Slashdot Mirror
eBay Retires MS Passport Sign-In
fihzy writes "eBay have announced they will retire Microsoft Passport Sign-In and .NET alerts. The Microsoft Passport Directory of Sites has been discontinued, too. Is Microsoft's Single Sign-On vision edging towards oblivion?"
Good Riddance to it!
Tell the truth and you won't have so much to remember.
On one hand its cool if you forget your ID, because you use the site infreqeuently... On the other hand do you trust Microsoft that much?!
All editors at the slashdot camp are sporting wood right now pending this wonderful M$ news!
Is Microsoft's Single Sign-On vision edging towards oblivion?"
I sincerely hope so.
http://en.wikipedia.org/wiki/Microsoft_.NET_Passpo rt
Did I miss something? Was Microsoft's single sign-on vision ever in danger of becoming main stream?
Is Microsoft's Single Sign-On vision edging towards oblivion?
It's been dead for a while, people are still cleaning up the carcus.
Michalangelo Progr
enough said...
...Bill Gates said... /me shrugs
As a Webmkaster, I would like to have some simple authentication solution, so that the users dont have to register in forums and what not to post. However, the implementation is just unacceptable:
Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.
Why bother to sign in to passport when each user will only run windows longhorn, and each user will have their own account, and the current active account can be queried by the website via some new fancy secure API initiative that will be in longhorn... thus forcing everyone to have to run longhorn in order to do so much as use ebay or amazon...
;)
or perhaps I am suffering from wearing a tinfoil hat too much... but I think I might be on to something... replace passport with something directly tied to windows that users have no choice in, since their machines have unique ID's, as do their accounts... they will not be able to be anonymous on the web, and said info will be used to make browsing easier for average joe q. public, meanwhile identifying every user out on the web... really sneaky...
---
Programming is like sex... Make one mistake and support it the rest of your life.
I've said it before... Yahoo has done single sign in, and they've done it well without being abusive. Why MSN couldn't compete, I have no idea (since I never used their stuff). With Yahoo, it's all tied together relatively seamlessly, with extra security when you go to buy stuff. But with one sign in, you can get customized mail (of course), weather, financial info, news, message boards (Yahoo Groups), bookmarks, etc, etc, etc. So it's not that it can't be done and done well.
I don't respond to AC's.
So THAT'S why I couldn't connect to all of my favorite Passport sites. My functionality has been seriously limited here!
6 months after MS Passport was introduced on eBay I started using it. I gave up using it 3 months later after missing numerous sales due to passport authentication fscking up and logging me in moments after the bid deadline ended
Eventually, I got a new login and walked away from one with 20 favourable reviews on it thanks to that damned system. Hope it fries in hell.
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
I read that as 'requires' instead of 'retires' and gleefully clicked on read more to see the frothing at the mouth that I assumed every single post would contain. What a disappointment.
Only other place i have seen that used it was Asheron's Call games.
.net passports even though i have several. Ebay already knows everything...why bother with passport.
Those are currently being transfered to the developers in-house system.
In a couple months that use will be gone too.
What does that leaving using it? Hotmail?
I never even linked my ebay to one of my
Nice idea but only handy if it filled out everything for you on lots of sites, which i dont think i'd like the idea of anyway.
When it arrives, single sign-on is going to have to come with some bill of rights for users...I don't see MS providing any level of transparency.
The .NET Passport service offers streamlined sign-in at a wide range of Web sites and services that are soley owned by Microsoft.
We have discontinued our Site Directory because nobody really trusts us and few people really care, but you'll know when you can use your Passport to make sign-in easier and the marketing data more easily collected. Just look for the .NET Passport Sign In button! We have one at least. You can use the Passport account you created to get us to stop bothering you about it after your Windows or Microsoft Office install process. One day, the powerful Passport login will give you exclusive access to Security Patches, Updates and Service Packs.
Why not get used to it now?
US Democracy:The best person for the job (among These pre-selected choices...)
The notion of the "security key" id apart from the normal login. Its a kluge approach which confuses users that they need to fix long term.
What is this E-bay?
At least posters here won't need to worry about renewing their domain names anymore.
A big Nelson "hawhaw" aimed at Microsoft
Microsoft's Passport sign-on was never a single-entry system, even within Microsoft's sites. Not long ago they started requiring a Passport account to post to the MS support newsgroups, so I reactivated an old Hotmail account. Surprise! Logging on to Passport thru their newsgroups did not get me into Hotmail; I had to enter the Passport account and password individually for each system, whether I entered them sequentially or simultaneously thru two browser windows.
As usual, Microsoft paid as little attention to their proposed standard systems as the rest of the industry. (Remember, Windows Notepad didn't get the Ctrl-O and Ctrl-S shortcuts until Windows 2000, even though other MS programs had them in Windows 3.x.)
I figure by 2030 or so my 6-digit UID will be something to brag about.
Bad idea, implementation irrelevant.
Instead of having to compromise each site (presumably on a semi-secure server), have just one single entity provide and verify the virutal avatar... based on data resident on a machine administered so incompetently as to have six types of spyware and four spammer worms on it because the underlying operating system is as secure as swiss cheese.
> Small sites who would benefit frim such service don't have $10,000 to throw around, and large sites, which do have the money, just will write their own username+password code.
I've lucky in that got a good "mind" for (secure!) passwords and have no trouble remembering dozens of them.
But even if I didnt... even if I wrote all my userid/password combinations on Post-It notes, a Post-It note resides in an area with reasonably secure physical access controls. Not so with a network-connected PC and a single-signon application.
Passport does have a lot of users, but only for Microsoft stuff. MSN, Hotmail, and Xbox Live, all very popular, use Passport.
(Xbox Live's case is a little more complicated, but it does use Passport at its core.)
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
Is there _ANY_ way I can change my MSN accounts PRIMARY email address to be something besides hotmail?
Example change from blah@hotmail to blah@gmail - retaining all my information / msn contacts etc?
I really don't want to use my hotmail account anymore and this is the only thing holding me to that spam festery hole.
That .NET Passport signin broke for me the first time i used it with ebay and then i was unable to set up an ebay account for an entire month.
"all through my house i set up traps, it seems like the rats have a map, so now i feed the rats crack" - Donald D
Not mentioned was the sworn statement of Condoleezza Rice who went on to say that Microsoft had no information about anything or anyone......ever....
I would have loved to have used Passport, but they want MONEY!
Microsoft? Wants money?? Get out!!
Microsoft can trot out a list of companies participating in their latest 'innovation', but no matter how many companies sign up at the start, it really says nothing about the eventual likely success or failure of the system.
Too many people (especially pundits) see such a list and take it as irrefutable evidence that the thing in question is destined to take over the industry.
September 2011: Looking for Cocoa/iOS work in Boston area Cocoa Programmer Quincy, MA
Somehow Microsoft failed to consider that
1) with their record of bad faith toward their own customers and their ongoing security lapses, most knowledgeable end users would not trust Microsoft to manage their personal information, and
2) with their record of bad faith toward their own business partners and their ongoing security lapses, online retailers wouldn't relish the extra burden of sending a monthly tithe to Microsoft.
Luckily Microsoft makes bazillions off Windows and Office and can throw a couple billion here and there on various schemes--gaming, set top boxes, what have you. They know as well as anyone that the commoditization of operating systems and productivity software is underway and they won't be able to maintain their margins forever. If they don't find a cash cow soon they'll be forced to (horrors!) make less money.
I have a Passport account for the Microsoft Newsgroups and for my MSDN Universal subscription. I would constantly have to relogin to these sites whenever I opened the browser, even if I had already logged in to the other site. It was like a Single-Sign On system with multiple sign ons.
Forget the whales - save the babies.
I tried to use it multiple times. I'd be logged into MSN, MSN Messenger, reading hotmail, and in some new window (using IE, even) I'd try to log into eBay and, nope, same page, repeatedly, asking for the username and password.
I'd have liked for it to work, but I don't think anyone at eBay ever actually cared whether it worked.
I think some people are scared away because they believe that you need a hotmail-account to have a Passport. Not everybody want yet another useless, spam-filled webmail address.
The fact is that you can use your regular email with Passport, but I think alot of people believe these two services to be the same.
Maybe MS just need to relaunch the service. When it was created, Joe Average didn't have a gazillion different passwords. Things have changed since then.
I wrote a login/password script with no effort in less than an hour. The hardest part is getting an internet protocol compatible programming language, and actually writing your application.
What they were asking is like holding the door open for someone then asking for a hundred spot.
Passport not only had security flaws, but would be the biggest target ever imagined for phishing scams. Its funny too because the passport URL was so long that you didn't even see the www.microsoft part. You could have sent them to any site to login, and just kept their login and passport.
Microsoft failures are great for jokes.
God spoke to me
The thought of a single web-based logon for access to so many different entities kinda scares me... Especially once it spans across companies.
It's sometimes irritating to remember a number of different logons/passwords, and maybe I'm just paranoid, but I prefer the compartmentalization that separate logons brings.
The Passport concept was, and still is good. I never gave MS's attempt a real chance, because I was annoyed of programs like MSN Messenger and XP Remote Assistance bugging/requiring me to get an account.
Anyway, the idea of a simple username+passport system for the 99% of websites where we care about security "a little" does exist. I think Passport was overengineered. I suspect that a most people will NEVER trust their bank passwords to the same system that holds their Slashdot passwords. Without that level of security, a lot of the engineering and compliance testing and associated costs aren't necessary.
I would imagine that "all" that's needed is a big database, some public key system, and a client-side tool to fill in the login forms. It's not THAT tricky.
I'm imagining someone like Google being able to offer this with relative ease. The GoogleToolbar can handle the client-side for automatic logins, or each site can provide an alternate manual login form. Google can easily handle the distributed database and web services stuff. And the free publicity would be excellent - a lot of smaller sites already have Google Logos for their site search, adding one on the login forms is probably reasonable.
I do believe in Santa
i do believe in Santa
i do
i do
Is Microsoft's Single Sign-On vision edging towards oblivion?
Yes, the MS single sign on is going away and here's why. Anyone from Redmond reading this, listen up.
Microsoft is not the Internet.
I know, I know it's hard to believe...but it's true. The online community is actually *much larger* than Microsoft's vision for it.
This is why "embrace and extend" (and then make incompatible) keeps failing as a strategy.
Weaselmancer
rediculous.
I hope not, I so liked the idea of having one login that if compromised would allow access to multiple sites for multiple micheiveous activities. This is why I used my
Please say it ain't so! How else can I be throroughly humiliated with just one account being cracked?
Microsoft's single sign-on is. Amazon isn't going anywhere, they're the best online shopping site period.
you have to cut the cheese to see the holes
so you really cant compare that to windows
stop supporting microsoft with pirating their software!!!!!
And some say sarcasm is a method of counteracting the pitiful acknowledgement of ones diminutive organ for procreation.
A Freudian slip is best served cold, wouldn't you agree, good sir?
www.newegg.com
If someone says he and his monkey have nothing to hide, they almost certainly do.
As an innovation leader, MS has never been successful, but as a follower, it always can kill the leader and take all over the harvest.
-- forgive me my poor Engl...
I always wonder who those mystery customers are that they listen to? Because they sure are a bunch of twit wits. I've never met anyone in the business who's admitted to being one of the people MSFT listens to and I've represented some pretty big customers.
WIll the customer that MSFT listens to please raise your hand so we can kick the crap out of you. Thank you.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
...may it rest in peace... and FOREVER.
I don't want my password to be stored on a computer.
If I did, I would want it to be my computer.
If I didn't want it to be my computer, I wouldn't want it to be on a computer I had to pay for.
And even if I were willing to pay for the inconvience of having someone else be in control of my passwords, I wouldn't want that person to be Microsoft.
Passport was based on a flaw premise;
The reason we don't provide personal information to every site that asks for it isn't because it's too hard to type it in.
-- Should you believe authority without question?
Yah I trust Enron over some crappy small company any day! Not only are the lagre and, thier books are over seen by an independent accredited accounting firm. Wait never mind.
This isn't offtop it's just plain stupid. And PayPal was was bought out by E-Bay a while ago.
Certainly looks like MS have had enough of .NET Passport... Mouseover the "How do I become a .NET Passport Site?" on the directory site and it shows "http://www.microsoft.com/net/services/passport", but click it and your redirected to "http://www.microsoft.com/NET/default.aspx" with not a mention of .NET Passport.
how about i let a convicted corporate crimminal hold all my personal information, including user name & password, creditcard names/expiration dates/account numbers...
does that sound like a good idea to you???
it would be a really really cold day in hell before i let the likes of a greedy corporation such as M$FT have any of my personal info...
Apple's keychain always performed the same functionality, all while being more secure, and not requiring any special coding on behalf of the websites.
I already have one password for everything.
grep -iw skynet
...And it stinks.
.NET Passport enabled site?
I've got a Passport because of my MSDN subscripton, and it's the only reason why I've got Microsoft Instant Messenger running on my system. But, it NEVER WORKS-- IE is supposed to realize you're signed in with your passport, and let you right on through to subscriber downloads, but that never happens. Everytime, I'm forced to sign in, and then hit the "I Agree" button to the MSDN Subscriber Agreement each time, as if I'm signing in for the very first time, every time.
Sure, that might be lazy to not want to be hassled by those few key/mouse clicks, but if you're going to implement a feature and then require your subscribers to use that feature, at least make the feature work. After all, that was supposed to be the reason for Passport integration into XP, right? Just sign into Messenger, and then you'll be recognized at any
I don't moderate anymore. Karma penalty for 90% fair mods? Can I mod that unfair?
Did anyone else read the article as Ebay requires MS Passport Signin ?
I almost messed in my tighty whiteys!!!
The GoogleToolbar? I thought that died along with IE. Is anybody using them still? Those poor, poor people. They have much bigger problems than remembering passwords, I tell you that.
And just try to mention the unofficial one(s). That was not what was meant, and you know it.
Why Microsoft ever thought it was a good idea to put all eggs in one basket is a mystery.
They (and the rest of the industry) are headed more towards a federated security world, where you have a myriad of stores with your identity, and realms of trust between servers. So it would enable single sign-on between your bank and other partners they worked with, but not necessarily have the same data that your favorite blogs or what have you would use.
One example of a federated identity system is the Liberty Alliance project, as usual Microsoft has their own take on federation I think with the WS-FEDERATED web service standard (proposed).
"There is more worth loving than we have strength to love." - Brian Jay Stanley
In Redmond, WA, ... the Internet reboots you !!!!
-- "It's not stalking if you're married!" My Wife.
...film at eleven.
So, what's he going to do next? Build ShortHorn into every telephone?
Got time? Spend some of it coding or testing
Another loss for Microsoft, and another score for our privacy and rights on-line! Forward the revolution!
The people at Microsoft are such bullies.. Now give me a bunch of points for being insightful or i'll beat the shit out of you. Now don't tell anyone we had this conversation
Everone and their cousin seems to be jockeying to have THE single sign in solution...why should Ebay, which already possesses some of the most popular sites on the web, and therefore could relatively easily make a single sign in for those (HINT, HINT, EBAY!), kiss Microsoft's ass?
'Course, say Ebay did dominate this field...would Microsoft play their game?
Is Microsoft's Single Sign-On vision edging towards oblivion?"
Ever since day one, why?
This was one of the projects that was ripped apart from all sides before it was even launched. Then, as soon as the hype had died down, it was hardly mentioned anywhere. Hypeware, start to finish.
Assorted stuff I do sometimes: Lemuria.org
This, and the new MS push for signed code as a way of supposedly achieving security (as on the XBox) is all about one thing: MS wants to find a way to own some really important crypto keys. If they own private keys that MUST be used in order for the world to continue functioning, then they get huge amounts of free money with little effort.
For example, take the XBox. To run code on it, you have to have your code signed by Microsoft. For this, they have a private key (whose matching public key every XBox knows). Now they control access to the platform, and if anyone at all wants to sell software that runs on the platform, they must go through Microsoft. And there will be a "small" fee for getting Microsoft to evaluate your code, determine it really is safe, and sign it (or issue a certificate that allows you to sign your own code). Just a nominal fee, not really huge, just enough to make all the people at Microsoft filthy rich.
So, Microsoft is already doing this on the XBox, and their plan is (I think) to spread this wider and wider. Passport failed, but XBox works, and they will at some point try to add this to Windows under the guise of better security (even though it's not -- the XBox has proven that one exploit that allows you to run arbitrary code lets you circumvent the whole system). The goal is to control authentication "on behalf" of other programs, because then you can force everyone who writes any software for the platform to give you money. (All the better if MS can use the RIAA's and MPAA's fears to get them to lobby to restrict individuals' rights to run arbitrary code on their computers.)
email and IM; authenticate using them. this is happening already when you click "forgot password?" and the password is sent to your email. so, in effect your email password is like your only password. changing you email password is kind of like changing ALL your passwords.
why?
the only common communication channel on the internet is email and -a bit less so- IM.
eg.: each time you sign on to a site you can get a different password for each time you log in via email or IM.
--- widget evolution: enhanced, plus, super, ultra, extreme, exxxtreme, ultra-extreme,
I'd say this brings down the curtain on MS's ambition to extend their "tax" to all online transactions.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
When I saw this, I thought 'hang on, I can now register for an account!'. No, hang on, this makes sense...
Much of my office communicates using MSN Messenger. I don't like it but never mind... I had never signed up for an account because, with Passport around, I didn't want to provide them with the slightest additional encouragement and blip in their userbase statistics that might help persuade another site to join their unholy alliance. Now that possibility appears thoroughly dead, I can sign up for one in peace and be able to send quick messages to colleagues more efficiently than through e-mail.
Greg
(Inside a nuclear plant)
Aaaarrrggh! Run! The canary has mutated!
I always got a chuckle when I went to log in to eBay. They had their secure login OR you could log in with your .NET passport if you preferred.
proves that passport is so dead nobody even cares to flame it anymore! yaay!
"You never want a serious crisis to go to waste." - Rahm Emanuel
Once you understand how Passport works and would work in the future, it is so clearly a horrible idea that it is not funny. People often only think of it as a central repository for storing their passwords. Some like this idea for its convenience but the Passport model is so half-baked it is not even funny.
If you want to understand how a truly well-designed system will work, take a look at the Liberty Alliance. Instead of the central repository method, it uses a federated approach to the problem.
For example, if you have a bank account, a utility provider, and your employer, there is no need for those three entities to share all information about you. It should be up to you to define which information is shared, but you should only have to maintain it in one place.
If your employer knows your home address, why not allow this data to be shared automatically to the other entities? Don't want to? Then you don't have to. You employer may know your bank account number to deposit your salary. Your utility provider may know your bank account number to deduct your monthly bill. Why not tell your bank to share this information with your employer and utility provider? If you change your bank, then your new bank will automatically update this information.
Of course all of this has to be done in a secure way. But it is more likely that your bank will have secure connections to other entities than the layer where you inform those entities yourself.
Best of all, the approach from the Liberty Alliance does not leave one vendor with the master key. The keys are still with you, you just might give certain keys to some of your vendors.
Every time you login you could be presented with Text adds relevant to the site you are visiting.
To the webmaster and the user it woudl be free....
IANAL but write like a drunk one.
There aren't many incredibly useful, really innovative ideas coming out of Microsoft these days, or ever for that matter. From a technical standpoint, Passport was brilliant. Think about it. You sign up once at a central location, and then you can use that user id practically anywhere... in theory anyway. Thing is, no matter who you are, the only way something like that is going to work is if you create it with an open interface that you allow people to use (and forcing end users to use it didn't help things either).
Microsoft may have a couple great ideas once in awhile, but openness isn't exactly their strong suit. By the time they realized that they couldn't charge people to use Passport on their sites if their goal was to get people using the system, it was too late.
As it happens with Microsoft, I think this whole thing acts as a learning experience. The idea of Passport was neat, and I would like to see something like it pop up. It's a very useful, very logical, very practical idea. But it needs to be free to use, and open to developers. There probably isn't a practical way to suck money out of it, but that doesn't mean that it's not worth doing... again.
This signature has Super Cow Powers
When you signed up for it did you start getting lots of spam?
No? You mean they really didn't sell your personal info to everyone?
Has anyone broken into their server and stolen your information? No? If they did would they have anything really important like a credit card number?
As usual you guys just love to gripe about Microsoft whether you have something to gripe about or not.
In this case be careful what you ask for. All of you jumping with glee about this are officially banned from bitching about the New York Times registration the next time an article comes around. You better get used to it since a lot more sites are going to be doing it soon. You better hope those new registrations don't sell your info or have insecure servers. I assure you that MS, sorry M$, has invested quite a bit in the security of passport. They also know that to make it work they must ensure privacy. Others may not care.
There's the Liberty Alliance, which seems to be picking up some speed recently.
There's also the SAML initiative from the OASIS group.
Chip H.
What is needed is a way by which I can authenticate myself directly, rather than relying on usernames and passwords. There's already a framework of digital signatures which could be adapted for this purpose.
I imagine, perhaps, a system where my "login ID" is a combination of a username and a host which provides an authentication service. The authentication service would do what Passport does now, but there will be lots of them rather than just one. My "account" on each site will just be linked to my login ID with no password attached.
In this scheme, more technically-inclined (or paranoid) users could run their own authentication servers while others could use commercial authentication services such as Passport, all using a common protocol. The certificates come into play when this scheme is also used to assert facts about a person, but they are not a vital part of the scheme as the minimum necessary is just the ability to know if the user trying to log in now is the same user who previously used this login ID. Using certificates allows a user to assert that they are a given real-space person who resides at a given address, for example, which would be important for applications such as banking and online voting but not so important for logging in to slashdot.
If done right, the site I'm logging into will only ever need to see a transient session ID. The password or other authentication token will be sent to and processed by the authentication server which will issue a session to the requesting site. Since most users will then only have one identity and thus one login ID, this could be done transparently behind the scenes so that the user gets an account and session created magically on the first visit to a given site and the session will automatically be renewed or a new session generated on subsequent visits, without the need to sign in once for each site.
The Passport idea isn't a bad one, but it does need to be open and decentralised, and would benefit also from a granular certificate framework which can assert certain facts to trusted parties where necessary.
Note that I'm not asking if having a central trusted KDC is a good idea, just whether it could be used in the same way that Passport's sign-on services used to be. In other words, a user could log in to the KDC.GOODCOMPANYWEALLTRUST.COM domain and automatically have open access to all of their services that trust that realm. Throw in some Kerberized LDAP goodness to allow those services to retrieve a specified subject of that user's data, and you're done.
Since it apparently isn't as easy as I've outlined, what am I missing that complicates matters so much?
Dewey, what part of this looks like authorities should be involved?
Does anyone have a clue as to when Hotmail will be running properly? This is just a tad ridiculous
MS wallet was their last attempt to unify credit card info. I predict "MS Visa" next! Of course everyone will jump on the band wagon, then realize no one is using it a year later.
- signing up to a service means to give them your public key.
- singing in to a service means to get a challenge, sign it with your private key and send it encryped back. OSS browser could be implemented to do the challenge/response for you.
I did not think much about it (I just had the idea), but I think that there wouldn't be any privacy problem. only the private key is *really* important...
http://www.maxim-ic.com/products/ibutton/ and, more specifically,/ java.cfm
http://www.maxim-ic.com/products/ibutton/ibuttons
Read the second link for all the tech-details. These things are pretty amazing:
durable, cheap, crypto-secure, and can be mounted on a key fob, ring, watch, or
other personal item...whatever thing it is that you, personally, have spent
your whole life learning not to lose.
When I started learning about everything they can do, I was amazed that they
weren't more widely known (although there are more than 85,000,000 of them in
use around the world.) Slashdotters looking for new toys to tinker with and
code for would do well to look at this platform. It's ripe with options,
capabilities, and possibilities.
In retrospect, Microsoft made a bunch of mistakes:
4) There were many, including no capability to delete a Passport, and transferring private data via ordinary e-mail when you tried.
If those of us who watch Microsoft have learned a single thing over the last fifteen years, it is that Microsoft never, ever throws out a single line of code. Passport may well move out of the limelight for a bit, but one can have absolute certainty that it will rise from the shadows as do all things undead, to live among us again.
Don't take life too seriously; it isn't permanent.
Too many people (especially pundits) see such a list and take it as irrefutable evidence that the thing in question is destined to take over the industry.
:-)
Too many people (especially managers) see such a list and take it as irrefutable evidence that the pundits got it right this time.
Around Y2K, I came under pressure from management to switch an Apache server to IIS. An employee had approached them with propaganda^W an independant white paper that showed that IIS was cheaper to operate, more secure and easier to develop for than Apache. Needless to say, this got my attention.
The white paper turned out to be a paid-for reprint of a magazine article. I went through ten reference customers, and found that three had their static content on Apache servers, two had unix based application level firewalls to scrub URLs, and one had an expensive load balancer in front. A further three were mere presence web sites, serving static content to a handful of users. The only site that really had gone whole hog was Disney. By the way, according to Netcraft, even they have seen the light.
At this stage, the pundit reprint backfired. If nine out of ten reference customers don't make the advertized solution shine, then what is a manager to do?
Buy iPlanet instead, of course. Sigh.
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
in pieces....
He who gets something for free usually gets what he pays for...