Slashdot Mirror
Passport for Linux On the Way
mrsam writes "PCWorld reports that
Microsoft comissioned
Ready-to-Run Software,
a small software vendor,
to port the Passport server software
to Solaris, Red Hat Linux, AIX, and HPUX. Oh, joy."
← Back to Stories (view on slashdot.org)
embrace.... extend
Does it really matter?
The fact that Passport server software will now run on (some of) the unices isn't really a cause for dismay; although it may speed uptake of Passport, it also removes another reason for a web service provider to use IIS.
Any company that really *wants* to run Passport WILL. It's just a matter of what platform they run it on.
Is it just me or is the idea of centralising security bad?
It seems to me that a spread of security/password systems is better, since a comprise of one does not comprise the others?
Somehow the buzz to make everything easier overrules normal safety practises. Do we not get told not to have the same PIN for different credit cards?
One wonders what MS's true intentions are in porting this to Linux... embrace and extend?
Can you even do that to something as complex and loosely-coupled as the open source community of linux developers?
They probably just realized how large a marketshare Linux is getting on the server side and want to attain total market dominance for their worthless Passport product, lest we develop a better, more secure alternative. Hint, hint: won't work, MS. Much like Gnome, KDE and the other 10 or so windows managers, we are all about freedom and choice and will code alternatives to the alternatives to the alternatives until sourceforge runs out of disk space. Just because we can, just because we love coding and have common ideals for what life should be like: Free, especially of YOUR control.
You morons, hie is not saying they don't exist, his statement is more directed at there poor support and reliability under any OS other then Microsoft.
They are rarely updated, and they often break.. From my exp FP ext's are the bane of most linux based hosting companys and cause a majority of the support load..
I once worked for one of the largest free hosting provides online, they bought out a Windows based company, The original plan was to switch them over to there linux based system, But after seeing the numbers keeping the windows servers ONLY for people that required FP was considered,
It is pretty much a known fact to anyone in the webhosting industry that FP ext's on linux are flaky to say the least
Personal Website
So let me get this straight. Their productivity software, Office, that uses de facto document standards and which can currently be sold for a profit, they have no intention of porting to Linux.
But a broken, hole-y DRM/anti-privacy schema, accepted by only a few and generally looked on with suspicion, being developed with no profits in the near future to -- that, they're porting to Linux.
Uh.... HUH.
AHHHHHHH! I'm burning with goodness again!
- Reakk, Sluggy Freelance
Actually, seeing Microsoft source code, but under a dodgy "pseudo-open" license is actually worse than not seeing it at all. You become "tainted" and MS may well sue you if you work on a conceptually related project. They have taken legal action in the past. NTFS driver development in the Linux kernel was effectively halted, for example, over such an issue.
That's why most MS releases are WORSE THAN USELESS.
You see, Microsoft are doing it, so its O.K. It will be perfectly secure. Everyone trusts Microsoft, theres nothing to worry about.
Until the first Passport Server exploit is found.
Will it happen? Undoubtably. I'm not saying that because it is Microsoft, although that is partly a concern. I'm saying that because a computer which is connected to a public network can never be secure. Microsoft seem to have a worse track record for secure online systems than anybody else, and it doesn't really matter if that is because their code is inherently worse, or simply because Microsoft platforms are more widespread. The previous trends would indicate that Passport Server will be insecure, and that data will be compromised. It won't matter if it is running on Windows, Linux, HP-UX or Unicos : Your data will not be secure.
Now, all you have to do is enter you credit card # in that little box there. Go on, you trust Microsoft now, don't you?
For companies that already have passport for certain things, you can setup a secure, fast, *nix server, and allow the few half-wits that use passport to authenticate. How many people got excited by the prospect of being able to do groupware, email, and calendar funtions like Exchange, but without using an Exchange server? This could be the same thing; a way for *nix admins to use their current systems, and support their users who choose to use this thing.
Overrated / Underrated : Moderation
If you don't want to use it - don't install it. If it's installed - turn it off.
(I also encourage people not to use Passport in my academic capacity - and I tell them why).
I fail to see why MS is providng ports to platforms where the user base is so hostile to the concept of the massively insecure single sign-in
It's not you: I'm just this horrifically socially awkward with everybody.
chroot() jail
A computer without Microsoft is like ice cream without ketchup.
First of all, everyone is gonna love Microsoft for porting its great universal authentication solution to the *nices platforms, making it more universal. Big *NIX companies will buy the software and will offer Passport support to their clients. Then, after a couple of (outdated) versions, specifications will change without previous notice and the implementation will be worthless, the performance will go much below that the native winXX version, big companies customers will start bitching around about lack of support and functionality, and the final response from M$ to big compianies will be 'our passport system was created to work from the ground up on the .NET framework, which uses native winXX functions not available in any other working environment, thus we cannot guarantee the correct behaviour on other platforms'.
End result: big company will migrate its *NIX servers to M$ platforms, and big company customers opinion about how *nix sucks, and how far winXX is superior at accomplishing the same tasks.
Don't you see it's all but just a FUD game the M$ people is trying to play with you?
Articulos para gente geek: Poleras, linux, libros y mas
A properly set up centralized security server does nothing but run the authentication services and possibly the authorization services. It should not be running other services such as NFS, print services, HTTP servers, etc.
That is not to say that different applications can't use secondary passwords to authorize certain facilities, or to mandate a seperate security ticket for the duration of a special session (e.g. starting an admin tool to add new users to the application's authorization set, or changing their authorization lists.)
Many authentication and authorization services also support facilities like session limits (the place I work at right now only allows each id to be used for a single client station at a time; development and support staff are a special case.)
Centralizing security also means that you only have to deal with hardening one set of authentication servers (gotta have redundant server clusters in a large environment for something this critical!) When patches are needed, you know they've been applied because you don't have to run around to all the application, data, and web server systems. Some application/web servers might break if they aren't patched to work with the updated security server, but that is a good thing -- you don't want outdated clients being authenticated when they're running software that has known security issues.
However, there are far better products out there that aren't limited to Microsoft clients. Tools like Kerberos, Verisign products, Netware, etc. I just cannot fathom why anyone would voluntarily limit their options rather than just using a non-Microsoft product.
I do not fail; I succeed at finding out what does not work.
Liberty.
Why Passport?? *shudders*
HTTP/1.1 400
i don't think it would be very difficult to install the passport implementation on any other distribution. essentially RH doesn't differ that much from other "modern" distributions.
;-)
the problem is of course certification. if passport is only certified to work on RH linux, other distributions might be able to run it, but only passport servers running on RH linux will be accepted as being valid passport servers. just a thought...
maybe it's a smart move by MS to allow only passport on one specific linux vendor. suppose passport becomes the primary way to identify yourself on the net (*shiver*), it will enable MS to use their embrace & strangle policy on RH, effectively killing "commercial linux".
maybe they're just being ignorant though, thinking RH = linux. an often made mistake
What is the purpose of this? Do they really expect people who do not use IIS to use Passport? To what purpose? Think!
The fact that you have this thought is why you will never be a competition for Microsoft (that and I'm guessing a 100 billion dollar income difference) but seriously. Wether you use IIS or Apache is irrelevant to passport users. They don't CARE. If they signed up for passport they think that you OWE them passport support. You can say "screw those end (L)users if you want, but they are a revenue stream and that is not considered "Best practices"
Microsoft knows that by giving Linux/Unix users passport (which is probably shunned by everyone with a 'nix desktop they are catering to WINDOWS desktop users. Think about it, they are using Linux admins to cater to their clientele in the name of being 'open source' friendly.
From my exp FP ext's are the bane of most linux based hosting companys and cause a majority of the support load. From my experience, FP Extensions are the bane of quite a few Microsoft based hosting companies too. "If you can't beat 'em, join 'em" - Microsoft
Roadkill is yummy.
Yes, think about it, *why* are they sharing the code?
They are fighting fire with fire, all we, as coders have to do, is to see the code, and we are now tainted, and can not legally implement a competing code base.
The same as if they use GPL code, it taints their talent pool, if we *see* their code, it taints ours.
be very careful when offered a bite of this apple.
and customers that don't understand their technology or options.
honestly, u can use ldap with pam and smb for win authentication that will work across windoze and *nix. i love ldap and it's amazing how once company just kinda doesn't wanna push something that's a standard in light of their own crap.
it's too bad. but this is typical and unfortunately only the companies and groups that really 'get it' will ever implement things the 'right' way. this is true with probably every software solution.
i can see those guys at that company thinking this is a great idea, but it's not. bad ideas should be shot down and buried. passport has numerous problems and needs to be put in a hole.
of course, like everything m$, they won't bury it. they'll keep bolting on to it until people give in or roll it into something else (read: sneak it in the back door).
...please forgive my pseudo-rambling, It's going on 24hrs since I last slept ;p doh! ...
...and don't give me that crap about "nobody is buying X-Box systems". You're right, nobody is buying them. That's not the point. If MS was worried about sales, they wouldn't be giving away litterally hundres, if not thousands of consoles regularly. Pepsi shortly ends yet another "500 free X-Boxes" promotions this month. Who as ever heard of a console manufacture regularly givining away thousands of systems as much as a year after launch? MS only cares about
Look, the primary reason for passport logins is in order to attract customers. PERIOD. If MS can offer passport security (sic) login support across nearly all commonly used platforms, then they can potentially approach a company with large volume customer interaction such as AT&T, FedEx, etc... or even our Government and use the sell line of "XX% of the US internet population has access to Passport, and XX% of internet users already have accounts created, reducing your sign-up/registration headaches. We would like to offer you this secure (sic), unified login solution for your customers as a convienence to both you and them. We can even integrate all of your customer service functions into this login for you as part of your initial installation! We'll even support your internal *nix environment so that you don't have to change servers (!for now!)."
So, then say, FedEx says hey, that sounds great, we can integrate everything into this, and it looks like everyone already has a Passport account, and there's no change in equipment on our end, and wow this will really make it easier for our customers to login and issue shipments, track shipments... We'll take it.
Microsoft never abandons a product, period, they just repurpose it a few years later. The MSN network never died, MS is just trying to co-op the internet under their wing. They want all data to come through them so they can get on with the subcription model they have been trying to migrate to since 1995. Passport has one primary purpose, it is the login mechanism of MSN, and the leverage to get companies to chanel data through MSN, which get's more customers, then more companies, etc...
Once MS has "critical mass" on Passport, they can leverage it even harder as part of their DRM initiatives. This isn't to control what you see and here per se. Remember, MS is about one and only one thing, maximizing the profit of the shareholders. PERIOD. If every piece of data has to pass through a piece of MS technology, even a nominal toll of cents becomes a tremendous amount of money.
What do you think the X-Box is all about. It is about marginalizing the PC. Just wait till next year when the data/streaming formats that are only X-Box compatible, or X-Box first start to role out. Just wait until you can subscribe to Office on your X-Box variant... Not only does this completely elimiate anti-trust issues due to the large volume of established law supporting the rights of hardware manufactures to control the content on their systems. The consolidation of all of these technologies over the next couple of years will give MS even more leverage in pushing their protocols to prospective clients... thus feeding the loop.
DRM components on a PC may or may not ever happen, but I believe the whole discussion will be mute in a number of years anyways...
Really, it's the OS that we don't want Microsoft controlling right?
If this is a move on their part to start supporting Linux as a "valid" operating system, and start developing applications for it, I'm not upset with that one bit.
You can "OpenOffice" all you want, but personally, I *do* like Microsoft Word. And I like Outlook. If they started making these applications available in full form to Linux, I would run them.
Personally, I think that down the road sometime (probably not very soon) Microsoft will be developing real products for alternate operating systems. On one hand, they want everyone to use Windows. On the other hand, there is a growing amount of users switching to alternate systems, and Microsoft would love to sell you software. At some point, unless something goes horribly wrong with Linux, the community won't be able to be ignored.
Ahh well. Who cares what I think anyways.
- It's not the Macs I hate. It's Digg users. -
Everybody please avoid Passport for *nix when it comes out - they are in all likelihood doing the exact same thing. They will abandon you as soon as they get what they want (i.e., a monopoly position).
-----
Free P2P Backup, Windows & Linux
I used to work for them a couple of years ago as an intern- and am still friends with many of them. They're a great small company- I loved working there over all the other places I've worked since then.
They're good folks- diehard unix people(the president, Jeff, is one of the most experienced unix people I've ever met) who have been, for years, making various open-source software easier to install/use, backing the packages with support, and folding changes back into the community. They've been doing this since the very early 1990's.
One could argue that RTR helped, in a major way, bring open source software into the corporate world. Not with Linux- but with all the commercial unixes. Solaris. HPUX. AIX. Irix. etc.
Their ReadyPaks, at the time, were practically revolutionary- with one command you pulled a full installer off a tape, installer asked you a whole bunch of questions, and boom, you got a working installation. It was exactly what many large companies were looking for- open-source software fixed up, given a good installer, and a commercial company to stand behind it for support.
Whereas you'll see other people talking about how to bring free software to the business world- RTR has been doing it for over 10 years.
So if you're going to grumble about a company- please don't grumble about RTR. Much of the open source GNU packages you use today, especially on the non-free unixes, work better(or at all) on those platforms in part due to RTR.
That said, they are a very small company, folks- please use google caches and stuff to keep from swamping their line/webserver....
MS's release of technical information and source (even, as was mentioned recently, on demand from the courts) *is* a joke, as you've pointed out -- it pretty much is a legal ploy to entangle people in legal barriers preventing from them from working on competition.
:-)
But, let's also be fair here. This is *Microsoft* and *Slashdot* we're talking about. If Microsoft BSD-licensed Windows and released the source, there'd be a ton of people on here talking about how it was an attempt to crush Free Software by making BSD licensing more popular than the GPL.
May we never see th
But that is precisely the kind of problem I'm concerned about. When you are dealing with any sort of security services, you do not want server patches held off because of a package dependancy that you have no way to work around. Some of the patches that don't get along with ASE 12.5 are rather important security patches, for example.
I do not fail; I succeed at finding out what does not work.
I'd rather live in a world without Microsoft Office (with all that that entails of .doc-files and other horrors) than a world without Microsoft Windows. The OS is just one piece of the computer experience. Someone running XP at home? That doesn't hurt me, happily using GNU/Linux. Microsoft controlling password servers and document formats? That does hurt me.
Not agreeing that Unix FP extensions aren't broken (I haven't used them enough to be an authority on the subject, I try to avoid supporting microsoft server technology if I can help it), but its a flawed argument to say because he had some many phone calls, that anything is broken. If you've ever done tech support everything involves a lot of hand holding, I've had thousands of phone calls in tech support about STANDARDS, let alone Microsoft generated standards. We are talking about front page customers here, I've had who knows how many phone calls about people who blew out their motherboard by changing mice while the machine was on repeatedly, does that mean their motherboard design is broken. All technology requires some understanding of what to do. Front page users are not the most sophisticated web designers.
Like many tech companies, Microsoft is about maximizing its own short-term stock price. To a manager with millions in stock optons, this is more important than anything, even profit.