Slashdot Mirror
XML Web Services & Security
Handy writes "Web Services (SOAP, .net, WSDL ? , UDDI ? ) create an even greater need for robust security. Exposed interfaces and fragmented administration coupled with a need for app-level security points to a greater need for a centralized managed security services model."
Street-savvy schoolgirls peddling
... for 150,000 yen.
sex and socks for big bucks
Rina finished junior high school just a few months ago. With the exaggerated curves of her carefully plucked eyebrows, shoulder-length dyed locks and heavy eye shadow, she resembles any typical Tokyo teen-age girl. Where she differs from her peers, according to Yomiuri Weekly (5/26) is that Rina spent her junior high school days as the ringleader of a group of schoolgirl prostitutes.
A normal day for Rina during junior high was to head out after school, provided she hadn't cut classes, change out of her uniform in a public toilet and ride a train to an area in the Tokyo suburbs that was known as a popular hangout joint for kids.
Once there, Rina sauntered over to the sixth floor of a building where her regular telephone club was located. Being a girl, she got in for free. She entered to a room bare except for a single telephone and a chair. She would sit down and wait for the guys to call.
A typical conversation went along the following lines:
"Let's meet."
"Take me to karaoke."
"OK"
"Can my friends come too?"
"How many of them."
"How many can I bring? We'll let you touch our titties for 5,000 yen each."
"Can't just the two of us meet?"
"After karaoke."
Rina's group was made up of six girls, all of whom were in the same class at school. At times, all six would work toward catching a customer. Other times, only two or three went on the prowl while the others manned the telephones at the dating club. Each time a client was snared, the others would be alerted.
Once the customer had been reeled into a karaoke room, negotiations would begin anew.
Selling the loose socks that are a ubiquitous part of the Japanese schoolgirl's uniform could see the girls pocket anywhere from 20,000 yen to 40,000 yen. Panties started at 40,000 yen, but could cost much more.
"We'd sting anybody who looked really weak. We'd charge 40,000 yen for loose socks and 100,000 yen for panties," Rina tells Yomiuri Weekly. "Some guys'd stick their fingers in or film you with a camera while they took the panties off."
Rina's girls didn't just operate out of telephone dating clubs. They also took turns posting messages on Internet sites offering to sell their panties. If an answer came, girls were free to act alone or call on their colleagues for support.
"If you were willing to sell your panties," Rina says, "You were willing to head off to a hotel."
Doing so would earn the girl up to 50,000 yen.
"I really wanted 50,000 yen a shot," Rina says, "but, depending on the guy, I'd go for 30,000 yen."
Rina started selling herself during summer vacation after she finished her second year of junior high school. She'd spend hours with friends hanging out at local sites, but was sick of not having any money to buy clothes or cosmetics. That all changed when she met a man who paid her and her friends 5,000 yen to go to a karaoke box with him and sing.
Soon, Rina was asking other men to pay her to accompany them. If her asking price was too high, she'd soften it up with a promise to let them grope her. Finally, she got together a man in his 40s who, after a few meetings, took her maidenhead
"It really hurt and I threw a tantrum. We couldn't get it right at first. We were at the hotel for six hours," Rina recalls for Yomiuri Weekly, adding that she felt no guilt or regret at what she was doing. "It just hurt and that's why I hated it. I wanted to get out of there as soon as I could."
Rina had little trouble enlisting classmates into her group. She simply showed them all the wonderful clothes, accessories and bags she'd bought and made sure she picked up the bill each time they gathered at karaoke or a family restaurant. Yumi, one of the girl's in Rina's group, says there were few second thoughts.
"Of 16 girls in our class, six were selling sex," she tells Yomiuri Weekly. "There was nothing rare about that. Most of the girls doing it were the students with average grades."
None of them seemed particularly perturbed about what they were doing.
"They never thought about things like that. Like whether it was good, or bad, or whatever. All they wanted was the money," Yumi says.
Two of the girls ended up pregnant. One cajoled a client into paying for an abortion after she told him the baby was his. The other girl's pregnancy became public knowledge, but that was terminated after classmates passed a hat around. Her teacher didn't believe the girl was pregnant, simply telling her to make sure that such rumors never got around.
Rina tells Yomiuri Weekly she has serviced clients ranging in age from about 25 to truly old men.
"Most of them tell me they're company presidents," she says. "But usually, they're fat, or bald, or got something weird about them."
Yomiuri Weekly notes that men who'd usually be shunned by most of society bring the most delight to teen-age prostitutes.
"We can milk him for all his worth," a gleeful Rina tells Yomiuri Weekly, "and guys who aren't used to being with women don't last too long once they've gone to a hotel, anyway."
Visit the new Troll site!
This is my 300th post.
--
pants ahoy
Fuck all logged in trolls!!!
AC's rule the world!!
Who else here likes Sonic food? I love it! The chicken caesar toaster (not on the menu) is awesome, so are the cheddar peppers. mmmm I just ate some for lunch and want to share.
KTHXBYE!
yo
It could be worse than what it is now, at least microsoft doesnt make phones yet.
"The United States has no right, no desire, and no intention to impose our form of government on anyone else." - Bush 05
Ask Pat Robertson
March 25, 2002
QUESTION: Over five years ago I experimented with other men sexually. Will I still go to heaven if I now believe in Jesus?
PAT ANSWERS: There's something that people need to understand and I want to make it very clear. There are certain sins that can go on to heaven: pride, envy, arrogance and slander. They can attach to your spirit. Jesus said out of the heart of man come certain things -- blasphemy and lust and so forth. But the bodies we have are going to die. And when they die, we will be like the angels. We will neither marry or be given in marriage and all of the sexual urges will be taken away. What I am trying to say is that the body that you have you are going to leave behind. If you come to Jesus Christ, He has forgiven you of your sin. What you did was wrong. Confess it to the Lord and say this is wrong. It is something else to say I am going to justify it, and whether the Bible says it is good or bad, I am going to keep on doing it. God says your body is a temple of the Holy Spirit and we need to behave that way. Nevertheless, God also remembers that you are made out of dust and He remembers who you are and what you are. Of course He will forgive your sin. Of course you will go to heaven, if indeed you have received Jesus and have been born again by His Spirit. That's what is important. What happened before is under the blood of Jesus Christ and you need to leave it there.
Just like linking directly to bugzilla? good job guyz
Not only is this article not saying a single new thing about web application security, the site at the end of the link only has 4 articles on it. This smells of advertising for a new site? Now I am not one to wear a tinfoil hat but I smell a conspiracy going on with news that isn't really news!!
***I GOT NUTHIN***
The core of Lucas's adult audience is composed of emotionally and socially underdeveloped males. These men suffer from an unresolved Oedipal complex, due to which they subconsciously fear castration by a father figure, a rival for their mothers' affection.
In the movie, young Anakin is beginning to assert himself and seek the rights and respect due to him as an adult. However, he almost immediately comes in to conflict with an older alpha male, Count Dokoo (the grey haired and paternal Christopher Lee). Anakin takes his throbbing, phallic, light saber in hand and does battle, but the Count disarms and dismembers him in what is clearly a symbolic castration.
The newly gelded Anakin is now given a robotic arm, a stark symbol of the belief that one can compensate for a lack of sexual prowess with technological proficiency.
This resonates deeply with the audience, themselves the victims of a figurative castration. In young adulthood these emotionally immature men -- imagining themselves persons of great intellect -- sought the respect of other men and the affections of women. But they lacked the social skills to gain either, so they resigned themselves to a life of making case mods, watching sci-fi flicks, programming free software, and eventually marrying the first fat chick they can get to sleep with them.
This was an interesting read and I'm sure it is good info for tech managers- maybe if we keep hammering at them they will get it, but if you write code and you realize that we are connecting systems deeper and deeper - security becomes more and more of an issue. That seems to be a bit of a no brainer.
And all this talk of the computer is the network, and the future of tech and all this stuff - security is the linch pin to making it viable.
I think stability runs a very close second- especially as more critical systems become a part of this big electronic gestalt everyone dreams of- but if it is insecure, I know I wouldn't touch it w/a 10 ft. pole.
.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
Yes, yes, yes! But where does he fucks his mother?
the answer is: a big pile of shit
security through obscurity = modding down anti-linux posts so maybe noone will see them
The drive to get business advantage from XML Web Services will cause turbulent times for IT managers. To successfully navigate these new issues, managers must change their mind set from "fragmented security systems focused on using network perimeter to shield closed business systems" to "consistent managed security systems focused on managing application level security for inherently distributed business systems".
This article was written by Kerry Champion, president and Andy Yang, Senior Director of Product Management at Westbridge Technology, Inc., a provider of security and reliability infrastructure software for XML Web Services networks.
I'm not saying I disagree with their conclusion, but you always have to be suspicious when somebody comes out with an article that concludes that to be successful you have to use their product/service or something like it.
"If I could live to be several hundred
I could take a walk and really wander, really wonder."
These are logged-in trolls. Watch them in their own habitat. Watch them eat cock shit. done.
Good luck for anyone actually trying to implement a secure soap based app, what with the moving targets of XML Encryption, different ways to use XML Signatures, the need to incorporate WS Routing (and possibly WS-Security). I know these specs are likely to change soon.
~~~
Yes, you read that correctly...
for once, reading the article is actually more wasteful than posting on the topic without reading it, since pretty much everything contained in the article is housed in the "common-sense" sector of your brain just waiting to be released.
It might have been, 'time to post another flame attraction article', time or something, who knows, but this article is the most LAME I've read here.
Which isn't bad considering the 1000's I've read that were good-to-GREAT...just my humble opinion.
"Just Smile and Nod." --Huck
The drive to get business advantage from XML Web Services will cause turbulent times for IT managers. To successfully navigate these new issues, managers must change their mind set from "fragmented security systems focused on using network perimeter to shield closed business systems" to "consistent managed security systems focused on managing application level security for inherently distributed business systems".
Hmm... I know of a manager (very higher up), when asked about security implications of some assumptions in the design of a product (for web services), very confidently responsed, "They [customers] can always configure their firewall". *That* was the solution!
S
You are a big pile of shit that fell out of some western faggots anus after being ass fucked by that mean-ol' bad gunman in the bar who was later hung up by his balls, throat-fucked, and left hanging by his balls for whatever that crazed injun's desires happen to be(as he peers onward with his rock-solid 2 foot cock).
This article was written by Kerry Champion, president and Andy Yang
Ala... The presentation was made by Jerry Yang, Chariman and Cheif Yahoo, and XYZ, VP and Junior Yahoo...
S
I can't stress security enough. Too often we see the methodology of "write first, secure second."
No no no no. I'm sorry, that just won't cut it in today's world of scam artists. We need to be building in security on the server side from the ground up.
I am loath to resort to buzzwords, but "proactive" really describes just how I feel.
At my company we have met this challenge head-on by deploying a full server force of Mandrake Linux coupled with Apache 2. Apache 2 picks up where the original left off, with the added features of clones referring to Stormtroopers (as opposed to the original modular system). I find that our server compromises have decreased ~70% since making the switch from an IIS server farm.
I have also heard good things about BSD in regards to security and web apps. Great to see this finally getting the press it deserves.
Karma: Good (despite my invention of the Karma: sig)
there is this arabic guy next to me in the library and I am reading the filthy critic, laughing. not hard, but concealing my laughter. nobody has a problem with it until the arabic guy (who just left) sits down. then he goes "you can go outside." after asking him what he meant (i knew damn well) he goes "you making noises. you can go outside and make noises." i tell him i'm sorry (of course i wasnt....that asshole) and he starts reading whatever the hell he was reading (i can't read whatever language that asshole speaks)
i was going to go back and study after reading the review, but i'm so pissed at the arabic fucker that i decide to annoy him, so i start clicking in random places on the screen, as if i were doing something. he, in retaliation, starts to click also for no reason (this guy is 40 and a slow typer)
so then i go to slashdot and start typing this post really quickly and as loud as i can. he sighs deeply, trying to say something apparently, and then finally leaves! victory!
Here is my take. And here is Bruce Schneier's..
Why not cocks? You know, at least some she-male action?
A problem with the new Web Services paradigm is that there is no place for a proprietary protocol anymore. We used to have proprietary encoding schemes over closed transports (IPX). Now we have XML over HTTP over IP, all of which are public standards. Systems that were relying only on obscurity for their security are now fully exposed because data is transmitted "in the clear".
That, along with the multiplication of software layers (Browser -> Plugin -> Applet -> TCP - > Server -> Servlet -> AppServer -> 10 other middle layers) makes for very complicated systems with slower performance and bigger security holes. All this for no good reason other that going through firewall by riding over HTTP.
I've yet to meet someone explain to me the true advantages of Web Services. They are to me the biggest fad we've seen in corporate computing in recent years. Everybody's doing it, so it must be good.
-- Home is where you eat your heart out.
For a lot of companies HTTP is an exposed interface (for others it's disconnected from core data). This sounds like the same old "security on the internet" thing we've been hearing for years now.
If you can't be part of the solution there's penty of money to be made prolonging the problem. NB
© 2004 The SCO Group, Inc. All Rights Reserved.
Web services require two things that the Internet is not notorious for:
1) Security
2) Reliability
While the Internet works most of the time, is "most of the time" acceptable for web services? Some routing screw up happens and suddenly your ability to charge your customers is hosed.
This sig has been temporarily disconnected or is no longer in service
Weren't you wearing a black leather jacket? I'm just wondering...
I work as a security officer for the supermarket. I couldn't log-in to slashdot, not while I'm at work using Internet Explorer 7.2 beta-test; cookies don't work anymore, uses XML something.
Anyways, I think this is you on our security's frame capture. Confirm?
This includes a broad patent on form signing which appears to cover most forms of hierarchical documents, such as XML.
I'd pay EXTRA for a DVD that set the neighbor's cat on fire - the damn thing keeps me up at night while it meows pitifully looking for love. Everyone is entitled to my opinion!
Go buy you a pellet pistol or rifle. They are almost perfectly silent and are very lethal to small pests like noisy cats and yappy dogs. Daisy makes a nice 22 rifle that sells for about $60. For nighttime activity they even make a laser sight for 40 bucks that has a 30 foot range. Just make sure you aim for the body cavity and not for the head like most people do. The body is easy to hit compaired to the head and can be just as lethal. The problem with hitting the head, other than it's a small target, is the shot can be fatal instant. By hitting the body you can puncture a lung or other organ it won't be fatal instantly. This will give the creature time to crawl off before dieing. If the kill is instant the owners of the creature can generally tell where the animal died and who shot it.
It hangs on your handlebars!
Say no to software patents.
I fail to see why SOAP exists except to bypass firewalls, since firewalls exist to restrict what calls/ports/protocols can be made in TCPIP. What will happen in two years will be a "firewall" system for SOAP calls, followed two years later by a new protocol to bypass that security layer, billed in an exciting acronym. Repeat ad infinitum.
Hey, I'm just your average shit and piss factory.
Yes, that's right children, resist it all you can. Run away! .NET.
That's right you don't want to care about SOAP/WS-Security and all of that non-sense. You just stick with PHP and PERL and you'll be fine. Let me worry about XML Encryption Standards and WS-Security and the demon known as
"Shop Smart, Shop S-Mart!"
I like-a do-the cha-cha.
I really don't know (flame gently if I'm being ignorant), but I'm hoping someone can explain this simply.
If https is secure... and xml/soap is http-based... what's the giant technical leap preventing https transmission of soap/xml packets?
Also, if you're doing business with say, a vendor of yours, what's stopping the both of you from encrypting the body of the soap messages on both sides by means of a PGP key or something?
I'm just curious as to why the issue seems to be reasonably solved with http web traffic, but isn't with SOAP...
Ah, Black Man's Wheels. Won't affect me then :)
[no, I'm not white trash, a lot of black guys around here drive BMW's, so there.]
It amazes me how much directory services are overlooked, even for this one simple use.
LDAP is made for doing centralized management. Be it user management or even configuration of services, it's built into every system and OpenLDAP is seriously robust. Just take the 10 minutes or whatever to figure out how to use LDAP and familiarize yourself with the most widely used schemas.
Using LDAP schemas is like going to create a user table in a database and having the table definition laid out for you. Also all applications should be able to follow the structure. Voila, portable services for applications.
Please, go familiarize yourself with LDAP. Not to mention SASL (RFC 2222) is meant as a system independent way of handling authentication and authorization. OpenLDAP, Cyrus IMAP and a number of other server apps handle SASL quite well, not to mention it's included in most distros.
IIRC, the Java Authentication and Authorization APIs also deal with SASL quite well.
The solutions to most of the problems that come up with 'Web Services' (a limited tool being forced on everything) have been solved by a simple trip to the IETF's RFC repository. Now you just need to use a language and environment that has libraries built for the RFC's. C or Java are your best bets, Perl comes in next, but I've found the libraries to be in various states of working, not something I'd bet my next project on.
Arrogance is Confidence which lacks integrity. -- me
I couldn't agree any less! You logged-in trolls are just dog schnizzel! THinking ya'll can log and lag into slashdot when and where you want. Pathetic.
It takes a troll seed to post goatse.cx everywhere he wants...
but it takes a real troll to innovate new trolling technology.
This is a sad day for trolls of all kind. Anonymous trolling will never be the same with trolls that have logged-in. What with proving you are a troll, logged-in trolls guaruntee identity theft by other trolls.
Anonymous trolling is better, yes. While you logged-in trolls ass-fuck eachother, and who wouldn't want that, us anonymous trolls claim:
FROST PIST
FP
fp?
frist psot!
burgers
frist purd
turd poast
roast prist
and
www.redcoat.net/tubgirl.jpg.
Sorry, we claim all those as said in the original license published by hotgrits.org
Slashdot is now offering full story advertisements, in the clever form of "user submitted stories" as pointed out by some others already. The submitter, the "story" writer, and the company are all one in the same from the looks of it. If I were you, I'd take your intelligent ideas away from this corporate owned, and pathetically administrated whore of a website called slashdot. You're not going to get your agenda's accomplished hanging out on a terrorist website like this commie site. Enjoy!
I was just looking into XML-RPC and SOAP the other day, and for the most part Transport and even Serialization are separate components - fully replacable...
To build something that inter-ops well, you don't need to use things that are 100% standard. Especially in a component world. Worse-case-senerio a new transport protocol needs implementing in a different language - for the most part that should be very simple.
This issue is exactly why Microsoft thought they could put over Hailstorm. As a centralized model for Web Services with built-in security, user identification, preferences and certificate management Hailstorm looked like a damn good way for Microsoft to break into a new revenue space while consolidating control over the Internet.
Luckily for us Web Services weren't anywhere close to ready, at least compared to the hype for them, and Microsoft fell for their own marketing by introducing Hailstorm too soon. If they had kept it under wraps until Web Services were actually being rolled out (and running into the need for centralized security) they might have been hailed as saviors. Instead they jumped into the fray too soon and, combined with the antitrust problems, found themselves in a world of shit.
I don't know if Micrsoft has abandoned Hailstorm for good -- I do know they don't have a problem walking away from anything that doesn't pan out. But there is a chance Hailstorm, or something very similar (perhaps funded by Microsoft, but not directly owned), will return when the time is right. I expect the best model for this would be for Microsoft (and/or their competitors) to partner with the big banks and credit firms. In this case you have the businesses with the largest need for such services (and who already have significant databases) opening up their system as another revenue source. If my conjecture is valid I would expect to see announcements of such partnerships in the next six months or so.
In any case what I would like to see is an open source 'Hailstorm'. I understand there are a couple of such projects like that out there now. It would be a very Good Thing (tm) if these projects would settle on a single wire format and data model soon. Why? Because the first such system in general use is going to set the standard for everyone that follows. I would like to see both the standard itself and at least one of the implementations of that standard be open and free (as in speach).
A further extension of this concept would be to allow easy, trusted, collaboration between user identification systems. This kind of decentralization would help keep the biggies from controlling the entire dataspace. Unfortunately it may be difficult or impossible to do without compromising security.
Perhaps the best way to start is small and simple: An identification server of some kind. This service would allow you to check with with a trusted authority to make sure someone accessing your service is who they say they are. Such a server should also allow for anomynity by allowing someone to create an identity that cannot easily be traced back to the real person. Such an anomymous identify should be marked as such in some way in order to allow the service provider to decide if they want to accept it or not, but should be set up so that only the original creator of the identity can use it.
I can go on, but then I already have. Haven't I?
Jack William Bell
- -
Are you an SF Fan? Are you a Tru-Fan?
nt = no text
. . . which is still needed to provide decent security for collaborative web services. That aspect of Hailstorm will probably eventually lead to (probably several) centralized Hailstorm-like services. Espcially where money is moving around (which is why I mentioned banks and credit companies).
I certainly understand companies wanting to keep the information local (espcially sales and preferences info that can be used to infer sales). This kind of thing is very important and I doubt they would want to share it with Microsoft or anyone else. I am sure that was one of the reasons Microsoft folded their hand, and I am sure you are right about it coming back as a package.
Still I stand on my prediction for the need of central identification services and the loss of personal control if someone doesn't provde an open source implementation of such.
As to the "Troll" moderation, you might be right on that as well (although it seems a bit over the top). I do believe meta-moderation works because I know it makes me think before I moderate.
Jack William Bell
- -
Are you an SF Fan? Are you a Tru-Fan?
They have their flaws, but any standard way to connect systems in a platform-agnostic way without worrying about the n firewalls that may or may not block the way between them is bound to get some support from developers.
Speed is not always critical, and a lot of times you don't know shit about your users infrastructure. In those cases web services help a lot.
Besides, the typical business case for a web service is two servers talking to each other (HTTP, FTP, SMTP or other protocol). So there is usually no human client involved. (Of course there might be a browser in the other end, but if you buid a web service just for that you might as well just have a ordinary dynamic web page.)
Seems this is the way it's gonna be, whatever we think about it. With the support of MS and Sun and an ever increasing mindshare Web Services will be hard to avoid soon...
There are problems as well, we might be creating a really big pile of shit that is bound hit the fan in a few years.
Time will tell, there really is no way to tell yet.
Lets just hope this won't be a new MS Outlook...
Anyway, your bashing on open protocols make me think you just might be a troll. So I guess I just been trolled.
damn!
"First lesson," Jon said. "Stick them with the pointy end."
> why not use php perl mod_perl instead of c#
.NET?" I don't think his boss is into Apache.
Did you read the part of the parent's post that said, "The company is alining its self with M$ and
they all use subliminal {encrypted} communications channels so you dont know what kind of data is being passed back and forth
The point of doing web services in XML across HTTP is that it is easy and can use established technologies. If you don't want anyone intercepting the message (channel-based security), that is what SSL is for and works trivially with any web server and client, and is built into Java.
Once you have a secure pipe, it doesn't take a genius to solve the additional security needs of 95% of the applications. Add a password here. Add a signature or message digest there. Do a calling card pattern. Most of what certain vendors are screaming for is huge overkill to highlight their own products that they would like to have people using instead of what is here today and works well.
These are the same people that kept RSA under restrictive patent for so many years. Just say no.
Yet deep inside, you know how empty your posts are. How you'll always be a follower, even 50 karma can't take away that fact. So you try to "cause a little trouble" in your own pathetic way, by imitating the CLITs.
Give it up! See that bathtub? See those razor blades? Get the picture?
Liberate your mind in two clicks or less.
Things to note (strategic):
None of SOAP, WSDL, UDDI, and now WS Security are "Royalty Free".
SOAP isn't a de jure standard -- it's a W3C "note".
UDDI was supposed to move into an open standards body in 2001 but still hasn't.
By publishing WS Security on their websites and through no open standards body we see Microsoft, IBM and that other company abandoning even attempts to appear open.
On the technical side -- if you want to see a little deeper into the security issues left unsolved by SOAP, I recommend you look at the OASIS technical committee specification, ebXML Message Service Specification version 2.0 rev C.
I thought SGML was more comprehensive, and therefore technically superior.
I've been working on a project: macs, that provides (among other things) a protocol neutral authorization mechanism for hierarchical sets of resources. Featuring things like delegated administration mentioned in the article. We have been using this to control user access to things like web sites and file servers, but it would be trivial to adapt it to protect APIs instead.
Do people really leave their APIs dangling out there for all to call? Would this be a feature people would find useful?
-- "it's not enough to be a great programmer; you have to find a great problem" - Charles Simonyi
The article by Rich DeMillo (CNet news.com May 15, 2002) is much better. He gets to the underlying issue that we are patching up problems as they arise rather than paying any attention to understanding what we are really trying to achieve. In particular he says "The headlong rush to Web services is going to make things worse."
DeMillo has been around long enough to know what he is talking about, but I expect his wisdom to fall on deaf ears in today's instant gratification culture.
Geez, isn't that the same thing everyone rants on .net for?
At least with the current mishmash of crap that usually passes for any corporate network there's no "mother lode" to crack into to get the keys to the entire kingdom...
just because MS missed the point, people that have already tested MS.net in real life projects just notice "hey babe, but this is just nothing more java already got but worse !" or "but i can do better with the websphere suite, so i do back there !"
...) to either pure linux ones or at least to Java in order to get away from MS asylum in a smooth way ...
:o) LOL !
.net and they will never do it nor port it to a non WinXX platform ! A CLI port is not enough to have any kind of portability. To have a realy Java counterpart MS should provide a whole .net port, ie a complete port an implementation tested/patched and up to date of every single APIs including COM+ ;-)
.net is not dead, but yes it will never take up the whole world. At the end MS may reallize that they are just in a no way out ;-)
Ok, some people are trying to do some, but customers are either shifting from MS old technologies (ASP, VB, MFC, MTS, COM
Who entrepreneur can yet trust MS on the enterprise ground ?
Remember when then told you that "wora" (ie multiplatform and portability) was nothing but hell ! Now they try to make people beleive they will run office on Tux
But wake up kids, MS is just fooling you yet and again, ok they standardize the CLI&CLR but not
So each time i look as fud such as "mono" it makes me laugh, not because it is not feasable far from that but just because Sun has proven that instead of doing the port it is the port velocity (ie be able to have the same update on every platform) that has momentum !
That's why no
Anyway portability is the key to get out from MS.
-4R34'.