Slashback: Bundestux, Kerberos, Blizzard

Slashback tonight with several updates and amplifications, starting with a nice report on the current state of the effort to put Linux into the heart of the German government, but also bits on Starcraft, cleaning up UNIX config, and Kerberos.

This deserves a hearty 'Jawohl!' DocSnyder writes: "Since the Bundestux campaign started collecting votes in favor of putting Free Software into the German parliament (Bundestag), more than 25000 people have done so. A lot of online discussions - in addition to Heise News and Linux-Community.de, even some Bundestag parties have put up their online forums - are very active to share user experience about GNU/Linux and Free Software. (Sorry for most of the linked sites speaking German, it's simply too much to translate at once.)

After several open letters and press releases have been exchanged between lobbyists and politicians, some information about a research performed by the German company Infora appeared on Heise News (english version), recommending an all-Microsoft infrastructure with the exception of some security-critical services like e-mail. The detailed paper is still not available.

An internal test (english version) between the Bundestag administration, SuSE, IBM and Microsoft confirmed that GNU/Linux and Free Software are in fact ready for the Bundestag's IT infrastructure, yet the testers don't like the copy&paste method used by KDE and recommend Windows for the desktops.

Last week, the Bundestag members (MdB) Jörg Tauss and Hans-Joachim Otto have been invited by Heise for an online chat with the community. While Jörg Tauss is a clear supporter of open standards and Free Software, Hans-Joachim Otto takes the internal test as well as Infora's research as primarily relevant for the coming decision.

On Saturday, MdB Uwe Küster summarized some details in an interview. He considered the decision - officially due Feb 28 - as almost finalized. The solution would show GNU/Linux on most servers, Windows XP and Office XP on the desktops, keeping proprietary data formats and lock-in interfaces up to the next upgrade cycle, which in fact would have been problem number one to solve.

All in all, the community has provided lots of experience, ideas and solution paths which finally seem to be largely ignored in the decision finding process towards the successor of a homogenous Microsoft Windows NT4 infrastructure, which has to be replaced until 2003 when Microsoft will no longer provide support for NT4."

That's a lot of cleaning up to do! maffew writes "A lot of feedback and ideas have been flying around since my article How to fix the Unix configuration nighmare was featured on freshmeat and slashdot. So we've created an ongoing web site and mailing list for people to continue discussing, organising, and hopefully in the end coding. It's all at unixconfig.sourceforge.net.

Meanwhile here's a link to the permanent home for the nightmare article. This is where I'm making revisions and adding links."

Raise your hand if this would mean seeing it for the 4th time ... Chris Brewer writes "In case you've been living on a different planet, The Fellowship of the Ring picked up Five Baftas, the British equivalent of the Oscars, including Best Director, Best Film, and Peoples Choice. During a live interview (Real only) after the awards, Peter Jackson announces that a preview for The Two Towers will be shown from the March 22 screenings of The Fellowship."

At long last ... something? If you've followed the strange relationship Microsoft has had with Kerberos, you may feel grateful to the anonymous coward who writes: "It would seem that Microsoft is granting the world a royalty-free, non-exclusive license to implement their Kerberos extension."

Here's some comfort for Starcraft players. An Anonymous Coward writes "As stated on Blizzard's battle.net service, the latest Starcraft patch supports UDP play, so some of the compelling reasons to use bnetd have been addressed. Whatever you may think of Blizzard and the DMCA, at least it shows Blizzard is listening to its fans."

MS Kerberos, a corporate culture of wrongness

[WasterDave]

Yipee! They published their wire protocol:

"All data is encoded as little-endian."

Oh, god. Look, since the start of time itself binary data on the net has been big endian. No, you do not know better.

Head->table: Bang! Bang! Bang!

Dave

Re:MS Kerberos, a corporate culture of wrongness

[taniwha]

Byte ordering strikes me as rather arbitrary

actually why it's an issue at all is shrouded in history ..... Arabic numerals were originally written in - well - Arabic which is a right-to-left writing system ... however in the original numbers were written LSdigits first, which makes sense since a culture of traders back in those days mostly did addition, which is done LSdigit to MSdigit .... it seems that some monk in Spain (where the Arabic numbering system was adopted when the Moors were driven south from Spain) ... didn't really realize what he was doing an copied the Arabic system into Roman scripted languages (ie left to right) without reversing the order of the digits - the result is the mess we're in today - a scripting system where we think of text being left-to-right, but numbers being right-to-left (except we're so used to them we don't realise this). This means that there's no real culturally 'natural' way to handle byte ordering for us (if our first stored program computers had been invented by native Arabic speakers they'd all be little endian and it wouldn't be an issue)

Re:MS Kerberos, a corporate culture of wrongness

[lkaos]

x86 stores integer data in a different binary format than other architectures. One of the amazing things about TCP/IP is that it's designed in such a way as to be oblivous to the underlying architectural implementation. Hence, network byte order.

It's the only way to allow different computers to communicate with each other.

I would say though that the whole berkley socket interface is antiquated for handling binary socket data. It works wonderfully for handling ascii data (which is what a majority of early protocols where).

Fortunately, most languages have decent socket libraries that abstract network byte ordering. Now, the really annoying thing about berkley sockets is the lack of an async name lookup mechanism...

Re:MS Kerberos, a corporate culture of wrongness

[Rob+Riggs]

Byte ordering is arbitrary if you don't give a hoot about interoperability or standards. It's not called "network byte order" for nothing. It's the default byte ordering for all RFC-defined internet protocols -- including Kerberos itself.

Almost all network software uses "hton*" and "ntoh*" functions to convert the byte ordering from host to network byte order and reverse. On big-endian machines they happen to be NOPs. So now what? Everyone implementing the protocol on big-endian machines has to implement their "itoh*" and "htoi*" ("idiot to host", "host to idiot") functions. And to implement any software portably you'll need the same functions on little-endian systems as well. OK, so now you can write your non-portable apps without the "ntohl" -- that's OK if don't care about playing nice with others. Those of use who work in heterogenous environments and write software for a living do care.

Sure, network byte ordering is arbitary. But big-endian was chosen long ago and causes no harm. What Microsoft did is just a good way to piss off folks who care about everyone playing nice on the internet.

Re:MS Kerberos, a corporate culture of wrongness

[Rasta+Prefect]

Um, I don't mean to flame, but why does it matter? Byte ordering strikes me as rather arbitrary.

Yes, it's completely arbitrary. Which means that since Kerberos is supposed to be Big Endian, Microsoft had no compelling reason to screw with it. Its arbitrary, but by no means interchangable. Now when using Kerberos you actually need the check every time you use an integer to determine which way 'round it ought to be, thus allowing for a whole new class of bugs. Hooray.

Re:MS Kerberos, a corporate culture of wrongness

[Tony-A]

Which side of the road you drive on is arbritrary. Things just work a lot better if everybody agrees on the *same* arbritrary.
The existing dominant processors are the IBM and Sun big iron.
Maybe you like reading the hex value 12345678 as 78 56 34 12, but I don't.

Microsoft and Kerberos

[hillct]

I remember vividly my discussions with microsoft personel at the Win2K launch even in North Carolina. We were debating the validity of adding data to optional fields in a Kerb ticket which would effectively prevent a ticket issued in a unix realm from beung useful in a Windos Kerb realm, but not the reverse.

After filtering out the marketoids who repeatedly insisted everything was fine, a couple engineers conceded that the implementation was broken. It;s interesting to see Microsoft try and sell this as an extension that others shoupls implement and use. Unfortunately, this is yet another example of the effect of monopoly power.

'We support the standard but if you want to access our systems you need to implement the standard our way'

What a sham.

--CTH

Linux on desktops

[blibbleblobble]

So the linux clipboard (or lack of compatibility thereof) provides enough reason for them to buy and use Windows/Office XP?

Sounds like a reason to fix the shitty broken clipboard, then. I'll be grateful when I can at last paste from KMail into Mozilla.

Re:Linux on desktops

[SEE]

It's very simple. If 99% of the desktop machines in the world do it one way, and 1% do it the other way, that 1% is wrong from a usability design standpoint. No matter how much better in theory. It's the equivalent of sending out Dvorak keyboards as the standard keyboard for a computer because it's a better design, or giving people foot-operated mice so they can keep both hands on the keyboard. I don't care what logical arguments you make, it it's still wrong.

The Windows and Mac clipboards work one way. The X clipboard works another. X is, therefore, wrong.

Microsoft bows to outside pressure?

[AndyDeck]

I'm practically speechless here... Microsoft has actually relinquished a proprietary lock.

I am neither expert enough at Kerberos nor Samba to know if the above-referenced web page (Here in case you missed it) is truly sufficient for interoperability, but it sure looks like it.

And the critical language is at the bottom:

Microsoft grants you a perpetual, nonexclusive, royalty-free, world-wide right and license under any Microsoft copyrights in this specification to copy, publish and distribute this specification, and to implement this specification in your products.

and

Microsoft is not currently aware of the existence of patent(s) and/or pending application(s) that are essential to the implementation of this specification. However, if Microsoft becomes aware or has any patent(s) and/or pending applications that are essential to implement this specification, Microsoft will grant you a royalty-free license under applicable Microsoft intellectual property rights essential to implement this specification for the sole purpose of implementing this specification. Microsoft expressly reserves all other rights it may have in the material and subject matter of this specification. The licensing commitments made hereunder do not include any license for implementation of other published specifications developed elsewhere but referred to in this specification.

Translation: You can use this spec in your products. It's not covered by any of our current or pending patents, and even if it is, you can still use it royalty-free.

Other related specs are not rendered licensed or royalty-free, so they MAY have kept a loophole - but this looks sincere so far.

Amazing news, really.

That darn clipboard

[fm6]

Actually, I don't think anything's broken. The clipboard is just your classic you-can-configure-everything X-Windows app. And every distro seems to use the standard hacker-friendly config. Which does allow you to work with a minimum of clicks if you're used to it, but is insanity-inducing if you're used to the simpler Windows model.

Hmm. This is just the sort of problem Lycoris would attack. Another reason to download it -- as soon as the slashdot effect dies down.

Re:That darn clipboard

[Bilestoad]

Here's why Linux isn't making up ground on the desktop. When someone says something doesn't work right the response is RTFM, or that it is supposed to be like that. If Linux is going to succeed in environments like the German government then intuitive or ingrained use patterns should be the norm, no matter how much geeks like the other way and no matter how much it might seem like windows. Geeks can turn it back the other way if they like, they know how.

Read it again, because they *have* to.

[Bob_Robertson]

Since WinNT is closed source, the only place to get service and support is from Microsoft.

Since Microsoft will not be supporting NT4 past 2003, they are wisely getting their house in order before they run out of time.

Everything has to change anyway, so they are entertaining the idea of building something better. Unfortunately, the argument that they don't have to replace the hardware at all wasn't good enough.

So rather than spend the money on consultants to use existing hardware, and free software, to rebuild their network, they are going to spend the money on consultants, new hardware and new software to retain the same functionality they have now.

And in a few years, when Microsoft stops supporting XP, they're right back where they are now.

That's why it's called an "Upgrade Cycle".

Bob-

Two Towers Trailer at END of Movie

[cybermage]

Most people, at least in the US, don't bother to sit through the ending credits; so, they'll miss the trailer for Two Towers unless they're told about it as the trailer will run, properly, after the movie.

Of course, given what theaters pay their workers, let's hope they actually tack it to the end and not the beginning. ;)

Re:Copy and paste of all things...

[nuxx]

I'm sure I'll get flamed or modded down for not trashing MS and pumping Linux, but here goes anyways:

I would imagine that what the users are talking about is the inability to copy and paste all formats of data from anywhere to anywhere. Like copying a table from a HTML document and pasting it into Excel. That's just useful sometimes when your manager is breathing down your neck looking for a report of something that could just be looked up online. We all know how it is.

About the more stable thing... The last time I tried making ANY in-depth spreadsheets on *nix, I tended to take the app (I think it was Star Office) right down. Or sometimes when importing data from other existing sources the app would either blow up or fail to import the data. Users can't have that when they have deadlines. On the other hand I've been sitting here for the last five hours working up process documentation in Excel (yep, management can't get it done, I want a faster process, I'll write it myself) without a single issue.

Yes, I love Linux, but I don't think it's ready for the desktop. MS has it right with near-universal copy and paste and stability is no longer an issue. On a properly configured machine there is no reason that 2000 or XP should crash. Ever. My machines don't, yours can too. I still believe that Linux's best place is on the back end. Passing out files with Samba without people thinking about it. Serving internal websites with Apache. Watching what's going on with Snort. There's many, many good places for Linux, but the desktop just isn't there yet.

Not to mention notebooks... I've yet to see a Linux distro that can transparently handle being undocked, taken to a conference room, hooked up with a PCMCIA NIC, worked on, then docked again. If I'm wrong here, please correct me and provide links...

-Steve

Starcraft

Actually the UDP support has nothing to do with bnetd. Starcraft was ported to Mac OS X, which doesn't have a working IPX protocol that they could use. So rather than try to graft IPX onto the Carbon version of Starcraft they created a new UDP version for LAN play with OS X, then added UDP to the other versions afterwards.

There were a few posts to insidemacgames.com's forums by the Blizzard techs who made the patch.

UnixConfig (tm)

[KidSock]

I was ready to post my message to the UnixConfig message board but apparently I wasn't logged into sourceforge. I think I'll just post my comments in response to the documents prepared there here instead:

--8<--

A core system would handle parsing, verification and storage of text-based configuration files in one or two basic formats.

We cannot do this. We must be able to handle arbirary file formats. There is no way we will get anyone to change the format of Samba's smb.conf, Apaches truly arcane httpd.conf, or DNS zone files for example. We *could* standardize on a uniform in memory representation but I'm not in favor of that either. I think we have to go all the way up to the API level (e.g. int exports_add(const char path, int flags, ...,{SMB|HTTP|NFS|...}).

The master copy of the configuration is always left in the native text files (in /etc and ~/.*). This is where linuxconf falls down, it starts keeping its own copy of the configuration, which means if linuxconf takes over your system and then later something stuffs up, it's difficult to edit a text file manually without losing linuxconf completely.

Absolutely. The confuration files *are* the database. On a separate front, we might provide an idealized open-ended application configuration library for assisting new development but I think there would have to be some weight behind the main front before developers would even consider it. That might also give us the opportunity to normalize on a few file formats (e.g. scanf, WINI, XML).

Another option is to allow plugins to handle how the data is stored.

That's a goodish idea but there are interfacing issues. By "plugins" are you suggesting one could write their parser in C or C++ or Perl? At what point do you normalize on a common language? Keep in mind this has nothing to do with *file* formats.

In order for some features to work, it might be necessary for application developers to switch to the use of the configuration manager for their internal routines.

We cannot do this. We must transparently manage data within the configuration files of the applications themselves. There is no way in heck we'll get app developers to convert. Their intrests are far more important in their mind (and they're probably rigth).

A key element would be the configuration format description file. This would list the configuration options for a given piece of software, giving for each one the name, type (boolean, list, string, filename, internet address, etc.), options, category (for sub-sections within the config), and help text (short and long).

You'll end up with a glorafied property editor and that's not what you want. What I mean by this is that you do NOT just want to map configuration options within application config files to the configuration options of whatever tool we're talking about. This is one of the greatest failures of UNIX confuration tools. It would be far more effective to isolate and the concepts associated with changing the behavior of a system (or group of systems) rather than just mapping check boxes to booleans and selects to lists. The KDE runlevel editor is a spectacular example of this failure; it does not isolate the concept of what it means to change the initialization behavor of your system.

For example, rather than writing configuration screens for Samba, Apache, Pro-FTPd, and NFS exports, write an "Exports" module that handles all of them uniformly. They all do essentially the same thing; make a portion of your filesystem available as a network service. Similarly, instead of having a PPP dialer, make a module that controls your "Network Interfaces" (RH has largely done this working PPP into network-scripts). Again, isolate concepts rather than parameterize configuration options.

Re:Copy and paste of all things...

[spitzak]

No, they are probably complaining about the simple inability to cut & paste text.

It is true that selection and middle-mouse click will work between all X applications.

However Windows users are used to ctrl+x and ctrl+v. Most X apps initially supported this by simply making ctrl+x do nothing (because the text was already selected) and making ctrl+v do the same as middle-mouse click. This is how current KDE applications work.

This worked pretty good, but it turns out most Windows users were also used to selecting the text they wanted to replace and then typing ctrl+v to replace it. This unfortunately changed the clipboard and the paste did not work. They do have a point that this is confusing to anybody coming from Windows.

There are several kludges an app could do to detect this and do what the user expects, but it appears the solution adopted, first by Motif programs like Mozilla and then by GTK and several other toolkits, was to have 2 clipboards, one for the selection and another for the most recent ctrl+x. In many ways this is an ideal solution, as in fact the middle mouse is really equivalent to drag & drop and is best combined with that mechanism, not the clipboard.

The problem now is that KDE apps (and quite a few others, I'm sure) do not understand this. Typing ctrl+v still pastes the selection. Since this is usually the same as the clipboard except for the "select and replace" Windows reflex it probably isn't any worse than before. However the opposite way is a pain, as ctrl+x in KDE does nothing and ctrl+v in a newer program then pastes and older ctrl+x, which I am sure drives the user nuts.

Yes the next version of KDE will fix this.

PS: the newest versions of FLTK match GTK as well, it had the same problem as KDE.

Re:Listening to which fans?

[Bowfinger]

Be reasonable. D1 was great in its day. I lost thousands of hours to it. But D1 is a dead product, superceded by D2. If you liked the original, you will probably like D2 even better. It's the same basic game, but with far, far greater variety and replay value. Of course, if you didn't like D1, you may not like D2 either. To each his own.

There is no replacement for StarCraft. There doesn't appear to be one on the horizon. I think it is remarkable that a company like Blizzard continues to support and enhance it. How many other companies are still provding free patches for five-year-old games? How many other companies even provide bug fixes for old products like this with little sales potential?

I too am concerned about Blizzard's actions with respect to bnetd. I understand their legitimate need (and their right) to control the spread of the Warcraft III beta, but they overreacted. I hope this is just an aberration. Too many companies seem to have run out of fresh ideas of their own, so they use the legal system to suppress fair competition. It would be a shame if Blizzard has joined that list.

Yes, Blizzard has problems. If you look at their overall record, I think Blizzard is still one of the good guys. There don't seem to be many of them left. Give Blizzard a little slack, at least for a while longer.

But that's just my $0.02 worth.

Re:Why do all the games seem to use IPX for lan pl

[GooberToo]

This comment is sadly a joke. Most LAN games are not going to have complex routing issues. What routing issues do you think the average single or dual hub network is going to have??? Do you think they develop their games around the idea that at 5:00pm Corporate America suddenly turns into Blizzard Central? Of course they don't. Secondly, the networking overhead is not going to be detectable for your average game on a LAN unless it's a total peice of crap game. If TCP is good enough for WAN based multi-player gaming, it's certainly good enough for LAN play!!!!! At best, assuming sane implementations for both protocols, you *may* see differences of a few ms per PACKET and even still, I seriously doubt you'll even find that much of a difference!

Simply put, use of IPX is certainly for nothing more than restricting user options and control or just maybe, they have this old IPX networking library laying around that works and they'd simply not rewrite it unless they had too. Meaning? They might of been trying to save time and money and it have nothing to do with control or technical merits of the protocol. As for your assertion that IPX has bandwidth guarantees, please back that statement up. That's pretty hard to do when a) it's going over ethernet and b) the os can commit to the application all day long at what it thinks it can deliver over the wire but it really has no say at all, otherwise, a single IPX station could bring down a whole IPX network (that is, one computer says, all the network bandwidth is mine...go find your own). The words, "ya right!" come to mind. How would it control this with other types of network activity on the wire? After all, when it's all said and done, it's the wire activity that counts!

End point, you're statement is completely without merit and makes no sense. If you do have games which support multiple protocols on the same OS and one is notibly faster than the other, it more likely it is reflective of nothing more than one was optimized and the other was extremly poorly implemented, or both.

It's really as simple as that.

Read the X clipboard explanation before commenting

[Guy+Harris]

If you plan to comment on the "cut and paste" issue, please read the X clipboard explanation, in detail, and make sure you fully understand it before commenting.

X - or, at least the X11 Inter-Client Communication Conventions Manual (ICCCM) - does specify a clipboard that works like the MacOS/Windows clipboard. Selecting text does not have to copy to that clipboard; it merely has to set the "primary selection". The middle mouse button can paste the "primary selection". Ctrl+C and Ctrl+X can copy/cut to the clipboard, and Ctrl+V can paste the clipboard even if you've subsequently selected something else (in which case it replaces the selection with what you're pasting).

Motif and GTK+, for example, work that way. Qt 1.x and 2.x, as used by KDE 1.x and 2.x, didn't; Qt 3.x, as used by KDE 3.x, works that way.

The KDE announcement speaks of the primary selection and the real clipboard as both being clipboards; that was, as far as I know, done to avoid "frightening the horses", i.e. to work around the confusion that some people suffer from, thinking that selecting text copies it to "the clipboard". The ICCCM doesn't call them both clipboards (it calls them both selections; for better or worse, that's standard terminology inside the innards of X, but you don't have to call them "selections" when talking to users).