Posted by
ryuzaki0
on from the are-you-the-Keymaster dept.
jeffwolfe writes: "In his latest column in InfoWorld, Nicholas Petreley claims that Microsoft's attack on the GPL is merely a diversionary tactic to distract the Open Source community from Microsoft's real goal: authentication services."
Missing the point
by
Anonymous Coward
·
· Score: 3
Unified authentication is not a piece of software. Certainly the software exists, but the information must be shared among different groups for it to be worthwhile.
As far as sensitive transactions on the internet goes, I use eBay, ING (for banking), Paypal, Chapters.ca, Amazon.com etc. I would like to be able to login to my personal computer or to my computer at work and have instant access to any of these services without remembering a password for each one. If I gave these companies permission to share my personal information I would not consider this an invasion of my privacy.
If, on the other hand, Microsoft took control of my personal information implicitly when I signed up for these services I would consider that an invasion of my privacy. Microsoft would, in effect, be saying "if you want to perform sensitive transaction on the internet you deal with me." I don't want to deal with MS.
What is needed is not a piece of software, what is needed is a standard format for sharing sensitive information and a standard legal contract by which you give a company to share your information with whichever companies you want the information shared with. A legal open standard similar to the GPL which would also include instructions on encoding and transmitting sensitive information would make universal authentication practical, with or without NC. We can make a contract that we're comfortable with and boycott companies that don't subscribe to it. This is how we'll beat Microsoft.
Passport
by
Anonymous Coward
·
· Score: 3
I think it's interesting that Peterley didn't mention Passport once in his article. The headline screams out how authentication is key and yet fails to address Microsoft's stategy for actually making authentication happen.
Guess what? Microsoft has already mined MSN and Hotmail and has it combined with Passport to create a ridiculously huge user base. Take a look at the Open Source sites (like any of those owned by VA in its OSDN sites). I think at last count there were something like 16 different sites each with a different name and password. How can a supposedly backward thinking company like Microsoft figure out how to leverage it's online websites and yet a company like VA Linux can't? Why is it that you can buy advertising across the entire OSDN network and yet you have to potentially use a different username and password for each of these sites? Why isn't VA doing a service like Passport that would not only tie OSDN sites together, but could potentially use a PAM module to tie your Linux login back into each of those sites?
It seems like the open source community is only going to 'get it' when people fire up Windows XP the first time and realise that they can login with their Passport/MSN/Hotmail accounts.
*holds up cards* 9.9
A truly wonderful troll with a fine, fruity flavor right down to the piquant user-ID: the only flaw is at the very end, where 'Lord Hugh' cannot supply a link. Remember, you don't need to justify any sort of assertion if you're trolling- leaving the last sentence out entirely would have been still better! Ideally the impression you want to convey is, 'but of course everybody knows this'. However, this lapse does not negate the otherwise excellent qualities of the troll, not least the fine efficiency and lack of effort expended in producing it. Kudos and many happy +1 Funny's;)
That's what we're doing here at work-- Sunrays on the desktop, with Solaris boxes doing the heavy lifting. We've only rolled out a few (about a hundred or so), but we will hopefully have everyone on them soon.
The NC *has* been done right. The Sunray is just the most recent (and perhaps the best) example. And it *is* a grand idea.
It won't work, of course. Even here we feel the pressure to move to MS software. We've resisted so far; but find a corporation-wide financial system that can run exclusively on Unix. Pretty much every financial package has an MS-Windows front-end, even if the database runs on Oracle or DB2.
Petreley was right-- it doesn't exist until Microsoft invents it.
-- Microsoft is to software what Budweiser is to beer.
In essence, Microsoft is trying to do the same thing RCA tried to do but on a bigger scale. May the same fate befall them.
-- Wansu, th' chinese sailor
NC World Magazine archive still exists!
by
rickmoen
·
· Score: 2
Nick wrote:
We made more than a few enemies by poking fun at the reams of poor journalism about NC. I wish I could point you to archives of the articles, but I'm not aware of any way to reach them. The campaign against NC was ultimately successful. For that among other reasons, the magazine folded, and the content disappeared forever, at least as far as I know.
Thanks to Don Marti and I acting quickly to create and keep a mirror (allowed by IDG's licence terms), NC World's superb coverage remains available, at http://ncworld.zgp.org/.
Enjoy!
Rick Moen
rick@linuxmafia.com
Re:Other conclusions possible...
by
Jason+Earl
·
· Score: 2
Microsoft is not out to test the validity of the GPL. The last thing that Microsoft wants is to set any precedent that would limit the power of copyright. After all, they rely on the power of copyright to limit the legal use of their software a lot more than the GPL does.
Other than that, I agree. What Microsoft says is always smoke and mirrors. Heck, I wouldn't believe them if they told me the sky was blue (because in the background they would probably be working on changing the color of the sky).
Re:the appeal of a single sign on
by
Jason+Earl
·
· Score: 2
Ah, good point. Of course, that simply means that the information is stored on the file server (of my choice) out on the Internet in an encrypted fashion. The owner of the web site wouldn't need to know what was in this data packet, and wouldn't be able to read it, but I would be able to access it whenever I needed it. Barring that I could carry the information around on a smart card or a PDA. Most importantly, however, would be that I would choose who I shared that information with. My biggest problem with Microsoft's passport service is not that it's centralized, but rather that some other entity has access to my personal data. I would be perfectly happy with Microsoft's service if all they knew about me was that I was storing a blob of encrypted data on their network. As long as they don't have access to my information I don't care who stores it.
It is not like this would be any harder to set up. The reason that Microsoft didn't set passport up this way is that they aren't interested in providing a passport service (even if the users paid fees), they are interested in creating the largest database of marketing data ever compiled. Quite frankly, that scares me.
Re:the appeal of a single sign on
by
Jason+Earl
·
· Score: 2
This is a fairly simple thing to fix as well. LDAP already would allow you to do this, and Mozilla (or whatever you chose as your personal security manager) could easily update a list of sites all at one time if an open protocol like LDAP was used. What's more, since you wouldn't really be interested in the passwords for the individual sites (after all, you would only need to remember the password that unlocked your security manager) the passwords that actually went over the Net could be ridiculously long and complicated. Mozilla could even automatically change all of your remote passwords every day when you first logged in. The user wouldn't even need to notice that this was happening.
And if this blob of information was stored in an encrypted format somewhere on the Internet you could access it from whatever device you happened to be using. More importantly, however, no one else would know what account information you were storing. Right now Microsoft is happily compiling a database of information about everyone that uses their passport services. They know who you are, they know where you live, they know what you buy over the Internet. They know which affiliated sites you visit and when. If Passport was at the center of authentication for the entire Internet then they would know nearly everything about everyone.
The same ease of use features could easily be created without anyone being in the middle (well, your credit card company would get involved when money changed hands). You would keep your own information privately, and could take steps to guarantee that it remained safe.
Re:the appeal of a single sign on
by
Jason+Earl
·
· Score: 3
I can at least back up my hard drive. What happens to my passport credentials when Microsoft decides that I can't use them without paying for an "upgrade," and what happens when Microsoft gets hacked?
Heck, what happens when Microsoft "loses" my passport storage file. Microsoft doesn't guarantee that their site will be up, that they won't lose data, or that they won't be hacked. They don't guarantee that their prices won't go up, or that their service will even be available a year from now.
And if Passport becomes ubiquitous what is to stop Microsoft from using it to spam the lot of us? You think the EULA which specifically states that they can change ther terms of service is going to save us. To be honest, I don't even see Hailstorm as being all that useful. As a developer I personally am not really that interested in having my customers data on Microsoft's servers. I want to control my customers information myself. I want to have their email addresses, and mailing addresses in my database.
I imagine that Microsoft's competitors feel the same way, and now that Microsoft is a full-on media company they have a lot of competitors.
Re:the appeal of a single sign on
by
Jason+Earl
·
· Score: 5
It's already been done. Mozilla will happily remember your usernames and passwords for as many sites as you like. If you wish you can password protect this information store (I believe that IE does something similar as well). This is a much better solution than putting all of the information about everyone in one huge database. Sure, some people will probably lose their passwords when their hard drives crash, and some will have their master password stolen by thieves. But I can guarantee you that if everyone's information was in one net connected database eventually someone would learn to steal that information from everyone (the only trick would be to steal the information slowly enough so that Microsoft wouldn't notice).
Of course, if you put me in charge of the database that would be a different thing altogether. I would never use it for nefarious purposes, and I would be very careful to make sure it never was stolen:).
The funny thing is that this could really work, but not if Microsoft insists on charging money for it. Heck, they should be giving away Windows XP and then hold everyone's data hostage.
The way network computing should work
by
iabervon
·
· Score: 3
The idea is that users can use any computer anywhere, and they access a central location, where their information is stored.
What this will really mean, though, is: people don't buy PCs to put their data on. They buy servers to put their data on. They've finally gotten their 24x7 connection, and they're going to stick a box in the basement next to the other utilities. Then they can go anywhere and get their desktop from their computer at home.
For the first iterations, the box will also be the PC they use, but it will act exactly the same as if it were storing things remotely. Of course, it will act as a thin client for other people who want to use other home machines, and it will be a server for when they're at their friends' houses.
Later, of course, they'll want more places to connect from than they want central stores, and they'll want to upgrade their client capabilities (graphics, raw processing, etc) at a different time from when they upgrade their server (long-term hard drive space), and the server will fall out of use as a client.
All this will be possible in... 1996. At least, that's when I started doing it, at least as far as ssh, and then screen, which covers most of the things I actually want to do with a centralized configuration. MicroSoft will probably end up with a similar model (using proprietary parts, of course, so MS client with MS server does things that either doesn't otherwise do). Being the server is probably a stopgap for people who aren't yet set up to run the servers themselves; after all, serving files for people isn't all that exciting, especially if they get people to use software subscriptions and pay to run the file servers on their own machines.
I find it interesting the various attacks I see upon Microsoft's.Net initiative. Perhaps it is a clever strategy of Microsoft's, but.Net encompasses so many things that these attacks lack focus.
Petrely attacks the Passport services piece of.Net. This is just one small piece, and probably the weakest point of the whole.Net initiative.
Most of us Microsofties are really more interested in the.Net programming framework. ASP.NET, VB.NET, C#, Web services, etc.
I do think there is a want for a single signon for internet websites. I have to keep track of some 90 or so names and passwords for various web sites that I have used. It kind of sucks.
I guess the chief complaint I have with Passport is the stupid hotmail.com account. I really don't see why I need or want a free email account, especially since all I get is spam from it.
So if they could develop a system which was interoperable with my email address that I already have, well then. That'd be cool.
I don't know, I guess in a sense I suspect this Passport thing will have some limited success. I don't think it will become all encompassing though mainly because it's not totally desirable.
Similarly with some of the Hailstorm stuff. Truth is, I think these ideas are good, but I think they need to be decentralized, not centralized. I want to be able to access all my email, various files, whatever from anywhere. But I think that I could do that just as easily myself with the right software, or perhaps as a service from my ISP.
In that sense, I think Microsoft should sell the software, not the service.
The stack most commonly used was Trumpet. Most everyone I knew of obtained it and used it unless they knew nothing about computers or the Internet and bought one of those all-encompassing Internet access packages. Trumpet worked implicitly and almost all applications worked with it correctly unlike the others. Hell, during that time, MS had a TCP/IP stack- but only for ethernet networking and it didn't work worth spit.
By the way, SOAP's not a "godsend"- it's XML RPC for all intents and purposes. For some things, it's a good idea- for others, you're better off using CORBA or something like it. As for the CORBA problems you describe, well, that was the Windows Vendors' problems- not CORBA in general. I mean, there's open source ORBs that plays nicely with nearly every ORB out there- ACE, MICO, OmniORB2... And if you're shopping an ORB and are using C++, ACE is fast, reliable and works across platforms well- and it just uses WinSock2 under Windows.
-- I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Change the font size or the screen resolution...
by
Svartalf
·
· Score: 2
You'll find that IE doesn't do so well at 640x480 or with larger or smaller fonts. Now, while that's the fault of the HTML work at the site (I've seen sloppier- but not by much...) they're not getting it to look like a Word document. There's TONS of sites out there that don't work right with IE or Netscape- Mozilla, possibly, but it's a huge honking monster that eats memory and HD space like candy (Does it work well? Yes. Do I use it, sometimes. I use Konqeror and Galeon mostly...).
I don't use HOTMAIL. Anyone concerned with their privacy shouldn't use it based on MS' terms of service for that and all their other online services. They lay claim to rights for all of what you put or recieve on their servers.
-- I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
I think the article is close to the target, but it's not quite there. It's not that authentication by itself is the key, it's the directory services that's part of the authentication which is the key.
Any one remember archie? The difference it made in using FTP? The key part of the phrase "You can find anything on the Internet" is *find*, it's not that any thing and every thing is on the Internet, it's that you can *find* it. (In some way, this is may be what Sun's CEO meant about not having any privacy -- there have always been records kept on people in all sorts of places, just now it is possible to find the records, index them, use them to *find* what you like, or *find* people that like certain things.)
File transfers have been around for a while now. Napster was interesting because it let people, tada, find the files they were looking for that other people have. eBay lets sellers find buyers. Social communities have formed up on the Interent because people have found other people who share similiar interests.
This probably seems all terribly boring, but think about it for a moment. If Microsoft does create a single sign-on authentication system, they will (potentially) have one of (if not the) largest online directory of people (competing with AOL.)
Authentication is just part of it. If Microsoft controls the directory services, they can control who (or what -- i.e. smart tags , etc.) can be found... or not found. Heck, even forget the authentication bit -- anyone serious will have their own level of authentication and authorization, probably -- the first step in authentication of a person is *finding* their record.
Just look at the whole DNS root server mess, Network Solutions and such making money off of basically directory services. The battle over whether or not AOL will have an icon on the Windows desktop. Instant messaging -- which is basically the idea of presence (which appears to be one of the big buzzwords coming up), or rather, making it easier to be found.
Take a look at how much money is made from the sale of.com domains, etc. Now suppose Microsoft had the equivalent of the root DNS servers, but for a directory of identities rather than domain names. How much would someone pay to have an identity of "John Doe" rather than "jdoe@someplace.onthe.net"... just type "John Doe" in your MS email program... Windows Messenger... goodness, maybe even your web browser. Now, wouldn't that be something? MS could let you type in 'identities' or keywords (i.e. "John Doe" "Amy Smith" "Microsoft Corporation" "Plumber" "Sun Microsystem") into your browser/Windows Messenger (off-topic, SIP blows chunks) and pop up perhaps their web page, a phone call, an instant message, or what not. Mmm. Do away with all that messy 'domain name' bit, or rather replace it with the Microsoft authenticated identities. Hmm. Interesting idea, isn't it?
Look, if you want to change the face of the network, the killer app is directory services. Online the map is literally the terrain -- the domain name system is the map we use to find things! That is, if you replaced the current DNS system with something new, that could change web browsing, email, all the services that depend on it to find people, places, and things.
Re:the appeal of a single sign on
by
unitron
·
· Score: 2
Yorrike probably meant to say "proverb".
Is there such a thing as an amateurnoun or amateurverb ? Or an antinoun or antiverb ?
--
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Re:Likelihood of .NET and hailstorm success is low
by
garcia
·
· Score: 2
there isn't any advantage, that's why I have a strong feeling that they want to eventually force you to use their services...
it will only be monopolized if we continue to let them create this positive spin on the control of our lives!
people are alowly accepting large organizations as the maintainers of databases w/all of our personal information. Do you really want MS to control EVERY single facet of your computer connection? I am scared enough of centralized databases of credit info that companies sell to each other for mass marketing, but I would be ESPECIALLY afraid of MS controlling 90% of every computer remotely...
Bill of Borg is really starting to get closer to reality:(
from a 2000 single domain forrest/tree set-up, without giving all your data to M$. Single signon can be managed thru Tivoli also on a multi platform environment. Only Solaris presents real problems in the password intercept area, Aix/Tandem/M$/TRU64/VMS and of course LINUX all work well. There are also products out there like ControlSA that handle single signone and multiplatform access well.
None of these are opens source but they are M$ controlled either....
-- errr....umm...*whooosh* *whoosh* Is this thing on ?
are what we are placing for admins and tellers, COMPAQ makes a case smaller than a VCR that mounts easily just about anywhere. In a corporate environment the PC lifespan is short anyways, and with long term (10year) deal with the PC vendor for 2 year replacement, it is cheaper to replace 20 PC's than 1 decent server that could support 20 working thin clients. Give me a entire giga-bit fiber network and some uptime agreements from M$ and maybe it will make some headway.
-- errr....umm...*whooosh* *whoosh* Is this thing on ?
Re:small form factor PC's
by
pete-classic
·
· Score: 2
"Smaller than a VCR"? That dosen't sound like much. Do you mean smaller than a VHS tape? That would be something.
I work for the 2nd largest M$ exchange implementation worldwide, and our management along with several other fortune 50 companies told M$ to stick.net where it was safe...Ballmer's deep dark hole. Data security is PARAMOUNT and M$ would not pony up the $$$'s for insurance and bonding nor would they provide ANY sort of IRON CLAD uptime/access agreement. With VPN and broadband so prevalent these days we are going the exact opposite, to the hardware vendors' delight, and deploying PC's everywhere with VPN clients to access our data on our OWN SAFE and SECURE machines. If I were a sales business or some such heavy travel industry I MIGHT be able to see 'some' value in a.net structure but otherwise...NOT.
Can someone present an argument PRO.net beyond M$'s security and uptime smokescreen ?
-- errr....umm...*whooosh* *whoosh* Is this thing on ?
Re:Who has MS convinced ??
by
technos
·
· Score: 2
No, but my 270 once impressed a VP at Microsoft. He then accused me of being signal11.
And now that he's dating again, he might be more inclined to insist on a bit of privacy. (The collective response of the FSF people to Stallman's acquisition of a significant other after all these years was, basically, "Thank God!". This info is a good four months out of date now, though. Dunno how things are going in Boston...)
Sun and IBM don't have a monopoly on the desktop. Think Netscape, but if IE had come out before it did.
-- --
Smaller isn't impossible, just more difficult.
by
Sangui5
·
· Score: 3
Here is a little anectdote relating to executable size
I recently recompiled my kernel, and put in the MagicSysRq support. I had been playing with fork, and the killall/nukem-now support it offers was attractive. However, can be dangerous, and as such you have to put a '1' into/proc/sys/kernel/sysrq before it will work. Putting a '0' in instead will also work.
Now, I wanted to be able to turn this on/off from my user account w/out going to root. A script wouldn't do it as/proc isn't world writable, and you can't suid a script safely. Therefore I needed a very simple binary program. Being the lazy person that I am, I wrote it in C++:
int main(){
ofstream out;
out.open("/proc/sys/kernel/sysrq");
out << "1";
return 0;
}
Now, when I compiled it, I noticed that the filesize was a whopping 354K. 354K just to write a single character!!! That is way too much. So I decided to put it on a diet. First step: strip. Strip removes all of the debugging information from a file, which can really shrink it's size. It did, but still left a whopping 71K.
I then realized that the problem was using C++. So I switched to C, using file pointers, fopen, putc, and so on. This brought things down to a mere 12K. Stripping this brought a final size reduction to 3276 bytes. A very very slight reduction could be achieved by using the more raw calls to open() write() and close(), but only a couple of bytes.
Now, what is the moral of the story? It was a little harder to write the small version. I had to look up the exact semantics for fopen (I don't use C very often). I had to know about the existence of strip (or the -s flag for gcc will do the same). And I had to have the will to cut the size down. As a result I cut the binary to less than 1% of it's original size.
Now how many end-user apps:
have been written with absolutely no attemt to keep the size of the binary down?
haven't had their debugging symbols stripped?
statically link to common libraries rather than dynamically link?
statically link multiple times to the same library, and then dynamically link once or twice more just for good measure (hint: MS Office).
have lots and lots of extra features that only a small percentage of people use?
have totally unnecessary things (a whole flight sim in Excel!!)?
are written in "big" languages like C++ (especially for GUI work), or are written by people who would rather save themselves 5 minutes coding rather than slim something down, even a large amount?
The answer is "a lot"
Network computing is perfectly possible. It just takes a small amount of effort
Re:Smaller isn't impossible, just more difficult.
by
nihilogos
·
· Score: 2
354K??? The same program compiles to 5978 bytes using g++ on my system.
-- :wq
Re:Smaller isn't impossible, just more difficult.
by
eMilkshake
·
· Score: 2
12k, eh? You need to check out http://www.muppetlabs.com/~breadbox/software/tiny/ teensy.html, which describes just how to make a small Linux ELF program. Fed up with program bloat, the author found just how small he could make a program: 45 bytes.
Forget the privacy implications
by
Sangui5
·
· Score: 4
Just consider for a moment the security implications.
You must remember that this is MS running the servers. Now, last I checked, they didn't exactly have a very good track record on security. Just think of what bad things could happen the first time somebody breaks into the Hailstorm servers and steals millions of people's login info at once. Or credit card info too, as there is talk about using Hailstorm to handle online purchasing too.
The very idea of a centralized single signon is moronic. I would hope that most people on/. realize that by now.
Re:Forget the privacy implications
by
technos
·
· Score: 2
Moronic, sure.. But so are the millions that want it. And only Microsoft, who has experience in the 'So you got hacked! What am I supposed to do about it. You only paid us $40K for out software, you didn't pay us to make it secure!' business is going to be moronic enough to try it.
-- .sig: Now legally binding!
Re:Forget the privacy implications
by
Salsaman
·
· Score: 3
Let me introduce you to a novel concept - it's called 'paper and pen'.
What you do is, whenever you register with a site, you write down your username and password in a little notebook.
Don't actually write your password, just something to remind you what the password is.
Amazing eh ?
I think I'm going to patent the idea.
Re:Forget the privacy implications
by
update()
·
· Score: 2
What you do is, whenever you register with a site, you write down your username and password in a little notebook.
The problem with that, as well as the schemes other people propose about encrypted text files and such is: what happens when I'm hanging out in my wife's office and decide to order some more slightly irregular T-shirts from Sierra Trading Post? Yes, I could carry the notebook with me, but doesn't that strike you as a little inelegant? None of the methods people are suggesting are worthy of a world with pervasive networking. (Although the MacOS keychain does work great on a local system.)
What I do is remember a couple of strong passwords (my main Unix account and the root account on my connected Linux box) and reuse a few weak ones for sites where I don't care if I get 0wn3d (I'm not a sufficient privacy freak to care if someone cracks my Burpee account), with one password for news sites, one for merchant sites... But there has to be something more elegant coming along: biometrics, automatic authentication through my wearable, something like that. George Jetson doesn't have to carry a paper notebook around with him.
Unsettling MOTD at my ISP.
Re:Forget the privacy implications
by
update()
·
· Score: 3
The very idea of a centralized single signon is moronic. I would hope that most people on/. realize that by now.
Problem is that it's also moronic that next spring when I buy new seeds from Burpee, I'll have to either remember the password that I created in 1999 (and can't have sent to me because I'm at a new email address) or spend 10 minutes creating a new account and lose my history. Or that I find myself registering on sites as "jsngr8" or something like that because I've already created and lost 8 accounts there.
I don't know what the answer is, and I sure hope it's not putting Microsoft in charge of a single unified login -- but the methods that made sense in 1996 just aren't going to cut it any more.
Unsettling MOTD at my ISP.
Re:Forget the privacy implications
by
Auckerman
·
· Score: 2
Internet Explorer for the Mac remembers passwords for you. The keychain in OS 9 and OS X form a conveint place for all your passwords, encrypted of course, all locked and unlocked with a single password or if you are in a multi-user set up, merely by logging on and off the computer.
This isn't meant to be an add for MacOS. Use what you want. The point is merely there are alternative solutions that are clearly more secure than a centralized network location, it's just that MS needs an to hide their thinly veiled attempt to make it easier to code network applications only for Windows rather than using existing standards and protocols to do it behind "innovation" and "service".
Quite frankly stuff like this disturbs me. I don't trust my personal information to new unproven technologies, this includes.NET/Hailstorm. The level of inherent complexity of these services combined with the fact that most companies use their customers as beta testers make for nothing more than a receipe for disaster. No thanks, I keep with my set that works and is secure.
--
Burn Hollywood Burn
Re:Another novel concept Notepad.exe
by
Chelloveck
·
· Score: 2
Or don't even bother encrypting the file. Do you think anyone really cares about the password to your Burpee account? Or 99% of the other transient accounts you create on the web?
I've been using URLTrack on my Palm, which is designed for this. Lately I've switched over to using a generic database manager just to make it easier to export the data to my PC as a CSV file. I ought to remember to copy that CSV file to my shell account periodically, just in case I'm caught somewhere without my Palm and I desparately need to logon to Slashdot.
Chelloveck
-- Chelloveck I give up on debugging. From now on, SIGSEGV is a feature.
Really?
Who made and opened OpenLook ?
Who donated code to Mozilla ?
Who donated code to OpenOffice ?
Can I download Windows for free just like Solaris?
Did M$ develop something like lxrun?
Could we really expect from Sun the same as from M$?
Does anybody have the right to say that Sun _would_ be as bad as MSFT, _if_ they had the desktop monopoly?
Could it ever be that Sun does not have any monopoly because it is not as bad?
Please remain fair to fair players and hold back unsubstantitated slander.
Disclaimer: I never worked for Sun, do not own Sun shares and I am in no way affiliated with Sun.
Micro$oft's ".NET" is a move to send computing back 40 years, back to the bad old days of centralised computing resources and remote users.
I would rather keep control of my own personal computing. I don't want my private data residing on servers outside my control. How do I know that Micro$oft can be trusted with it? How do I know that Micro$oft won't steal it by changing their "terms and conditions" with a bait-and-switch? Micro$soft will as usual disclaim all liability for lost data. For these and other reasons, ".NET" cannot be trusted as a reliable computing alternative.
We should therefore work hard to ensure that ".NET" becomes ".NOT". --
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
"Smithers, use the amnesia ray..."
by
FatSean
·
· Score: 2
"You mean the revolver Sir?"
"Yes, Precisely..."
-- Blar.
Re:Likelihood of .NET and hailstorm success is low
by
WasterDave
·
· Score: 3
MY data is one SOMEONE ELSE's machine.
The problem is that while you're comfortable with data being on your machine, 99% of people (joe consumer) would rather it wasn't. They have no idea how to do backups, are uncomfortable with the idea of disk crashes, and (ironically) are used to the idea that computers just do go wrong even if they have no idea that it's our friends in Redmond that cause it.
So they want someone else to look after their data.
By which I'm sure you mean 'X' or 'The X Windowing System'.
Any app that deals with text or numbers could run over a 56K modem no sweat. I know this is possible....
Of course its possible; its called xterm (or other telnet client). Anything that can't run in an xterm obviously isn't dealing entirely with text and numbers.
The reason an application like Quake can run so smoothly across a dial-up is because it's performing a very specific, limited task, and the messages being sent are all very simple - shoot, jump, turn left 15 units. The reason the X protocol is so flexible is because its so generalized and non-specific. It doesn't even know what operating system or window manager you are running at the other end of the connection. This means an X client has to send a lot of information to the server at the other end of the connection to describe what it looks like, how it works, what kinds of input it's listening for, etc. This boils down to enough bandwidth use that app sharing with X is "usually" useable on a LAN, but too unwieldy for broad internet use. (I'm reminded of the time at my first Unix job when I innocently ran a full-screen mpeg video player remotely via X and brought down the whole 10-megabit network).
I agree with you that it would be a Good Thing to have a lightweight protocol to run sophisticated apps across a network connection. I like to think that's where XML is headed. But X, while it has its uses, has been around for years and years and plagued by problems of varying implementations, bandwidth use, and general non-acceptance among the MS-Windows crowd. (It also doesn't help that even the commercial X servers I've seen for MS-Windows - like Hummingbird Exceed - are of pretty unexceptional quality.) I suspect that X has been around long enough that if it *were* a magic bullet waiting to be discovered, somebody would've done so by now.
Re:M$ has done a better job than the competition
by
r2ravens
·
· Score: 2
2.) They run Hotmail. Everybody's used this at least once.
I beg to differ. I'm sure there are many people who do not use and have not used Hotmail. I am one of them.
As a matter of fact, most of the spam I get is from Hotmail accounts. If I could convince two more of my friends to give up Hotmail and switch to something else, I would send all incoming mail from Hotmail accounts to/dev/null.
-- War is Peace. Freedom is Slavery. Ignorance is Strength. - George Orwell or George Bush?
Re:I see two possible outcomes...
by
MindStalker
·
· Score: 2
Problem with number 1 is that the basic laws of capitolism state that the internet retailers would abandon such if the cost rose above what consumers want to pay. And either go back to simple credit card systems, or MS would become a credit card company, and charge the same rates. And people can simply use a 2 click system.
As a POS developer I worry a lot about NCs at POS. I remember many years ago, my dad worked on a back office system for Asda, the UK supermarket chain. All dumb terminals at POS. Something (I think it was a major hardware failure) took out the back office, and left the cashiers asking customers how much they usually spent on groceries, and charging them that amount. Cash only, of course.
Now I have a retail chain of my own (ha!) I am constantly defending the position that no matter how much redundancy you put in the back room, even if you use the sexy multi-transport networking in QNX, something can happen that will knock the register off the network. And when that happens, if it's an NC, you have a blocked lane. If it's a PC, and you've coded it right you can still capture all the barcodes, and the customer's credit card number. You might lose something when the cashier has to guess at how much an item without a tag costs, but when everything comes back up, at least you'll know how much you've lost without having to inventory the whole store.
--
--
-- E_NOSIG
Use an affiliated .edu/.org for your CA
by
__aadkms7016
·
· Score: 2
I've always thought universities were the perfect
certificate authority for their graduates; you
would get the service as part of joining the
alumni association, along with the bad magazine
and the alumni email address. Grads are already
using them as an authority every time they
request a transcript, and certifying someone
completed a degree is a pretty strong claim of
identity, more strong than Verisign has to offer.
The idea can be extended to handle people who
don't go to college too -- there are enough
organizations in this world, from churches to
unions to professional organizations to AARP to
AAA, most of whom collect money from their members
while providing various value-adds. Certs could
just be another thing along with the discount
health insurance.
Re:MicroSquish for authentication?
by
remande
·
· Score: 3
The long and short of it is, MicroSquish knows precisely *squat* about multi-user computing, data security, and crypto.
That's alright. Remember when they knew precisely squat about the Internet?
In two to three years, Microsoft will have invented those technologies.
--
--The basis of all love is respect
Other conclusions possible...
by
dead_penguin
·
· Score: 2
While the article does make some interesting points (you *did* read it, didn't you?), I'm not quite sure I'd go so far as to see this as a huge consipiracy to draw our attention away from "authentication services".
It's probably true that Microsoft isn't as concerned with the GPL as it appears in previous articles here, but I think their "concern" with it is a pretty good indication that they are taking it seriously. Aside from the fact that this is classic MS FUD-mongering, I'd imagine that before they went and made any such statements that their lawyers had taken a very, very close look at the wording and workings of the GPL.
Rather than the current smear tactics (comparing something a "cancer" is *not* playing nice) being a diversion, I think they are being carried out because Microsoft actually believes that the GPL could stand up in a court of law, and that their corporate lawyers *probably* couldn't fight it effectively.
Of course if you want a real conspiracy, you could even go so far as to conclude that MS has already (secretly) violated the GPL, or is planning to do so...
"Intelligence is the ability to avoid doing work, yet getting the work done".
--
It's only software!
Re:So name the open source alternatives
by
jfunk
·
· Score: 3
It's really a pretty cool solution and you can authenticate to almost anything: LDAP, RADIUS, even SMB.
Of course, there's still the problem of centralised control. What I would really like to see is a PGP or PGP-like solution where the user has control over their private key and each site grabs the public key when they sign up (with this, a signing up process could be transparent to the user). That way, you get the common authentication method and there's no need to store complete data about you anywhere but on your computer. Imagine getting a popup: "Whatever site has requested the following information:...." Each piece could be accompanied by a checkbox so the user can accept/deny specific pieces of information.
This is probably doable such that it will easily integrate into current systems, too.
Of course, I could be totally wrong, and I'd expect someone to point that out.:-)*
No, no no nooo. This is just another piece of pseudo-physics. In business, smaller does *not* mean 'quicker' -- in either the 'ability-to-change-focus-suddenly' or the 'ability-to-fully-exploit-an-opportunity-before-an yone-else' senses. *Bigger* is faster. *Bigger* has less inertia.
Small companies necessarily have homogenous portfolios -- they focus on one wee lil corner of the market, because they lack the resources to cover more. Any change of direction (or market) jeopardizes the company; hence, alterations in course are 'expensive', probablistically speaking. OTOH big companies can follow a zillion different speculative trails to their logical conclusions *simultaneously*. Think of quantum computing. Now, if 99% of those trails end in failure, so be it; the company naturally 'collapses' its waveform onto the remaining one percent and be extremely successful.
The reason why small companies appear to be quick is the same reason that dust motes seem to be 'everywhere' when you wave a flashlight around in a darkened room: The sheer number of small businesses make it very probable that a handful will be at the right place at the right time for any given opportunity, never mind the hundreds of unlucky failures, floating in the dark!
While we were all vigorously arguing on Slashdot, they snuck in the room and put little black boxes between our network interfaces that record a micropayment for every TCP/IP packet.
Nice diversion!
Sarcasm aside, Microsoft is still a big corporation... and smaller means quicker. So it's not really about Microsoft sneaking anything past us... it's about the quality of our decisions and actions, and how effective they are to counter moves by Microsoft.
But hey, the best solution is to just give in, buy their stock, and move to a remote Pacific island to live off the profits. Or, alternately, move in with Stallman and start amassing the GPL cult that will eventually take over the world like... Pac Man...
Microsoft is a medium-sized company. IBM employs some 250,000. Microsoft is some 30,000. Sun is about the same. Oracle has slightly more. So MS may be big compared to Red Hat, but they're not a BIG corporation. Especially considering the breadth of software they produce from operating systems to application software to server software.
Agreed, Microsoft is a big company. That's why when they enter new areas they're like a huge elephant: they go slow, but there isn't much that can stop 'em once they start moving.
Smaller doesn't mean quicker though. Sticking to the same analogy, the smaller companies are more like mice. They can quickly dart back and forth, but obstacles can really slow them down.
I firmly believe that Microsoft can be beaten. It's just important to remember that just because they're big and slow does not make them an easy target at all.
I don't see the problem with this. Well, there's the ever-present plans of MS to take over the world, but that's nothing new.
What microsoft has always been good for is successfully implementing the grandiose ideas that nobody else could. Do you remember the Windows 3.1 days? If you had a new graphics card or new printer, what was the only thing that could talk to it? That's right, MS Windows. And MS shared the love by allowing any program running within it to talk to those devices as well.
And now there's network computing, with its related monstrosities, central directory and PKI infrastructure. Many big heads have tried to tackle these; none has come close to success. These are ideas that would expand the usefulness of computers beyond belief, but they can only be pulled off if there's a strong center to hold everything together.
In case you're worrying that "center" means monopoly, think again. The center is shrinking! MS is no longer trying to have a stranglehold on the Apps or the OS, just the authentication and the basic protocol which can be run on any hardware. We should rejoice!
Unlike visa or doubleclick, they're not trying to put themselves in a position to snoop on you. They're trying to give us something that no one else can. --
>Wasn't there a time when incoming mail opened in Emacs's mail client could execute arbitrary Elisp code?
You *can* configure EMACS to be that stupid, but you have to know what you're doing to make it happen. EMACS doesn't default to running any elisp code it finds in any file you open.
-jcr
-- The only title of honor that a tyrant can grant is "Enemy of the State."
MicroSquish for authentication?
by
jcr
·
· Score: 5
Yeah, right. Like I'm going to trust an outfit that puts a Turing-complete interpreter in a MAIL CLIENT, and gives it full access to both the filesystem and the outgoing mail queue for ANYTHING related to security.
The long and short of it is, MicroSquish knows precisely *squat* about multi-user computing, data security, and crypto.
When Hugh Daniel went up to Redmond to do interoperability testing between FreeS/WAN and their half-assed IPSEC, he asked them which crypto algorithms they'd implemented, and they told him "40-bit DES". Nothing else.
Hugh just left. I would have, too.
-jcr
-- The only title of honor that a tyrant can grant is "Enemy of the State."
The central premise is that your data lives in a central location that you can access from anywhere.
And I want that central location to be my residence, which is easily achievable today without special NC boxes. The problem with NCs is that they are strictly inferior(*) to full-featured PCs, and PCs are so cheap that cost isn't much of an issue.
(*)from the consumer's perspective, of course. I'm sure Microsoft and the RIAA are huge fans of the limitations of NCs.
-- How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
Re:Makes perfect sense, really.
by
clump
·
· Score: 2
"If you can keep the appropriate people focussing their attention on trying to justify themselves, even against
rather pointless and ineffectual attacks, they don't get quite as many people thinking "what are they up to?"
One side effect of Microsoft's attempt to slander volunteer software production is that they are now making the target of their attacks ever more visible and understood. In that I mean Microsoft is inadvertantly creating debates that can cast critical eyes on their own proprietary software models and can raise awareness of the existance of free/better alternatives. Microsoft has the hurdle of trying to make philanthropy look "bad".
Imagine what would happen if WalMart suddenly attacked and lobbied against thrift stores or charitable institutions. They could quite easily argue that the very exitance of low-cost/zero-cost goods destroys the industy. They would, however, endure a backlash they likely could not comprehend.
Likelihood of .NET and hailstorm success is low
by
Bilestoad
·
· Score: 5
They still haven't addressed the biggest problem with the model -
MY data is one SOMEONE ELSE's machine.
Even if you have a local backup that introduces issues with consistency. And just who is reading your work? Why will people suddenly trust a third party to provide their environment? It didn't work for Sun in the 90s (which although Petreley mentions MS fought, was not a failure because of MS opposition) and it won't work for MS now - in fact this could be the undoing of Microsoft. We have huge, cheap hard drives, great technology like IMAP, and software that works. I can't see the compelling advantage.
Re:Likelihood of .NET and hailstorm success is low
by
Crixus
·
· Score: 2
If consumers are so uncomfortable with their data being on someone else's machine, then how do you explain the popularity of...
1. web-based e-mail (www.hotmail.com)
I don't think people care too much about the dumb jokes and chain letters that they forward to all of their friends.
Financial records might cause them to think a little harder.
But we'll have to see.
Rich...
-- Ignore Alien Orders
Re:Likelihood of .NET and hailstorm success is low
by
gengee
·
· Score: 2
Firstly, All Your Data Already Belongs To Someone With Root. That is, unless you only distribute data on physical media.
But it's a legitimate concern. Hell, I wouldn't feel comfortable with it either. So I would refer you to TCFS.
TCFS is a cryptographic network file system featuring group sharing of encrypted files. TCFS will encrypt your files before sending them to the file server
and will decrypt them before they are read by the requesting application. Because the encryption/decryption process takes place on the client host, no
clean data will travel the network. This is particularly valid for the encryption key.
TCFS does it's thang at the kernel level. This is certainly convenient, but not necessarily practical. If that is the case, there's a userland counterpart to TCFS called CFS that does basically the same thing. signature smigmature
-- - James
Re:Likelihood of .NET and hailstorm success is low
by
rgmoore
·
· Score: 2
You must deal with very different people from me. I don't know anyone who wants their data stored on somebody else's machine. Even at my work, where we have some kind of confidence that the data will be secure and well looked after, ITS has had a hell of a time convincing people to save their data over the network instead of locally. Most "Joe consumer" types still live at the ends of narrow pipes and find downloading even modestly sized files obnoxious; they're not going to put up with having to do that with the files they own as well as the ones they're downloading from somebody else.
--
There's no point in questioning authority if you aren't going to listen to the answers.
Re:Likelihood of .NET and hailstorm success is low
by
elliotw
·
· Score: 2
If consumers are so uncomfortable with their data being on someone else's machine, then how do you explain the popularity of...
1. web-based e-mail (www.hotmail.com),
2. online storage services (photos.yahoo.com), and
3. financial portals (www.fool.com) where people enter their portfolio contents.
Re:Likelihood of .NET and hailstorm success is low
by
sulli
·
· Score: 2
Right. Petreley wildly overstates the support for.NET. My impression was that people don't yet know they don't want it - because they don't yet realize that it's another one of these godawful-stupid centralized data storage ideas.
Hey everyone in the biz: People like their PCs! They like controlling their own data and apps. If Hailstorm/.NET try to remove this control from the users, they will have the same level of success as, say, Microsoft Bob.
"Pay no attention to that man behind the curtain!"
-- "Can of worms? The can is open... the worms are everywhere."
This "microsoft conspiracy" thing is getting old
by
quartz
·
· Score: 2
No really. Why should anyone in the free software/open source communities give a rat's ass about what microsoft does? I know that as long as something is made by Microsoft, I won't use it. And as long as there's a free software community I'll share my software with them. Microsoft can go to hell. They can't make me use their software, no matter what they do.
So c'mon people, let's spend less time bitching about microsoft and more time providing ourselves with the software that we want. I can understand journalists, they can't help blabbing on about microsoft vs. open source, it's their job (and I bet they're praising the patron saint of journalism right now for such a long-running and juicy story source as the oss-microsoft war). But us? We have far better things to do...
Network Computing is still a step into the past. Timesharing revisited. A system that ignores the power of user machines in favor of doing as much as possible on servers and to top it of uses only HTML for GUI is seriously broken and I am amazed it is even considered in this day and age. What a waste of the last 40 years of hardware and communication advances! We should be seeing massively P2P architectures and as much work as possible being offloaded to clients that have their configuration managed as automatically as possible.
If MS wants to play the Open Standard game then simply make sure the keeper of the Standard is independent and the standard is really Open and independently certifiable with no bogus gotchas that prevent Open Source implementations from being certified.
Re:Yes, NIS and kerberos are useful
by
matman
·
· Score: 2
I love that nowhere in MS's W2K texts that I've read, does it mention that a kerberos KDC needs to be computationally secure, since if it is compromised, all passwords in a domain must be changed, since the attacker can potentially decrypt the session keys in use on the network.
Re:So name the open source alternatives
by
technos
·
· Score: 2
They're not.. They're just going to make sure that every bit of software running on their OS requires authenticated user credentials to run, and the only place they're going to let you get that authentication is passport.
I think that NCs will get a niche. Secretaries, POS, stuff that is better off centralized and doesn't benefit from being local.
Out side of that, I think that they are doomed to fail as a mainstream "PC replacement" for a reason I haven't seen anyone else cite. That reason is; PCs are cheap. By the time you buy 10 NCs, with displays, and a bad-ass 4 (or more) way server to service them, you may as well have bought the same 10 displays and 11 PCs, the 11th for file/print sharing.
And I think that NCs have a negative economy of scale. I.e., if you have 100 desks instead of 10 you need 10 times what I described above, plus a SAN, and a bunch of network upgrades to handle the load.
Or, I suppose, you could do a shoddy job. Only buy enough processor power to handle average load. (And have human beings sitting around waiting for the system at peak times. That ain't cheap.) And sit the whole thing on whatever network infrastructure you happen to have. (Hope you've got 100Mb switched, buddy.) Leaving you with a crappy system that cost as much as giving everyone a PC.
And don't give me a bunch of TCO crap. You aren't going to convince me that the army of real admins that will be needed to keep all those terminal servers going is going to be cheaper than running a helpdesk with a Ghost image on hair a trigger.
-Peter
My ideal computing platform...
by
mrogers
·
· Score: 2
...would be a server sitting at home on a broadband always-on connection, while I carry around a little Palm-sized wireless thin client, or optionally access my apps from any PC using a browser plugin (so that none of my personal information is left in the PC, and I don't have to put up with the web's display inconsistencies, slow rendering, privacy problems, blah blah).
Work at home, work at work, work on the move... your files and programs stay on the same server and nothing travels across the network except GUI events (encrypted, of course). You don't have to store your data on anyone else's machine: you can even download your own browser plugin from your own machine if you need to access your programs from an untrusted PC.
We could do all of this with free software. Most of what we need is already out there; the biggest problem I can see is the availability of broadband connections for home servers. There is no reason this needs to be centralized (by Microsoft or anyone else). --
Which gives me 4000 bytes if I use the -s switch. Are yours statically linked or something?
-- :wq
Superior windows authentication
by
Ukab+the+Great
·
· Score: 3
They put a certificate of authenticity in every windows box. Hey, it works for the franklin mint.
It's a matter of trust
by
Alpha+State
·
· Score: 4
A piece of software is not enough so just having an open source alternatvie is not the issue. We are talking about a user's data here and what is going to be done with it. Sure, you could do it with open source tools, but who is going to actually store the info and handle the authentication?
I can see a private company (or more than one) coming forward to accept user's details and provide authentication to web sites, but they are likely to be just as bad or worse than MS.
The other problem is trust - you can build it, but why would users register their important info with someone they've never heard of before. You and I may not trust MS, but plenty of people will (and do).
What is needed is a large, recognised group which can provide authentication, funded by micropayments, advertising or contributions and backed by names that people will come to trust. I think this would be a perfect service for the government to provide, although I imagine many people here will be pretty dirty on that idea. But what the hell, they already have all your info and at least they wont play silly buggers with preferred partners and closed standards.
The only other possibility is an open consortium or perhaps financial companies (someone like paypal), but the possibility will still be there for abuse.
Unless someone can come up with a way of using a decentralised system like freenet to provide secure authentication, but I can't see people trusting that either.
Re:Red Hat Professional Server
by
DrCode
·
· Score: 2
No kidding! At my previous job, my boss wanted to set up a Linux server. I offered my recent SuSE CD, but he insisted on spending a couple hundred $$'s on 'Red Hat Professional'.
Re:the appeal of a single sign on
by
4of12
·
· Score: 2
I can guarantee you that if
everyone's information was in one net connected database eventually someone would learn to steal that information from
everyone (the only trick would be to steal the information slowly enough so that Microsoft wouldn't notice).
Yeah, I'm thinking about all those handy-dandy little kiosks that run some variant of Windows with some browser that is all set up for traveling fools like myself to look at our email back home. Yes, indeed, that https and SSL insures traffic is invisible between 2 points, but there's little to insure that my starting point is not the real authentication widget, but rather some trojan harvesting my authentication for later fun. (Or that the trojan makes me feel better by displaying the https URL where it invisibly proxies my session over to some 3733t 0\/\/n3d z0mbi3 box.
I wonder if the unidirectional control freaks at MS who are implementing all this authentication with unswerving attention to insuring that Joe User is a paying licensed software renter have given any thought to my concerns.
That is, is this friendly-looking screen what it looks like?
Before I authenticate against a self-described authority, I want to know that authority is authentic in a way that I trust. A generic Windows screen confirming that all the rent payments have been kept up on this software won't convince me that it's trustworthy.
On the same issue - has anyone developed a challenge/response program that one could run like xdm/gdm/kdm that users could interact with securely to see if they were talking to a known system prior to entering a passwd?
-- "Provided by the management for your protection."
Re:So name the open source alternatives
by
4of12
·
· Score: 2
If MS is selling authentication services, what are the open source equivalents?
Surely someone somewhere in GPL land has written some code that let's you do what their passport software does. If so let's hear about it!
A good point.
Some authentication services surely do exist, but not to the same level of centralization as in the Hailstorm model.
The nature of most open source and free software is such that the concept of a secure infrastruture for collecting charges for renting software is alien, almost anathema.
Authentication mechanisms to secure private communication are reasonably well-developed (PGP, GPG) and it looks as if Freenet may expand on this somewhat, but the glaring absence of monetary transactions for software use has guaranteed that such services will be slower to arrive in the world of free and open software.
That said, I don't look to MS Hailstorm authentication as anything I want to use. They're really playing with dynamite with this thing.
Like many others roaming the wild and wooly internet, I'd just as soon be able to adopt a secure pseudonym at will, rather than have every damn site know my real name, address, SSN, and how much Jack Daniels and hemorrhoid cream I bought last month.
-- "Provided by the management for your protection."
Wrong! The post is clueful, no troll
by
JPMH
·
· Score: 2
The authentication process really isn't the issue. The basic protocols for talking to their authentication database should be fairly straightforward to reverse engineer. (MS may even have made them public).
If MS try to restrict things so that only MS servers can talk to their database, and lock out Sun and Apache systems, they will get nailed for product tying.
MS are hoping to win big in server space by offering a better programming environment and a better toolchain, making it faster and easier to write server-based applets, and faster and easier to re-use existing experience and code fragments from single-user single-desktop projects.
That is the challenge for the rest of the industry and the open-source community: to provide as easy to use an environment for knocking together web apps as users have become accustomed to when putting together join-the-dots VB apps in a visual environment, and as seamless a transition path.
.NET's promise of no-fuss linking and inheritance of object properties between different languages is another significant part of its potential attractiveness to coders, both on and off the web.
As just one example, in numerical software it would be nice if there was a really good fast set of open-source objects for matrix calculations, (eigensystems, SVD etc); and if the same objects could be used, with no performance hit, whether in C++, Fortran, Java or whatever; and could easily inherit methods written by other people in other languages. (Compare that to having to write a different hack for every compiler to access Fortran's Lapack from C, never mind C++).
If MS can create that kind of seamless integration, it will be a huge plus for writing code in their environment, locked in to their system service libraries.
Similarly if end-users can transparently convert back and forwards -- using the visual tools they already know -- between the existing page and form designs they already have in current existing standalone apps,
and the pages' direct equivalents as web-served content, this could be another big draw, another big chance for MS to leverage on their existing user base.
The free software community needs to wake up: MS's Common Runtime environment, and its associated (very extensive) service libraries, are a much bigger proposition to compete with than just another clunky java clone.
I honestly doubt that NC's are the future that the author of the article does. Many of the app's that people cannot work without are rather large (and perhaps bloated). These often include Big Bad Bill's homegrown programs. I do not see a lot of development for the PC (I speak specifically of the Windows environment here) for the public that is smaller, tighter, faster code.
Until NC's can deliver the same punch as a PC continuously (in terms of performance and customizability), people will continue to purchase PC's.
A couple of thing which stays in the way of Network Computer (and.NET) acceptance:
PC nmarket is world-wide; Net PC can only work where broad-band access to the Internet is cheap and ubiquitous (in my country, which buys lots of M$oft products[and copy ever more], BB is around $500 per year, and only available in big towns ).
You are right: most of peole does only two or three things with their PC (I do four:). But there is an alternative for them to NC : appliances, i.e. light PC-that-arent-PC, which can be engineered do to the two-or-three things smootly and at zero-maintenance-costs.
Network Computers may be accepted in corporate and office LAN, where most of services are already centralized. But for this is not needed any.NET technology : a remote display product for WinTEL platform is more than enough (and IIRC they are already on the market).
The apps that I use the most are a browser, a media player, a text editor, an email client and a terminal. Only the text editor isn't specifically network-centric, although most of the files I edit are scattered across many computers.
The NC isn't necessarily a terminal with no hard drive and a crummy processor. The central premise is that your data lives in a central location that you can access from anywhere. I would love to be able to access my MP3s from my car or edit code while kicking back at the beach. That is the power of the NC.
Until NC's can deliver the same punch as a PC continuously (in terms of performance and customizability), people will continue to purchase PC's.
Erm, wouldn't a powerful customizable NC just be a PC anyway?
Think how many people just want to read email, use a web browser and maybe write something in a word processor or let the kids draw pictures etc, at most. Make something cheap and powerful to do that and it should meet those people's needs.
The problem is education as always. People seem to be of the idea (maybe through the much greater advertising) that you need a huge, powerful PC to get the best out of the "web" or "multimedia". Rubbish, people were doing both very well indeed on the PCs of yesterday, which are likely to be about the same power as a modern NC. Plus with NCs being more limited in scope (which has to be stressed isn't a bad thing, your video only records and plays things for example but it does them well) they can be set up and coded tighter than the general, allpurpose PC.
NCs. They should be an ideal, cheap addition to any home, but PC arrogance and ignorance is kinda getting in the way...
And don't ask me if I'd buy one because of course I wouldn't. I'm an intelligent geek and therefore represent a very small minority of the world population. Why try to force people to become geeks to use our hardware when they can stay as they are and use something designed for them?
-- "Don't get mad, get a monkey!"
Why I'm Not Using Windows Anymore
by
portege00
·
· Score: 3
These types of actions on Microsoft's behalf is exactly the reason why I bought an Apple iBook with OS X recently, learned how to use Unix over the last four years, and put a LINUX firewall between my Microsoft machines and the Internet--I don't trust M$ products enough to hang a Winbox's bare ass off the network like I would Linux or OpenBSD.
I don't mean to sound like a Slashdot M$ basher. I have my reasons...
I can't find the link right now, but Microsoft and the NSA have backdoors into your system. Microsoft doesn't deny NSA involvement, either.
Given their past history, anyone who uses.NET is either ignorant, foolish, or just doesn't care.
Where do you want to be violated today?
-- Trolls make great pets. Adopt one today!
Re:Why I'm Not Using Windows Anymore
by
krystal_blade
·
· Score: 2
Umm... Actually, have you ever TRIED to del the index.dat's from the cached folders?
I just went through it the other day, and had to download a program that wiped the files on boot-up, before windows started.
It's called Window Washer, shareware. Check tucows.
And somehow, you think that because Linux stores the files/text of where you went somewhere they're the same? I highly doubt it.
First of all, in Linux, you 0wn the system if you want to. You can pretty much do what you want.
Show me how to do that in Win98, running IE 5.5, and I'll be impressed. Try the old "Dos/Delete" trick, and see where it gets you.
HINT: You won't even see where to go unless you do a dir -a in the tempor~1 folder.
Not usually the thing the average, knowledgeable user is going to either A. Do. or B. care enough to see it through to the end.
krystal_blade
-- It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
Re:So name the open source alternatives
by
susano_otter
·
· Score: 2
My guess is that this sort of global "one ID everywhere" solution only makes sense (and money) when you have a large, locked-in user base.
Microsoft probably hopes to integrate, MSN, Hotmail, Explorer,.NET, and Subscription Licenses under one monolithic service umbrella, with global access to "everything you could ever want or need" provided by Passport.
The open source community doesn't have anything like this because of the prohibitive costs of trying to integrate too many disparate - and often competing - services under one centralized authentication solution.
--
Any sufficiently well-organized community is indistinguishable from Government.
Home users' data on remote servers? No. Thin pipe.
by
yerricde
·
· Score: 2
at least at some businesses, admins don't even like employees to keep data on their desktops, but only on servers - that way no one loses data when the random desktop goes blooey.
Yes, but there's a difference between working across a LAN and working across the Internet. For one thing, office LANs are 100 megabit/s Ethernet, but as rgmoore pointed out, try getting 100 KILObit/s out of your dial-up PPP connection. The characteristics of telephone lines make it just not possible. Businesses can also afford to maintain a few smb/nfs/ftp/webdav servers and a couple hundred workstations; home users would have a bit more trouble affording $100,000 to move the family to an area where high-speed Internet access is available, $50/mo for the high speed Internet connection that Hailstorm would require to make it even remotely usable, and $25/mo (based on previous retail license price divided by 36 months) for Hailstorm service itself.
It's so funny to read all the posts comparing Sun and Oracle's Net PCs to "time shared computers of the past" and "glorified x-terminals".
Just how many of those dumb PC magazines do you people get at work?
Nick may be a little off here and there ("benificient dictator" as opposed to "benevolent...") but that's no biggie.
I don't know or care about MS products and services.I've seen them fuck too many good people, whether employee or owner, government and private, for me to ever care what Microsoft thinks/does/shits.
But I can say that I've worked on a distributed system for a few years, and there is such a thing as a NC...not PCs, not timeshared, not NFS, not X-terminals, and probably what MS would like to see the Xbox evolve into.
Good God, I wish some of the Microsoft sheep that hang out around here would stop reading their "PC Wanker" magazines and start thinking once in awhile.
Treatment, not tyranny. End the drug war and free our American POWs.
--
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
while I appreciate raising the alarm - this is an insightful piece - I couldn't help but wonder why he thinks NC would have been good under Sun's control. Clearly.NET will be a nightmare under the monopolistic control of M$ - but Sun is just as hungry for monopoly as Microsoft, and would hardly have shepherded the concept any more benevolently than M$ would. The NC *was* a failed concept and for good reason!
-- Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
NC sucked balls and I'm glad it lost. The specter of losing all control of your PC to Larry Ellison's Oracle empire was perceivd as, if you can believe it, worse than Microsoft to the user base, and so it died. Good riddance.
I think MS has a good chance of making this happen. Its not a certainty but it is very possible. IMHO it all starts from the desktop monopoly.
The key is that when Hailstorm gets integrated into applications (instead of being "on the web") people won't feel as uncomfortable with it. They won't even notice its happening.
Imagine that some music distribution company offers a jukebox like system where you pay a small amount of money to instantly play a song. If they teamed up with MS, they could install this ability in MS Media Player to log you into Hailstorm so you could "securely" transmit finaical information neccesary to get the song. And the normal user barely even notices becasue all the info gets typed into regular windows dialog boxes that don't look anything like the "scary, unsafe" web. For the music industry its great because they don't have to worry about keeping user accounts and the security. For MS its great becasue they get money even though they have nothing to do with music. Hell, that might even make it easy for artists to directly charge for music. Easy distribution, and easy money collection. It works with anything. Like the MLB's plan to charge people for the game broadcasts.
Its all perception. People get scared only when they take out their credit card and type it into the computer. Imagine MLB get you to type in your credit card just once into Hailstorm. From then on all you'll see is a dialog box that pops up saying "Do you want to buy this? YES NO" Peopel will just hit yes and barely think about. Since all the info is already in Hailstorm, you won't need to retype your cc.
Once people are in the system and comfortable with it other companies will dive in. Make the same modification to Internet Explorer and then companies can sell you stuff over the internet using Hailstorm as the payment scheme (a la PayPal)Companies probably won't even give you any option other than paying via Hailstorm since its a lot easier for them.
And this is exactly what the article is getting to. MS suddenly becomes the doorway to a whole host of services. In other words _everyone_ is dependant on MS. MS can raise prices however they see fit since comapanies would need the MS user db to conduct transactions.
Re:Two .NETs at issue here
by
Wesley+Felter
·
· Score: 3
Yeah, but all that cool auto-managing software that NCs used could have run even better if it was installed on a real PC instead of an underpowered NC. Management is a software problem, so solve it with software, not hardware.
... assuming that storing your data with Microsoft is as safe as storing your money with your bank.
Did i mention that the Microsoft-Bank will not assume responsability for losing your money?
the appeal of a single sign on
by
fetta
·
· Score: 4
Having a single sign-on has real benefits from the point of view of a non-technical user. End users want the experience that Hailstorm theoretically offers (at least some of the time). They are tired of remembering dozens of separate password. Unfortunately, lots of people don't worry that much about the privacy implications.
Is there a good open source alternative that can provide the same experience?
-- ** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
Re:the appeal of a single sign on
by
tb3
·
· Score: 2
Sounds like Princess Liea from Start Wars:
"The more you tighten your grasp, the more systems will slip through your fingers."
(Okay, flame me if I didn't get the quote exactly right.)
Re:the appeal of a single sign on
by
baumanj
·
· Score: 2
Does the name "HailStorm" remind anyone else of the "Hacker Hellstorm" from the movie Canadian Bacon? You remember, the machine created by R. J. Hacker to secretly take control of the nation's nuclear defense systems? Sounds a little to close to be coincidence to me.
More specifically related to this thread, how many people are using their toasters for email these days? Not many, I'm guessing, so why have the urge to offload all your passwords to some far away source so that they can be accessed from anywhere. I see no reason to let anyone manage my infomation en masse except me. In the MacOS, there's a handy utility called KeyChain (did this make it into OSX? I haven't used it yet) that can be used to manage passwords, and though it's not perfect yet, the OS supports voice recognition login, a significant step towards biometric authentication. As we all begin to have more wired appliances in our home, I see no reason why a local server (probably one that would also act as the firewall) like the motorized tie rack couldn't serve as a local password repository. Maybe it's a little complex for the average end user, but this same server could be accessed from anywhere, and yet private individuals control their own fate. There is a lot less incentive to hack John Doe's Blender/Firewall than there is to get into a repository of thousands of passwords. I think we're still a long way from needing corporate intervention in this domain.
-- "The general contract of the method run is that it may take any action whatsoever." -- Java 2 API
Not so! MSFT *is* going after open source
by
revbob
·
· Score: 2
And what's more, they're going after it exactly where they fired their opening volley: U.S. Government code.
There are a number of open source, GPL Government projects going on today, and a number of others where people are working to retrofit the GPL to existing codebases. I'm participating in one that's struggling to get started in HLA, the Defense Modeling & Simulation Office's High Level Architecture, which is the DOD standard for interoperating networked simulations.
A large number of very influential corporations would be tickled pink if the code that they developed using the taxpayers' money stays locked in their own private safes. Microsoft is simply the point man on this effort to perpetuate a whole apparatus of sweetheart deals and fraud against the American taxpayer.
The argument that GPL is somehow un-American seems absurd your average/. reader. In fact, we may be wondering why they would bother to even give an argument like that. Simple. That argument carries a lot of weight with program officers for the military who have to contend with superiors who really do see a Commie under every bed.
Never, never doubt that Microsoft means precisely what it says.
Re:As always, Cosmo said it best...
by
gilroy
·
· Score: 2
Blockquoth the poster:
That groovey seating was in fact a Cray. There is no purpose to that scence (other than the plot dissemnation)
I disagree. There is a prosaic use, which is that the room is soundproof and not bugged. There are deeper, more symbolic interpretations: First, that Cosmo's bosses haven't bugged the computer room, meaning they still don't "get" the impact of computers everywhere (as Cosmo does). Second, that Cosmo in times of trouble turns to his devices, not his henchmen or any friedns. Third, that the computer is again a mediator of secrets (as is the theme of the movie). Fourth, that Cosmo -- with his magic black box -- ironically doesn't notice he's relying on a computer for secrecy.
Did the scriptwriter or director intend all of those? Any of them? I'd be surprised. But that's what makes it art: It resonates with us on levels far surpassing the conscious intent of the artist.
As always, Cosmo said it best...
by
gilroy
·
· Score: 5
There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!
Re:Makes perfect sense, really.
by
Morbid+Curiosity
·
· Score: 2
Imagine what would happen if WalMart suddenly attacked and lobbied against thrift stores or charitable institutions. They could quite easily argue that the very exitance of low-cost/zero-cost goods destroys the industy. They would, however, endure a backlash they likely could not comprehend.
I think the main difference there is that the everyday person-on-the-street knows thrift stores and charitable institutions. They understand them, and recognise what they do. To most people, open source is something they don't know or understand, and their main source of information about it has been FUD marketed to them by people who don't like it.
Debunking that FUD is all well and good, but if people aren't also educated about what open source is and how it works, then they're never going to be able to make an informed decision, one way or the other.
If you can keep the appropriate people focussing their attention on trying to justify themselves, even against rather pointless and ineffectual attacks, they don't get quite as many people thinking "what are they up to?" as they would if they were just getting on with quietly rolling out their.NET plans - they're quite obviously whinging lamely about open source, right?
By giving the more zealous and vocal open source advocates a giant red "Kick Me!" sign to fire at (and fire they will; the target's too good to pass up), then commentary on the other things they're doing might just get lost in the noise.
Welcome to the Machiavellian world of PR. It's a lot more difficult to meta-moderate out there, and Microsoft is trolling.
So, according to Petreley, NC's have withered on the vine because of a massive and insidious FUD campaign by Microsoft to spur everyone not to buy one.
I'm sure the fact that you can buy a complete PC for what a NC cost had nothing to do with their demise.
As far as.NET is concerned the issue of authentication is overblown a little. People seem to focus on the evil-looking parts of.NET like authentication services and ASP software, and forget about what.NET really is. It is a runtime, like Java, that can run code written in several different languages. That part of it will succeed. The authentication stuff however will go down the tubes just like the ASPs are doing now.
There is not a widespread need for third-party authentication. Certainly not enough for there to be widespread services that everyone uses. The ASP model has failed to a large degree as well. If the 3rd party goes down(as MS has often done) or tanks as a business you are hosed. Most people won't risk this.
The part of.NET that will succeed is the programming model, because it does solve a need for a lot of programmers.
So what we have really is 2.NET's, one which will succeed, and one which will not do so well.
--
No, Thursday's out. How about never - is never good for you?
MS has gotten very good at pushing its solutions on the customer.
- When I first brought this home computer home and started it up, the first thing I saw was a screen that dialed up MS and further prompted me to enter data on myself, basically enforced registration. My identity as a new user was logged and stored away. I wonder to this day what information MS has on me, and if it's legal to obtain it. I believe it should. But my point is that I was guided down a narrow path, afraid to not deviate from it, and MS pushed my initial registration on me.
- When I installed Compaq (nee Digital, nee Powerstation) Visual Fortran, I was told that IE was necessary to use their online help (their only help). It promptly downloaded itself on my desktop and became the default for a bunch of files (.gif,.jpg, etc...). Again, I felt I had no choice but to comply, as part of the initialization process.
- Then when I loaded MS Visual basic onto my machine (God help me), I was forced this time (of course I had to use IE, but I was used to that) to establish a Passport account to finish the installation process! I never wanted a Passport account, man...
So, long story short, I got assimilated and now I have this red device sticking out of my ear.
No, wait. My point is is that the average user is also compelled to do all these things, essentially agree to be tracked and registered, just to run their desktop, or do their job at work. The idea of actually owning what you pay for is a distant memory in.NETland. You can flame me for being a sheep, but I don't have time to fight the power every damn time I turn around.
Here is an interesting link. It's IBM's 1995 Annual Report where the CEO talks all about network computing concepts. It's a good insight into what they thought this thing would be before it got all confusing with the dissembling and rambling explanations of what.NET is and isn't. Man, if you ever wanted an example of doublespeak, you only have to read MS press releases. Black and White are what Bill says they are.
-- SDMI: Finally! Music that won't rip or burn! Brought to you by the fine folks at RIAA.
Need I even point this out...
by
cascadefx
·
· Score: 2
NC's are interesting, I'll admit, but give me a computer any day. When that 13 year old decides to DOS the network pipe that I use to get all those lovely.NET apps, I'm screwed on an NC. However, local tools and apps on a full blown PC will allow me to wile away the hours of the attack balancing my checkbook, playing some games and brushing up on Perl by putting Komodo through its paces.
The problem with the NC model is that it relies on a stable, secure, high-bandwidth connection that has 99.9999% uptime. Can anyone tell me of a network that meets these requirements?
The counter argument is that no computer has a 99.9999% uptime either and that any system can fail locally as well. The response to this argument lies in the idea of local control. If my hard drive fails and I have a report due tomorrow, I can choose to put in a new hard drive and could have myself up and running again relatively quickly. The NC model places those decisions and priorities in the locus of control of someone else. Who is to say that they have my best interests in mind? If you want an example, look at the DNS problems Microsoft had a while back. As a network consultant and support technician, I unfortunately have to spend hours digging through the sludge of Microsoft's technical papers and knowledgebase hoping to find answers to this new problem or that. For three days, during the DNS debacle (can anyone figure out why they didn't have an off-site DNS?!?!... The Road Ahead for sure!), people were out of luck when it came to getting access to those resources. Let me tell you, if the phone system of the US was down for three days, there would be congressional hearings and someone would probably be facing jail time. Now, I'm not saying that a company should be held responsible for its website being down for three days, but if that company was also providing "essential services" (as the.NET strategy is hoping companies will), then I believe that the level of accountability should rise in proportion to the critical nature of the services that are provided.
We have a scary future ahead of us my friends. But you guys already know that, don't you?
I think that they are doomed to fail as a mainstream "PC replacement" for a reason I haven't seen anyone else cite. That reason is; PCs are cheap.
Another reason: there's a BIG difference between a LAN (which basically is the niche you mentioned) and the Internet. MS's solution amount to trusting every bit you have to Uncle Bill. Bad. On the other hand, having a LAN in your office and lightweight PCs (aka NC) does make a lot of sense.
And it's even less original than the article says: remember those "boot ROMs" for diskless Novell workstations? Windows 3.x installed in the server? That worked, and worked REAL good. I am/used to be a CNE, and did gazillions of installations like that. Everyone was happy. Office ran exactly as fast as in HD installations. It had everything a NC has except buzzword compliance.
And what killed that? The bloat that was Windows 95. Can't have it executed from the server. Bugger.
You're a whiner..really. There is something usefull called "paper" on which you can write down password/user ID combinations. Just lock away that document somewhere at home and you're safe. Actually all my passwords/userID combinations I even owned are stored safely in my Psion (PDA for the uninformed) and saved with a password. So I only have exactly one password to remember. Since it is regularly synchronized with my PC I nearly have no risk of data loss and I have my PDA all the time with me. This means: you won't get your hands on it to read the passwords without me knowing it.
Second thing (which form security point of view is not ideal, but usefull...depends on your own paranoia) is that you could easily use the same password/userID combination for less important things. I'm not going to secure my slashdot account with a 14-char password because I fear to be 0wn3d and that trolls will start to exploit my account. My root password on the other hand, has 14-chars because I consider it important.
Now, you see: with a bit of discipline and common sense, do you need something like Passport(tm)(c)(r) or even Mozilla/IE5.x remembering your passwords (I disabled it) Oh, *you* don't have common sense. Sorry, forgot I was talking to/.
-- Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Re:No, really, I insist.
by
GunFodder
·
· Score: 2
This is a good point. That's why I keep all of my money at home stuffed in my mattress. Most people foolishly trust a bank to hold that money, but who knows what they will do with it? They might mistakenly transfer it to some bozo or accidentally divide my balance by 2.
Some friends tell me it is convenient to use these ATM things, but I can always go home and get more money if I need it, I don't ever want to leave town anyway. And this way I get to set up my own security. They tried to sell me some fancy alarm system, but I just keep the door locked and all the windows except for on the second story, 'cause no one is going to climb into a second story window.
First of all, in Linux, you 0wn the system if you want to.
and when you're done with that, you can 0wn every linux box on your cable modem node. thanks, red hat!
--saint ----
Do NOT follow fuckmicrosoft's advice...
by
Kasreyn
·
· Score: 2
...deliberately harmful "advice" there which will hose your Windows box. I suspect the site is either a cruel prank or a sarcastic joke, but it's certainly not clear to any poor Windows luser who stumbles by that they shouldn't ACTUALLY delete win386.swp (THE SWAP FILE).
The only "tips" on that page are for clearing temp internet files and other stuff that's only slightly beyond the average AOL luser. Nothing actually worth reading (that is, nothing I didn't discover a month after I started using Windows).
-Kasreyn
-- Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger/. flamers since 1999.
X-Box, PSII, etc... they're all NC!
by
nofud
·
· Score: 2
A NC is just an appliance, with some processing power (not much), broadband access, graphical capabilities and maybe a small harddrive (low-cost storage).
Microsoft has an NC, it's called the X-Box.
Sony tries to play catch-up with the PSII, with the recent agreements with AOL, Real, Macromedia, etc...
Nokia has also a NC in the works (not based on a gaming platform but on an Tivo-like appliance running Linux)
But of those three only one will win, and it's Microsoft. They have as much cash as the others, but they have majors advantages like mindshare in the public (joe won't buy a PSII to check its email, but a microsoft thingy like the one he's got at the office) and a huge base of developers.
Game Over.
-- --
p a n a p i c - panoramas des alpes: Mont-Blanc, Mont-Rose, Cervin, etc...
Funny, I was just reading an article by Bill Gates on.NET. The article explains.NET quite elegantly: "A company offering an online electronic-payment service can expose its service to partners, so that they can deliver it as part of their own offering -- regardless of what platform they are using."
Of course, Microsoft will always push their platform as the "best" one to build Web services on. But I think we should applaud the fact that two major proprietary behemoths have finally started pushing "open standards" -- IBM and Microsoft. Don't forget how unrealistic this would have been only a few years ago.
I think it's time to take a step back from all of this Microsoft-bashing and realize that at least we finally pushed them into a corner. They can't push a Windows-only solution anymore. Sun has cornered the market on "open standards" with Java. Microsoft HAS to counter -- as long as they keep pushing something Windows-only, they will lose customers.
What we are seeing here is what we have been asking for all along -- "Microsoft, will you finally support standards?" Why is it that when they agree to support XML and SOAP, and at least do lip-service to the "open standards" idea, we continue to bash them and whine about how Sun did this 10 years ago?
but Passport user authentication system which Hailstorm depends on is everywhere. If you don't use it you are on your own.
Gates is looking to take Oracle and SAP to the cleaners, Hailstorm is the smokescreen for that agenda.
Smart admin would avoid their Oracle and SAP servers be able to publicly accessible. E.g. the websites only get a snapshot of the Oracle database image from an internal Oracle server. What.NET does would compromise the security by centalizing the authenication to somewhere else, while putting Oracle and SAP servers at risk of being publicly accessible.
Oracle and SAP see this, but they'll still cooperate with.NET, as there are lots more idiots who believe everything sales said. I know a PHB putting employees database in a public webserver. Microsoft needs customers like him.
Network Computers failed for the very good reason that MIS managers looking to torture their victims
Nothing torture me like admin hundreds Windows 95/98 desktops.
 _ /. /    |\/| |\/| |\/| / Run, Bill!
M$ has done a better job than the competition
by
rfsayre
·
· Score: 3
I think this cat is overlooking how much M$ has done make the idea of NC-type operations palatable to consumers. I'm not a big fan, but they've done a couple useful things.
1.) They make great web browsers. Sure, they've got privacy issues and they're closed, but they work pretty damn well. I type this from IE5 mac, which is a pleasure to use. Making web pages look as good as MS Word documents gives consumers confidence.
2.) They run Hotmail. Everybody's used this at least once. It's a great example of data accessibility. Another great examlpe is Corbis.
Another factor here is connectivity. There's much better and faster Net access now than there used to be. People couldn't see the benefit of NCs when all they had was 10base-T at work and modem everywhere else. At that time, NCs offered little benefit over carrying a floppy over to your co-worker's desk. With the spread of broadband, 802.11b, and faster ethernet, NCs are a much more practical idea.
M$ is also launching services, rather than trying sell you what appears to be a shitty computer. I think this is pretty key. The problem with previous NC initiatives is that they were hardware based. A guiding principle of NC thought should be that "hardware matters little". So why in the world would Sun be interested?
Re:Scary - but it may be Microsoft's downfall
by
baptiste
·
· Score: 2
Why does everybody think households worldwide are just DYING to shell out even MORE moeny for media? I mean come on! We already pay $50/month for cable/satellite, $30/month for Internet access. Why does eveyrone think folks are going to shell out more sizable dollars on reruns and stuff? Video on demand and all this interactive TV BS is a fad and unless its priced to a level folks don't care (say $1 maybe) it won't work and if it is priced that low and they try to convince you they'll 'Make it up on volume' lookup dot.com bubble.
Scary - but it may be Microsoft's downfall
by
baptiste
·
· Score: 4
Lets be realistic here, is this really going to happen? Microsoft sure thinks so but maybe they're going to have another massive project blow up in their face (remember Bob?)
The money is NOT with personal PCs - hell half are using pirated software anyway! Its the business customers. Well, do you think any IT Director with half a brain is going to suggest letting Microsoft a) handle authentication to their sensitive data nad b) allow that data to be stored @ microsoft? I didn't think so. Plus can you imagine the strain on the already overloaded internet pipes of most major companies? Same goes for personal users - till that last mile is fiber - well.NET will just be too slow.
Now MS may make $$$ selling a.NET type package that runs on internal corporate PCs, but ala samba, we'll just emulate it was necessary while adhering to whatever standard comes out of all this.
Personally, I agree with teh author one one point - the NC got shafted. From a corporate view it was an AWESOME idea. Having maanged PC deployments and disk images, etc it was awful. Being able to toss a cokie cutter box onto the network, hit power and it boots up based on serial # and user config - what a dream - too bad nobody could make it work right:(
You are damn right the NC is the MIS managers wet dream: try to maintain a site with hundreds of windows PCs, have software installed and upgraded on each one of them, do routine maintenance on each PC's hard disk etc etc. Then we can talk.
Unfortunately the MIS managers tended to be as interested in recovering control over the corporate nervous system as control over costs. Back in the 1980s I made money by writing apps to screen scrape data out of corporate mainframes so the middle managers could feed it into Lotus 1-2-3. The MIS managers could have provided the data but they refused point blank to do so. It was all a power-game.
Besides, you DON'T need an 800MHz PIII, 128MB RAM and a 20Gb hard disk on EVERY PC in your network
But when that setup costs $500 from a computer store the premise that the Network computer would save money by reducing the hardware costs collapsed.
The Network computer failed for many reasons, not least the fact that there was no significant application support for the device. The lack of a hard disk was always going to be a drag on performance though. The idea of eliminating local user storage is not a bad one, end users should probably only have access to a centrally managed file store. The idea of no local long term storage was a complete loser however, as anyone who has used a diskless workstation knows.
It is not suprising that network computers were easy to manage. They could not be used for anything useful. What is more Sun and Oracle appeared to be spending more on idiotic TV ads than on writing aps to make them useful. If Sun had bought Star Office earlier they might have had a point.
Ultimately I see the whole Sun vs. Microsoft thing as denial on the part of Sun. Microsoft is not going to kill Sun, but Intel and Linux will. A high end linux box can be bought for a tenth the cost of the equivalent Sun box.
Also, C# is not an evolution of C++. C# is java under a different name, what microsft thinks java should have been.
Not actually true, If Sun had not behaved as it did then C# might have evolved out of Java. C# is actually built on top of the C++ compiler back end by the C++ team. The feature set is essentially a combination of C, COM and Visual Basic. It is possible to translate from Java into C# but it is also possible to translate from Visual Basic to C# so that hardly makes the languages equivalent. Sun is not the first company ever to suggest a new programming language, nor was Java successful for any new features, even the byte code interpreter has been arround on micros for 25 years (UCSD p system).
Sun's behavior with Java was pretty inexcusable. The idea that we should all be forced to agree to the decisions of one company when it comes to the feature set of a programming language is stupid. Sun deliberately crippled the native language interface for their own purposes. But many of the users of J++ simply wanted a better language than Visual Basic to write one off applications and did not give a monkeys about 'running everywhere'.
--
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The author of the article does not appear to know anything about.NET, authentication services or much else.
Contrary to the discussions on this board.NET has nothing much in common with Sun's failled Network Computer. The Network Computer was nothing more than a new name for an X-Terminal that can run java apps and a browser locally. That Sun tried it as a bet-the-business strategy was the best corporate joke since the Sinclair C5.
The Network computer concept was for desktop apps. It was an MIS manager's wet dream - take away the employees PCs and give them dumb terminals wired to the nice shiny mainframe. Back to the 1960s.
Network Computers failed for the very good reason that MIS managers looking to torture their victims could do the same job much more cheaply with Citrix without buying Scott McNealy and Larry Ellison more fuel for their corporate jets.
.NET is about information service access. It is the way to hook together e-commerce applications. It has zero to do with Suns clueless hardware platform.
The only intersection between.NET and Sun's effort is that Microsoft has rolled out the JIT compiler technology and Java alternative as part of the package. Neither is core to the.NET idea, or for that matter Sun. C# is merely a logical cleanup of C++, there are some points of comparison to Java but all the ideas have been arround long before Sun used them. If Sun hadn't got all proprietary closed and legal Microsoft might not have created their own, but nobody can really blame them for not being beholden to a standard Sun police ownership of with lawyers.
Hailstorm is only one small part of dotNET, getting all wound up about it is to miss the plot entirely. Gates is looking to take Oracle and SAP to the cleaners, Hailstorm is the smokescreen for that agenda.
As for the GPL bashing being to divert attention from anything, the covert agenda there is more likely to ram home to the analysts the fact that Linux is putting Sun and Solaris out of business and the poor performance of Sun the past few quarters is probably reflecting that dynamic rather than an overall slowdown.
--
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
The thing I didn't like about network computing and the thing I don't like about application service providers and the thing I won't like about.NET or other plans for centralized computing is...
...I don't want vendors deciding who will host the customer's (MY) data. I want to host my data. And my applications. I don't want to be wholly dependant upon the bandwidth provided by an outside vendor just to access my basic applications and data.
Currently our enterprise provides applications and data to our users via a 100Mbit, switched, LAN with all of our cabling and physical plant under our direct control. No ISP can provide me with that kind of bandwidth on a cost-effective basis. If a switch goes down we know about it and can repair/replace it immediately. If it's too congested we can upgrade it when we're ready to -- we don't have to beg our provider and wait for them to call us back.
I am very uneasy about allowing other organizations to completely control access to the data and applications we depend upon for our business. What happens when they goof up the billing and cut us off for 3 days because they think we didn't pay the bill? What happens when they misallocate our IP address and we get dropped off the network? I won't leave our company at the mercy of somebody else's clerical error any more than absolutely necessary.
No. We'll keep our essential applications and data in-house. Thanks anyhow.
-Coach-
-- Perhaps the world's greatest tragedy is that ignorance is not impotence.
.Net is tasty and palatable because it has the MS marketing machine behind it.
Pointy-heads and suits like to identify with products, and campaigns..NET is just the thing. They will be much happier purchasing a complete solution is a snazzy, glossy box, with a snazzy, glossy label like ".NET IIAS Server 2002", than cobbling together gnusnorf 0.13beta and gnufroop-2.73 into a custom built app, that performs as well on hardware they already own.
People like to shop, and companies like to drop down bucks on new hardware and shiny new CD's. Tarballs aren't sexy.
As for blind-siding Open Source, pfft. That was just a headline-grabber, nothing more. Online news has discovered that to increase revenues, they need to get posted on/. Just mention the words Microsift and Linux in the same sentence.
C'mon, a full third of this clown's article was devoted to touting his awesome prophetic powers from back in the day.
Why government is a *Good Thing*
by
Thurn+und+Taxis
·
· Score: 3
There's an easy way to prevent Microsoft from controlling our identities. Let the government(s) control them instead. They control our identities now, by issuing licenses and passports. When was the last time you tried to buy a bottle of single-malt scotch with your MSCE certificate as ID?
The way to stop Microsoft from controlling our identities is to convince at least one US state government to legislate the online identification of its citizens. Once digital identification is claimed as a right of the states in the US, it's taken out of the hands of M$. That's gotta be a step up, right?
You ARE the Missing Link. Goodbye!
-- On stereophonic equipment, the monaural sound obtained through multiple channels will enhance your listening pleasure.
Having services like this means
-you have to stay online all the time (or else you cannot reach you files)
-one server breakdown means you cannot access your own stuff
-one clever hack means you get into everyting everyone has made/kept/etc
sounds scary
Identify Authenticate Authorise
by
james(honest)
·
· Score: 3
Absolutely Authentication is the key to everything.
Most computer users do not want to remember a bunch of passwords.
Most users will use an easy system despite rumoured risks.
Most computer users do not understand nor care about the security risks
Most computer users, when it comes to privacy, trust big corporations more than they trust their own government and certainly more than "evil hackers".
"There is not a widespread need for third-party authentication." There is.
The article was dead on about Authentication, but all/. can focus on was how it is wrong about NCs. What an irony.
Most web developers are troubled by finding good solutions to authenticating users, and will use a drop-in solution if it is available, especially if it makes Microsoft liable for errors (or if users have given up all rights by using Passport because of the EULA).
I'd like to respond to various postings I've read here. Whatever your opinions on Network Computing, the article is dead on about Authentication. First, it is the key to monopoly. Second, we are all incredibly easily diverted. We are all failing to get the message about the GPL attack being a diversion because we are all diverted by the NC message in the very article calling our attention to the divertion!
I use the computer a lot. I use it for online banking on all my bank accounts. I use it for bying all my hardware, my CDs, and my books. I am sick sick sick of remembering passwords and I will embrace any technology where the relative risk of putting my credit card details online offsets the day-to-day drudgery of typing in my details every day. Since all my credit cards have online fraud protection, I dont see any problem putting my details into hailstorm. Or rather, I dont see any more problem with it than I do with my Ralphs grocery store card recording what I buy to eat. And neither will most people.
On security, the average user doesnt share our concerns because they literally do not understand what you are saying. jcr says, "Like I'm going to trust an outfit that puts a Turing-complete interpreter in a MAIL CLIENT, and gives it full access to both the filesystem and the outgoing mail queue for ANYTHING related to security." My Dad does not know what you are talking about. My Dad does, however, use online banking.
Now, as a web developer, I have the problem of logging in users and managing sensitive personal data. If I make it to easy for someone who has forgotten their password to get back in, then I run the risk of letting in the wrong person and giving out (in our case) very personal details. If I make it to hard, those same valuable details will suddenly be lost to the legitimate owner, negating their time and investment. One solution is to have a very thorough and very expensive customer support team. A second solution is give up authentication to Microsoft, thereby making Microsoft liable for any breaches. As a business, the ability to give up accountability and hence responsibility is far more valuable than the time and effort I save on development.
So, what is the alternative?
An alternative to Microsoft's hailstorm is one that does basically the same thing but allows for more than one service provider. The service providers then agree to trust each other or not. Just like my local grocery store doesnt take American Express, sure Amazon's IAA server might not take one of my credentials, but I do have another.
Who do you trust with these details? Who has servers to host these services? Where is the software? ISPs and banks. Whether banks would agree to store logons to other banks is a question for them, but they'd soon see the value when faced with competition. Just like my Wells Fargo VISA payment system will accept cards from Mastercard and other VISA banks, similarly my Wells Fargo IAA server will accept authentications from Union Bank.
The question is what software will this be running on, and will it be open source/gpl? It makes sense to be, since open source is much more secure. Plus, it would be nice if people could start their own servers. They might not be trusted by mainstream servers, but they would be trusted by each other.
Jamie
True Confession/Rant of Ex Microsoft User!
by
exMicrosoftJunkie
·
· Score: 2
I'm currently helping a client to switch their internal applications from NT/IIS/ASP/COM to a JVM/JSP-centric solution. In the client's current scenario, NT, IIS, and COM - all Microsoft-specific, proprietary, closed technologies - are required components to support ASP. With JSP, this changes to a scenario in which the JVM and JSP can be deployed on any mainstream operating system and web server, providing a solution which can be sourced by multiple vendors, and for which published standards and source code is usually available. This reduces dependency on a single vendor and makes it possible to solve problems oneself, without being forced to rely on underqualified tech support personnel and a company which has little interest in actually fixing the bugs in their products, as opposed to forcing upgrades to the next entirely new and untested version.
This perspective is based on multiple experiences in which serious bugs in MS products - like memory leaks in IIS/ASP - were never addressed. Being a highly competent developer, it is not acceptable to me to be at the mercy of a company that does not even do a good job of pretending to have my interests as a customer at heart.
Much the same feeling applies to the operating system and OS-level tools. I know experienced Microsoft systems integrators who have had endless problems with Microsoft's tools, Proxy Server being a prominent example. Problems with Exchange are legion and legendary; System Management Server is a spectacular failure; and their DNS server is little more than a joke. MS Service Packs and hotfixes are as likely to break major functionality as to fix bugs - the original Service Pack 6, and the more recent Exchange hotfix are cases in point.
From my perspective, Microsoft peaked at around the time NT 4.0 came out and has been wandering directionless since then, changing acronyms (DNA anyone?) on a regular basis to attempt to hide the lack of any significant innovation.
Two technologies originally led me to be pro-Microsoft: NT itself, and COM. NT was a good product, for its time, when the betas of NT 3.1 came out in 1992 or so. NT 4 made the catastrophic mistake of importing the Windows 95 user interface, and then turning the ever-buggy Internet Explorer into the GUI shell. Since then stability has only deteriorated, and almost no fundamental progress has been made in making NT/2000/XP support some of the more powerful capabilities and configurability long provided by Unix - proper remote administration capabilities not least amongst those.
It seems that any overall vision that had existed at the time NT or COM were conceived have since deteriorated into a mad rush to maintain control in a changing market, driven by the Internet, which is something Microsoft is still trying to control rather than "get". Factions within Microsoft with backgrounds in things like mainframe transaction server systems argue at cross-purposes with advocates of academically pure object-oriented systems. If there's someone with a global vision at Microsoft, I don't know who it is: Nathan Myrhvold left long ago, and Bill Gates has spent too much of his career making billions to be a competent software architect today.
Microsoft has also never quite gotten the hang of TCP/IP - with the possible exception of the core of IIS, its Internet-oriented tools uniformly suck. I've already mentioned Proxy Server and DNS. In Win2K, Microsoft finally gave up the battle in some areas and fell back on pure BSD tools, such as the telnet implementation. The Wall Street Journal's recent story on Microsoft's reliance on open source software gives more examples of this admission of defeat.
But even while they're resorting to open source code, Microsoft seems to completely miss the power of simplicity and interoperability evident in Unix/Internet tools; or this may be a deliberate strategic policy. If tools are too simple, extensible, interoperable, or open, customers will have too much ability to control their own destiny, and thus won't be as easy to suck into a recurring-revenue future in which Microsoft bills its customers annually and provides arbitrarily chosen upgrades in return ("this new dancing paperclip is better than the old one, honest!")
In addition, Microsoft's own insistence on reinventing everything works against it: sucky initial implementations of Winsock led to applications which didn't get the concept of asynchronous communication. You still see this in products like Outlook today: they can lock up for extended periods while doing network access, something that should be completely transparent and in the background. [I'll say one thing positive here though: I/O completion ports are pretty sweet, and I've used them to good effect in some server applications. They've also helped IIS be an excellent performer. But one good API feature isn't enough, especially when the application developers don't understand how to use it.]
It isn't as difficult as one might imagine to convince hard-nosed business-oriented customers of the perspective I'm outlining: Microsoft's threatening lawyer's letters about license compliance, sent blunderbuss-style to all customers regardless of any evidence of lack of compliance, don't win friends amongst IT staff and CxOs. The threat of rental models, browsers which modify the web sites of other companies, and critical coverage of these things from quarters such as the Wall Street Journal, all combine to make you wonder: is Microsoft aware that it will ultimately need to rely on more than its current desktop monopoly, and instead convince customers to buy its products based on their merits, and the quality of service it provides?
There's no long-term strategy there, just an attempt to keep the excessive revenue flowing until the next set of CxOs can take over and inherit the mess. As a profit generator, Microsoft represents an incredible and possibly unprecedented feat, which I can respect from a certain perspective; but that doesn't mean I want to number myself amongst the cattle slaughtered to feed its unholy appetites.
Server software has become a commodity, and Microsoft is desperately trying to tie unrelated components together and avoid standards, so that customers have no option but to accept the entire package, and pay serious money for that which has become freely available elsewhere. This is done at every level of its software offerings, so that in the application area I'm talking about, for example, the operating system is tied to the web server is tied to the transaction server is tied to the template language is tied to the virtual machine is tied to... did I mention the operating system?
Yet you can go and download the source code to systems that do much the same thing - e.g. the Enhydra or Resin application servers - and, as alluded to above, these systems will run on almost any operating system and web server, with no secrets (you have the source), and no lifetime commitment to a development model espoused by exactly one company. And this applies double to commodity products such as file servers, proxy servers, web servers, DNS, email, and the like: the free products are actually significant improvements in terms of functionality and reliablity, over Microsoft's equivalent offerings.
Microsoft has grown too far, too fast, and become way too voracious and greedy. I rode with it to the peak of its wave; that wave has begun crashing, but instead of crashing onto a nice, wide open beach, it's crashing into an inescapable little Microsoft sandbox. I am jumping off to a different wave in which the currents don't work against me as much. I'm don't argue that.NET has no technical merits whatsoever; but the cost of chaining oneself to it is too high.
Slashdot Mirror
Unified authentication is not a piece of software. Certainly the software exists, but the information must be shared among different groups for it to be worthwhile.
As far as sensitive transactions on the internet goes, I use eBay, ING (for banking), Paypal, Chapters.ca, Amazon.com etc. I would like to be able to login to my personal computer or to my computer at work and have instant access to any of these services without remembering a password for each one. If I gave these companies permission to share my personal information I would not consider this an invasion of my privacy.
If, on the other hand, Microsoft took control of my personal information implicitly when I signed up for these services I would consider that an invasion of my privacy. Microsoft would, in effect, be saying "if you want to perform sensitive transaction on the internet you deal with me." I don't want to deal with MS.
What is needed is not a piece of software, what is needed is a standard format for sharing sensitive information and a standard legal contract by which you give a company to share your information with whichever companies you want the information shared with. A legal open standard similar to the GPL which would also include instructions on encoding and transmitting sensitive information would make universal authentication practical, with or without NC. We can make a contract that we're comfortable with and boycott companies that don't subscribe to it. This is how we'll beat Microsoft.
I think it's interesting that Peterley didn't mention Passport once in his article. The headline screams out how authentication is key and yet fails to address Microsoft's stategy for actually making authentication happen.
Guess what? Microsoft has already mined MSN and Hotmail and has it combined with Passport to create a ridiculously huge user base. Take a look at the Open Source sites (like any of those owned by VA in its OSDN sites). I think at last count there were something like 16 different sites each with a different name and password. How can a supposedly backward thinking company like Microsoft figure out how to leverage it's online websites and yet a company like VA Linux can't? Why is it that you can buy advertising across the entire OSDN network and yet you have to potentially use a different username and password for each of these sites? Why isn't VA doing a service like Passport that would not only tie OSDN sites together, but could potentially use a PAM module to tie your Linux login back into each of those sites?
It seems like the open source community is only going to 'get it' when people fire up Windows XP the first time and realise that they can login with their Passport/MSN/Hotmail accounts.
*holds up cards* 9.9 A truly wonderful troll with a fine, fruity flavor right down to the piquant user-ID: the only flaw is at the very end, where 'Lord Hugh' cannot supply a link. Remember, you don't need to justify any sort of assertion if you're trolling- leaving the last sentence out entirely would have been still better! Ideally the impression you want to convey is, 'but of course everybody knows this'. However, this lapse does not negate the otherwise excellent qualities of the troll, not least the fine efficiency and lack of effort expended in producing it. Kudos and many happy +1 Funny's ;)
That's what we're doing here at work-- Sunrays on the desktop, with Solaris boxes doing the heavy lifting. We've only rolled out a few (about a hundred or so), but we will hopefully have everyone on them soon.
The NC *has* been done right. The Sunray is just the most recent (and perhaps the best) example. And it *is* a grand idea.
It won't work, of course. Even here we feel the pressure to move to MS software. We've resisted so far; but find a corporation-wide financial system that can run exclusively on Unix. Pretty much every financial package has an MS-Windows front-end, even if the database runs on Oracle or DB2.
Petreley was right-- it doesn't exist until Microsoft invents it.
Microsoft is to software what Budweiser is to beer.
In essence, Microsoft is trying to do the same thing RCA tried to do but on a bigger scale. May the same fate befall them.
Wansu, th' chinese sailor
Enjoy!
Rick Moen
rick@linuxmafia.com
Microsoft is not out to test the validity of the GPL. The last thing that Microsoft wants is to set any precedent that would limit the power of copyright. After all, they rely on the power of copyright to limit the legal use of their software a lot more than the GPL does.
Other than that, I agree. What Microsoft says is always smoke and mirrors. Heck, I wouldn't believe them if they told me the sky was blue (because in the background they would probably be working on changing the color of the sky).
Ah, good point. Of course, that simply means that the information is stored on the file server (of my choice) out on the Internet in an encrypted fashion. The owner of the web site wouldn't need to know what was in this data packet, and wouldn't be able to read it, but I would be able to access it whenever I needed it. Barring that I could carry the information around on a smart card or a PDA. Most importantly, however, would be that I would choose who I shared that information with. My biggest problem with Microsoft's passport service is not that it's centralized, but rather that some other entity has access to my personal data. I would be perfectly happy with Microsoft's service if all they knew about me was that I was storing a blob of encrypted data on their network. As long as they don't have access to my information I don't care who stores it.
It is not like this would be any harder to set up. The reason that Microsoft didn't set passport up this way is that they aren't interested in providing a passport service (even if the users paid fees), they are interested in creating the largest database of marketing data ever compiled. Quite frankly, that scares me.
This is a fairly simple thing to fix as well. LDAP already would allow you to do this, and Mozilla (or whatever you chose as your personal security manager) could easily update a list of sites all at one time if an open protocol like LDAP was used. What's more, since you wouldn't really be interested in the passwords for the individual sites (after all, you would only need to remember the password that unlocked your security manager) the passwords that actually went over the Net could be ridiculously long and complicated. Mozilla could even automatically change all of your remote passwords every day when you first logged in. The user wouldn't even need to notice that this was happening.
And if this blob of information was stored in an encrypted format somewhere on the Internet you could access it from whatever device you happened to be using. More importantly, however, no one else would know what account information you were storing. Right now Microsoft is happily compiling a database of information about everyone that uses their passport services. They know who you are, they know where you live, they know what you buy over the Internet. They know which affiliated sites you visit and when. If Passport was at the center of authentication for the entire Internet then they would know nearly everything about everyone.
The same ease of use features could easily be created without anyone being in the middle (well, your credit card company would get involved when money changed hands). You would keep your own information privately, and could take steps to guarantee that it remained safe.
I can at least back up my hard drive. What happens to my passport credentials when Microsoft decides that I can't use them without paying for an "upgrade," and what happens when Microsoft gets hacked?
Heck, what happens when Microsoft "loses" my passport storage file. Microsoft doesn't guarantee that their site will be up, that they won't lose data, or that they won't be hacked. They don't guarantee that their prices won't go up, or that their service will even be available a year from now.
And if Passport becomes ubiquitous what is to stop Microsoft from using it to spam the lot of us? You think the EULA which specifically states that they can change ther terms of service is going to save us. To be honest, I don't even see Hailstorm as being all that useful. As a developer I personally am not really that interested in having my customers data on Microsoft's servers. I want to control my customers information myself. I want to have their email addresses, and mailing addresses in my database.
I imagine that Microsoft's competitors feel the same way, and now that Microsoft is a full-on media company they have a lot of competitors.
It's already been done. Mozilla will happily remember your usernames and passwords for as many sites as you like. If you wish you can password protect this information store (I believe that IE does something similar as well). This is a much better solution than putting all of the information about everyone in one huge database. Sure, some people will probably lose their passwords when their hard drives crash, and some will have their master password stolen by thieves. But I can guarantee you that if everyone's information was in one net connected database eventually someone would learn to steal that information from everyone (the only trick would be to steal the information slowly enough so that Microsoft wouldn't notice).
Of course, if you put me in charge of the database that would be a different thing altogether. I would never use it for nefarious purposes, and I would be very careful to make sure it never was stolen :).
The funny thing is that this could really work, but not if Microsoft insists on charging money for it. Heck, they should be giving away Windows XP and then hold everyone's data hostage.
The idea is that users can use any computer anywhere, and they access a central location, where their information is stored.
What this will really mean, though, is: people don't buy PCs to put their data on. They buy servers to put their data on. They've finally gotten their 24x7 connection, and they're going to stick a box in the basement next to the other utilities. Then they can go anywhere and get their desktop from their computer at home.
For the first iterations, the box will also be the PC they use, but it will act exactly the same as if it were storing things remotely. Of course, it will act as a thin client for other people who want to use other home machines, and it will be a server for when they're at their friends' houses.
Later, of course, they'll want more places to connect from than they want central stores, and they'll want to upgrade their client capabilities (graphics, raw processing, etc) at a different time from when they upgrade their server (long-term hard drive space), and the server will fall out of use as a client.
All this will be possible in... 1996. At least, that's when I started doing it, at least as far as ssh, and then screen, which covers most of the things I actually want to do with a centralized configuration. MicroSoft will probably end up with a similar model (using proprietary parts, of course, so MS client with MS server does things that either doesn't otherwise do). Being the server is probably a stopgap for people who aren't yet set up to run the servers themselves; after all, serving files for people isn't all that exciting, especially if they get people to use software subscriptions and pay to run the file servers on their own machines.
I find it interesting the various attacks I see upon Microsoft's .Net initiative. Perhaps it is a clever strategy of Microsoft's, but .Net encompasses so many things that these attacks lack focus.
.Net. This is just one small piece, and probably the weakest point of the whole .Net initiative.
.Net programming framework. ASP.NET, VB.NET, C#, Web services, etc.
Petrely attacks the Passport services piece of
Most of us Microsofties are really more interested in the
I do think there is a want for a single signon for internet websites. I have to keep track of some 90 or so names and passwords for various web sites that I have used. It kind of sucks.
I guess the chief complaint I have with Passport is the stupid hotmail.com account. I really don't see why I need or want a free email account, especially since all I get is spam from it.
So if they could develop a system which was interoperable with my email address that I already have, well then. That'd be cool.
I don't know, I guess in a sense I suspect this Passport thing will have some limited success. I don't think it will become all encompassing though mainly because it's not totally desirable.
Similarly with some of the Hailstorm stuff. Truth is, I think these ideas are good, but I think they need to be decentralized, not centralized. I want to be able to access all my email, various files, whatever from anywhere. But I think that I could do that just as easily myself with the right software, or perhaps as a service from my ISP.
In that sense, I think Microsoft should sell the software, not the service.
The stack most commonly used was Trumpet. Most everyone I knew of obtained it and used it unless they knew nothing about computers or the Internet and bought one of those all-encompassing Internet access packages. Trumpet worked implicitly and almost all applications worked with it correctly unlike the others. Hell, during that time, MS had a TCP/IP stack- but only for ethernet networking and it didn't work worth spit.
By the way, SOAP's not a "godsend"- it's XML RPC for all intents and purposes. For some things, it's a good idea- for others, you're better off using CORBA or something like it. As for the CORBA problems you describe, well, that was the Windows Vendors' problems- not CORBA in general. I mean, there's open source ORBs that plays nicely with nearly every ORB out there- ACE, MICO, OmniORB2... And if you're shopping an ORB and are using C++, ACE is fast, reliable and works across platforms well- and it just uses WinSock2 under Windows.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
...and then hit some site like espn.com.
You'll find that IE doesn't do so well at 640x480 or with larger or smaller fonts. Now, while that's the fault of the HTML work at the site (I've seen sloppier- but not by much...) they're not getting it to look like a Word document. There's TONS of sites out there that don't work right with IE or Netscape- Mozilla, possibly, but it's a huge honking monster that eats memory and HD space like candy (Does it work well? Yes. Do I use it, sometimes. I use Konqeror and Galeon mostly...).
I don't use HOTMAIL. Anyone concerned with their privacy shouldn't use it based on MS' terms of service for that and all their other online services. They lay claim to rights for all of what you put or recieve on their servers.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
I think the article is close to the target, but it's not quite there. It's not that authentication by itself is the key, it's the directory services that's part of the authentication which is the key.
... or not found. Heck, even forget the authentication bit -- anyone serious will have their own level of authentication and authorization, probably -- the first step in authentication of a person is *finding* their record.
.com domains, etc. Now suppose Microsoft had the equivalent of the root DNS servers, but for a directory of identities rather than domain names. How much would someone pay to have an identity of "John Doe" rather than "jdoe@someplace.onthe.net"... just type "John Doe" in your MS email program... Windows Messenger... goodness, maybe even your web browser. Now, wouldn't that be something? MS could let you type in 'identities' or keywords (i.e. "John Doe" "Amy Smith" "Microsoft Corporation" "Plumber" "Sun Microsystem") into your browser/Windows Messenger (off-topic, SIP blows chunks) and pop up perhaps their web page, a phone call, an instant message, or what not. Mmm. Do away with all that messy 'domain name' bit, or rather replace it with the Microsoft authenticated identities. Hmm. Interesting idea, isn't it?
Any one remember archie? The difference it made in using FTP? The key part of the phrase "You can find anything on the Internet" is *find*, it's not that any thing and every thing is on the Internet, it's that you can *find* it. (In some way, this is may be what Sun's CEO meant about not having any privacy -- there have always been records kept on people in all sorts of places, just now it is possible to find the records, index them, use them to *find* what you like, or *find* people that like certain things.)
File transfers have been around for a while now. Napster was interesting because it let people, tada, find the files they were looking for that other people have. eBay lets sellers find buyers. Social communities have formed up on the Interent because people have found other people who share similiar interests.
This probably seems all terribly boring, but think about it for a moment. If Microsoft does create a single sign-on authentication system, they will (potentially) have one of (if not the) largest online directory of people (competing with AOL.)
Authentication is just part of it. If Microsoft controls the directory services, they can control who (or what -- i.e. smart tags , etc.) can be found
Just look at the whole DNS root server mess, Network Solutions and such making money off of basically directory services. The battle over whether or not AOL will have an icon on the Windows desktop. Instant messaging -- which is basically the idea of presence (which appears to be one of the big buzzwords coming up), or rather, making it easier to be found.
Take a look at how much money is made from the sale of
Look, if you want to change the face of the network, the killer app is directory services. Online the map is literally the terrain -- the domain name system is the map we use to find things! That is, if you replaced the current DNS system with something new, that could change web browsing, email, all the services that depend on it to find people, places, and things.
Is there such a thing as an amateurnoun or amateurverb ? Or an antinoun or antiverb ?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
there isn't any advantage, that's why I have a strong feeling that they want to eventually force you to use their services...
better control == more money for them.
I am very very afraid.
it will only be monopolized if we continue to let them create this positive spin on the control of our lives!
:(
people are alowly accepting large organizations as the maintainers of databases w/all of our personal information. Do you really want MS to control EVERY single facet of your computer connection? I am scared enough of centralized databases of credit info that companies sell to each other for mass marketing, but I would be ESPECIALLY afraid of MS controlling 90% of every computer remotely...
Bill of Borg is really starting to get closer to reality
from a 2000 single domain forrest/tree set-up, without giving all your data to M$. Single signon can be managed thru Tivoli also on a multi platform environment. Only Solaris presents real problems in the password intercept area, Aix/Tandem/M$/TRU64/VMS and of course LINUX all work well. There are also products out there like ControlSA that handle single signone and multiplatform access well.
None of these are opens source but they are M$ controlled either....
errr....umm...*whooosh* *whoosh* Is this thing on ?
are what we are placing for admins and tellers, COMPAQ makes a case smaller than a VCR that mounts easily just about anywhere. In a corporate environment the PC lifespan is short anyways, and with long term (10year) deal with the PC vendor for 2 year replacement, it is cheaper to replace 20 PC's than 1 decent server that could support 20 working thin clients. Give me a entire giga-bit fiber network and some uptime agreements from M$ and maybe it will make some headway.
errr....umm...*whooosh* *whoosh* Is this thing on ?
I work for the 2nd largest M$ exchange implementation worldwide, and our management along with several other fortune 50 companies told M$ to stick .net where it was safe...Ballmer's deep dark hole. Data security is PARAMOUNT and M$ would not pony up the $$$'s for insurance and bonding nor would they provide ANY sort of IRON CLAD uptime/access agreement. With VPN and broadband so prevalent these days we are going the exact opposite, to the hardware vendors' delight, and deploying PC's everywhere with VPN clients to access our data on our OWN SAFE and SECURE machines. If I were a sales business or some such heavy travel industry I MIGHT be able to see 'some' value in a .net structure but otherwise...NOT.
.net beyond M$'s security and uptime smokescreen ?
Can someone present an argument PRO
errr....umm...*whooosh* *whoosh* Is this thing on ?
> Or, alternately, move in with Stallman
Nah, I've been in his office. There's no room.
And now that he's dating again, he might be more inclined to insist on a bit of privacy. (The collective response of the FSF people to Stallman's acquisition of a significant other after all these years was, basically, "Thank God!". This info is a good four months out of date now, though. Dunno how things are going in Boston...)
Sun and IBM don't have a monopoly on the desktop. Think Netscape, but if IE had come out before it did.
--
Here is a little anectdote relating to executable size
I recently recompiled my kernel, and put in the MagicSysRq support. I had been playing with fork, and the killall/nukem-now support it offers was attractive. However, can be dangerous, and as such you have to put a '1' into /proc/sys/kernel/sysrq before it will work. Putting a '0' in instead will also work.
Now, I wanted to be able to turn this on/off from my user account w/out going to root. A script wouldn't do it as /proc isn't world writable, and you can't suid a script safely. Therefore I needed a very simple binary program. Being the lazy person that I am, I wrote it in C++:
int main(){ofstream out;
out.open("/proc/sys/kernel/sysrq");
out << "1";
return 0;
}
Now, when I compiled it, I noticed that the filesize was a whopping 354K. 354K just to write a single character!!! That is way too much. So I decided to put it on a diet. First step: strip. Strip removes all of the debugging information from a file, which can really shrink it's size. It did, but still left a whopping 71K.
I then realized that the problem was using C++. So I switched to C, using file pointers, fopen, putc, and so on. This brought things down to a mere 12K. Stripping this brought a final size reduction to 3276 bytes. A very very slight reduction could be achieved by using the more raw calls to open() write() and close(), but only a couple of bytes.
Now, what is the moral of the story? It was a little harder to write the small version. I had to look up the exact semantics for fopen (I don't use C very often). I had to know about the existence of strip (or the -s flag for gcc will do the same). And I had to have the will to cut the size down. As a result I cut the binary to less than 1% of it's original size.
Now how many end-user apps:
The answer is "a lot"
Network computing is perfectly possible. It just takes a small amount of effort
Just consider for a moment the security implications.
You must remember that this is MS running the servers. Now, last I checked, they didn't exactly have a very good track record on security. Just think of what bad things could happen the first time somebody breaks into the Hailstorm servers and steals millions of people's login info at once. Or credit card info too, as there is talk about using Hailstorm to handle online purchasing too.
The very idea of a centralized single signon is moronic. I would hope that most people on /. realize that by now.
Or don't even bother encrypting the file. Do you think anyone really cares about the password to your Burpee account? Or 99% of the other transient accounts you create on the web?
I've been using URLTrack on my Palm, which is designed for this. Lately I've switched over to using a generic database manager just to make it easier to export the data to my PC as a CSV file. I ought to remember to copy that CSV file to my shell account periodically, just in case I'm caught somewhere without my Palm and I desparately need to logon to Slashdot.
Chelloveck
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.
Really?
Who made and opened OpenLook ?
Who donated code to Mozilla ?
Who donated code to OpenOffice ?
Can I download Windows for free just like Solaris?
Did M$ develop something like lxrun?
Could we really expect from Sun the same as from M$?
Does anybody have the right to say that Sun _would_ be as bad as MSFT, _if_ they had the desktop monopoly?
Could it ever be that Sun does not have any monopoly because it is not as bad?
Please remain fair to fair players and hold back unsubstantitated slander.
Disclaimer: I never worked for Sun, do not own Sun shares and I am in no way affiliated with Sun.
Micro$oft's ".NET" is a move to send computing back 40 years, back to the bad old days of centralised computing resources and remote users.
I would rather keep control of my own personal computing. I don't want my private data residing on servers outside my control. How do I know that Micro$oft can be trusted with it? How do I know that Micro$oft won't steal it by changing their "terms and conditions" with a bait-and-switch? Micro$soft will as usual disclaim all liability for lost data. For these and other reasons, ".NET" cannot be trusted as a reliable computing alternative.
We should therefore work hard to ensure that ".NET" becomes ".NOT".
--
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
"You mean the revolver Sir?"
"Yes, Precisely..."
Blar.
MY data is one SOMEONE ELSE's machine.
:(
The problem is that while you're comfortable with data being on your machine, 99% of people (joe consumer) would rather it wasn't. They have no idea how to do backups, are uncomfortable with the idea of disk crashes, and (ironically) are used to the idea that computers just do go wrong even if they have no idea that it's our friends in Redmond that cause it.
So they want someone else to look after their data.
Hmmmm.
Dave
I write a blog now, you should be afraid.
Xwindows
By which I'm sure you mean 'X' or 'The X Windowing System'.
Any app that deals with text or numbers could run over a 56K modem no sweat. I know this is possible....
Of course its possible; its called xterm (or other telnet client). Anything that can't run in an xterm obviously isn't dealing entirely with text and numbers.
The reason an application like Quake can run so smoothly across a dial-up is because it's performing a very specific, limited task, and the messages being sent are all very simple - shoot, jump, turn left 15 units. The reason the X protocol is so flexible is because its so generalized and non-specific. It doesn't even know what operating system or window manager you are running at the other end of the connection. This means an X client has to send a lot of information to the server at the other end of the connection to describe what it looks like, how it works, what kinds of input it's listening for, etc. This boils down to enough bandwidth use that app sharing with X is "usually" useable on a LAN, but too unwieldy for broad internet use. (I'm reminded of the time at my first Unix job when I innocently ran a full-screen mpeg video player remotely via X and brought down the whole 10-megabit network).
I agree with you that it would be a Good Thing to have a lightweight protocol to run sophisticated apps across a network connection. I like to think that's where XML is headed. But X, while it has its uses, has been around for years and years and plagued by problems of varying implementations, bandwidth use, and general non-acceptance among the MS-Windows crowd. (It also doesn't help that even the commercial X servers I've seen for MS-Windows - like Hummingbird Exceed - are of pretty unexceptional quality.) I suspect that X has been around long enough that if it *were* a magic bullet waiting to be discovered, somebody would've done so by now.
2.) They run Hotmail. Everybody's used this at least once.
/dev/null.
I beg to differ. I'm sure there are many people who do not use and have not used Hotmail. I am one of them.
As a matter of fact, most of the spam I get is from Hotmail accounts. If I could convince two more of my friends to give up Hotmail and switch to something else, I would send all incoming mail from Hotmail accounts to
War is Peace. Freedom is Slavery. Ignorance is Strength. - George Orwell or George Bush?
Problem with number 1 is that the basic laws of capitolism state that the internet retailers would abandon such if the cost rose above what consumers want to pay. And either go back to simple credit card systems, or MS would become a credit card company, and charge the same rates. And people can simply use a 2 click system.
As a POS developer I worry a lot about NCs at POS. I remember many years ago, my dad worked on a back office system for Asda, the UK supermarket chain. All dumb terminals at POS. Something (I think it was a major hardware failure) took out the back office, and left the cashiers asking customers how much they usually spent on groceries, and charging them that amount. Cash only, of course.
Now I have a retail chain of my own (ha!) I am constantly defending the position that no matter how much redundancy you put in the back room, even if you use the sexy multi-transport networking in QNX, something can happen that will knock the register off the network. And when that happens, if it's an NC, you have a blocked lane. If it's a PC, and you've coded it right you can still capture all the barcodes, and the customer's credit card number. You might lose something when the cashier has to guess at how much an item without a tag costs, but when everything comes back up, at least you'll know how much you've lost without having to inventory the whole store.
--
--
E_NOSIG
I've always thought universities were the perfect certificate authority for their graduates; you would get the service as part of joining the alumni association, along with the bad magazine and the alumni email address. Grads are already using them as an authority every time they request a transcript, and certifying someone completed a degree is a pretty strong claim of identity, more strong than Verisign has to offer.
The idea can be extended to handle people who don't go to college too -- there are enough organizations in this world, from churches to unions to professional organizations to AARP to AAA, most of whom collect money from their members while providing various value-adds. Certs could just be another thing along with the discount health insurance.
That's alright. Remember when they knew precisely squat about the Internet?
In two to three years, Microsoft will have invented those technologies.
--The basis of all love is respect
While the article does make some interesting points (you *did* read it, didn't you?), I'm not quite sure I'd go so far as to see this as a huge consipiracy to draw our attention away from "authentication services".
It's probably true that Microsoft isn't as concerned with the GPL as it appears in previous articles here, but I think their "concern" with it is a pretty good indication that they are taking it seriously. Aside from the fact that this is classic MS FUD-mongering, I'd imagine that before they went and made any such statements that their lawyers had taken a very, very close look at the wording and workings of the GPL.
Rather than the current smear tactics (comparing something a "cancer" is *not* playing nice) being a diversion, I think they are being carried out because Microsoft actually believes that the GPL could stand up in a court of law, and that their corporate lawyers *probably* couldn't fight it effectively.
Of course if you want a real conspiracy, you could even go so far as to conclude that MS has already (secretly) violated the GPL, or is planning to do so...
"Intelligence is the ability to avoid doing work, yet getting the work done".
It's only software!
PAM, Pluggable Authentication Modules.
:-)*
Note that it is not solely for logging your UNIX box. Check out http://pam.sourceforge.net/mod_auth_pam/ for an Apache module.
It's really a pretty cool solution and you can authenticate to almost anything: LDAP, RADIUS, even SMB.
Of course, there's still the problem of centralised control. What I would really like to see is a PGP or PGP-like solution where the user has control over their private key and each site grabs the public key when they sign up (with this, a signing up process could be transparent to the user). That way, you get the common authentication method and there's no need to store complete data about you anywhere but on your computer. Imagine getting a popup: "Whatever site has requested the following information:...." Each piece could be accompanied by a checkbox so the user can accept/deny specific pieces of information.
This is probably doable such that it will easily integrate into current systems, too.
Of course, I could be totally wrong, and I'd expect someone to point that out.
Smaller means quicker?
n yone-else' senses. *Bigger* is faster. *Bigger* has less inertia.
:)
No, no no nooo. This is just another piece of pseudo-physics. In business, smaller does *not* mean 'quicker' -- in either the 'ability-to-change-focus-suddenly' or the 'ability-to-fully-exploit-an-opportunity-before-a
Small companies necessarily have homogenous portfolios -- they focus on one wee lil corner of the market, because they lack the resources to cover more. Any change of direction (or market) jeopardizes the company; hence, alterations in course are 'expensive', probablistically speaking. OTOH big companies can follow a zillion different speculative trails to their logical conclusions *simultaneously*. Think of quantum computing. Now, if 99% of those trails end in failure, so be it; the company naturally 'collapses' its waveform onto the remaining one percent and be extremely successful.
The reason why small companies appear to be quick is the same reason that dust motes seem to be 'everywhere' when you wave a flashlight around in a darkened room: The sheer number of small businesses make it very probable that a handful will be at the right place at the right time for any given opportunity, never mind the hundreds of unlucky failures, floating in the dark!
Now how's that for pseudo-physics?
- undoware.ca
While we were all vigorously arguing on Slashdot, they snuck in the room and put little black boxes between our network interfaces that record a micropayment for every TCP/IP packet.
Nice diversion!
Sarcasm aside, Microsoft is still a big corporation... and smaller means quicker. So it's not really about Microsoft sneaking anything past us... it's about the quality of our decisions and actions, and how effective they are to counter moves by Microsoft.
But hey, the best solution is to just give in, buy their stock, and move to a remote Pacific island to live off the profits. Or, alternately, move in with Stallman and start amassing the GPL cult that will eventually take over the world like... Pac Man...
What microsoft has always been good for is successfully implementing the grandiose ideas that nobody else could. Do you remember the Windows 3.1 days? If you had a new graphics card or new printer, what was the only thing that could talk to it? That's right, MS Windows. And MS shared the love by allowing any program running within it to talk to those devices as well.
And now there's network computing, with its related monstrosities, central directory and PKI infrastructure. Many big heads have tried to tackle these; none has come close to success. These are ideas that would expand the usefulness of computers beyond belief, but they can only be pulled off if there's a strong center to hold everything together.
In case you're worrying that "center" means monopoly, think again. The center is shrinking! MS is no longer trying to have a stranglehold on the Apps or the OS, just the authentication and the basic protocol which can be run on any hardware. We should rejoice!
Unlike visa or doubleclick, they're not trying to put themselves in a position to snoop on you. They're trying to give us something that no one else can.
--
>Wasn't there a time when incoming mail opened in Emacs's mail client could execute arbitrary Elisp code?
You *can* configure EMACS to be that stupid, but you have to know what you're doing to make it happen. EMACS doesn't default to running any elisp code it finds in any file you open.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Yeah, right. Like I'm going to trust an outfit that puts a Turing-complete interpreter in a MAIL CLIENT, and gives it full access to both the filesystem and the outgoing mail queue for ANYTHING related to security.
The long and short of it is, MicroSquish knows precisely *squat* about multi-user computing, data security, and crypto.
When Hugh Daniel went up to Redmond to do interoperability testing between FreeS/WAN and their half-assed IPSEC, he asked them which crypto algorithms they'd implemented, and they told him "40-bit DES". Nothing else.
Hugh just left. I would have, too.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
And I want that central location to be my residence, which is easily achievable today without special NC boxes. The problem with NCs is that they are strictly inferior(*) to full-featured PCs, and PCs are so cheap that cost isn't much of an issue.
(*)from the consumer's perspective, of course. I'm sure Microsoft and the RIAA are huge fans of the limitations of NCs.
How to solve most of our problems: 1.Lots of nuclear plants. 2.Cure aging.
Imagine what would happen if WalMart suddenly attacked and lobbied against thrift stores or charitable institutions. They could quite easily argue that the very exitance of low-cost/zero-cost goods destroys the industy. They would, however, endure a backlash they likely could not comprehend.
They still haven't addressed the biggest problem with the model -
MY data is one SOMEONE ELSE's machine.
Even if you have a local backup that introduces issues with consistency. And just who is reading your work? Why will people suddenly trust a third party to provide their environment? It didn't work for Sun in the 90s (which although Petreley mentions MS fought, was not a failure because of MS opposition) and it won't work for MS now - in fact this could be the undoing of Microsoft. We have huge, cheap hard drives, great technology like IMAP, and software that works. I can't see the compelling advantage.
"Pay no attention to that man behind the curtain!"
"Can of worms? The can is open... the worms are everywhere."
No really. Why should anyone in the free software/open source communities give a rat's ass about what microsoft does? I know that as long as something is made by Microsoft, I won't use it. And as long as there's a free software community I'll share my software with them. Microsoft can go to hell. They can't make me use their software, no matter what they do.
So c'mon people, let's spend less time bitching about microsoft and more time providing ourselves with the software that we want. I can understand journalists, they can't help blabbing on about microsoft vs. open source, it's their job (and I bet they're praising the patron saint of journalism right now for such a long-running and juicy story source as the oss-microsoft war). But us? We have far better things to do...
If that is true, which I can't find any reference to on the net, then my apologies. I'd appreciate a reference to this murder.
Done and done.
Network Computing is still a step into the past. Timesharing revisited. A system that ignores the power of user machines in favor of doing as much as possible on servers and to top it of uses only HTML for GUI is seriously broken and I am amazed it is even considered in this day and age. What a waste of the last 40 years of hardware and communication advances! We should be seeing massively P2P architectures and as much work as possible being offloaded to clients that have their configuration managed as automatically as possible.
If MS wants to play the Open Standard game then simply make sure the keeper of the Standard is independent and the standard is really Open and independently certifiable with no bogus gotchas that prevent Open Source implementations from being certified.
I love that nowhere in MS's W2K texts that I've read, does it mention that a kerberos KDC needs to be computationally secure, since if it is compromised, all passwords in a domain must be changed, since the attacker can potentially decrypt the session keys in use on the network.
They're not.. They're just going to make sure that every bit of software running on their OS requires authenticated user credentials to run, and the only place they're going to let you get that authentication is passport.
.sig: Now legally binding!
I think that NCs will get a niche. Secretaries, POS, stuff that is better off centralized and doesn't benefit from being local.
Out side of that, I think that they are doomed to fail as a mainstream "PC replacement" for a reason I haven't seen anyone else cite. That reason is; PCs are cheap. By the time you buy 10 NCs, with displays, and a bad-ass 4 (or more) way server to service them, you may as well have bought the same 10 displays and 11 PCs, the 11th for file/print sharing.
And I think that NCs have a negative economy of scale. I.e., if you have 100 desks instead of 10 you need 10 times what I described above, plus a SAN, and a bunch of network upgrades to handle the load.
Or, I suppose, you could do a shoddy job. Only buy enough processor power to handle average load. (And have human beings sitting around waiting for the system at peak times. That ain't cheap.) And sit the whole thing on whatever network infrastructure you happen to have. (Hope you've got 100Mb switched, buddy.) Leaving you with a crappy system that cost as much as giving everyone a PC.
And don't give me a bunch of TCO crap. You aren't going to convince me that the army of real admins that will be needed to keep all those terminal servers going is going to be cheaper than running a helpdesk with a Ghost image on hair a trigger.
-Peter
Work at home, work at work, work on the move... your files and programs stay on the same server and nothing travels across the network except GUI events (encrypted, of course). You don't have to store your data on anyone else's machine: you can even download your own browser plugin from your own machine if you need to access your programs from an untrusted PC.
We could do all of this with free software. Most of what we need is already out there; the biggest problem I can see is the availability of broadband connections for home servers. There is no reason this needs to be centralized (by Microsoft or anyone else).
--
ent:chris% cat open.cpp
/usr/lib/libstdc++-libc6.2-2.so.3 (0x4001e000)
/lib/libm.so.6 (0x40064000)
/lib/libc.so.6 (0x40086000)
/lib/ld-linux.so.2 (0x40000000)
#include <fstream>
This is what i'm a doing
int main() {
ofstream out;
out.open("/tmp/stuff");
out << "1";
return 0;
}
with
gcc version 2.95.3 20010315 (Debian release)
and
ent:chris% ldd a.out
libstdc++-libc6.2-2.so.3 =>
libm.so.6 =>
libc.so.6 =>
/lib/ld-linux.so.2 =>
Which gives me 4000 bytes if I use the -s switch. Are yours statically linked or something?
:wq
They put a certificate of authenticity in every windows box. Hey, it works for the franklin mint.
A piece of software is not enough so just having an open source alternatvie is not the issue. We are talking about a user's data here and what is going to be done with it. Sure, you could do it with open source tools, but who is going to actually store the info and handle the authentication?
I can see a private company (or more than one) coming forward to accept user's details and provide authentication to web sites, but they are likely to be just as bad or worse than MS.
The other problem is trust - you can build it, but why would users register their important info with someone they've never heard of before. You and I may not trust MS, but plenty of people will (and do).
What is needed is a large, recognised group which can provide authentication, funded by micropayments, advertising or contributions and backed by names that people will come to trust. I think this would be a perfect service for the government to provide, although I imagine many people here will be pretty dirty on that idea. But what the hell, they already have all your info and at least they wont play silly buggers with preferred partners and closed standards.
The only other possibility is an open consortium or perhaps financial companies (someone like paypal), but the possibility will still be there for abuse.
Unless someone can come up with a way of using a decentralised system like freenet to provide secure authentication, but I can't see people trusting that either.
No kidding! At my previous job, my boss wanted to set up a Linux server. I offered my recent SuSE CD, but he insisted on spending a couple hundred $$'s on 'Red Hat Professional'.
I can guarantee you that if everyone's information was in one net connected database eventually someone would learn to steal that information from everyone (the only trick would be to steal the information slowly enough so that Microsoft wouldn't notice).
Yeah, I'm thinking about all those handy-dandy little kiosks that run some variant of Windows with some browser that is all set up for traveling fools like myself to look at our email back home. Yes, indeed, that https and SSL insures traffic is invisible between 2 points, but there's little to insure that my starting point is not the real authentication widget, but rather some trojan harvesting my authentication for later fun. (Or that the trojan makes me feel better by displaying the https URL where it invisibly proxies my session over to some 3733t 0\/\/n3d z0mbi3 box.
I wonder if the unidirectional control freaks at MS who are implementing all this authentication with unswerving attention to insuring that Joe User is a paying licensed software renter have given any thought to my concerns.
That is, is this friendly-looking screen what it looks like?
Before I authenticate against a self-described authority, I want to know that authority is authentic in a way that I trust. A generic Windows screen confirming that all the rent payments have been kept up on this software won't convince me that it's trustworthy.
On the same issue - has anyone developed a challenge/response program that one could run like xdm/gdm/kdm that users could interact with securely to see if they were talking to a known system prior to entering a passwd?
"Provided by the management for your protection."
If MS is selling authentication services, what are the open source equivalents?
Surely someone somewhere in GPL land has written some code that let's you do what their passport software does. If so let's hear about it!
A good point.
Some authentication services surely do exist, but not to the same level of centralization as in the Hailstorm model.
The nature of most open source and free software is such that the concept of a secure infrastruture for collecting charges for renting software is alien, almost anathema.
Authentication mechanisms to secure private communication are reasonably well-developed (PGP, GPG) and it looks as if Freenet may expand on this somewhat, but the glaring absence of monetary transactions for software use has guaranteed that such services will be slower to arrive in the world of free and open software.
That said, I don't look to MS Hailstorm authentication as anything I want to use. They're really playing with dynamite with this thing.
Like many others roaming the wild and wooly internet, I'd just as soon be able to adopt a secure pseudonym at will, rather than have every damn site know my real name, address, SSN, and how much Jack Daniels and hemorrhoid cream I bought last month.
"Provided by the management for your protection."
MS are hoping to win big in server space by offering a better programming environment and a better toolchain, making it faster and easier to write server-based applets, and faster and easier to re-use existing experience and code fragments from single-user single-desktop projects. That is the challenge for the rest of the industry and the open-source community: to provide as easy to use an environment for knocking together web apps as users have become accustomed to when putting together join-the-dots VB apps in a visual environment, and as seamless a transition path.
Similarly if end-users can transparently convert back and forwards -- using the visual tools they already know -- between the existing page and form designs they already have in current existing standalone apps, and the pages' direct equivalents as web-served content, this could be another big draw, another big chance for MS to leverage on their existing user base.
The free software community needs to wake up: MS's Common Runtime environment, and its associated (very extensive) service libraries, are a much bigger proposition to compete with than just another clunky java clone.
Until NC's can deliver the same punch as a PC continuously (in terms of performance and customizability), people will continue to purchase PC's.
-- The Hollow Man
-- The Hollow Man
Non illegitimati carborundum
These types of actions on Microsoft's behalf is exactly the reason why I bought an Apple iBook with OS X recently, learned how to use Unix over the last four years, and put a LINUX firewall between my Microsoft machines and the Internet--I don't trust M$ products enough to hang a Winbox's bare ass off the network like I would Linux or OpenBSD.
I don't mean to sound like a Slashdot M$ basher. I have my reasons...
I can't find the link right now, but Microsoft and the NSA have backdoors into your system. Microsoft doesn't deny NSA involvement, either.
Given their past history, anyone who uses .NET is either ignorant, foolish, or just doesn't care.
Where do you want to be violated today?
Trolls make great pets. Adopt one today!
My guess is that this sort of global "one ID everywhere" solution only makes sense (and money) when you have a large, locked-in user base.
Microsoft probably hopes to integrate, MSN, Hotmail, Explorer, .NET, and Subscription Licenses under one monolithic service umbrella, with global access to "everything you could ever want or need" provided by Passport.
The open source community doesn't have anything like this because of the prohibitive costs of trying to integrate too many disparate - and often competing - services under one centralized authentication solution.
Any sufficiently well-organized community is indistinguishable from Government.
at least at some businesses, admins don't even like employees to keep data on their desktops, but only on servers - that way no one loses data when the random desktop goes blooey.
Yes, but there's a difference between working across a LAN and working across the Internet. For one thing, office LANs are 100 megabit/s Ethernet, but as rgmoore pointed out, try getting 100 KILObit/s out of your dial-up PPP connection. The characteristics of telephone lines make it just not possible. Businesses can also afford to maintain a few smb/nfs/ftp/webdav servers and a couple hundred workstations; home users would have a bit more trouble affording $100,000 to move the family to an area where high-speed Internet access is available, $50/mo for the high speed Internet connection that Hailstorm would require to make it even remotely usable, and $25/mo (based on previous retail license price divided by 36 months) for Hailstorm service itself.
Will I retire or break 10K?
Surely someone somewhere in GPL land has written some code that let's you do what their passport software does. If so let's hear about it!
It's so funny to read all the posts comparing Sun and Oracle's Net PCs to "time shared computers of the past" and "glorified x-terminals".
Just how many of those dumb PC magazines do you people get at work?
Nick may be a little off here and there ("benificient dictator" as opposed to "benevolent...") but that's no biggie.
I don't know or care about MS products and services.I've seen them fuck too many good people, whether employee or owner, government and private, for me to ever care what Microsoft thinks/does/shits.
But I can say that I've worked on a distributed system for a few years, and there is such a thing as a NC...not PCs, not timeshared, not NFS, not X-terminals, and probably what MS would like to see the Xbox evolve into.
Good God, I wish some of the Microsoft sheep that hang out around here would stop reading their "PC Wanker" magazines and start thinking once in awhile.
Treatment, not tyranny. End the drug war and free our American POWs.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
while I appreciate raising the alarm - this is an insightful piece - I couldn't help but wonder why he thinks NC would have been good under Sun's control. Clearly .NET will be a nightmare under the monopolistic control of M$ - but Sun is just as hungry for monopoly as Microsoft, and would hardly have shepherded the concept any more benevolently than M$ would. The NC *was* a failed concept and for good reason!
Don't blame me - I voted for Howard Dean. http://dean2004.blogspot.com
I think MS has a good chance of making this happen. Its not a certainty but it is very possible. IMHO it all starts from the desktop monopoly.
The key is that when Hailstorm gets integrated into applications (instead of being "on the web") people won't feel as uncomfortable with it. They won't even notice its happening.
Imagine that some music distribution company offers a jukebox like system where you pay a small amount of money to instantly play a song. If they teamed up with MS, they could install this ability in MS Media Player to log you into Hailstorm so you could "securely" transmit finaical information neccesary to get the song. And the normal user barely even notices becasue all the info gets typed into regular windows dialog boxes that don't look anything like the "scary, unsafe" web. For the music industry its great because they don't have to worry about keeping user accounts and the security. For MS its great becasue they get money even though they have nothing to do with music. Hell, that might even make it easy for artists to directly charge for music. Easy distribution, and easy money collection. It works with anything. Like the MLB's plan to charge people for the game broadcasts.
Its all perception. People get scared only when they take out their credit card and type it into the computer. Imagine MLB get you to type in your credit card just once into Hailstorm. From then on all you'll see is a dialog box that pops up saying "Do you want to buy this? YES NO" Peopel will just hit yes and barely think about. Since all the info is already in Hailstorm, you won't need to retype your cc.
Once people are in the system and comfortable with it other companies will dive in. Make the same modification to Internet Explorer and then companies can sell you stuff over the internet using Hailstorm as the payment scheme (a la PayPal)Companies probably won't even give you any option other than paying via Hailstorm since its a lot easier for them.
And this is exactly what the article is getting to. MS suddenly becomes the doorway to a whole host of services. In other words _everyone_ is dependant on MS. MS can raise prices however they see fit since comapanies would need the MS user db to conduct transactions.
Yeah, but all that cool auto-managing software that NCs used could have run even better if it was installed on a real PC instead of an underpowered NC. Management is a software problem, so solve it with software, not hardware.
Did i mention that the Microsoft-Bank will not assume responsability for losing your money?
Having a single sign-on has real benefits from the point of view of a non-technical user. End users want the experience that Hailstorm theoretically offers (at least some of the time). They are tired of remembering dozens of separate password. Unfortunately, lots of people don't worry that much about the privacy implications.
Is there a good open source alternative that can provide the same experience?
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
There are a number of open source, GPL Government projects going on today, and a number of others where people are working to retrofit the GPL to existing codebases. I'm participating in one that's struggling to get started in HLA, the Defense Modeling & Simulation Office's High Level Architecture, which is the DOD standard for interoperating networked simulations.
A large number of very influential corporations would be tickled pink if the code that they developed using the taxpayers' money stays locked in their own private safes. Microsoft is simply the point man on this effort to perpetuate a whole apparatus of sweetheart deals and fraud against the American taxpayer.
The argument that GPL is somehow un-American seems absurd your average /. reader. In fact, we may be wondering why they would bother to even give an argument like that. Simple. That argument carries a lot of weight with program officers for the military who have to contend with superiors who really do see a Commie under every bed.
Never, never doubt that Microsoft means precisely what it says.
Did the scriptwriter or director intend all of those? Any of them? I'd be surprised. But that's what makes it art: It resonates with us on levels far surpassing the conscious intent of the artist.
The Mongrel Dogs Who Teach
The film was about 10 years too early, but it amazes me how much it captured.
The Mongrel Dogs Who Teach
I think the main difference there is that the everyday person-on-the-street knows thrift stores and charitable institutions. They understand them, and recognise what they do. To most people, open source is something they don't know or understand, and their main source of information about it has been FUD marketed to them by people who don't like it.
Debunking that FUD is all well and good, but if people aren't also educated about what open source is and how it works, then they're never going to be able to make an informed decision, one way or the other.
If you can keep the appropriate people focussing their attention on trying to justify themselves, even against rather pointless and ineffectual attacks, they don't get quite as many people thinking "what are they up to?" as they would if they were just getting on with quietly rolling out their .NET plans - they're quite obviously whinging lamely about open source, right?
By giving the more zealous and vocal open source advocates a giant red "Kick Me!" sign to fire at (and fire they will; the target's too good to pass up), then commentary on the other things they're doing might just get lost in the noise.
Welcome to the Machiavellian world of PR. It's a lot more difficult to meta-moderate out there, and Microsoft is trolling.
I'm sure the fact that you can buy a complete PC for what a NC cost had nothing to do with their demise.
As far as .NET is concerned the issue of authentication is overblown a little. People seem to focus on the evil-looking parts of .NET like authentication services and ASP software, and forget about what .NET really is. It is a runtime, like Java, that can run code written in several different languages. That part of it will succeed. The authentication stuff however will go down the tubes just like the ASPs are doing now.
There is not a widespread need for third-party authentication. Certainly not enough for there to be widespread services that everyone uses. The ASP model has failed to a large degree as well. If the 3rd party goes down(as MS has often done) or tanks as a business you are hosed. Most people won't risk this.
The part of .NET that will succeed is the programming model, because it does solve a need for a lot of programmers.
So what we have really is 2 .NET's, one which will succeed, and one which will not do so well.
No, Thursday's out. How about never - is never good for you?
- When I first brought this home computer home and started it up, the first thing I saw was a screen that dialed up MS and further prompted me to enter data on myself, basically enforced registration. My identity as a new user was logged and stored away. I wonder to this day what information MS has on me, and if it's legal to obtain it. I believe it should. But my point is that I was guided down a narrow path, afraid to not deviate from it, and MS pushed my initial registration on me.
- When I installed Compaq (nee Digital, nee Powerstation) Visual Fortran, I was told that IE was necessary to use their online help (their only help). It promptly downloaded itself on my desktop and became the default for a bunch of files (.gif, .jpg, etc...). Again, I felt I had no choice but to comply, as part of the initialization process.
- Then when I loaded MS Visual basic onto my machine (God help me), I was forced this time (of course I had to use IE, but I was used to that) to establish a Passport account to finish the installation process! I never wanted a Passport account, man...
So, long story short, I got assimilated and now I have this red device sticking out of my ear.
No, wait. My point is is that the average user is also compelled to do all these things, essentially agree to be tracked and registered, just to run their desktop, or do their job at work. The idea of actually owning what you pay for is a distant memory in .NETland. You can flame me for being a sheep, but I don't have time to fight the power every damn time I turn around.
Here is an interesting link. It's IBM's 1995 Annual Report where the CEO talks all about network computing concepts. It's a good insight into what they thought this thing would be before it got all confusing with the dissembling and rambling explanations of what .NET is and isn't. Man, if you ever wanted an example of doublespeak, you only have to read MS press releases. Black and White are what Bill says they are.
SDMI: Finally! Music that won't rip or burn! Brought to you by the fine folks at RIAA.
The problem with the NC model is that it relies on a stable, secure, high-bandwidth connection that has 99.9999% uptime. Can anyone tell me of a network that meets these requirements?
The counter argument is that no computer has a 99.9999% uptime either and that any system can fail locally as well. The response to this argument lies in the idea of local control. If my hard drive fails and I have a report due tomorrow, I can choose to put in a new hard drive and could have myself up and running again relatively quickly. The NC model places those decisions and priorities in the locus of control of someone else. Who is to say that they have my best interests in mind? If you want an example, look at the DNS problems Microsoft had a while back. As a network consultant and support technician, I unfortunately have to spend hours digging through the sludge of Microsoft's technical papers and knowledgebase hoping to find answers to this new problem or that. For three days, during the DNS debacle (can anyone figure out why they didn't have an off-site DNS?!?!... The Road Ahead for sure!), people were out of luck when it came to getting access to those resources. Let me tell you, if the phone system of the US was down for three days, there would be congressional hearings and someone would probably be facing jail time. Now, I'm not saying that a company should be held responsible for its website being down for three days, but if that company was also providing "essential services" (as the .NET strategy is hoping companies will), then I believe that the level of accountability should rise in proportion to the critical nature of the services that are provided.
We have a scary future ahead of us my friends. But you guys already know that, don't you?
Another reason: there's a BIG difference between a LAN (which basically is the niche you mentioned) and the Internet. MS's solution amount to trusting every bit you have to Uncle Bill. Bad. On the other hand, having a LAN in your office and lightweight PCs (aka NC) does make a lot of sense.
And it's even less original than the article says: remember those "boot ROMs" for diskless Novell workstations? Windows 3.x installed in the server? That worked, and worked REAL good. I am/used to be a CNE, and did gazillions of installations like that. Everyone was happy. Office ran exactly as fast as in HD installations. It had everything a NC has except buzzword compliance.
And what killed that? The bloat that was Windows 95. Can't have it executed from the server. Bugger.
Actually all my passwords/userID combinations I even owned are stored safely in my Psion (PDA for the uninformed) and saved with a password. So I only have exactly one password to remember. Since it is regularly synchronized with my PC I nearly have no risk of data loss and I have my PDA all the time with me. This means: you won't get your hands on it to read the passwords without me knowing it.
Second thing (which form security point of view is not ideal, but usefull...depends on your own paranoia) is that you could easily use the same password/userID combination for less important things. I'm not going to secure my slashdot account with a 14-char password because I fear to be 0wn3d and that trolls will start to exploit my account. My root password on the other hand, has 14-chars because I consider it important. /.
Now, you see: with a bit of discipline and common sense, do you need something like Passport(tm)(c)(r) or even Mozilla/IE5.x remembering your passwords (I disabled it) Oh, *you* don't have common sense. Sorry, forgot I was talking to
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
Some friends tell me it is convenient to use these ATM things, but I can always go home and get more money if I need it, I don't ever want to leave town anyway. And this way I get to set up my own security. They tried to sell me some fancy alarm system, but I just keep the door locked and all the windows except for on the second story, 'cause no one is going to climb into a second story window.
There's a similar article called Why Microsoft is Wary of Open Source by Joe Wilcox and Stephen Shankland on CNET.
First of all, in Linux, you 0wn the system if you want to.
and when you're done with that, you can 0wn every linux box on your cable modem node. thanks, red hat!
--saint----
...deliberately harmful "advice" there which will hose your Windows box. I suspect the site is either a cruel prank or a sarcastic joke, but it's certainly not clear to any poor Windows luser who stumbles by that they shouldn't ACTUALLY delete win386.swp (THE SWAP FILE).
The only "tips" on that page are for clearing temp internet files and other stuff that's only slightly beyond the average AOL luser. Nothing actually worth reading (that is, nothing I didn't discover a month after I started using Windows).
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
A NC is just an appliance, with some processing power (not much), broadband access, graphical capabilities and maybe a small harddrive (low-cost storage).
Microsoft has an NC, it's called the X-Box.
Sony tries to play catch-up with the PSII, with the recent agreements with AOL, Real, Macromedia, etc...
Nokia has also a NC in the works (not based on a gaming platform but on an Tivo-like appliance running Linux)
But of those three only one will win, and it's Microsoft. They have as much cash as the others, but they have majors advantages like mindshare in the public (joe won't buy a PSII to check its email, but a microsoft thingy like the one he's got at the office) and a huge base of developers.
Game Over.
-- p a n a p i c - panoramas des alpes: Mont-Blanc, Mont-Rose, Cervin, etc...
Funny, I was just reading an article by Bill Gates on .NET. The article explains .NET quite elegantly: "A company offering an online electronic-payment service can expose its service to partners, so that they can deliver it as part of their own offering -- regardless of what platform they are using."
Of course, Microsoft will always push their platform as the "best" one to build Web services on. But I think we should applaud the fact that two major proprietary behemoths have finally started pushing "open standards" -- IBM and Microsoft. Don't forget how unrealistic this would have been only a few years ago.
I think it's time to take a step back from all of this Microsoft-bashing and realize that at least we finally pushed them into a corner. They can't push a Windows-only solution anymore. Sun has cornered the market on "open standards" with Java. Microsoft HAS to counter -- as long as they keep pushing something Windows-only, they will lose customers.
What we are seeing here is what we have been asking for all along -- "Microsoft, will you finally support standards?" Why is it that when they agree to support XML and SOAP, and at least do lip-service to the "open standards" idea, we continue to bash them and whine about how Sun did this 10 years ago?
Why pro Microsoft always talk last? Anyway.
.NET does would compromise the security by centalizing the authenication to somewhere else, while putting Oracle and SAP servers at risk of being publicly accessible.
.NET, as there are lots more idiots who believe everything sales said. I know a PHB putting employees database in a public webserver. Microsoft needs customers like him.
/. /    |\/| |\/| |\/| / Run, Bill!
Hailstorm is only one small part of dotNET
but Passport user authentication system which Hailstorm depends on is everywhere. If you don't use it you are on your own.
Gates is looking to take Oracle and SAP to the cleaners, Hailstorm is the smokescreen for that agenda.
Smart admin would avoid their Oracle and SAP servers be able to publicly accessible. E.g. the websites only get a snapshot of the Oracle database image from an internal Oracle server. What
Oracle and SAP see this, but they'll still cooperate with
Network Computers failed for the very good reason that MIS managers looking to torture their victims
Nothing torture me like admin hundreds Windows 95/98 desktops.
 _
1.) They make great web browsers. Sure, they've got privacy issues and they're closed, but they work pretty damn well. I type this from IE5 mac, which is a pleasure to use. Making web pages look as good as MS Word documents gives consumers confidence.
2.) They run Hotmail. Everybody's used this at least once. It's a great example of data accessibility. Another great examlpe is Corbis.
Another factor here is connectivity. There's much better and faster Net access now than there used to be. People couldn't see the benefit of NCs when all they had was 10base-T at work and modem everywhere else. At that time, NCs offered little benefit over carrying a floppy over to your co-worker's desk. With the spread of broadband, 802.11b, and faster ethernet, NCs are a much more practical idea.
M$ is also launching services, rather than trying sell you what appears to be a shitty computer. I think this is pretty key. The problem with previous NC initiatives is that they were hardware based. A guiding principle of NC thought should be that "hardware matters little". So why in the world would Sun be interested?
Art At Home
Why does everybody think households worldwide are just DYING to shell out even MORE moeny for media? I mean come on! We already pay $50/month for cable/satellite, $30/month for Internet access. Why does eveyrone think folks are going to shell out more sizable dollars on reruns and stuff? Video on demand and all this interactive TV BS is a fad and unless its priced to a level folks don't care (say $1 maybe) it won't work and if it is priced that low and they try to convince you they'll 'Make it up on volume' lookup dot.com bubble.
Top Most Bizarre/Disturbing Error Messages
The money is NOT with personal PCs - hell half are using pirated software anyway! Its the business customers. Well, do you think any IT Director with half a brain is going to suggest letting Microsoft a) handle authentication to their sensitive data nad b) allow that data to be stored @ microsoft? I didn't think so. Plus can you imagine the strain on the already overloaded internet pipes of most major companies? Same goes for personal users - till that last mile is fiber - well .NET will just be too slow.
Now MS may make $$$ selling a .NET type package that runs on internal corporate PCs, but ala samba, we'll just emulate it was necessary while adhering to whatever standard comes out of all this.
Personally, I agree with teh author one one point - the NC got shafted. From a corporate view it was an AWESOME idea. Having maanged PC deployments and disk images, etc it was awful. Being able to toss a cokie cutter box onto the network, hit power and it boots up based on serial # and user config - what a dream - too bad nobody could make it work right :(
Top Most Bizarre/Disturbing Error Messages
Unfortunately the MIS managers tended to be as interested in recovering control over the corporate nervous system as control over costs. Back in the 1980s I made money by writing apps to screen scrape data out of corporate mainframes so the middle managers could feed it into Lotus 1-2-3. The MIS managers could have provided the data but they refused point blank to do so. It was all a power-game.
Besides, you DON'T need an 800MHz PIII, 128MB RAM and a 20Gb hard disk on EVERY PC in your network
But when that setup costs $500 from a computer store the premise that the Network computer would save money by reducing the hardware costs collapsed.
The Network computer failed for many reasons, not least the fact that there was no significant application support for the device. The lack of a hard disk was always going to be a drag on performance though. The idea of eliminating local user storage is not a bad one, end users should probably only have access to a centrally managed file store. The idea of no local long term storage was a complete loser however, as anyone who has used a diskless workstation knows.
It is not suprising that network computers were easy to manage. They could not be used for anything useful. What is more Sun and Oracle appeared to be spending more on idiotic TV ads than on writing aps to make them useful. If Sun had bought Star Office earlier they might have had a point.
Ultimately I see the whole Sun vs. Microsoft thing as denial on the part of Sun. Microsoft is not going to kill Sun, but Intel and Linux will. A high end linux box can be bought for a tenth the cost of the equivalent Sun box.
Also, C# is not an evolution of C++. C# is java under a different name, what microsft thinks java should have been.
Not actually true, If Sun had not behaved as it did then C# might have evolved out of Java. C# is actually built on top of the C++ compiler back end by the C++ team. The feature set is essentially a combination of C, COM and Visual Basic. It is possible to translate from Java into C# but it is also possible to translate from Visual Basic to C# so that hardly makes the languages equivalent. Sun is not the first company ever to suggest a new programming language, nor was Java successful for any new features, even the byte code interpreter has been arround on micros for 25 years (UCSD p system).
Sun's behavior with Java was pretty inexcusable. The idea that we should all be forced to agree to the decisions of one company when it comes to the feature set of a programming language is stupid. Sun deliberately crippled the native language interface for their own purposes. But many of the users of J++ simply wanted a better language than Visual Basic to write one off applications and did not give a monkeys about 'running everywhere'.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Contrary to the discussions on this board .NET has nothing much in common with Sun's failled Network Computer. The Network Computer was nothing more than a new name for an X-Terminal that can run java apps and a browser locally. That Sun tried it as a bet-the-business strategy was the best corporate joke since the Sinclair C5.
The Network computer concept was for desktop apps. It was an MIS manager's wet dream - take away the employees PCs and give them dumb terminals wired to the nice shiny mainframe. Back to the 1960s.
Network Computers failed for the very good reason that MIS managers looking to torture their victims could do the same job much more cheaply with Citrix without buying Scott McNealy and Larry Ellison more fuel for their corporate jets.
.NET is about information service access. It is the way to hook together e-commerce applications. It has zero to do with Suns clueless hardware platform.
The only intersection between .NET and Sun's effort is that Microsoft has rolled out the JIT compiler technology and Java alternative as part of the package. Neither is core to the .NET idea, or for that matter Sun. C# is merely a logical cleanup of C++, there are some points of comparison to Java but all the ideas have been arround long before Sun used them. If Sun hadn't got all proprietary closed and legal Microsoft might not have created their own, but nobody can really blame them for not being beholden to a standard Sun police ownership of with lawyers.
Hailstorm is only one small part of dotNET, getting all wound up about it is to miss the plot entirely. Gates is looking to take Oracle and SAP to the cleaners, Hailstorm is the smokescreen for that agenda.
As for the GPL bashing being to divert attention from anything, the covert agenda there is more likely to ram home to the analysts the fact that Linux is putting Sun and Solaris out of business and the poor performance of Sun the past few quarters is probably reflecting that dynamic rather than an overall slowdown.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
...I don't want vendors deciding who will host the customer's (MY) data. I want to host my data. And my applications. I don't want to be wholly dependant upon the bandwidth provided by an outside vendor just to access my basic applications and data.
Currently our enterprise provides applications and data to our users via a 100Mbit, switched, LAN with all of our cabling and physical plant under our direct control. No ISP can provide me with that kind of bandwidth on a cost-effective basis. If a switch goes down we know about it and can repair/replace it immediately. If it's too congested we can upgrade it when we're ready to -- we don't have to beg our provider and wait for them to call us back.
I am very uneasy about allowing other organizations to completely control access to the data and applications we depend upon for our business. What happens when they goof up the billing and cut us off for 3 days because they think we didn't pay the bill? What happens when they misallocate our IP address and we get dropped off the network? I won't leave our company at the mercy of somebody else's clerical error any more than absolutely necessary.
No. We'll keep our essential applications and data in-house. Thanks anyhow.
-Coach-
Perhaps the world's greatest tragedy is that ignorance is not impotence.
People like to shop, and companies like to drop down bucks on new hardware and shiny new CD's. Tarballs aren't sexy.
As for blind-siding Open Source, pfft. That was just a headline-grabber, nothing more. Online news has discovered that to increase revenues, they need to get posted on /. Just mention the words Microsift and Linux in the same sentence.
C'mon, a full third of this clown's article was devoted to touting his awesome prophetic powers from back in the day.
There's an easy way to prevent Microsoft from controlling our identities. Let the government(s) control them instead. They control our identities now, by issuing licenses and passports. When was the last time you tried to buy a bottle of single-malt scotch with your MSCE certificate as ID? The way to stop Microsoft from controlling our identities is to convince at least one US state government to legislate the online identification of its citizens. Once digital identification is claimed as a right of the states in the US, it's taken out of the hands of M$. That's gotta be a step up, right?
You ARE the Missing Link. Goodbye!
On stereophonic equipment, the monaural sound obtained through multiple channels will enhance your listening pleasure.
Having services like this means
-you have to stay online all the time (or else you cannot reach you files)
-one server breakdown means you cannot access your own stuff
-one clever hack means you get into everyting everyone has made/kept/etc
sounds scary
Absolutely Authentication is the key to everything.
Most computer users do not want to remember a bunch of passwords.
Most users will use an easy system despite rumoured risks.
Most computer users do not understand nor care about the security risks
Most computer users, when it comes to privacy, trust big corporations more than they trust their own government and certainly more than "evil hackers".
"There is not a widespread need for third-party authentication." There is.
The article was dead on about Authentication, but all /. can focus on was how it is wrong about NCs. What an irony.
Most web developers are troubled by finding good solutions to authenticating users, and will use a drop-in solution if it is available, especially if it makes Microsoft liable for errors (or if users have given up all rights by using Passport because of the EULA).
I'd like to respond to various postings I've read here. Whatever your opinions on Network Computing, the article is dead on about Authentication. First, it is the key to monopoly. Second, we are all incredibly easily diverted. We are all failing to get the message about the GPL attack being a diversion because we are all diverted by the NC message in the very article calling our attention to the divertion!
I use the computer a lot. I use it for online banking on all my bank accounts. I use it for bying all my hardware, my CDs, and my books. I am sick sick sick of remembering passwords and I will embrace any technology where the relative risk of putting my credit card details online offsets the day-to-day drudgery of typing in my details every day. Since all my credit cards have online fraud protection, I dont see any problem putting my details into hailstorm. Or rather, I dont see any more problem with it than I do with my Ralphs grocery store card recording what I buy to eat. And neither will most people.
On security, the average user doesnt share our concerns because they literally do not understand what you are saying. jcr says, "Like I'm going to trust an outfit that puts a Turing-complete interpreter in a MAIL CLIENT, and gives it full access to both the filesystem and the outgoing mail queue for ANYTHING related to security." My Dad does not know what you are talking about. My Dad does, however, use online banking.
Now, as a web developer, I have the problem of logging in users and managing sensitive personal data. If I make it to easy for someone who has forgotten their password to get back in, then I run the risk of letting in the wrong person and giving out (in our case) very personal details. If I make it to hard, those same valuable details will suddenly be lost to the legitimate owner, negating their time and investment. One solution is to have a very thorough and very expensive customer support team. A second solution is give up authentication to Microsoft, thereby making Microsoft liable for any breaches. As a business, the ability to give up accountability and hence responsibility is far more valuable than the time and effort I save on development.
So, what is the alternative?
An alternative to Microsoft's hailstorm is one that does basically the same thing but allows for more than one service provider. The service providers then agree to trust each other or not. Just like my local grocery store doesnt take American Express, sure Amazon's IAA server might not take one of my credentials, but I do have another.
Who do you trust with these details? Who has servers to host these services? Where is the software? ISPs and banks. Whether banks would agree to store logons to other banks is a question for them, but they'd soon see the value when faced with competition. Just like my Wells Fargo VISA payment system will accept cards from Mastercard and other VISA banks, similarly my Wells Fargo IAA server will accept authentications from Union Bank.
The question is what software will this be running on, and will it be open source/gpl? It makes sense to be, since open source is much more secure. Plus, it would be nice if people could start their own servers. They might not be trusted by mainstream servers, but they would be trusted by each other.
Jamie
This perspective is based on multiple experiences in which serious bugs in MS products - like memory leaks in IIS/ASP - were never addressed. Being a highly competent developer, it is not acceptable to me to be at the mercy of a company that does not even do a good job of pretending to have my interests as a customer at heart.
Much the same feeling applies to the operating system and OS-level tools. I know experienced Microsoft systems integrators who have had endless problems with Microsoft's tools, Proxy Server being a prominent example. Problems with Exchange are legion and legendary; System Management Server is a spectacular failure; and their DNS server is little more than a joke. MS Service Packs and hotfixes are as likely to break major functionality as to fix bugs - the original Service Pack 6, and the more recent Exchange hotfix are cases in point.
From my perspective, Microsoft peaked at around the time NT 4.0 came out and has been wandering directionless since then, changing acronyms (DNA anyone?) on a regular basis to attempt to hide the lack of any significant innovation.
Two technologies originally led me to be pro-Microsoft: NT itself, and COM. NT was a good product, for its time, when the betas of NT 3.1 came out in 1992 or so. NT 4 made the catastrophic mistake of importing the Windows 95 user interface, and then turning the ever-buggy Internet Explorer into the GUI shell. Since then stability has only deteriorated, and almost no fundamental progress has been made in making NT/2000/XP support some of the more powerful capabilities and configurability long provided by Unix - proper remote administration capabilities not least amongst those.
It seems that any overall vision that had existed at the time NT or COM were conceived have since deteriorated into a mad rush to maintain control in a changing market, driven by the Internet, which is something Microsoft is still trying to control rather than "get". Factions within Microsoft with backgrounds in things like mainframe transaction server systems argue at cross-purposes with advocates of academically pure object-oriented systems. If there's someone with a global vision at Microsoft, I don't know who it is: Nathan Myrhvold left long ago, and Bill Gates has spent too much of his career making billions to be a competent software architect today.
Microsoft has also never quite gotten the hang of TCP/IP - with the possible exception of the core of IIS, its Internet-oriented tools uniformly suck. I've already mentioned Proxy Server and DNS. In Win2K, Microsoft finally gave up the battle in some areas and fell back on pure BSD tools, such as the telnet implementation. The Wall Street Journal's recent story on Microsoft's reliance on open source software gives more examples of this admission of defeat.
But even while they're resorting to open source code, Microsoft seems to completely miss the power of simplicity and interoperability evident in Unix/Internet tools; or this may be a deliberate strategic policy. If tools are too simple, extensible, interoperable, or open, customers will have too much ability to control their own destiny, and thus won't be as easy to suck into a recurring-revenue future in which Microsoft bills its customers annually and provides arbitrarily chosen upgrades in return ("this new dancing paperclip is better than the old one, honest!")
In addition, Microsoft's own insistence on reinventing everything works against it: sucky initial implementations of Winsock led to applications which didn't get the concept of asynchronous communication. You still see this in products like Outlook today: they can lock up for extended periods while doing network access, something that should be completely transparent and in the background. [I'll say one thing positive here though: I/O completion ports are pretty sweet, and I've used them to good effect in some server applications. They've also helped IIS be an excellent performer. But one good API feature isn't enough, especially when the application developers don't understand how to use it.]
It isn't as difficult as one might imagine to convince hard-nosed business-oriented customers of the perspective I'm outlining: Microsoft's threatening lawyer's letters about license compliance, sent blunderbuss-style to all customers regardless of any evidence of lack of compliance, don't win friends amongst IT staff and CxOs. The threat of rental models, browsers which modify the web sites of other companies, and critical coverage of these things from quarters such as the Wall Street Journal, all combine to make you wonder: is Microsoft aware that it will ultimately need to rely on more than its current desktop monopoly, and instead convince customers to buy its products based on their merits, and the quality of service it provides?
There's no long-term strategy there, just an attempt to keep the excessive revenue flowing until the next set of CxOs can take over and inherit the mess. As a profit generator, Microsoft represents an incredible and possibly unprecedented feat, which I can respect from a certain perspective; but that doesn't mean I want to number myself amongst the cattle slaughtered to feed its unholy appetites.
Server software has become a commodity, and Microsoft is desperately trying to tie unrelated components together and avoid standards, so that customers have no option but to accept the entire package, and pay serious money for that which has become freely available elsewhere. This is done at every level of its software offerings, so that in the application area I'm talking about, for example, the operating system is tied to the web server is tied to the transaction server is tied to the template language is tied to the virtual machine is tied to... did I mention the operating system?
Yet you can go and download the source code to systems that do much the same thing - e.g. the Enhydra or Resin application servers - and, as alluded to above, these systems will run on almost any operating system and web server, with no secrets (you have the source), and no lifetime commitment to a development model espoused by exactly one company. And this applies double to commodity products such as file servers, proxy servers, web servers, DNS, email, and the like: the free products are actually significant improvements in terms of functionality and reliablity, over Microsoft's equivalent offerings.
Microsoft has grown too far, too fast, and become way too voracious and greedy. I rode with it to the peak of its wave; that wave has begun crashing, but instead of crashing onto a nice, wide open beach, it's crashing into an inescapable little Microsoft sandbox. I am jumping off to a different wave in which the currents don't work against me as much. I'm don't argue that .NET has no technical merits whatsoever; but the cost of chaining oneself to it is too high.