Slashdot Mirror

lkcl writes: In an open letter to the core developers behind OpenLDAP (Howard Chu) and Python-LMDB (David Wilson) is a story of a successful creation of a high-performance task scheduling engine written (perplexingly) in Python. With only partial optimization allowing tasks to be executed in parallel at a phenomenal rate of 240,000 per second, the choice to use Python-LMDB for the per-task database store based on its benchmarks, as well as its well-researched design criteria, turned out to be the right decision. Part of the success was also due to earlier architectural advice gratefully received here on Slashdot. What is puzzling, though, is that LMDB on Wikipedia is being constantly deleted, despite its "notability" by way of being used in a seriously-long list of prominent software libre projects, which has been, in part, motivated by the Oracle-driven BerkeleyDB license change. It would appear that the original complaint about notability came from an Oracle employee as well.

KrisWithAK writes "According to a press release, Red Hat is acquiring parts of the Netscape Enterprise Suite including the directory server and certificate management system. I am definitely looking forward to more open source competition with OpenLDAP!"

Dr.Dubious DDQ asks: "With all the recent Microsoft(r) news, I see a lot of the usual complaining about Microsoft's unfair 'embrace and extend' practices. I do my own fair share of this, but I'd much rather actually *do* something about it.At the risk of prompting cries of 'No! That will only make them stronger!', I find myself asking: How possible is it to 'transparently' replace Microsoft-brand services with other (preferably, but not necessarily, Open Source) services (rather than flatly demanding migration away from all things MS)? Or put the other way around, what tweaks would have to be made to existing, standard services to make them 'bug-for-bug compatible' with MS versions, particularly OUTSIDE of the context of SMB/Samba, which is an already-obvious example?" While there are definite reasons why such an effort may be worthwhile, it is also possible that Microsoft could attempt to make legal attacks at such projects...even though they are designed with software interoperability in mind. Precedents in support of this idea do exist, such as: ReactOS and even standard Open Source openings like Gnumeric. "I've got two goals in mind here:

1. Ability to placate MS-platform applications that demand MS-brand services to connect to while ALSO allowing non-MS clients as close to 'full' functionality as possible with the same services
2. Naturally, ability to replace an MS-branded package would personally appeal to me as well for both technical and - yes, I'll admit it - philosophical reasons.

Ways of meeting either (or both) goal would be useful to me and, I suspect, a lot of other sysadmins.

For example:

• Is it possible (and feasible) to get OpenLDAP+Kerberos5 to fool Windows systems into believing they're talking to a "real" ActiveDirectory(r) server (without necessarily also having the entire Samba stack)?
• Can client programs that demand MS-SQL server generally use MySQL in MS SQL Compatibility mode instead, if MySQL is set to respond on the MS-SQL port (either directly or via ODBC?)
• How hard would it be to make a 'mod_dav_sharepoint type of module that spoofs Microsoft's special Sharepoint WebDAV behavior (which evidently also uses a 'special' non-standard SQL-like search mechanism - am I going to be kicked out of the club for thinking this looks, at least on the surface, like it might be a useful feature if usable by non-MS clients and implementable by non-MS servers)?
• Similarly, how feasible would it be to get non-MS DAV clients to be able to use Microsoft Sharepoint (or the hypothetical MS-alike drop-in replacement?)
• How good are the 'drop-in replacements' for MS Exchange?
• Are there issues with MS's implementation of IPP (are there any problems dropping Microsoft Printer Sharing entirely and using CUPS instead? It SEEMS that MS Windows 2000+ should support IPP directly, without resorting to Samba middleware - is this true?)
• Possibly risking heaps of derision for suggesting such an unlikely-sounding thing, but how about using mod_dav/Apache (as what Microsoft USED to refer to as 'Web Folders') as a replacement for SMB file sharing? Aside from possible performance issues, is this feasible, or are there too many incompatibilities in MS's DAV support for it to work?
• Are there any registry hacks or other tweaks that can be applied to Microsoft Windows-based systems to make them behave in more standards-compliant ways?
• ...etc?...

Are there other replacements people have investigated?"

DangerTenor asks: "The United States Government is standing up a Bridge Certificate Authority to enable PKI Interoperability between different agencies (gov't and non-gov't). The PKI currently relies on the use of either meta-directory products or X.500 DSP Chaining in order to pass certificates and CRLs between directories. OpenLDAP doesn't fit the bill because it doesn't support chaining. Does anyone know of open source projects focused on full X.500 directory implementation, or on meta-directory capabilities?"

Slashed back tonight: The (slight) return of the Y2K behemoth, good news for those locked out of port 80 by the recent unpleasantness, one interested party's response to Stephen Hawking's genetic-engineering ideas, and even an update on the Scarfo key-logging story.

Better than world-wide anarchy and privation. kejoki writes: "I came into work today and nobody had voicemail. We use an ancient AT&T system 25 (Merlin) with the Audix automated attendant/voice mail system ... not my bailiwick but the boss was going nuts trying to figure it out.

He finally called his System 25 guy and found out that quite a few people were having the same problem. Inspiration hit, and he set the system date back before 31 Dec 1999 ... whammo! The voice mail returneth.

AT&T->Lucent->Avaya, of course, no longer supports the system...as a matter of fact the boss seems to recall getting a letter from AT&T saying that they'd be taking care of the Y2K problems which might be in their equipment; but another soon after saying that support for the System 25 would be dropped as of 31 Dec 1999 ... hmmm.

Oddly enough, he's had a problem with the system giving a database I/O error for a while, but since he reset the date that has also vanished.

All very interesting. At any rate, if you have a System 25 and you can't get your voice mail, set back the date!"

And in related news, Che Fox writes :"The OpenLDAP project is one of the first to be hit by a major bug due to the S1G (one billion seconds) Unix time rollover. The slurpd replication daemon, which pushes changes from the master LDAP server to the slaves, no longer works now that time has rolled over to 1 billion seconds. This means that all LDAP-using networks in the world that use OpenLDAP and slave servers to replicate the data (very common) are now broken. There is a fix available against both the 1.2 and 2.x OpenLDAP releases in the OpenLDAP CVS repository."

You may assume your former activities for the moment. Agent Green writes: "I was checking out my firewall logs this morning and noticed an unusual amount of port 80 traffic and come to find out...it seems that AT&T Broadband has lifted their port 80 restrictions on its residential network. Let's see how long this lasts ..."

Probably until the next worm that takes over everyone's port 80, whatever OS it runs under.

So what did one giant say to the other? jshep writes: "Inventor Ray Kurzweil recently responded to physicist Stephen Hawking's concerns regarding the progression of AI (previous Slashdot story can be viewed here). Kurzweil takes aim at Hawking's suggestion that we use genetic engineering to augment the power of the human brain."

The man behind the curtain is ... uh, vital to national security! camusflage writes: "Reuters has a story (courtesy of Yahoo) that says the judge in the Nicodemo Scarfo believes the "national security" gambit about as much as the /. community does regarding the use of keyloggers. The most choice quote is "I don't know what it means. It's gobbledygook. More gobbledygook," referring to the argument put forth that the keylogger is a sensitive piece of national security. An assistant U.S. Attorney indicated he would provide "classified and unclassified summaries of the system's operation and more affidavits detailing the national security aspects at stake," next Friday."

Slashed back tonight: The (slight) return of the Y2K behemoth, good news for those locked out of port 80 by the recent unpleasantness, one interested party's response to Stephen Hawking's genetic-engineering ideas, and even an update on the Scarfo key-logging story.

Better than world-wide anarchy and privation. kejoki writes: "I came into work today and nobody had voicemail. We use an ancient AT&T system 25 (Merlin) with the Audix automated attendant/voice mail system ... not my bailiwick but the boss was going nuts trying to figure it out.

He finally called his System 25 guy and found out that quite a few people were having the same problem. Inspiration hit, and he set the system date back before 31 Dec 1999 ... whammo! The voice mail returneth.

AT&T->Lucent->Avaya, of course, no longer supports the system...as a matter of fact the boss seems to recall getting a letter from AT&T saying that they'd be taking care of the Y2K problems which might be in their equipment; but another soon after saying that support for the System 25 would be dropped as of 31 Dec 1999 ... hmmm.

Oddly enough, he's had a problem with the system giving a database I/O error for a while, but since he reset the date that has also vanished.

All very interesting. At any rate, if you have a System 25 and you can't get your voice mail, set back the date!"

And in related news, Che Fox writes :"The OpenLDAP project is one of the first to be hit by a major bug due to the S1G (one billion seconds) Unix time rollover. The slurpd replication daemon, which pushes changes from the master LDAP server to the slaves, no longer works now that time has rolled over to 1 billion seconds. This means that all LDAP-using networks in the world that use OpenLDAP and slave servers to replicate the data (very common) are now broken. There is a fix available against both the 1.2 and 2.x OpenLDAP releases in the OpenLDAP CVS repository."

You may assume your former activities for the moment. Agent Green writes: "I was checking out my firewall logs this morning and noticed an unusual amount of port 80 traffic and come to find out...it seems that AT&T Broadband has lifted their port 80 restrictions on its residential network. Let's see how long this lasts ..."

Probably until the next worm that takes over everyone's port 80, whatever OS it runs under.

So what did one giant say to the other? jshep writes: "Inventor Ray Kurzweil recently responded to physicist Stephen Hawking's concerns regarding the progression of AI (previous Slashdot story can be viewed here). Kurzweil takes aim at Hawking's suggestion that we use genetic engineering to augment the power of the human brain."

The man behind the curtain is ... uh, vital to national security! camusflage writes: "Reuters has a story (courtesy of Yahoo) that says the judge in the Nicodemo Scarfo believes the "national security" gambit about as much as the /. community does regarding the use of keyloggers. The most choice quote is "I don't know what it means. It's gobbledygook. More gobbledygook," referring to the argument put forth that the keylogger is a sensitive piece of national security. An assistant U.S. Attorney indicated he would provide "classified and unclassified summaries of the system's operation and more affidavits detailing the national security aspects at stake," next Friday."

Very Jerry asks: "Here's my problem. I'm currently in the middle of unifying all of our logins here at my place of work because of all the usual reasons (users forget passwords all too often, leaving them more resistant to setting up more complex passwords). Now we have an Active Directory domain setup here, and I was hoping to have all the users authenticate to that. SFU 2.0 is out of the question because it still leaves you to define extra attributes on the user in Active Directory Users and Domains. After a bit of searching, I've found out that pam_krb5 and pam_ldap have been used with success for authentication, but wherever I turn, there are no specific details. I'm currently 2 weeks deep in to this with no progress and a looming deadline. If anyone could point me to some good, specific instructions (specific to Active Directory, not just OpenLDAP) or help me out with a couple tips, it would be much appreciated."

Kurt D. Zeilenga writes "The OpenLDAP Project is a collaborative effort to provide a robust, commercial-grade, fully featured, and open source LDAP suite of applications and development tools. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenLDAP suite and its related documentation. For more information about OpenLDAP, visit their website."

Kurt D. Zeilenga writes "The OpenLDAP Project is a collaborative effort to provide a robust, commercial-grade, fully featured, and open source LDAP suite of applications and development tools. The project is managed by a worldwide community of volunteers that use the Internet to communicate, plan, and develop the OpenLDAP suite and its related documentation. For more information about OpenLDAP, visit their website."