ... (the list goes on) user accounts under one umbrella,
but still allows local control. Nice thing is, eDirectory runs quite well on....
linux.
I am an old Novell hand, and for many years now, they have been preaching the
mantra of making it all work, together. Not as an attempt to take over, but to
cooperate.
Since this is a legal info site, let me throw this into the ring. Check out
what is happening to the MikeRoweSoft.com site.
http://www.cnn.com/2004/TECH/internet/01/19/offbeat.mike.rowe.soft.ap/index.html[ Reply to This | # ]
|
| |
| Authored by: fjaffe on Monday, January 19 2004 @ 01:10 PM EST |
| Saw this article, Global legal action
looms over use of Linux on Financial Times. Favorite
quote McBride - SCO is: "trying to work through these things
without going to court". Personally, I have to say I find
that somewhat hard to believe. I guess "work through" means, if you pay us our
extortion money, we won't go to court with you. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:13 PM EST |
| Has anyone dissected the EULA associated with this product? [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:15 PM EST |
"Embrace and Extend" comes to mind ... as does "When Microsoft
brings you flowers, they'll be decorating your grave."
While I, like most Groklaw'ers (Groklawyers?), wouldn't blink if Redmond, WA
was smote from the face of the planet tomorrow, exactly what did the FOSS
community really expect Microsoft to do? Allow Linux to nibble away at market
share for a decade or so until MS was left without a customer base?
I don't think the Unix Services project is much of a surprise, and by the
description above, it sounds fairly tame. Further, I think the overwhelming
opposition to the package is a bit misguided, since MS has reasonably abandoned
all hope of winning back the Linux evangelists.
Think about Microsoft strategies for a moment ... OK?
SFU is one tool in a huge toolkit they're going to unveil over the course of
three to five years. Microsoft knows better than anybody, you can't win a
market overnight with just a single product. I'll repeat for the sake of
clarity: People like those who read Linux Journal and Groklaw aren't the
customers they expect to get with this product.
MS didn't 'own' the World Wide Web with just IE. In fact, IE versions 2 and
3 never matched up favorably against the comparable Netscape Navigator versions,
and it wasn't until IE 4 that MS really gained a firm grip on the market. Not
coincidentally, by the release of IE 4, the 'companion' products required to
'embrace and extend' were infecting the back office and desktops: Internet
Information Server, FrontPage, and FrontPage Extensions.
Looking back further, there is the model of MS Office. The Office product line
didn't just appear out of a cloud of smoke. It was very carefully planned and
pieced together to systematically overtake WordPerfect, Lotus 123, etc ... It
took about a full decade to evolve into the bloated talking paperclip that it is
today.
What SFU is positioned to do is - first and foremost - stop the bleeding.
Microsoft now holds a card to counter one of the most powerful FOSS packages
available: Samba. Is it the same thing? No. But to an individual who isn't
versed in Unix'ese, it sure does sound a lot like Samba in reverse. SFU gives
Microsoft an 'in' to a generation of point-and-click system administrators who
run Apache on Linux for speed and stability, but aren't proficient enough to
administer sub-services for Apache such as users and domain (aliases).
There is an old saying that seems to be pretty popular amongst old wiring closet
hacks, "If the only tool you have is a hammer, all your problems are going
to look like nails." In other words, get the right tool for the job. I
assert that the number of wiring closets and server rooms around the globe which
run hybrid installations with various flavors of Windows, Linux, and other OSes
is far, far greater than many people suspect.
What many seem to not acknowledge, despite the Halloween papers, this SFU
project, and the Red Hat box in the court room plea, is that Microsoft has
/already overcome/ the single, biggest challenge to beating back the threat of
Linux, which was recognizing Linux as a threat. Now that the Redmond area is
over the initial shock that someone would dare enter their market space, they
can now throw considerable time and effort (and billions and billions of dollars
doesn't hurt) into squashing it.
SFU will be a cornerstone, a 'glue', to ease the integration and management of
hybrid networks. Think of it as your typical Microsoft bastardization of
something that kind-of (but doesn't really) resemble Samba and a healthy dose
of PERL. Once Microsoft has convinced a sizeable number of point-and-click
admins to administer Linux via Windows with SFU, and not pursue the alternate
route of Windows via Linux with Samba, MS will dump a slick interface on top of
it, roll in a couple of 'snap-ins' to administer Apache, BIND, and Sendmail,
maybe another 'snap-in' or two to easily start and stop your System V managed
services, and so on and so on. Once MS has proved they've suitably 'embraced'
Linux by integrating everything about into the MMC (Microsoft Management
Console), /then/ they'll actually unveil all the crap to try and kill it.
In any event, I posit that if _IBM_ had released SFU, everyone here would be
100% in favor of it and declare it the greatest thing since sliced bread. ;-)
Windows 95 had The Rolling Stones.
Windows XP had Madonna.
I'm placing my bet that Longhorn has Bachman-Turner Overdrive ...
"You Ain't Seen Nothing Yet"[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:27 PM EST |
... so if you need a user license for each Active Directory login, now MS
can charge your enterprise for each time a user logs in to your Linux or
Unix boxes.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:30 PM EST |
| The Ft now has an article on the SCO case. looks looks
primarily to be Darl
quotes though.
FT
Story [ Reply to This | # ]
|
| |
| Authored by: Nick_UK on Monday, January 19 2004 @ 01:32 PM EST |
Make my blood boil yes.
But far worse is the situation we have now...if, IF SCO get anything from the
courts, then who will be the main player? M$, of course.
Now, I know all the facts are against SCO and their wild claims, but the LAW is
an ass sometimes, and stranger things have happened (remember OJ?).
This could be the start of the beginning of the end of a free Internet (free, as
in beer).
Nick[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:40 PM EST |
An old woman offers Snow White a juicy red apple.
Jim Jones offers his congregation some refreshing Kool-Aid.
Picard offers the Borg an interesting geometry puzzle.
The Greeks offer the Trojans a magnificent wooden horse.
...
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:45 PM EST |
This announcement is the sound of only one foot step. The route is too
long to fully describe here. There are other foot steps because M$ is
coolly executing its business plan (this thesis has legal import).
As for the impact on non-M$ users, the enabling technology was first
distributed in Windows 2000 and would appear irrelevant to most
groklaw readers. I was concerned when it escaped the public
discourse surrounding the M$ case. However, M$ has prepared for the
current foot step:
First, M$ borrowed OSF's (now OG's) DCE RPC and extended it just
enough to be incompatible with the DCE standard used by other server
vendors. Specifically, it is one-way interoperable with M$ in control.
Second, M$ borrowed MIT's Kerberos and, yep, extended it just enough
to be incompatible. See above.
Third, M$ borrowed LDAP, and you know the pattern.
All the above is commonly characterized as middleware. These are
necessary for authentication, authorization, file system sharing, etc.
between computers. Now, people might appreciate my longterm view.
Thus, ever since Windows 2000, M$ has been in the enviable position of
interoperating just enough with computers from other vendors that the
other vendors' computers will not "work" with M$. Other than
possibly
the Judgement Decree, M$ appears to be raising no legal concerns and
marketing sucessfully but not innovating unless to create barriers for
users.
Now, back to the current step, M$ is bundling the capability to run UNIX/
FSF applications on its OS, and M$ is bundling the capability of managing
UNIX/Linux security/identity with its OS. M$ avoids triggering the GPL
until someone else to destroys the GPL.
Ignoring history and morality, you might do the same...if DOJ allows it.
Remember, end users pay for the best choice for themselves according
to standard micro economic theory (sorry, in a free market, ideology
eventually loses). If M$ works with other OSs but other OSs do not work
with M$, you can draw your own conclusions.
As for the next M$ steps, I am smug that M$ will really knock your socks
off with their bold moves.[ Reply to This | # ]
|
| |
| Authored by: kuwan on Monday, January 19 2004 @ 01:45 PM EST |
I just took a look at Canopy's web site to check the list of Canopy-
infected companies and I can no longer find any mention of them. What
happened to all of their "portfolio companies?"
Maybe their companies have been taking too much heat from the SCO
lawsuit. Can anybody find the list of Canopy companies? or is it gone
forever?[ Reply to This | # ]
|
| |
| Authored by: the_flatlander on Monday, January 19 2004 @ 01:49 PM EST |
VAS extends the reach of Active Directory to UNIX and Linux
systems
Extends the reach? Just say "no."
Of course, this
is an improvement; in the past Micro$oft has sought to
charge me big bucks to reduce my security. Still, and all, I can do without it.
Nice try though, Bill, really.
TFL [ Reply to This | # ]
|
| |
| Authored by: anthonyrcalgary on Monday, January 19 2004 @ 01:49 PM EST |
There's nothing wrong with MS doing this.
Think about it... Apple supports UNIX-ish software, and all the other vendors
support it by virtue of being a UNIX themselves. Microsoft is the only one that
didn't. And now they're doing something wrong by making something a lot of
people desperately want a free add-on for the OS? And this move increases
compatability with other stuff?
I'm sorry, but I can't see a thing wrong with that. *I* use Linux primarily
for the software. Windows is more convenient, and FreeBSD is a better OS. Will I
use Windows now? I dunno. I can't imagine paying for it, maybe on a laptop that
I can't build myself.
Free software is, to me, about making software available to everyone, even if
they use Windows. Now people can do that with much less effort. Good for
Microsoft.
Their motives don't matter, to me, if it makes my life easier.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:53 PM EST |
" In short, Microsoft would like to be your Big Brother. You can pay him
later."
Pay with your soul and the reduction of your individuality.
1984 arrives a bit late courtesy of Microsoft and others that 'know' whats
best for you, reminds me of a tardy security patch for an OS, except this patch
will be applied universally without your approval.
rage against the dying of the light...[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 01:54 PM EST |
| Didn't Vintella spin off from SCO in or about Feb 2003? [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:02 PM EST |
Wow... This is fantastic news. Microsoft once again
shows just how it's supposed to be done and opens
up new avenues for the enterprise.
I seriously think Microsoft has gone bananas. Linux
is just driving them batty.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:07 PM EST |
I heard a rumor that Novell might actually own the copyrights to UNIX. Will
Microsoft offer indemnification to protect me from a lawsuit if that turns out
to be true?[ Reply to This | # ]
|
| |
| Authored by: PJP on Monday, January 19 2004 @ 02:09 PM EST |
| This is an area that gets close to home for me, so I feel that I can comment
on
it. In this (very unusual) case, I think I may end up arguing
for
Microsoft (amazing, but true ...).
What Microsoft are doing is
making their first inroads into Identity Management,
which is the big
thing at the moment for a lot of companies.
Identity management goes way
beyond keeping a username and password. It
associates a resource with a set of
policies. Those policies can be user
specific, or they can be based on a group
or role which an individual user
can be associated with. This allows very fine
grained control of what a user
can do. It goes way beyond allowing a user to
login to a given machine.
The problems with the existing solutions
are:
- They focus on web based applications - mainly because its easy
to
drop a plug-in into a web server to talk to the policy server to control
al
access at this convenient "choke point", and they use either the URL or
cookies
to pass the authentication credentials which is the next
issue:
- Passing authentication credentials around is difficult. HTTP is
mostly ok
because it has defined ways of passing extra data (cookies) and URLs
can be
manipulated to include the data id cookies don't work. Both of these do
require
the use of SSL of course for any real security.
Beyond HTTP things
are not so good. Most existing applications/systems have
no standardized way of
passing extra data, and most are missing the APIs to
allow modules to be aded to
control authentication and authorization outside
the built-in controls.
The
end result is that I can set up a really nice identity control system
to control
access of web based applications, but I can't use it to login
to or control
actions on other systems (Windows, Unix, Linux, etc) or
applications running on
those systems.
This is why portals are becoming so poular, they act
as a web front-end
to many applications, and also as a proxy through which users
have to pass
to get access -- another convenient choke point at which to
appy
identity server policy engine rules.
- There are many different databases
for user authentication, each system
has its own, and they rarely acknolwege
each other's existence.
Each one wants to be master of the universe,
and most
have some sort of facility which can be used to intergate other,
subsidiary
data, but its very to find system which are designed
to act as
peers.
- Some systems use standard databases, but then go ahead and
use
Microsoft-esque proprietary extensions. A good example being the
Identity
Server sold by Sun, which at first glance looks like it is based
upon
industry-standard LDAP, but on closer examination it becomes
obvious that it is
designed to only work with Sun's own LDAP server
because of the dependencies on
proprietary extensions in that server.
Because of these (and other)
issues, actually deploying identity management
for anything other than web based
services is hard to impossibe. Many companies
have deployed Active Directory -
possibly not because they really wanted to,
but because of the tie-in they have
to Microsoft technologies, they have
no choice. Whatever the reason, it is
deployed, it was hard work, and
it cost an an and a leg. AD is also a LDAP V3
compliant LDAP server, so having
put in the investment, there is a strong
tendancy to want to use this as
the LDAP server for the
corporation.
Because most of the Identity Management solutions on the market
can/do use LDAP
as their authentication and policy rule database there is a
strong temptation
to want to centralize all that is possible in Active Directory
and use
meta-directory techniques to handle the rest. Using meta-directories is
a lot
of hard work and a pain to keep up to date, its a moving target.
Then you
find out that your identity server of choice doesn't use pure LDAP
(well, it
does ... as far as the protocol goes, but expects some non standard
things to
happen in the server itself), so you end up having to run two LDAP
servers, AD
and some other, and hopefuly tying them together with
meta directory. A
complicated mess.
Of course none of this solves the problem of passing
authentication credentials
into other applications. There are various
non-standard hacks to protocols,
wrapping protocols in others etc. etc. None of
it neat.
The answer has been around for a long time, and ignored by
almost
everyone - kerberos. Microsoft are the first company to take
kerberos
seriously, and implement it in anything less than a half-hearted
fashion
(take the MIT reference server, load it, take the MIT sample apps and
load
them). This takes care of passing credentials securely and easily, and
the
work required to modify applications to participate is standardized
and
relatively straightforward. Of course, Microsoft has to be Microsoft and
use
(legal) extentions which were not documented, or poorly documented, so
that sort
of took the edge off what was otherwise a really good move.
Having
made the investment in their system and applications to use kerberos,
in
deploying a fairly competent database system with an LDAP interface
(Active
Directory), Microsoft are now well positioned to offer an identity
management
solution that goes well beyond the web-based solutions that others
offer, they
can apply it to any of their products that are not web based,
but which do use
kerberos authentication.
Even better, they have made an investemnt to
provide hooks to all the other
problem-children that people trying to implement
identity service run into
and one of the biggest ones is controling access to
Unix. The NIS extensions
they are offering solve a big part of this problem -
NIS may well be
officially dead as far as Sun is concerned, but it is still very
widely
used, and LDAP is stretched to replace a lot of NIS functionality as
people
who are moving from NIS to LDAP at Sun's bidding are finding
out.
What Microsoft are doing with this Unix Services package goes
way
beyond a few compatability services -- it is the start of their bid
to
own the identity management space. And you know what? they just might
succeed
because their solution is much broader and mich better integrated with
all
sorts of systems which the other solutions can't match.
I have
never been a Microsoft fan, and certainly not a cheerleader,
but credit
where credit is due.
Of course, whether this is a good thing
or not is an
entirely different question,
one I think we all know the answer to -
particularly when
you begin to mix identity management with DRM, which I
am
convinced is the next move - but they will probably want to own
identity
management first -- and this is an excellent first step
towards doing just
that.
[ Reply to This | # ]
|
| |
| Authored by: pitr256 on Monday, January 19 2004 @ 02:11 PM EST |
Sorry PJ, you need to stop writing about stuff you obviously know very little
about.
Integration is key for many businesses and many of these businesses rely on
Active Directory for the authentication of their "normal" desktop
systems. Right now if they have a mixed environment, they have two
authentication services and since they have a huge investment already in one,
why not use it if they can to authenticate their Linux systems. This is
especially true for any company that uses Exchange 200x.
That Microsoft is giving this away shows what a huge threat it thinks of Linux.
But overall, this is a good thing for businesses. It makes the addition of linux
machines to an existing MS network that much easier. Like the Bill Gates saying
goes, keep your friends close, but keep your enemy closer.
[ Reply to This | # ]
|
| |
| Authored by: RedBarchetta on Monday, January 19 2004 @ 02:14 PM EST |
I am pretty sure this was covered earlier, but for the
sake of review I'd
like to submit this. I'm always up for
a good chuckle. Here
is an
article that covers a point vs. counter-point
style debate over Linux.
It seems that the sensible Jan Stafford, one of the
editors for sees the writing on the wall. The other
pinhead editor doesn't. Here are some
highlights:
Jan Stafford:
"Finding market
research firms not beholden to
Microsoft's big purse is like drawing an
ace to complete
your royal flush. It's possible, but the odds are
against
you."
"For example, recent Microsoft-funded
reports by
International Data Corp. and Forrester Research's Giga
unit found, separately, that Linux costs more in
development and total
cost of ownership (TCO) than
Windows. For proof that enterprise Linux
outdoes
Windows in the ways that matter, the only reliable source
is the
corporate IT pro who has used both platforms."
"Windows
breaks frequently. Linux doesn't. That's the main
reason corporations are
switching from Windows to Linux."
"U.K.-based trampoline
vendor Super Tramp has saved
20,000
British pounds (about
$35,000) and experienced no downtime
in the 18 months since the
company migrated from Windows
to Linux, said Rick Timmis, IT director
at Jardine
Prentis
UK Ltd., Super Tramp's parent company. His
decision to
migrate to Linux was cinched when Microsoft introduced its
Volume Licensing Program; under the program, the company
would have had
to pay 20,000 pounds "to remain static"
with an unstable system."
"Although no existing OS is bulletproof, Linux is a
lean
OS, and its open source foundation enables users to remove
features and tweak the kernel relatively easily."
Now for the
counter-point from Paul Gillin, TechTarget
Editor-in-Chief:
"But Linux's success is coming at the expense of Unix,
not
Windows. Linux is going to kill commercial Unix."
"International Data Corp. recently reported that Windows
actually grew its
share in the server market, from 50.5%
in 2001 to 55.1% in 2002. Meanwhile,
the Unix market
has
shrunk by 40% during the last two years,
according to IDC.
Who is Linux hurting most?"
"But Linux is not a threat to Windows or even much of
an
alternative. Let's look at the argument about cost
[..]
Red Hat
just raised prices to $179 a year to support a
workstation Linux
license, all the way up to $18,000 a
year for a mainframe installation
[..] IBM and all the
other hardware companies are just waiting for
customers to
buy in to Linux so they can raise prices on support?"
"A wider variety of software is available for Windows than
for Linux, meaning that IT managers have to spend less
time looking for
solutions and customizing the ones that
they find. Microsoft's
certification program ensures
that
graduates have at least a basic level
of competency.
This
peace of mind is important."
"On reliability, there's no question that Linux has got
a leg up on
Windows"
Windows Server 2003 raised the bar again. It may not
be
"five 9s" reliability yet, but how many applications
demand that
level of uptime?"
"And for systems administrators who don't
have a computer
science degree, it's [Win2000] relatively simple to use."
Ok, now that I have had my laugh for the morning... it's
time to walk the dog. Ciao.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:19 PM EST |
For end users who care more about free as in beer (which are most of them), this
would be a much more powerful proposition than Unix for Windows, which is not
that interesting for the vast majority of Windows users. If/when Linux
significantly encroaches the desktop (20-30% market share), I wouldn't be at
all surprised if Microsoft will essentially give the OS away, and move towards a
service based model a la IBM and Redhat. Whether this is a monopolist practice
at this point would be debatable, as they could argue Linux companies do
precisely that.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:20 PM EST |
People want integration? What people? I don't want that,
thanks.
I don't know how often you've had to work with an
existing infrastructure, but let me tell you, it's
better to have technologies
that integrate than ones that have no possible connections. Integration is
the
major focus of consulting, actually. A lot of times, it's the integration points
that cost the most
to bridge. While you can view this as a simple play by
Microsoft to try to lure people away from Linux,
don't mock the idea of
integration.
I know that a lot of folks in these communities want to
be purists and idealists about technology, about
how it's licensed and
created, but that's not always practical. I am an IT professional, and have been
in this industry for 10 years. The great thing about the FOSS movement is that
it gave a lot of freedom
where there had been none before. But don't forget
the libre part of this ideal, which is not just
access to the source code, but
a removal of limitations on how this technology is used. It's impractical
to
entirely cut out proprietary software, and I would have to drop FOSS software on
both a pragmatic and
philosophical level if the licensing forced me to abandon
the proprietary solutions that I use to run my
business today. And as far as
the fact that this is Microsoft, it's just not wise to ignore Microsoft's
infrastructures, since they are so ubiquitous.
From
Linux to Active Directory. Why would anyone want to go that direction? Linux
accounts under the thumb of Microsoft. Can I get a second opinion before you
schedule this surgery,
please?
I work for a Fortune 100
company. We have spent millions on our AD infrastructre. Flawed as AD is, we
require it for our business needs. There's currently no other solution that will
meet our requirements. If I can leverage all of the investments I've already
made into that, it would help quite a bit. We have many servers, a team of
people to manage the infrastructure, processes and procedures on how to handle
maintenance and move/add/change requirests, and integration between it and many
other directories including HR, links to Mainframe and Mini systems, UNIX, and
others.
Again, I know that some people would tell me to abandon that
investment because of the open philosophy. I would hope, however, that most
would take the libre part of FOSS seriously and see that this kind of thing is
just another useful tool to link my production systems together. Especially the
idea that I can leverage all of what goes into my AD with my Linux systems.
Your point is that this is a way for Microsoft to eventually pull in
these Linux systems and turn them into MS servers. I don't fear that. Linux is
too useful for that. I find instead a reason to celebrate, as it's matured to
the point where companies are making interoperability tools for these systems.[ Reply to This | # ]
|
| |
| Authored by: eggplant37 on Monday, January 19 2004 @ 02:23 PM EST |
I find it interesting to see that a definitely friendly relationship between
Darl and Bill has cropped up. I've said all along that I felt that MS was
behind this, however, now it seems that it's all true. MS will make things
easier to interoperate (sorta) with Unix and SCO will stir up the shit and take
the heat and furor away from MS's actions. How droll... how very droll.
In other news, I caught wind of this article:
http://news.ft.com/servlet/ContentServer?pagename=FT.com/StoryFT/FullStory&c
=StoryFT&cid=1073281114455
on FinancialTimes.com. Seems FT is helping to spread the FUd by telling only
one side of the story. Someone needs to contact the editors and let them know
that Groklaw exists and can tell a wholly different side.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:27 PM EST |
This will be very interesting. As a few people have already mentioned, Novell
sells (and has for longer than Microsoft, for that matter) a product that
competes with Active Directory. It's worked on all the platforms Microsoft is
touting for quite some time. It's also a much more effecient set up (from a
network utilization POV; although my information is a bit old, since I'm out of
the admin business, but MS rarely changes things like that for the better).
My curiousity is piqued, though. We've got Novell here gearing up for a breach
of contract lawsuit against SCO, partially involving a major deal with MS that
Novell is entitled to a major chunk of. We've got IBM over there bringing to
bear a major countersuit, partly involving an investigation of SCO's parent
group. And now we've got SCO's parent group involved in a major deal with
Microsoft, who's touting something that directly competes with an established
Novell product and now a newly purchased Novell buisiness (SuSE).
Somehow I think that when Novell files their breach of contract suit there'll
be some amount of discovery in there pointing at both MS and Canopy. Seeing
what this and the IBM countersuit bring to light in the next couple years is
going to prove to be vastly entertaining.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:28 PM EST |
Hate to take up MS' side on this, but actually the proposed software solves a
real problem for many in enterprise computing, namely: "users can't
handle passwords."
The number one ticket type to hit our internal IT help desk (35,000+ users) are
password problems. Moving to a single password would be worth the savings in
help desk costs alone. (Even given MS products' shaky reliability.)
I'm not saying the MS products THE answer but there are quite a few people
looking for some sort of answer to this problem.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:34 PM EST |
| It's not hard to find previous examples where Microsoft has pretended to support
a technology, while their real goal was to destroy it, or take control of
it.
OS/2 was one obvious example.
Java was another, as demonstrated by
these quotes from the evidence in the Sun vs
Microsoft case:
Memo to Bill Gates from the manager responsible for
Microsoft's Java strategy:
> When I met with you last, you had a lot
of pretty pointed questions about Java, so I want to make sure I understand your
issues/concerns....
> 1. What is our business model for
Java?
> 2. How do we wrest control of Java away from
Sun?
> 3. How do we turn Java into just the latest, best way to
write Windows applications?
> 4. What are we doing to
leverage/expose Windows to Java developers?
Microsoft's pricing strategy
paper for its VJ++ development suite:
> The "strategic objective"
of its new toolkit is to "Eliminate/contain cross-platform Java by growing
the polluted Java market," "migrate and lock Java developers to Win32
Java," and ultimately to "kill cross-platform Java by grow[ing] the
polluted Java market."
Statement by a Microsoft vice president:
> I would explicitly be different -- just to be different.... [W]ithout
something to pollute Java more to Windows (show new cool features that are only
in Windows) we expose ourselves to more portable code on other
platforms.
Another Microsoft memo:
> At this point its [sic]
not good to create MORE noise around our win32 java classes. Instead we should
just quietly grow j++ share and assume that people will take advantage of our
classes without ever realizing they are building win32-only java apps.
A
third example was Microsoft's bait-and-hook support for Windows APIs on Unix
(Bristol's Wind/U technology) as reported in this story from
The Register:
> By 1996 Gates is wondering if "by creating
cross-platform solutions we risk weakening the Windows franchise - hurting
ourselves rather than let Netscape hurt us."
> Neault's staff are
writing that they want "the WIN32 layer to be fairly mediocre in performance
and feature coverage. We want it to be just good/cheap/timely enough to get a
lot of people to use it," and that "we don't want it to work too well. A
non-objective is total redeployment of Windows on Unix."
The idea was to
push customers who relied on these APIs in the direction of Windows NT:
>
Neault actually devised a list of technologies to "jerk" from the source,
describing it as a "beautiful" list which removed "the technologies
that third-parties are going to try their damnedest to put on Unix."
Or,
as Microsoft's Jim Allchin put it:
> "What we're trying to do is to
get Netops to add NT services to their existing Unix networks and to migrate
over time all of their services to NT."
Given these past examples, only
a fool would trust a free offer from Microsoft.
[ Reply to This | # ]
|
| |
| Authored by: kberrien on Monday, January 19 2004 @ 02:38 PM EST |
The Vintella auth stuff was sold from SCO to Vintella if I remember correctly.
Perhaps this explains (previous article, PJ question) why SCO bought the MS
license, to create this auth package.
Another interesting thing, regardless if you don't believe the MS proxy war
through SCO theories, we can see a definate connection between SCO, Canopy, and
MS towards Linux competition in terms of products.
Perhaps that makes the proxy war theories more possible, who knows....[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:39 PM EST |
| http://www.cbronline.com/latestnews/912a9bf8f52806f680256e20003b1072 [ Reply to This | # ]
|
- CBR bites SCO - Authored by: Anonymous on Monday, January 19 2004 @ 03:41 PM EST
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:40 PM EST |
I'm surprised that in all this discussion no one has mentioned Cygwin! Cygwin,
which is now owned by RedHat, provides a Unix-like environment on all flavors of
Windows, to allow porting software over. It even includes an X server, which
Microsoft's SFU does not.
[ Reply to This | # ]
|
- We have : ) - Authored by: Anonymous on Monday, January 19 2004 @ 03:12 PM EST
- I installed SFU - Authored by: Anonymous on Monday, January 19 2004 @ 04:05 PM EST
- I installed SFU - Authored by: Anonymous on Tuesday, January 20 2004 @ 01:29 AM EST
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 02:58 PM EST |
| http://www.theinquirer.net/?article=13708 [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 03:07 PM EST |
Hi All,
My experience with Services for Unix goes back a long way, and I happen to know
a bit about it's history and how it was created.
Essentially, it's a implementation of a BSD Unix that happens to use the NT
Kernel and Process scheduler as it's core, which is how it manages to integrate
with NT hardware. It runs as it's own subsystem (so when Win32 has died, it
keeps running, and vice versa). So long as the Win32 sub-system is quiet, it
can even benchmark similarly to standard Unix kernels.
The complete Posix2 specification is supported, and GCC is the compiler, along
with all the headers, etc, etc, that you would even need.
For such a long time, people have (such as myself) considered the Posix.1
implementation that they implemented and shipped to be a sham. Some Posix
porting experts setup Softway Systems, and set out to re-write the Posix1
implementation from scratch, and extend it to be fully Posix2 compliant.
Ultimately they did it, and towards the end of that process got purchased by
Microsoft. As far as I've ever been aware, this has been available for
purchase for ages, though something that they easily could have made available
for free.
My perception of this is that Microsoft would be very much of two minds about
this -- they don't want to risk users developing and entrenching themselves
with *REAL* Posix-type applications (remember - Win32 is *so* *not* Posix
compliant!), and then being forced to maintain this forever (I mean, how could
people prefer something not inven^H^H^H^H^H home-grown by Microsoft over
something like Win32??), but they have to do something about the flack over
"if I can't get there from here, then I'll just run Linux" type
noise. Ultimately, if it sells licenses, then so be it, right?
As a technical type, I'm excited. This tool goes both ways, and I'm going to
make the most of it -- I can now bring my OSS tools to my NT customers, and say
here - look at these apples. I can do it without having to do the Cywin
craziness. I can do it, and have them run fast. I can ensure that even if they
don't want to jump all the way in this week, that I can at least get their feet
wet.
Let's face it - Linux/BSD/Unix has a *lot* more market share to win than
windows does, and Linux/BSD people in particular are motivated, clever people.
Who wants to bet that we can make better, cleverer use of this tool? What's it
going to take so that users can say "No Take Backs!", and make it
*stick*?
I think that so long as *all* mainstream operating systems have a nice common,
publicly agreed up standard for program interfaces (eg: something like... Posix2
[like we have anything else that could fit the bill]), then I believe that it
will be possible to move applications back and forth. So long as that is
possible, then users' risk of vendor lock in is fundementally much lower.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 03:15 PM EST |
I wonder if all the wonderful analysts in the world of IT are going to do
studies into the TCO and ROI of usingthis system to migrate to Windows? Laura
Didio? That guy at Forbes? Anyone? ;^)
After all, when Linux is proposed as an enterprise system, they are happy to
shout about the costs involved in retraining, new skills etc, so surely the same
applies to people moving from Linux to Windows?
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 03:24 PM EST |
And I thought I could use Samba to interconnect My Linux server with my Windows
ADS.
You know, like configure Kerberos, configure SMB, add the Linux account to my
domain, and POW, I only need to create users on AD in order to access all my
Linux SMD shares on any of my linux servers.
Okay so it's not perfect and the Samba team says we shouldn't use it in
production. But you know what. I'll take a Linux/Samba in Beta mode over a
final version of the same M$ service any day. At lease, if it craps out, I know
I can get help from actually competent people...
Oh and...it's free too.
---
No guns, no bombs...just brains
The way it should be.[ Reply to This | # ]
|
| |
| Authored by: DaGoodBoy on Monday, January 19 2004 @ 03:34 PM EST |
No, pay him now...
First, look at the Services For Unix (SFU)
FAQ:
http
://www.microsoft.com/windows/sfu/productinfo/overview/sfufaq.asp
"Q
. What are the licensing requirements for Windows Services for UNIX?
"A.
Server component client access license (CAL) requirements are governed by the
Microsoft Windows Server™ 2003 or Windows 2000 End-User License Agreement. CALs
are required to the extent that any Windows Server service is
used."
Next, Check out the "Client Access Licensing Requirements" for
Windows Server 2003:
http://www.microsoft.com/windowsserver2003/howtobuy/licensing/caloverview.
mspx
"With Windows Server 2003, CALs are no longer triggered based
on the use of certain services but are instead based on access to and/or use of
the server software."
Yes, Services for Unix no longer costs $99,
but that was small change anyway. The real money is made because you still need
to pay for a client access license (CAL) for a client to legitimately access the
server. This is typical Microsoft.
For example, the SFU authentication
bridge that allows Unix accounts to authenticate against Active Directory uses
the Active Directory service and triggers the need for a CAL. You can pick your
model of User CAL or Device CAL, but regardless you are obliged to pay for
use.
Let's say you have an enterprise with 1000 users and hundreds of
client systems running Linux/Unix systems. Since you now have all your
authentication tied to the Windows Active Directory service, you are obliged to
pay about $40 for the User CAL for each account, or $40,000 dollars. And
if you get into a multi-year "Enterprise License Agreement" you will pay some
amount yearly and then pay some more to "true up" your licenses after the
inevitable contract ending audit.
If you've not dealt with software
licensing, you might be surprised to know that most large companies hire
employees whose only value to the company is to keep them compliant with license
agreements. Put that in your TCO pipe and smoke it! Go Gnu!
DaGoodBoy[ Reply to This | # ]
|
- Question.... - Authored by: Jude on Monday, January 19 2004 @ 05:03 PM EST
- Pay him later? - Authored by: Anonymous on Monday, January 19 2004 @ 06:40 PM EST
- Pay him later? - Authored by: Anonymous on Tuesday, January 20 2004 @ 12:17 AM EST
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 03:42 PM EST |
I wouldnt be surprised if Vintela's product was simply Samba 3 rebadged.
Samba 3 now has the capability to join an Active Directory Domain, to do
Kerberos Authentication, to authenitcate against LDAP etc. and has features that
make setting this up a heck of a lot less confusing than with Samba 2.x
I've never heard of Vintela before, and it seems rather timely that shortly
after Samba 3 is released with precisely the capabilites they claim, that this
product appears from nowhere.
There is nothing illegal about this - Samba is GPLed, but if Vintela have
modified it with MS proprietary code, they will have to release those changes to
the community. Lawsuits ahoy!
What Microsoft is deathly afraid of is for companies to turn MS's control on
its head, and make the MS servers the slaves, with a UNIX machine running Samba
3 as the primary Active Directory server.
Thats exactly what I am planning to do with our Windows network here, and I
imagine I am not the only one.
[ Reply to This | # ]
|
- SAMBA 3 - Authored by: Anonymous on Monday, January 19 2004 @ 03:49 PM EST
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 03:57 PM EST |
The reference letter from Darl is interesting indeed. Especially the idea
embodied by the quote "SCO argues that the authority of Congress under the
U.S. Constitution to “promote the Progress of Science and the useful arts…”
inherently includes a profit motive, and that protection for this profit motive
includes a Constitutional dimension. We believe that the “progress of science”
is best advanced by vigorously protecting the right of authors and inventors to
earn a profit from their work.".
Not in his wildest dreams. But: Imagine if this notion would be supported by the
Courts and enforced. The GPL would be struck down. And programmers the world
over would collectively be owed thousands of trillions of dollars in back wages
because of unpaid overtime. Imagine the corporations that would be
systematically wiped from the face of the earth and the legions of patent and
copyright lawyers that would have to find honest jobs or go hungry.
And in the end: Open source would rein anyway![ Reply to This | # ]
|
| |
| Authored by: Sunny Penguin on Monday, January 19 2004 @ 04:21 PM EST |
No wonder SCO wants the newest AIX source.....
---
SCO directly to jail, do not collect two hundred dollars.
BTW - I could never become a Lawyer.(I ID ten tee)[ Reply to This | # ]
|
| |
| Authored by: Totosplatz on Monday, January 19 2004 @ 04:41 PM EST |
I imaging it is the embraced, extended and stolen
"MS-kerberos" rather than the legitimate, public,
Internationally Standard kerberos.
---
All the best to one and all.[ Reply to This | # ]
|
| |
| Authored by: RedBarchetta on Monday, January 19 2004 @ 05:03 PM EST |
I suppose you can draw one positive from this
announcement.
It
will take about 1 or 2 months of development time for
the world of
open source developers to develop
something that is more secure, more useful,
and certainly
more customizable (read: conform to your wants/needs).
Not
that this isn't already available, or soon to be.
MS and Vintela
can make all the announcements they want.
In the end, the computing
community knows that anything
that Canopy, certainly Microsoft, touches is
about as
trustworthy as two jackals guarding a hen-house. [ Reply to This | # ]
|
| |
| Authored by: tump on Monday, January 19 2004 @ 05:18 PM EST |
Why is it so hard for people to see and understand that Microsoft will attempt
to handle the open source movement the same way it's always handled ANY
other
type of business threat.
What's the typical way? Microsoft
buys out a
company and either A) starts
selling the product itself, or B) kills it off. If
neither option is available, they
marginalize the competition. Getting away
with this *is* their business.
The whole process we're seeing with SCO is
the most complex iteration
of this style. Step 1 is to establish ownership
either through purchase or the
court system or intimidation or whatnot and
don't be fooled into thinking that
this isn't happening. Linux is just the next
Netscape.
The school
bully didn't have to go
through the
court
system to claim ownership of your lunch money - he only got away
with what you
let him get away with.
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 05:24 PM EST |
I have read posts saying Novell gets 95% of the Microsoft license fees;
however, SCO's own revised SEC filing appears to allow for no money
going to Novell.
This discrepency is a concern. If SCO claims all Sun and Microsoft fees
for itself in its latest representations to the SEC, why do outside parties
state Novell receives 95% of these payments?
SCO's two SEC filings provide me the only objective facts. I admit I do not
know whether Novell is going to see any license money.[ Reply to This | # ]
|
- Who knows? - Authored by: Anonymous on Monday, January 19 2004 @ 05:38 PM EST
- Who knows? - Authored by: phrostie on Monday, January 19 2004 @ 05:55 PM EST
- Who knows? - Authored by: phrostie on Monday, January 19 2004 @ 06:00 PM EST
- Who knows? - Authored by: Anonymous on Monday, January 19 2004 @ 06:06 PM EST
- Who knows? - Authored by: Anonymous on Monday, January 19 2004 @ 06:14 PM EST
| |
| Authored by: jobsagoodun on Monday, January 19 2004 @ 05:33 PM EST |
The FT have an article (www.ft.com) which unfortunatley is subscription only.
BUT the summary was good enough for me!
"Software industry finds new villain
Darl McBride, the most hated man in the software industry, will be nowhere in
sight when software developers converge on for the annual Linux World
convention. It is probably just as well. 19:31 | Read"[ Reply to This | # ]
|
| |
| Authored by: Hygrocybe on Monday, January 19 2004 @ 05:55 PM EST |
Time after time, I see the name of Laura DiDio praising Microsoft and its
products. I get the strong impression however that if the Linux community or
Linux software does something (usually for free) then it is wrong, but if
Microsoft does the same thing, then her stance seems to be that this is good and
'great for the American way'.
Right....I'll probably regret this, but would someone like to tell me who or
what Laura Didio is and why she is qualified to make the statements she does ?
She does not appear to work for Microsoft, or does she ? Does she have
computer qualifications other than personal interaction knowledge ? What on
earth is driving someone to make statements that (to me)fly in the face of what
is actually happening ? I could search the net, but I suspect many of Groklaw
readers will have a much better knowledge of the lady that I will find on the
net. Actually, come to think of it, asking this question might be useful for
the Groklaw data base and journalists in other countries asking the same
question.
---
Lamington Nat Park[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 05:59 PM EST |
This is an old strategy--split the opposition.
From where MS sits, some of the Enemy are in it for the Freedom, and some are in
it for the Unix, and some are in it for the (No) Money. So give them Unix for
No Money, and two thirds are happy. That isolates the Free as in Freedom
people.
If you put the pieces together, it says Unix won't run on your network unless
Microsoft says it can. This is like Samba in reverse--a Primary Domain
Controller for Unix,
betting that it costs more to manage the network than
to the differential advantage of Unix over Windows box
by box.
If I had to guess.
Freedom was never even an also-ran in the
Enterprise world. This strategy will separate the
No Money Unices from the Free OSs for sure.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 06:33 PM EST |
it's kinda weird how MS needed SCO licensing to get Services for Unix, since
it's based off OpenBSD, part of the family of BSD code that is supposedly
"untouchable" by SCO because of the earlier settlement during the
last big unix lawsuit war...[ Reply to This | # ]
|
| |
| Authored by: TobiasBXL on Monday, January 19 2004 @ 06:46 PM EST |
Hi PJ,
I don't see why this MS give-away is so bad. Well, of course I'm
aware of their intentions and motivations but everyone downloading and
using this software has own intentions and motivations that mustn't
necessarily be the same as Microsofts.
My own reason to give that
software a try is the simple fact that I now have a free (as in"free beer") NFS
client which would have otherwise cost me plenty. I can now use a central NFS
server and connect both Windows 2000 clients and my Linux machines. This is
opening grounds for Linux server machines in my organisation where there are up
to date only Windows 2000 clients. As soon as the Linux servers are in place and
integrated I can promote Linux clients too.
I guess 90% of users
downloading that utility set didn't have in mind what Microsoft was asking them,
prior to downloading... "No, I don't want to switch to Windows 2003 Server. I
want to switch from Windows to Linux. Why the heck can't I state this in this
stupid form?!"
So lean back. Enjoy the music and see how this free
give-away benefits us and not them. :-)
Besides, anybody
really thinking about actually using the server components like NIS on Windows
is in for some nasty surprises. The software may be labeled with "3.5" but it
should rather be "0.35pre_alpha". Stable isn't exactly the word I would use to
describe their NIS try.
cheers,
Tobias[ Reply to This | # ]
|
| |
| Authored by: SilverWave on Monday, January 19 2004 @ 07:00 PM EST |
So this creature from hell would be called?
Suggestions please...
Frankensoft?
Darlenstein...
---
"Unless stopped I believe they will walk away from the rotten, decaying
corpse that is SCOG a lot richer" :-(
Stopped it is then.[ Reply to This | # ]
|
| |
| Authored by: blinky on Monday, January 19 2004 @ 07:01 PM EST |
Unix Services for Windows provides (From
ttp://www.microsoft.com/windows/sfu/productinfo/features/default.asp):
Seamless Integration
Powerful SDK
Better Manageability
Robust Scripting Environment
Better Security Support
Improved Internationalization Support
Increased Availability
Faster Performance
So what does windows provide?
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 07:26 PM EST |
SCO is demanding money from Linux users for licencing of their ABI; if this is
based on the Linux ABI, can't Linus get a hefty fee from MS on the back of
this?
--
An interested bystander[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 07:45 PM EST |
http://www.smh.com.au/articles/2004/01/20/1074360737955.html
The SCO Group has started selling its intellectual property licence in Australia
and New Zealand, according to a company media release.
The licence costs $A999 per server processor and $A285 per desktop processor.
"By purchasing the license, customers are properly compensating SCO for
the UNIX source code, derivative UNIX code and other UNIX-related intellectual
property and copyrights owned by SCO as it is currently found in Linux,"
the release says. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 07:50 PM EST |
What shows the ignoance and ineptitude of Canopy is that a GPL product exists
that already does this and has done so with stability for longer as they have
been in development with this VAS product. The Samba guys developed winbind
with the idea of allowing Samba servers to authenticate remote users through a
Windows DC and/or Active Directory (I reccomend you leave your AD in mixed
mode). Extending that even further, using the flavor of PAM (Pluggable
Authentcation Modules) that comes with most Linux distributions you can plug the
Linux systems' authentication into Active Directory via the Samba winbind
component. Thus, the Linux systems can authenticate locally and through Active
Directory as a given username requires.
This comes in real handy when you inherit a Windows environment and you wish to,
in a tightly integrated fashion, move critical and/or less than stable services
off of Windows and on to Linux (DHCP, DNS, Dial-Up, etc...). My Dial-up users
dialed into a Linux box (unknowingly to them) and used their Windows username
and password to authenticate. And as an admin, I never needed to know their
authentication credentials (to copy accounts) and never needed them to enter
their password for their account setup more than once.
All of the file servers, print servers, dial-up systems, and other authentacted
services ran silently on Linux as if they had been meant to all along. It was
only used with the IT staff, but Linux workstation access also authenticated
through AD.
The point is that this is not unique, it is not novel, and it is certainly not
innovative. IT professionals who need integration have had it for quite some
time. Purists will note that Samba can act as a Windows PDC and turn the whole
equation on its head.
As an IT manager that had to live with a legacy decision, I used Linux as the
first line of defense to protect and maintain the integrety and stability of the
Windows servers and workstations. No Windows service including Exchange touched
the Internet directly. Web sessions were transparently passed through Squid.
Exchanged talked to a border Postfix system (scoring/filtering SPAM and removing
viruses in and out and rejecting email for invalid users verfied real time on
the Exchange AD so it did not clog the Exchange queue - Exchange performs nicely
when it has nothing to do :). All ingress and egress went through a Linux
firewall and access control.
So from a Linux-Windows integration point of view this is nothing new nor
required. If you need to integrate Linux, it implies that you have accepted the
concept of GPL'ed software in the professional IT environment and thus what is
one more outstanding GPL product?
Woody <woody@linif.org>[ Reply to This | # ]
|
| |
| Authored by: hbo on Monday, January 19 2004 @ 07:51 PM EST |
| Devil's advocacy here.
SFU solves a business problem. Having more than one
authentication database sucks, and costs real dollars. NIS security sucks. NIS+
is more secure, but it's complex as hell, and not all clients will run NIS+, so
you end up with NIS compatibility mode, which means you are still exposed to the
horrific sunrpc drain bamage. Kerberos is a good solution for authentication,
but you can't use $8/hr entry level admins to administer it. AD is
comparatively easy to administer, and uses Kerberos underneath. The AD security
model is actually pretty good, although the platform is highly suspect, both
from a security point of view, and because you have to trust Microsoft so
much.
There are authentication systems that use similar technologies to AD
(basically LDAP + Kerberos) on Unix. I haven't seen them, but I'm willing to bet
that reasonably usable GUIs exist for such systems. But because Microsoft
controls Windows, none of them allow single sign-on. The exception that
proves the rule is Samba 3.0, whose winbindd allows an AD user database
to authenticate access to a Unix system. It does this on the Unix side, but your
single database is still AD. Microsoft, as always, was very clever when they
designed AD. The interface for clients is relatively open, which means it's
easier for folks to authenticate against the AD than to get Windows to
authenticate against some external database. (The first is hard and the second
impossible. Thus, the first is easier.)
They are also being clever when they
offer Unix API compatibility. After all, they are trying to get people to give
up Unix and move to Windows. The point is not that a customer would move to
Windows to take advantage of SFU, but that SFU makes it easier for them to do so
for other reasons. It thus greases the skids for customers to fall into
the iron grip of platform lock-in. They don't control Cygwin, and it has that
nasty GPL attached to it besides, so they go for a BSD derived suite
commercialized in a way that they are familiar with. But the main thing is they
can control it for their benefit.
These guys fight dirty. It doesn't pay to
underestimate them. It's also useful to understand their real strengths in the
marketplace. Some of these are engineered by the aforementioned dirty tricks,
but some they just stole from Apple and others. Those, however ill-gotten, are
nevertheless real benefits that appeal to business. AD really is easier
to administer. If you can fire a couple of sysadmins on the Unix side with high
salaries, and replace them with one gum chewing undergrad, that increases their
"value proposition." (I know, the sysadmins probably add value not considered
in this analysis, and the undergrad probably can't handle the whole load, but
this is how the proposition may appear to the CFO.)
---
"Even
if you are on the right track, you'll get run over if you just sit there" - Will
Rogers [ Reply to This | # ]
|
| |
| Authored by: RSC on Monday, January 19 2004 @ 08:40 PM EST |
What the TCO of *free* MS Services for Unix?
RSC.
---
----
An Australian who IS interested.[ Reply to This | # ]
|
| |
| Authored by: scott_R on Monday, January 19 2004 @ 09:09 PM EST |
Is it just me, or does MS's and Billy Gate's version of service not match my
own? I mean, when I read most of their "articles" and
"recommendations", I feel serviced, no doubt about it.
Unfortunately, it seems to be the kind of "servicing" that requires
you to hold your ankles and not tell anyone about. :)
Maybe B.G. shoulda been a priest...[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 09:10 PM EST |
Is Boies firm still involved in this mess?
The reason I ask, is it
seems rather a long time since we last hard from them, and all the recent
filings and appearances seem to involve others associated with SCO.
5
Dec 2003: Kevin McBride turns up to oral arguments (and this is the first
we discover that Darl's brother was involved, although he had apparently been
involved since at least February-ish).
B
What's more - nobody from the firm
SCO is paying millions too (Boies firm) even attends!
18 Dec 2003:
Ryan Tibbitts, SCO's general counsel signs the Linux ABI and
certification letter
12 Jan 2004: Ryan Tibbitts, signs the
affidavit and certificate of compliance. Hasn't every previous filing by SCO, in
SCO v IBM, been signed by Heise (?? - I'm not sure)
9 Feb 2004
(future): Ryan Tibbitts will accompany Chris Sontag and Darl McBride to
do their dog and pony show at Harvard [whereas at SCOforum, we had Mark Heise,
in substitute for Boies who was the original listed poster].
I don't
put too much significance into any one event, but collectively, I'm thinking,
perhaps that I'm starting to see a pattern.
What's happened to Boies,
and Heise recently?[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 09:27 PM EST |
I hate to pour water on the conspiracy theories, but having _one_ centralized
directory is exactly what large corporations are clamoring for. It's a royal
pain to run two separate authentication domains. Being able to put everything
into one centralized LDAP server is exactly what customers want, and it appears
USFW and the Vintela product are doing exactly that. Now of course, I'd
personally prefer to use some other LDAP server besides Microsoft's Active Dir,
but if I were a mostly Microsoft site (which many are) the integration would be
godsend.
From a product strategy point of view - having everyone migrate to your
repositories is a 'good thing' - I wouldn't expect anything less of Microsoft
or any other competitor in this space.
Sorry to bust the bubble on the conspiracy theory here. If there are
conspiracies (and who knows, maybe there are), this isn't it.
[ Reply to This | # ]
|
| |
| Authored by: BigTex on Monday, January 19 2004 @ 09:45 PM EST |
This issue highlights the biggest challenge facing Linux....Ease of use or lack
there of. As a current MS user that desperately wants to move to Linux, ease of
use of MS products will keep me locked in and keep Linux at bay for the
masses.
Example: I have installed Lycroris Linux on an IBM Thinkpad that ran Win 95. I
did this in hopes of becoming familiar enough with Linux to dump Windows on all
of my machines. Now I am not a techie but proficient enough to network office
PCs, install software and act as the "tech Support" for my office.
Yet I cannot get Lycroris to talk to my windows machine even with built-in
SAMBA. My XP machine can see the Linux box but not the other way around. I
have posted to the BBs, surfed the web for work-arounds, emailed Linux pros all
to no avail. I even downloaded Open office but cannot install, MOUNT or
otherwise get the damn thing to run. I am relatively sharp and basically
fearless but ROOT, MOUNT and other Linux terms make no sense what-so-ever!
Here I am a fairly profcient guy who wants to leave MS. A guy the HATES Bill and
MS. A guy that has tried to install Mandrake and RedHat on old boxes with no
success. Until linux is as easy for me to use, install etc. as Windows Linux
will not win. Time is not on our side! This war will not just be won in the
back office but on the desktop as well.
MS knows that people will trade stabilty and security for ease of use. Remember
in many companies the guy writing the check to buy Hardware and Software is not
an IT guy. MS has a long and successful history in beating better products
through ease of use. Rememebr Win 1.0-3.x? Micro$oft out Mac'ed the
Macintosh, they Out-Netscaped Netscape and now they are trying to out-unix UNIX
and LINUX. The know that people will use their crappy offerings and give them
the crucial time they need to build a better or equal product that provides an
better user experice and ease of use.
Why did IE beat Netscape? because it was easier to get...it came with Windows.
And eventhough the first 3 versions sucked, IE is the dominate browser. (I use
Firebird-BETA which is AWESOME but no one thinks it will dominate like IE.).
Look back at the history of Word & Excel. It is users like me that Linux
must appeal to and soon! While the successes in the backoffice are impresssive
this battle will be lost on the desktop! Non-techies like myself must be able to
easily install, manage and use Linux and its software or price, stabilty and
security will not be enough to win our hearts and minds.
The current MS moves highlight the well used strategy that Bill and Co. are
using. They are planning to make managing Linux/Unix as easy as using windows.
When they do this they will have Assimilated us all in manner befitting the
Borg.
How do we keep this from happening? Make Linux easier to use than Windows XP
How do we do this? Take a page from their playbook...we out-Windows, Windows.
Everyone here knows OSS is the most effective way to build Best In Class
software. We need to focus that enery and skill on making Linux easier to use
then XP or even OS-X. When anyone can easily install and manage Linux then MS
is done! MS understands that the ease of use is their strength (along with a
monopoly and $50 Billion). If OS-X (Jaguar) ran on Intel/AMD machines right out
of the box, we would have a new dominate OS. Linux needs to be as good or
better ,from an ease of use standpoint, then OS-X.
I want to leave the clutches of MS but I need help? I cannot do it alone
easily. The FOSS community can stop MS in it's tracks if it makes Linux the
easiest, most stable and most secure OS out there. The clock is ticking...We
don't have until 2010, The year Linus perdicts a Linux desktop will be ready
for prime time. This war will be over, I fear by 2006. Once MS convinces the
masses and the IT guys that they can manage UNIX/Lunix easily with MS products
on MS Servers...we are going to be in big trouble.
BigTex
PS: If someone wants to help me get this damn laptop runnig please email me @
info@dhlc.com. I will call you back. I am in CST. THANKS![ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 10:26 PM EST |
Actually this is not as bad as it seems, and I do NOT think that it will hurt
Linux the way people here think, at least not yet. In fact this could
backfire.
Microsoft's strategy is simply to ease cost of migration from Linux and more
importantly, proprietary UNIX in order to make it easier for people to consider
Windows. Will they consider Windows? Lets consider the following:
1: While Microsoft claims TCO is cheaper with Windows, more people continue to
migrate to Linux from Windows than vice versa, despite interop problems.
2: NIS while simple to administrate is sorely lacking in many regards for large
networks (flat namespace, etc.) LDAP is better, and I applaud the attempt to
allow Linux clients to use AD.
3: IBM is working hard to ensure that there is full AD DC support in Samba,
ensuring that the accounts can always be migrated BACK to Linux.
This could very well backfire, as it also removes a number of obstacles to
integrating Linux workstations into a Windows environment. It also does not
sufficiently provide vendor lockin from a MS Perspective.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 11:10 PM EST |
| Microsoft Takes on Teen
Over Web Site
Another sign of M$ plans of world
domination.
Seems Microsoft can't take a joke, So...
[ Reply to This | # ]
|
| |
| Authored by: elrond_2003 on Monday, January 19 2004 @ 11:20 PM EST |
Link on computerwire (and other places)
SCO's Evidence Begins to Unrave talks of someone trying to see through SCO's
"evidence"
---
free as in speech. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 11:20 PM EST |
Hmmm, no wonder MS helps another Canopy Group company with a lawsuit seeking to
destroy the GPL. If they want to embrace and extend Active Directory to linux,
they'd it in the kernel--and that means they'd have to GPL the code. That
means everybody could see how it works, and what vulnerabilities and limitations
exist. There might even be (gasp!) third party patches to make it better and
more (such as crippling the .NET "features"). That's no way to run
a monopoly.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Monday, January 19 2004 @ 11:23 PM EST |
AT LAST! Now I can get viruses, trojan horses and worms in my Linux
applications! I've felt so left out ... so lonely ... never any stories to
tell at parties ... Now I'm going to have cool war stories too![ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 20 2004 @ 01:21 AM EST |
for Darl, Ralph, and their cohorts. We don't really want any more of their
type on the planet.[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 20 2004 @ 03:53 AM EST |
So let me get this right. SCO sells M$ a UNIX license so
M$ can build a product that allows SCO users to migrate to
Windows. That makes business sense how? And then they go
and remove M$ from the list of competitors in their SEC
filing...
john. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 20 2004 @ 06:16 AM EST |
Although I have no doubt that SFU will be useful for some administrator, it is a
trojan horse. If M$ is really interested in interoperability, the offer of
hosting accounts have to be bi-directional. What we get here is a lock-in where
you are forced to pay M$ for the privelege of hosting your data on your machine.
Nevermind the security problem, why will *nix administrators want to build their
home directories etc on M$ with all the associated trouble and hassle when there
is no tangible benefits?
If users want to have their files visible on both Linux and Windows without
incurring extra cost, try Samba. Its definitely more mature.
[ Reply to This | # ]
|
| |
| Authored by: bruce_s on Tuesday, January 20 2004 @ 06:30 AM EST |
A Register article about the MS-DOJ "Seattlement" , which
mentions that
selling PCs without an OS get a reduction in the
savings they recieve from
MicroSoft when preinstalling their OS
on the other PCs. The article is here
Bruce S. [ Reply to This | # ]
|
| |
| Authored by: Wesley_Parish on Tuesday, January 20 2004 @ 07:16 AM EST |
IBM planned to recover with a one-two
punch, the first being
in hardware, and the second in
software. It wanted to build computers and
write operating
systems each of which would depend exclusively on the
other for its new features. Competitors would be either
frozen out or forced
to pay hefty licensing fees. The
strategy was to make everybody else's
"IBM-compatible"
personal computer obsolete.
The Road
Ahead, Bill Gates, "Lessons From The Computer
Industry", pg 62
In April 1987 IBM released its one-two
punch, which was
supposed to beat back the imitators. The
"clone-killer" hardware was called
the PS/2, and it ran
the new operating system, OS/2.
The
Road Ahead, Bill Gates, "Lessons From The Computer
Industry", pg 65
[...] [IBM] would encourage the adoption of
new versions of
its operating systems by releasing
hardware that required the new operating
system software,
or it would release operating system software that
customers would need new hardware to run. That kind of
strategy might've
worked well for mainframes, but it was a
disaster in the fast-moving personal
computer market. IBM
could still command somewhat higher prices for
performance
equal to its competitors'. but the world had discovered
that
lots of companies made IBM-compatible hardware, and
that, if IBM couldn't
deliver the right value, someone
else would.
The Road
Ahead, Bill Gates, "Lessons From The Computer
Industry", pg 61
Some commentators like to conclude that IBM
made a mistake
working with Intel and Microsoft to create
its PC. They argue that IBM should
have kept the PC
architecture proprietary and that Intel and Microsoft
somehow got the better of IBM. But the commentators are
missing the point.
IBM became the central force in the PC
industry because it was able to
harness an incredible
amount of innovative talent and entrepreneurial energy
and
use it to promote its open architecture.
The Road
Ahead, Bill Gates, "Lessons From The Computer
Industry", pg 57
IBM's early business decisions, which grew
out of its
rush to get the PC to market, made it easy for
other companies to build
compatible machines. The
architecture was for sale. The microprocessor chips
from
Intel and Microsoft's operating system were available to
any startup.
This openness was a powerful incentive for
component builders, software
developers, and everybody
else in the business.
The
Road Ahead, Bill Gates, "Lessons From The Computer
Industry", pg 55
To me, Microsoft's one-two punch with
Palladium-Digital
Rights
Management and Longhorn, given that Bill Gates has
expressed his awareness of
what closing a previously open
architecture will do, looks like
deliberate
corporate
suicide. I find it hard to imagine how he
can
justify
it.
Well, anyway, here's something to do -
take this issue
up with your investment advisor or whatever. Point out
that Bill Gates knows pretty well what will happen to the
value of
Microsoft's stock once he starts the lock-in of
Longhorn and DRM - from what
Bill Gates himself says in
"The Road Ahead",
he knows exactly
what is going to happen.
Allow the
investment advisor to discuss it with
other investment
specialists, etc. Then sit back and watch Microsoft
backpedal like it's going out of style - either that, or
face a lot more and
a lot worse than it's previously
imagined possible.
---
finagement: The Vampire's veins and Pacific torturers stretching back
through his own season. Well, cutting like a child on one of these states of
view, I duck [ Reply to This | # ]
|
| |
| Authored by: johan on Tuesday, January 20 2004 @ 07:29 PM EST |
"According to Grettenberger, Services for UNIX 3.5, combined
with VAS identity management, is a best-of-breed authentication solution
for customers who are integrating Windows, UNIX, and Linux environments.
[my emphasis]
When I hear the expression "best-of-breed", I
always think "pre-f**ked" (as in "you don't have to screw it up yourself,
we have breed it for you").
Somehow this phrase is always used by a
market-oid as a positive feature. The techies know it means that the product is
an unholy bastard of marketing checklist items and so refrain from using it. [ Reply to This | # ]
|
| |
| Authored by: Anonymous on Tuesday, January 20 2004 @ 07:58 PM EST |
perhaps I've got my head on backwards, but it has always struck me that the
name of this "product":
Windows Services for Unix
is exactly BACKWARDS from what it actually is. What it really is is:
Unix Services for Windows
I.e., you now have unix(-like) services sitting on top of a windoze OS.
Can anyone explain why the original name makes any sense at all, other than as
more MS-style obfuscation. (and maybe the fact that it puts their name first in
the title, not that of the "enemy").
[ Reply to This | # ]
|
| |
| Authored by: Anonymous on Wednesday, January 21 2004 @ 05:53 AM EST |
While the analysis of the legal affairs around SCO in this site are excellent,
most posters (and PJ, I'm afraid to add) have obviously no contact with IT
deployments with 10,000s of users.
Active Directory is one of the best directory and authentication solutions
available. Unix vendors have nothing that parallels it. There are no equivalent
Open Source solutions. Novell's eDirectory is on par, in parts it is better;
but when AD gets a tight integration into Unix authentication, that might give
MS the leading edge. And I'm all for it. Those who don't want it, should work
on an infrastructure that is as good as AD.
Disclaimer: I'm a CEO. I'm pro OSS, in fact I pour 10,000s of Euros every year
into OSS support. Our infrastructure is Linux based. (Personally, I'm using
Linux since 0.99.4) We are partners of Sun PS. We are partners of IBM GS. But we
are also partners of Microsoft. That's because we look for the best solution of
our customers, and not for a religion.
Joachim Schrod[ Reply to This | # ]
|
|
|
|
|
