Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Group Releases DCE 1.2.2 as Free Software

Posted by michael on from the run-with-the-big-boys dept.

lkcl writes "The Open Group announced 12th January 2005 that they are releasing DCE/RPC 1.2.2 as a Free Software Project - under the LGPL. This is a major coup for Free Software: the Distributed Computing Environment is known to be involved in some major projects. There is a mirror at opendce.hands.com which runs rsync, ftp, and there is also a dce122.tar.bz2.torrent bittorrent running as well."

162 comments

  1. freedce by lkcl · · Score: 3, Informative
    Article at Advogato with some more details.

    This is one _monster_ big deal for Free Software.

    This is the code that allows big companies such as IBM, Fujitsu, Entegrity etc. to bid for £500m contracts.

    We have FreeDCE already, which is the DCE 1.1 Reference implementation autoconf'd and updated...

    1. Re:freedce by Anonymous Coward · · Score: 1, Insightful

      wow, you submitted the story AND trolled for more page views! Way to go, overselling yesterday's technology!

    2. Re:freedce by lkcl · · Score: 1

      _and_ keeping an eye on the bloody bittorrent client and the server i borrowed to host a mirror of the code - it's a wonder i get to do any work at all, really.

    3. Re:freedce by Anonymous Coward · · Score: 1, Informative

      wow, you submitted the story AND trolled for more page views! Way to go, overselling yesterday's technology!

      He bought the $lashdot Bonus Pack©. That's a story plus a guaranteed 2nd post behind a non karma whoring first post (1st would be to obvious and a karma whore first post might drown it out. Sorry, Lindsy. ) The bonus pack only cost $50 more than the regular $lashvertisement.

    4. Re:freedce by Richard+Dick+Head · · Score: 1

      From TFA:
      UK's "National Insurance" Database is a DCE/RPC application which must now hold aroung a TERABYTE of information...

      WOW, a whole TERABYTE! :D Err, is that anything special anymore?

      A fellow student of mine is storing over a terabyte of information. If a broke-ass college student can whip that together, then I don't think so.

      --
      The real path to male liberation
    5. Re:freedce by eviltypeguy · · Score: 2, Informative

      I would like to point a somewhat glaring inaccuracy in the article linked in the parent post.

      The article author claims:

      "...Global File System (which is proprietary anyway, available from Redhat)..."

      Except, GFS is NOT proprietary. Behold, the source code:

      http://sources.redhat.com/cluster/gfs/

      And by the way, as my first impression I think Advogato sucks if only because there is no obvious way to contact the author or reply to the article to point out this inaccuracy or anyone at the site to contact about the article. Bleh.

    6. Re:freedce by lkcl · · Score: 1

      it's okay, i'm hanging about, just in case of exactly that sort of thing. my comments were based on someone setting up "opengfs" which i am pretty confused about.

    7. Re:freedce by Anonymous Coward · · Score: 1, Insightful

      GFS started out free, but at one point, new versions were made proprietary by the major copyright holder, so the opengfs fork was started from the last free version (one of the freedoms important in open source work). But then Redhat bought out the company that owned the copyright to the proprietary version and open-sourced it. Over time, opengfs and gfs had evolved in slightly different directions, so the projects couldn't just merge together again. However, developers from both projects are now talking to eachother about how best to work together in future.

  2. open group still matters? by Anonymous Coward · · Score: 1, Interesting

    This isn't nearly as important as claimed here; other technologies supercede it.

    1. Re:open group still matters? by donbrock · · Score: 0

      DCE was overshadowed by Corba years ago which in turn is now being overshadowed by web technologies.

      --
      The Truth About Slashdot
    2. Re:open group still matters? by lkcl · · Score: 1

      what goes around comes around: if DCE/RPC's profile is raised, it will hopefully stop people from reinventing technological problems that DCE solved _years_ ago, and will still need for certain kinds of software. ... not to mention that there are contracts and systems still in existence that mean DCE just ain't gonna diiieeeee :)

      plus, Corba is object-orientated, and its "counterpart" is DCOM (which uses DCE/RPC underneath). a lot of people make this mistake - seen it about five times on slashdot in the past hour already!!!

    3. Re:open group still matters? by Eravnrekaree · · Score: 1

      Perhaps, it could be said that DCE is surpassed by CORBA if CORBA implements a superset of DCEs capabilities. Do open source CORBA implementations provide the same capabilites as DCE or greater, such as security capability? Furthermore, it would seem to me that CORBA is the sort of technology which would benefit and provide a foundation for web technologies, not be replaced by web technologies. When I think "web technologies" I think HTTP, HTML, etc, which are not a replacement for a good generalised distributed API system. A system like CORBA tend to be powerful because they can work in many different applications/environments, rather than be locked into one sort of use.

    4. Re:open group still matters? by lkcl · · Score: 1

      you only have to look at the fact that DCE/DFS ran the file server back-end for a web server front-end for the 1996 olympics to realise how true that is.

    5. Re:open group still matters? by libkeiser · · Score: 1

      What possible collection of technologies supercedes DCE/DFS??? Attacking TOG ignores the root of the issue. What other RPC service has integrated Kerberos authentication, authorization, and service registration in directory services for load balancing? All I see are a bunch of half-baked, buzzword-compliant piles of steaming horse manure that totally ignore security (e.g. SOAP). RPCSEC-GSS brings in K5 authentication, but none of the advanced directory, authorization and auditing services integration that DCE provides.

      And what, pray tell, could possibly supercede DFS??? There is absolutely nothing comparable to DFS. Certain big companies will claim they have replacements, but only AFS and DFS provide the administrative unit of a fileset/volume, which is a critical unit of abstraction when performing management operations on distributed filesystems scaling into the trillions of files. Sure, NFSv4 has an atrocious hack for mountpoint redirection, but without a VLDB you don't gain any of the HA features, nor any of the flexibility. And, only DFS provides things like multiple read/write replicas of filesets, distributed file locking, and sync on write semantics. SAN filesystems, and distributed block-level raid filesystems, such as IBM GPFS and Sun ZFS, address completely orthogonal problems to DFS. I'm sick of hearing people pushing such solutions as DFS replacements. They are perfect for high-throughput access to scientific and media-oriented applications, but they will never provide the same levels of management, or availability as a truly distributed filesystem like DFS.

      Frankly, the argument that technology should be ignored because it is old has proven its ridiculousness way too many times over the years. Far too many very interesting and worthwhile technologies are being abandoned by executives who have no appreciation for their technological value. HP's track record in this area is especially abysmal.

    6. Re:open group still matters? by lkcl · · Score: 1

      yesss, i loooove youuu :) someone who knows what DFS can _really_ do!

    7. Re:open group still matters? by waestrem · · Score: 1

      I would agree. If you wanted CORBA to be secure (beyond the level 1 ssl stuff), you usually did it by using a DCE based product. Maybe we could do that with SOAP?

    8. Re:open group still matters? by lkcl · · Score: 1

      *ROTFL*. what - make SOAP a DCE-based product?

      that'd be funny: the SOAP specification references the DCE/RPC documentation as one of its sources :)

    9. Re:open group still matters? by ceez · · Score: 1

      As a former AFS and DFS administrator, and Decorum presenter, I agree. The first thing I looked for in the releases was the DFS blurbs.

      I have yet to see any other filesystem that delivers true POSIX single-site semantics at the scales achievable by AFS/DFS. Add the intrinsic security, and it's like nothing else.

      That said, this is only about 5 years too late! Still, perhaps something interesting will happen now that horse is out of the barn ....

  3. Ummm by Anonymous Coward · · Score: 0, Flamebait

    How can anyone call themselves the "Open Group" and do anything but release OSS??

    1. Re:Ummm by stratjakt · · Score: 3, Funny

      In precisely the same way you can call your product Kool Aid, when it helps nobody, and is in no way affiliated with Kool and the Gang.

      Or in the same way that you drive on a parkway, and park in a driveway.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Ummm by crow · · Score: 5, Informative

      The Open Group was formed by the merger of X/Open and the Open Software Foundation. The use of "open" in all those names predates the phrase "open source." The term it relates to is "open systems," which refers to standardized Unix systems, as opposed to mainframes.

    3. Re:Ummm by Anonymous Coward · · Score: 0

      Ummm, because the word "open" had a meaning in computing before Eric Raymond decided to redefine it? "Open" here means standards-based.

    4. Re:Ummm by leandrod · · Score: 1
      The term it relates to is "open systems," which refers to standardized Unix systems, as opposed to mainframes.

      This is completely wrong.

      This days you can consider a mainframe open, because not only it can ran GNU/Linux but also it has a facility to run open systems programs, protocols etc. Other non-Unix systems do so, like Digital VMS.

      Open systems are systems that implement open standards, that is, standards agreed upon by representative bodies like ISO specifying interfaces, protocols, file formats etc.

      --
      Leandro Guimarães Faria Corcete DUTRA
      DA, DBA, SysAdmin, Data Modeller
      GNU Project, Debian GNU/Lin
    5. Re:Ummm by nextdoornerd · · Score: 1
      This is completely wrong.

      Yep, exactly the same thing came to my mind when I saw the parent :) Nevertheless I would like to cite a more formal definition, too:

      An Open System is a system consisting of cooperating a) SW b) HW and c) people, which

      - serves the desired service,

      - its interface specifications are 1) fully and well defined, 2) publicly accessible and 3) maintained on ground of common agreement and

      - its implementation conforms the specification.

      Now, because this thingy above has been translated by me, speaker of a tiny little language from that tiny little language into English, there's a defintion by the glorious DoD, too, which is actually in proper English (all citations taken from course material in my mother tongue, so sorry, no links):

      "A system that implements sufficient open specifications for interfaces, services, and supporting formats to enable properly engineered components to be utilized across a wide range of systems with minimal changes, to interoperate with other components on local and remote systems, and to interact with users in a style that facilitates portability."

      You all know what Open Source is about - as it can be seen Open Systems is a very different (in terms of actual software used in the system surely overlapping) area. Buzzwords like Enterprise Application Integration (EAI), ebXML, the Web Services and WS-* mess have all strong roots in this initiative (well, better philosophy, or even better natural need) pushed by tiny companies as the Big Blue itself (or herself? Ehh, a proper language has explicit genders for nouns :))

      Anyway, one more comment. There are comments about about DCE being a dead technology and opening it up too late. Let's name the market leader distributed object technology (as the technology most fitting producing middle-sized, complicated, semi-loosely coupled systems) - it's DCOM. (If anybody mentions Java RMI... please, just don't mention it, I'm fed up with that.) CORBA is dead, as... dead. (insert obligatory comment about asbesthos suit here) The other integration middleware environments are for other design cases. DCOM is built on DCE. So it is still nice to see this move.

    6. Re:Ummm by TVmelissa · · Score: 1
      Or in the same way that you drive on a parkway, and park in a driveway

      You've obviously never tried to take the Don Valley Parkway in Toronto, Ontario, Canada during rush hour. ;)
    7. Re:Ummm by stratjakt · · Score: 1

      As a matter of fact, I'm from Toronto.

      Only a fucking moron would take the DVP during rushhour.

      --
      I don't need no instructions to know how to rock!!!!
  4. WTF? by Otter · · Score: 2, Funny
    My first thought was to say "DCE/RPC under the LGPL! Wow! Would you mind telling us what the hell the thing is?"

    But, I figured I'd be socially productive, RTFA and post an explanation myself.

    The OSF Distributed Computing Environment (DCE) is an industry-standard, vendor-neutral set of distributed computing technologies. DCE is deployed in critical business environments by a large number of enterprises worldwide. It is a mature product with three major releases, and is the only middleware system with a comprehensive security model.
    OK, now can I say "WTF?"
    --
    What I'm listening to now on Pandora...
    1. Re:WTF? by stratjakt · · Score: 4, Funny

      It's basically a library of Open Source buzzwords, with which you can raise venture capital.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:WTF? by lkcl · · Score: 0, Redundant

      have a quick read of the advogato article as well it gives a few more details. this stuff some people have been working on or with for _twenty years_ :) we're so so incredibly privileged to have been granted this opportunity.

    3. Re:WTF? by arose · · Score: 1

      First imagine a beowulf cluster...

      --
      Analogies don't equal equalities, they are merely somewhat analogous.
    4. Re:WTF? by stratjakt · · Score: 2, Insightful

      Basically, Free DCE is DCOM for linux/BSD/OSS.

      I know I already replied. I'm doing it again.

      --
      I don't need no instructions to know how to rock!!!!
    5. Re:WTF? by Anonymous Coward · · Score: 0

      Basically, Free DCE is DCOM for linux/BSD/OSS.

      Thanks for clearing that up. Wait a minute...DCOM? What's that?

    6. Re:WTF? by lkcl · · Score: 1

      Distributed COM.

    7. Re:WTF? by finkployd · · Score: 2, Interesting

      Quick description. It is a couple of things.

      Importantly, it is an extension of KerberosV to store group information in the ePac (like MS Kerb only not digitally signed by a private key that only they can use to lock everyone else out).

      It is a secure, authenticated RPC with authorization support.

      Built on top of this is a distributed filesystem that is basically 10 years or so ahead of OpenAFS (DFS was the sucessor to AFS way back when, AFS has not nearly caught up in features yet)

      It also is a directory system (CDS) which is largly irrelevent now since we have LDAP (both are decended from x.500 and LDAP is heading back towards that more every day)

      Finkployd

    8. Re:WTF? by lkcl · · Score: 2, Informative
      the lock-out you describe was done by _microsoft_ as part of their use of kerberos in "active directory": they used the "application specific" field in order to save on round-trips (and then extended their bloody SMB protocol in order to _add_ a couple. bastards).

      DCE did a "proper" job by using the available fields of kerberos for the correct - documented - purpose.

      the use of CDS being largely irrelevant was recognised by TOG in 1999: you need to pay IBM stacks of $$$ to get the code _but_ it was recognised: OpenGroup link here. fortunately, someone has created a set of free software plugins - nss and pam etc. already

      AFS, OpenAFS, DFS - it's a long long story for another day, methinks :)

    9. Re:WTF? by finkployd · · Score: 2, Interesting

      the lock-out you describe was done by _microsoft_ as part of their use of kerberos in "active directory": they used the "application specific" field in order to save on round-trips (and then extended their bloody SMB protocol in order to _add_ a couple. bastards).

      And now that it is open sourced, perhaps someone (or me, whatever :) can get around to fixing the screwy case issue with dce cell naming that prevents us from making a one way trust setup between active directory and dce (having the ms kdc being a slave to the dce kdc)

      AFS, OpenAFS, DFS - it's a long long story for another day, methinks :)

      We (PSU) being to my knowledge the largest and most active DCE shop still around (130,000+ active principals, custom designed DCE-RCP apps everywhere and I KNOW I am the only person to port a custom full featured DCE-RPC server to OS/390, lots of stuff built on top of DFS, etc), are unfortunately really aware of this. NFSv4, while supporting K5 is a joke for what we need, OpenAFS I believe still uses some kludgy K5->K4 conversion internally and is missing byte level locking, some of the replication, and file level ACL features we use and love, and SANS are kind of a joke too.

      *sigh* I'm glad this happened, but we REALLY could have used it a year or two ago. There is a lot of work ahead for the community to make this useful.

      Finkployd

  5. The Open Group now known as the AbandonWare Group by GGardner · · Score: 1, Funny

    Gosh, first Motif, now DCE? What other package that I haven't used in 10 years will be next?

  6. Re:How will this affect... by Anonymous Coward · · Score: 0

    It will show the non-infringing uses of Bittorrent.

  7. From wikipedia by Oriumpor · · Score: 4, Informative

    The Distributed Computing Environment (DCE) is a software system developed in the early 1990s by a consortium that included Apollo Computer (later part of Hewlett-Packard), IBM, Digital Equipment Corporation, and others. The DCE supplies a framework and toolkit for developing client/server applications. The framework includes a remote procedure call (RPC) mechanism, a naming (directory) service, an authentication service, and a distributed file system (DFS). DCE RPC was derived from an earlier RPC system called the Network Computing System (NCS) created at Apollo Computer. The naming service was derived from work done at DEC. DCE DFS was based on the Andrew file system (AFS), originally developed at Carnegie-Mellon University, and later extended by Transarc Corporation (which was later merged into IBM)

    Link here

    1. Re:From wikipedia by ajs · · Score: 1

      I worked with the orginal NCS back on Apollos. Wow, what an elegant solution for the time. It makes me mad that Sun beat out Apollo for the workstation market, even though Apollos were generations more capable.

      Until very recently with Macs, Apollo's distributed directory was unrivaled for ease integration of new nodes in the network. Plug it in, you're not only on the net, but you have the same account, device, filesystem, etc configuration as every other node on the network. Don't have a disk? Eh, we'll find one for you to swap to! It was just slick, and 4MB of RAM was a heavy-duty version... we even had one with 16MB!

      Emacs on an Apollo was pretty impressive as well. It integrated with their very cool windowing system and... well, I could go on for days.

      Suffice to say that if DCE is the last vestige of Apollo technology (I don't think HP uses the Prism-based RISC architecture any more), then I'm really glad to see it stay around.

  8. X-500 Server too by Anonymous Coward · · Score: 0

    From http://advogato.org/article/817.html

    P.S. did anyone know that there has existed a full and Free Software implementation of an X-500 Server? Only now are people endeavouring to make up for LDAP's shortcomings, ironically by adding exactly the things that were originally in X-500, from whence LDAP (the L means light-weight!) came!

    http://opendce.hands.com/download/isode-8.0

    1. Re:X-500 Server too by lkcl · · Score: 1

      the code's _crawling_ out the woodwork today. thirteen _years_. bittorrent too although it's a lot smaller than 90mbytes...

  9. Open the code, but charge for documentation? by drmike0099 · · Score: 1, Interesting

    This is a disturbing trend I've seen cropping up a few times lately, but it seems like all of their useful introductory documentation (at least what they refer to on their website) is available in book format that you have to pay money for. Is the code really open and free if you have to pay money to learn how to use it?

    1. Re:Open the code, but charge for documentation? by lkcl · · Score: 1

      afaik, the documentation is available online too, you just have to hunt for it.

      okay - last time i looked (1998) it was available online.

      the reason why it's available for a charge is because it's a MASSIVE download.

      the source code alone is 90mbytes, and TOG _belieevved_ in documentation.

    2. Re:Open the code, but charge for documentation? by PDXNerd · · Score: 3, Informative

      Short answer : yes. Long answer : The code is Free means the code is Free. The code is released under the LGPL. If you can't look at the code and figure it out, what does it really matter anyway? On top of this, if you are involved in a large project with many developers chances are your organization will pay for it. The API is well documented in more places than just their pay-per-book service.

    3. Re:Open the code, but charge for documentation? by goldspider · · Score: 3, Insightful
      "Is the code really open and free if you have to pay money to learn how to use it?"

      Of course the code is open... unless you consider man pages acceptable documentation.

      And last I knew, those O'Reilly books aren't free either.

      --
      "Ask not what your country can do for you." --John F. Kennedy
    4. Re:Open the code, but charge for documentation? by xstonedogx · · Score: 1

      Where is the assertion that you "have to" pay money for their documentation to learn to use the software coming from? Even if no other documentation exists, with the source available you don't have to pay money to learn to use it. You could read the code. You could experiment. You could find an expert on the subject and ask him nicely to write up some documentation.

      You might want to pay money for the convenience of the documentation, but it's not a requirement, and since the source is free, competing (possibly free) products will become available as the market demands.

    5. Re:Open the code, but charge for documentation? by finkployd · · Score: 1

      Entegrity has got it

      http://support.entegrity.com/private/doclib/inde xD CE.shtml#osf122

    6. Re:Open the code, but charge for documentation? by Dave_ML · · Score: 1

      The DCE docs are included in source form along with the code.

    7. Re:Open the code, but charge for documentation? by lkcl · · Score: 1

      that'd probably explain why it's a 90mb download for 3.5 million lines of code, then :)

    8. Re:Open the code, but charge for documentation? by waestrem · · Score: 1

      The docs are in the distro. I thought the idea of OSS was free speech not free beer...

  10. My, how times have changed by loose+canons · · Score: 3, Interesting

    In '93, I was making the big bucks at a defense contractor because I could tell them how/where to use DCE.
    It is interesting to see the difference between the openess of the OSF and the openess of the open source movement [all that gnu software!] begin to blur.
    I hope that exposure of the security code buried in DCE, especially where it uses kerberos, will help polinate other open source projects with improved security features.

    --
    You call that a troll? I have a whole beltway full of trolls better than that!
    1. Re:My, how times have changed by loose+canons · · Score: 1, Informative

      ...and for those of you who are still wondering what TFA is about, note that just about every big system and OS vendor has its own version of DCE. It has been the foundation for a lot of securely networed applications.

      --
      You call that a troll? I have a whole beltway full of trolls better than that!
    2. Re:My, how times have changed by lkcl · · Score: 1

      It is very unfortunate that DCE had the US BXPA export restrictions to contend with: it meant that the US govt REALLY got heavy with a lot of people.

      now, of course, all that free software projects must do is to notify the US govt of what encryption is involved, where they can get it, and you're done. which is very sensible and realistic.

      so now we can start adding kerberos back in - Luke Howard (www.padl.com) has already added GSSAPI as a FreeDCE plugin and that's actually better than going directly via kerberos.

    3. Re:My, how times have changed by DeepHurtn! · · Score: 1

      I really hate to be an annoying terminology pendant -- but "all that gnu software" should really be called free software, not lumped together with the "open source movement". The free software movement was around first, after all, and IMHO have certainly earned the right to be called by their preferred name. There is a difference, and I think that both camps can see the benefit of using the appropriate terminology. The FSF obviously appreciates the distinctiveness, and people who prefer the open source terminology, in my experience, often want to distance themselves from the ideology of the free software movement.

  11. Didn't M$ steal this? by xtermin8 · · Score: 1

    It's been a while since I've looked at it, but wasn't DCE hijacked by Evil Empire? It was put together by OSF, now called the Open Group, and it seems bittersweet to have it released as free software now. If only they had the foresight to open it from the start.

    1. Re:Didn't M$ steal this? by afstanton · · Score: 1

      No, they bought a license fair and square.

      --
      Reject Fear - Embrace Hope
    2. Re:Didn't M$ steal this? by lkcl · · Score: 2, Informative

      they didn't steal it but from what i can gather they took the DCE 1.1 reference implementation (available under a BSD-like license before most people had even _heard_ of free software licenses!) which is basically "stubs"... ... and then they integrated it with NetBIOS and SMB (inventing ncacn_np which is DCE/RPC over NT's NamedPipes - heard of those? look up CreateNamedPipe on the MSDN :) ... and then they added WINS as a resolver... ... and then they added NTLMSSP authentication... ... and then they created NT Domains with it... ... and then they put _every_ single administrative interface behind a DCE/RPC client-server architecture (really easy: the Win32 Registry API is one!)... ... and then they started on exchange... ... and then they created ncacn_http which is RPC over HTTP because some idiots started blocking exchange packets and they needed to punch a hole through firewalls [what do you mean, the web _is_ the internet, you stupid microsoft support idiot!] ... oh, and don't forget DCOM on which an entire generation of MSDN-created software is based!

      hijacked? naaah. microsoft _really_ recognised a good thing, and unlike a lot of people who go "duuuh, i wish...", just snowballed with it.

    3. Re:Didn't M$ steal this? by xtermin8 · · Score: 1

      They didn't write it from scratch however, they reversed engineered the DCE RPC. MS RPC is based upon, and with a little hacking, will work with DCE RPC. They did this to avoid paying the full licence from OSF. "Stealing," may be a bit of hyperbole, but it wasn't exactly innovative, either.

    4. Re:Didn't M$ steal this? by finkployd · · Score: 3, Informative

      lkcl covered the other stuff, I'll touch on DCOM.

      DCOM is literally a reverse engineered DCE-RCP, to the point where it is wire compatible with it. DCE-RPC is an authenticated RPC which uses KerberosV for the authentication token, and since DCE puts group information into the ePac (like MS did with their Kerb) it also allows for group based authorization at the RPC level.

      Microsoft ripped out all the security (who is suprised?) and called it DCOM. Of course the idl compilers are different so they are not compatible at that level, but once compiled, a DCE rcp client/server can talk to a DCOM client/server, assuming you are not trying to use any of the security built into the DCE-RPC

      Finkployd

    5. Re:Didn't M$ steal this? by tzanger · · Score: 1

      DCOM is literally a reverse engineered DCE-RCP, to the point where it is wire compatible with it.

      ...

      but once compiled, a DCE rcp client/server can talk to a DCOM client/server, assuming you are not trying to use any of the security built into the DCE-RPC

      Do you have more information? I am very interested in learning how to interop these two technologies! (my email addy is a valid one)

    6. Re:Didn't M$ steal this? by finkployd · · Score: 1

      This touches on it. I used to have some proof of concept code that did this but I cannot find it :(

      Basically do a regular old DCE-RPC call to a DCOM server and just do not use any of the DCE provided security or directory calls and it will work. (at least it did in the NT 4.0 days, I'm not 100% sure about today)

      Finkployd

    7. Re:Didn't M$ steal this? by lkcl · · Score: 2, Interesting

      ... mr fink, i'm sorry but i do have to correct you on a couple of points.

      namely, that microsoft got hold of the BSD-like-licensed DCE 1.1 "reference" implementation so the "stripping of all security" was done by TOG not by microsoft.

      MS, who had and still have someone from Apollo working for them, knew and knows how DCE/RPC works _in_side out, and so was able to sort stuff out for them.

      MS _did_ have to add some stuff like "implicit handles" and MSRPC _does_ have the ability to do Unicode Strings (and between Wez Furlong, Luke Howard and myself, that's all now been added to FreeDCE).

      i'm still working on adding NTLMSSP and NT Named Pipes to FreeDCE - something that luke howard has already done for his proprietary XAD server (www.ldap.com).

      the differences are not _that_ significant, is the bottom line.

    8. Re:Didn't M$ steal this? by finkployd · · Score: 1

      Oh ok, I jumped into the DCE game in 2000 or so, so I am missing some of the finer points of the history.

      So there was no security in the 1.1 implementation of DCE? when did that come in?

      Finkployd

    9. Re:Didn't M$ steal this? by lkcl · · Score: 2, Interesting

      none - the reference implementation was available almost right from the start - i _think_ - otherwise microsoft wouldn't have been able to get hold of it and use it for Windows NT 3.1.

      FreeDCE, however, has _two_ security plugins: GSS-API (thanks to luke howard), and NTLMSSP (code from samba tng which i wrote, based on my and paul ashton's "welcome to the samba domain" work in august 1997)

    10. Re:Didn't M$ steal this? by IamTheRealMike · · Score: 1
      Of course the idl compilers are different so they are not compatible at that level, but once compiled, a DCE rcp client/server can talk to a DCOM client/server, assuming you are not trying to use any of the security built into the DCE-RPC

      That's not entirely true. DCOM is layered on DCE-RPC yes, but actually activating and programming a remote DCOM object is a lot more work than just using the RPC APIs. DCOM adds some kind of "object oriented"ness to it so you'd have to be able to understand OBJREFS and such. Implementing DCOM on Unix is underway in the Samba4 and Wine projects, but DCE-RPC is only one half of the puzzle.

    11. Re:Didn't M$ steal this? by rjstanford · · Score: 1

      They didn't write it from scratch however, they reversed engineered the DCE RPC. MS RPC is based upon, and with a little hacking, will work with DCE RPC. They did this to avoid paying the full licence from OSF. "Stealing," may be a bit of hyperbole, but it wasn't exactly innovative, either.

      They reverse engineered the spec, I think you mean. Kinda like what the SAMBA group did when you think about it, and they get a ton of props around here...

      --
      You're special forces then? That's great! I just love your olympics!
    12. Re:Didn't M$ steal this? by auuid · · Score: 1
      OK, so in my previous life I was one of the lead architects, project leads, and implementers of the DCE. I was "present at the creation". (Actually, present before the creation, having served the same role at Apollo for NCS, the predecessor of DCE RPC.) Which is all a way of saying that (modulo brain cells lost in the intervening 10+ years), I think my account of this topic should be reasonably good.

      Like Microsoft or not, but they in no way "stole" DCE RPC any more than anyone who implements RFC 793 "stole" TCP. Microsoft read publicly available protocol and API specifications and wrote their implementation based on it. (They probably got some help understanding those specs from Digital Equipment Corp., a partner of theirs at the time and a co-developer of DCE RPC.) A willingness on Microsoft's part to not design the whole thing from scratch counts in their favor, I think.

      In contrast to all the companies that funded the development of DCE RPC, Microsoft actually put their implementation of the specs to good use themselves, building much of their distributed system infrastructure around it. (It has at least the small benefit that it makes me feel less like my years of effort on DCE were a complete waste of time :-)

    13. Re:Didn't M$ steal this? by lkcl · · Score: 1

      dude, email me - there may be life in the old bugger yet :)

  12. DCE was used on a NASA project I was on. by borgheron · · Score: 1

    The EOSDIS/ECS project. http://eospso.gsfc.nasa.gov/ is a good place to start looking at the project I was on. It's currently the largest satellite data processing and science data repository on the face of the planet. :) (toot toot... there goes my own horn ;))

    Anyway... DCE was used to tie several servers together which are the core of the system. I found it very reliable and solid (and that was several years ago).

    GJC

    --
    Gregory Casamento
    ## Chief Maintainer for GNUstep
    1. Re:DCE was used on a NASA project I was on. by Anonymous Coward · · Score: 0

      not much longer, I know because I work there now.

  13. Microsoft COM by Anonymous Coward · · Score: 0

    Isnt this the basis for Microsofts COM?

    1. Re:Microsoft COM by lkcl · · Score: 1

      yep!

  14. just DCE/RPC by Anonymous Coward · · Score: 0

    They're not freeing all of DCE, just the RPC component.

    1. Re:just DCE/RPC by lkcl · · Score: 1

      yes they are!! DCE 1.1 - the RPC runtime and development environment reference implementation, only 250,000 lines of code, has been available for nearly a decade under the OSF BSD-like license.

      this is _really_ different: 3.5 _MILLION_ lines of code, including CDS and DFS, under the LGPL.

  15. M$ from /www.dsps.net/History.html by xtermin8 · · Score: 1

    Since the introduction of DCE, Microsoft have felt the need to use an RPC mechanism, though they didn't want to write their own from scratch so it was suggested they use the best in the industry (already chosen by the OSF) - legend has it that they approached the OSF for DCE RPC but didn't want to pay the licence fees. What Microsoft _did_ do was to take the Application Environment Specification and a network sniffer and reverse engineer the DCE RPC. MS RPC is based upon, and, with a little application (Like OEC Enterra) will work with DCE RPC.

    1. Re:M$ from /www.dsps.net/History.html by lkcl · · Score: 1

      yes - i gather it's something like that :)

    2. Re:M$ from /www.dsps.net/History.html by waestrem · · Score: 1

      Its pretty cool when you can replicate a technology by simply reading the specification. The OSI and CORBA specs should have been so tight. It probably didn't hurt that Microsoft hired some of the key Apollo engineers like Paul Leech.

    3. Re:M$ from /www.dsps.net/History.html by lkcl · · Score: 1

      you'll like this, then :)

  16. Microsoft DCOM by Charvak · · Score: 0, Redundant

    Microsoft DCOM is based on DCE/RPC. Now we can easily port the DCOM technology to UNIX

    1. Re:Microsoft DCOM by loose+canons · · Score: 1

      are you kidding? I'm sitting here watching my firewall snuff out barbarians who know how to use the DCOM "DCE BIND" against my Win2K box...why on earth would you want to pollute unix with a f**ked up microsoft version of an old and long since open protocol for distributing applications?

      --
      You call that a troll? I have a whole beltway full of trolls better than that!
    2. Re:Microsoft DCOM by lkcl · · Score: 1

      It's already been done! Also see this for details of TOG meetings etc.

    3. Re:Microsoft DCOM by betelgeuse68 · · Score: 1

      No offense, I don't think you understand what's going on here.

      First, I'm not much of a fan of DCOM, even though I did spend 2-1/2 years at Microsoft. While DCOM and DCE RPCs are conceptually the same, the problem here is DCOM laden Windows (many entry points).

      I have a different opinion of just plain COM (no crossing network wires). MS has done a good job defining many interfaces and like it or not, OLE Containers allow for the building of larger UIs from components. MS had this right YEARS ago. Never mind JavaBeans et al.

      As far as this somehow polluting *NIX, what you have observed is an implementation issue. That and MS doesn't have enough code reviews.

      There is nothing wrong with the concept of Remote Procedure Calls. The whole idea of calling into remote code was pioneered by Sun with their Network File System (NFS) except that because they were the vanguard, DCE RPCs which came later were incompatible not to mention there were the old *NIX turf wars and RPCs were another schism (outside of System V vs. BSD).

      Like any network service (NFS being no exception) if you can connect to a network socket and send the "right" set of bytes, you can potentially elicit undesirable effects (from the perspective of the owner of the computer system of course).

      Anwyay, MS simply went "DCOM happy" and exposed many more services than a typical *NIX box might expose... serving as entry points... and without a firewall, they were asking for trouble.

      The other problem with DCOM and DCE RPCs is that:

      1) Most C++ developers who think they're good can't code for sh*t in that language.

      2) The old adage of "When you have a hammer, everything looks like a nail" applies. The propensity to decompose everything to C++ interfaces with the DCOM/RPC crowd went overboard.

      3) C++ is just too low level for many things that need to be done nowadays. The argument of "C++ is fast" has been consistently assaulted by Moore's Law giving that notion about as much relevance as the idea of coding contemporary applications in assembly language. With the computing power afforded nowadays, it is simply not worth dealing with memory management and the memory leaks that are bound to happen and cause system hiccups (or outright failures). Yes there are some applications that demand it, but those are the exception, not the rule. And just like the guy who write graphics drivers for me, I will leave those tasks to someone else.

      4) Lastly, the Net and the high interconnectivity called for in mixed environments (which may not be DCE-RPC enabled) it is not worth architecting large systems with around DCE-RPCs.

      In my experiences I found #1 to be a biggest issue.

      I remember I would ask people to rank themselves on a scale from 1 to 10 with C++. I would qualify the upper tiers noting that "If you say you're an 8 you should be able to tell me in what situations you want to write a copy constructor... off the top of your head." Many people would respond with "8" - guess what was my first question? And most were clueless to answer it.

  17. Not exactly fair and square by xtermin8 · · Score: 1

    "Microsoft have felt the need to use an RPC mechanism, though they didn't want to write their own from scratch so it was suggested they use the best in the industry (already chosen by the OSF) - legend has it that they approached the OSF for DCE RPC but didn't want to pay the licence fees. What Microsoft _did_ do was to take the Application Environment Specification and a network sniffer and reverse engineer the DCE RPC. MS RPC is based upon, and, with a little application (Like OEC Enterra) will work with DCE RPC."

    1. Re:Not exactly fair and square by afstanton · · Score: 1

      Ok, so maybe I'm totally wrong. It's happened before. But that's reverse engineering, not theft.

      --
      Reject Fear - Embrace Hope
  18. Re:The Open Group now known as the AbandonWare Gro by Brandybuck · · Score: 1

    I used Motif yesterday in fact. While certainly ugly and headache prone, it does have some significant advantages. It's ubiquitous and available everywhere. It's fully documented. It has stable API (unheard of with other high level X11 toolkits). And it's much much much easier than using bare Xlib.

    I wouldn't recommend it to most people, as it's still low level enough to bog you down in the UI instead of the backend. But it's hardly "abandonware".

    --
    Don't blame me, I didn't vote for either of them!
  19. Pah! by Anonymous Coward · · Score: 0

    This is one _monster_ big deal for Free Software.

    It might have been 10 years ago, you know before people started using CORBA.

    1. Re:Pah! by lkcl · · Score: 1

      yes, dammit. it still is, but in different ways: companies like IBM and Fujitsu and Entegrity still make hundreds of millions of dollars out of it.

      DCE/RPC is to DCOM as
      Corba's RPC mechanism is to CORBA.

      i mention a bit about it in my advogato article: it's _very_ stupid that TOG didn't release DCE/RPC (and DCOM) a _lot_ earlier than this.

      never mind....

    2. Re:Pah! by Anonymous Coward · · Score: 0

      ...companies like IBM and Fujitsu and Entegrity still make hundreds of millions of dollars out of it.

      IBM et al. make those millions because of who they are, not what technology they use. I'm sure they will continue to generate revenue supporting DCE based systems well into the next decade - whether DCE is open source or not.

      One thing is for sure, DCE is dead and gone as far as green field projects are concerned, so this news is largely irrelevant to the OSS community.

    3. Re:Pah! by lkcl · · Score: 1

      i fear that you are right.

      if IBM hadn't stalled the release for four years, but, they're interested in making money: if there were major contracts they were still pulling in, there was no reason for them to hand it all over on a plate.

      remember, they would have _just_ finished adding LDAP to their DCE 3.0 internal proprietary version.

      now, of course, this code is end-of-lifecycle as far as they are concerned, and a large number of companies and universities are in deep doodoo unless the open source community can pull together.

      also, remember, code doesn't decay or rust, it just _looks_ old... :)

  20. DCE, Microsoft and DCOM by Earlybird · · Score: 2, Interesting
    Microsoft's RPC framework, which is built into Windows, is actually an implementation of DCE. While it's a long time since Microsoft used it directly, it's a nice platform for remote communication; it's a mature API that supports a wide variety of protocols (eg., TCP, UDP, local pipes), authentication mechanisms, marshaling mechanisms etc.

    Microsoft's COM (also known as DCOM) sits on top of this RPC layer to implement a distributed component object model -- one of Microsoft's finest and most underrated inventions. It's also one of their most copied technologies -- KDE, GNOME, OpenOffice (UNO) and Mozilla (XPCOM) all implement very similar object models.

    Of course, DCE RPC is also famous for the UUID (aka GUID) algorithm -- 128-bit identifiers whose uniqueness is mathematically guaranteed as long as the generator can access a network card with a unique MAC address.

    1. Re:DCE, Microsoft and DCOM by bdcrazy · · Score: 1

      So, its uniqueness is based on a supposedly unique number? That doesn't quite make sense to me.

      --
      Tonights forecast: Dark. Continued dark throughout most of the evening, with some widely-scattered light towards morning
    2. Re:DCE, Microsoft and DCOM by tmasssey · · Score: 1
      Funny: OS/2 had SOM Since 1992...

      This was before the split between Microsoft and IBM. SOM and COM are very similar...

      Yet another "innovation" from Microsoft that was based upon suspiciously similar innovations from other companies...

      --
      Linux IT Consulting and Domino Development in Michigan
    3. Re:DCE, Microsoft and DCOM by Anonymous Coward · · Score: 0

      Of course, DCE RPC is also famous for the UUID (aka GUID) algorithm -- 128-bit identifiers whose uniqueness is mathematically guaranteed as long as the generator can access a network card with a unique MAC address.

      That sounds impressive until you realise that you can simply use the MAC address instead.

    4. Re:DCE, Microsoft and DCOM by lkcl · · Score: 1

      not entirely: MAC addresses can be faked. the uuid algorithm is quite complex, only relying on PRNG for the full 128 bits if it's absolutely necessary.

    5. Re:DCE, Microsoft and DCOM by mihalis · · Score: 2, Interesting

      Microsoft's COM (also known as DCOM)

      No, DCOM is distributed COM, not identical to COM, but a superset. COM itself is a component-object model that is a nice piece of work in my opinion.

      COM is a binary, language independent standard for using services provided by objects without depending on the implementation.

      Instead of direct linkage to functions, for example, clients must request access to interfaces, and only use the services if the request succeeds.

      Interfaces amount to a C-Cstyle struct with function pointers, with the first three methods being QueryInterface(), AddRef() and Release(). The latter two functions are merely ref-counting for tidiness, so the primary way to use services depends on driving QueryInterface to discover other Interfaces and then call them.

      There is a nifty mapping of this struct definition into C++ pure virtual base classes so that COM programming in C++ can be quite nice (especially with smart pointers).

      It's really other stuff layered on top of COM in the standard Windows way that makes the whole programming experience less pleasant (e.g. MFC message maps, ATL thunking - thinks that just puzzle me when I bump into the code).

      By the way, this all works pretty nicely on Unix (especially modern ones like Solaris or Linux). You just need a certain maturity in the C++ compiler so that static_cast works nicely to have all of this goodness available, and you need to link your "DLL"s (aka shared objects) properly (reduce the scope of the functions you aren't making available to clients of the library e.g. with linker mapfiles).

      Unfortunately Eric S. Raymond's "The Art of Unix Programming" is hopelessly weak when it dismisses these aspects of Windows programming which for me somewhat undermined the entire book. Then again, I don't think ESR is very fond of C++, which was one of the big problems that COM solved (e.g. the unstable C++ ABI for many, many years).

    6. Re:DCE, Microsoft and DCOM by John+Hurliman · · Score: 1

      I have a faster way of guaranteeing a unique 128-bit identifier given a unique MAC address.

      guid = mac_address + padded_zeros;

    7. Re:DCE, Microsoft and DCOM by hackstraw · · Score: 1

      I've worked with COM and DCOM a while back and am somewhat familiar with RPC on UNIX boxes.

      I've never programmed in RPC directly, but I do know that it has been a horrible nightmare in terms of security for both the MS and UNIX platforms for many years.

      Its not something that brings a pleasant thought to my mind.

      Microsoft's COM (also known as DCOM)

      Maybe I'm wrong, but I thought there was a difference between the two. COM was Component Object Model while DCOM was Distributed COM (COM on another box). I worked with DCOM to remotely control hardware on another box.

    8. Re:DCE, Microsoft and DCOM by samjam · · Score: 1

      yes, but that would be one random number, the algorithm can generate lots of them.

      The mac address helps keep the number unique to the PC.
      the date and time and some big random numbers help keep it unique of all the numbers generated by that PC

      I beleieve newer algorithms are just pure random though.

      Whats the birthday algorithm on 2^128? How many guids need generating to have a 50% chance that two are the same.

      Left as an excercise for the karma-hungry

      Sam

      --
      blog.sam.liddicott.com
    9. Re:DCE, Microsoft and DCOM by Earlybird · · Score: 1
      • That sounds impressive until you realise that you can simply use the MAC address instead.

      The MAC address is a single unique identifier. A UUID is a space of unique identifiers -- it's a product of the MAC address, the clock, a random seed, etc. You generate UUIDs; you can't generate new MAC addresses.

    10. Re:DCE, Microsoft and DCOM by KidSock · · Score: 1

      I've never programmed in RPC directly, but I do know that it has been a horrible nightmare in terms of security for both the MS and UNIX platforms for many years.

      You can't make an open ended statement like that and not provide an explaination.

      DCE/RPC (which is what MSRPC basically is) provides integrity and confidentiality using the session key. If you don't properly check input and then yes you're going to have buffer overruns. If you want to program like that use Java.

    11. Re:DCE, Microsoft and DCOM by KidSock · · Score: 1

      I have a faster way of guaranteeing a unique 128-bit identifier given a unique MAC address.

      Yeah, and what about all the other UUIDs generated on that host?

    12. Re:DCE, Microsoft and DCOM by Earlybird · · Score: 1
      • I have a faster way of guaranteeing a unique 128-bit identifier given a unique MAC address. guid = mac_address + padded_zeros;

      That gives you a single identifier. What do you do when you need another one?

    13. Re:DCE, Microsoft and DCOM by Earlybird · · Score: 1
      • No, DCOM is distributed COM, not identical to COM, but a superset.

      In theory, yes; that'd be the case if we were talking about something like a standard. In reality, there's only a single implementation of COM, which today includes the distributed object support; it's all DCOM now.

    14. Re:DCE, Microsoft and DCOM by hackstraw · · Score: 1

      You can't make an open ended statement like that and not provide an explaination.

      I though it was common knowledge and I didn't want to beat a soar wound.

      For MS try

      For Solaris try

      I'm not too familiar with MS products, but a few years back we had about 60 Solaris boxes broken into via an RPC exploit (fortunately not mine).

    15. Re:DCE, Microsoft and DCOM by Teancum · · Score: 1

      While there is technically a difference between the two protocols, if you are careful when you are developing software for either you can do both simultaneously. Basically, tying yourself to just COM objects can in the long term kill you as a developer.

      Still, trying to create well-behaving COM objects is always tricky, and sometimes they can give you massive fits. In addition, the DCOM procedures provide massive, and I mean massive security holes if you don't watch the default configurations carefully. I know because I got involved with some COM object that did things like manipulate the registry and did remote reading and writing of data files. You would be very surprised where some of these computers are that have this huge security hole, and when against strong recommendations from the manufacturer they put these computer on a public internet line. Stupid, but it hasn't caught them yet.

    16. Re:DCE, Microsoft and DCOM by snorklewacker · · Score: 1

      COM is indeed spiffy -- in fact, OSKit uses it for its component model. If you fancy tinkering around with operating system internals, it's hard to do better than OSKit.

      Folks, go find a copy of "Essential COM" by Don Box sometime. It's really quite a biblical text for anyone dealing with COM. Hell, download it from Kazaa if you feel like it, it's out of print anyway.

      Taking ESR's advice on any programming subject is ... unwise. He's purely a tinkerer, dilletante, and all around opinionated blowhard. No, he didn't even write fetchmail himself.

      --
      I am no longer wasting my time with slashdot
    17. Re:DCE, Microsoft and DCOM by jeif1k · · Score: 1

      Microsoft's COM (also known as DCOM) sits on top of this RPC layer to implement a distributed component object model -- one of Microsoft's finest and most underrated inventions. It's also one of their most copied technologies -- KDE, GNOME, OpenOffice (UNO) and Mozilla (XPCOM) all implement very similar object models.

      COM and DCOM are not the same thing: COM is a local component model, DCOM is a distributed layer on top of that.

      And, no, this is not "Microsoft's invention", it is Microsoft's adaptation of component models and distributed object models from other languages and environments to the Windows environment and the C++ language.

      It's also one of their most copied technologies -- KDE, GNOME, OpenOffice (UNO) and Mozilla (XPCOM) all implement very similar object models.

      Yes, but not for any intrinsic qualities, but simply because that's what programmers know and understand these days.

    18. Re:DCE, Microsoft and DCOM by Earlybird · · Score: 1
      • Funny: OS/2 had SOM Since 1992...

      I don't know the details, but I believe that at that time, Microsoft were still on IBM's team developing OS/2. Windows and OS/2 are very similar. Also, both SOM and COM were inspired by CORBA. And there are many differences; COM used DCE-RPC and added UUIDs to interfaces, for example, whereas SOM relied on simple names.

      What these technologies had in common was that they implemented binary interface compatibility between components, in a way that seemed to be the wave of the future. But nobody except the CORBA people wanted to standardize the system, and then HTTP came, Microsoft discovered the Internet, and with the XML/SOAP/web services hype people lost focus. COM and CORBA works, and they work extremely well up to a certain point, but they are, ironically, too monolithic, too complex, too binary, too closed-up to integrate into the "Internet ecosystem".

      So we no longer have any kind of component object model, which is why we now have XML-RPC, SOAP, RMI, .NET, Python/Twisted's Perspective Broker, Ruby/drb, and lots of other home-grown ad-hoc glue, with the W3C web services effort pretty much the only semi-visionary grab at distributed communication.

    19. Re:DCE, Microsoft and DCOM by Anonymous Coward · · Score: 0

      Increment by 1, of course. Or just use the current time and throw in a uniquifier to keep colliding UUIDs from being generated at the exact same second. Calling this 'mathematically guaranteed' is pretty lameass, though. And you still have to worry about bugs in your generator, so you're still going to have to check against pre-existing UUIDs anyway, unless you just want to blindly hope in the sanctity of your network MAC address + time chip forever and ever.

    20. Re:DCE, Microsoft and DCOM by 21mhz · · Score: 1

      Of course all this doesn't help against human error.
      Microsoft is known to have released components with colliding UIDs.

      --
      My exception safety is -fno-exceptions.
    21. Re:DCE, Microsoft and DCOM by davegaramond · · Score: 1

      Really? Where can I read about it? And you mean GUIDs, right?

    22. Re:DCE, Microsoft and DCOM by mihalis · · Score: 1
      No, DCOM is distributed COM, not identical to COM, but a superset.

      In theory, yes; that'd be the case if we were talking about something like a standard. In reality, there's only a single implementation of COM, which today includes the distributed object support; it's all DCOM now.

      Not true. The product I work on has it's own implementation of COM, but does not use DCOM at all. The standard parts of COM are well-published in books (e.g. the Don Box COM book, the Microsoft ATL book etc - both excellent), DCOM is a non-mandatory layer on top, we use a different (probably inferior) remoting mechanism

    23. Re:DCE, Microsoft and DCOM by 21mhz · · Score: 1

      This has been discovered by a colleague of mine.
      Can't remember details. I might ask him next time I see him.

      --
      My exception safety is -fno-exceptions.
    24. Re:DCE, Microsoft and DCOM by tmasssey · · Score: 1
      I don't know the details, but I believe that at that time, Microsoft were still on IBM's team developing OS/2. Windows and OS/2 are very similar. Also, both SOM and COM were inspired by CORBA. And there are many differences; COM used DCE-RPC and added UUIDs to interfaces, for example, whereas SOM relied on simple names.

      That part of my comments somehow got lost in the editing. That was kind of my point: While it was IBM that developed SOM pretty much on its own (as part of the Workplace Shell), Microsoft was very present during the development, including having source-code access. There was a reason that Microsoft gave IBM a source-code license to Windows 3.1: Microsoft had appropriated a *ton* of OS/2 code into Windows.

      I do agree about the way that the industry seems to "re-invent" itself over and over, and often in less useful ways. CORBA/SOM/DCE/COM to SOAP/RMI/XML-RPC is a perfect example.

      I'm sick of "new ideas" that take tried-and-true solutions and strip them of the "garbage" that made them a practical solution for the real world. By the time they get "refined" to be a useful solution in the real world, they bear a *striking* similarity to the solution that was rejected in the first place. CORBA -> SOAP is one of those things. So is SNA -> TCP/IP. Sure, SNA could be byzantine at times. But by the time you bolt on all of the security, QoS and other useful functions onto TCP/IP, it's amazing how byzantine it can be, too.... :)

      Or remember all of those people who thought they could eliminate their document management systems (such as Lotus Notes) and replace them with static Web servers? Secretaries can just write HTML! And it's New!(tm). Here we are, 10 years later, and what do we have? Web servers that look a *lot* like Lotus Notes servers! :)

      I think I'm getting old. Old and bitter...

      --
      Linux IT Consulting and Domino Development in Michigan
    25. Re:DCE, Microsoft and DCOM by Earlybird · · Score: 1
      • Increment by 1, of course.

      So all the applications in your system goes through a shared generator which manages a persistent counter?

      Do you fsync on every count? How do you guarantee the state of the on-disk counter?

      How do you provide this generator to all the languages and platforms that need it, some of which can't realistically make calls to your C library?

      How do you license your generator?

      The DCE algorithm doesn't need state, and it can be implemented anywhere without interfering with anyone. All DCE UUIDs are unique against all other DCE UUIDs.

      The UUID algorithm is mathematically guaranteed. It does account for backward-shifting clocks.

      Do the research before you troll.

    26. Re:DCE, Microsoft and DCOM by Chalst · · Score: 1
      If you fancy tinkering around with operating system internals, it's hard to do better than OSKit.

      This is very true; I'd go further and say if you want to experiment with OSes, want the result to be usable, but don't want to implement the boring but difficult to get right bits, you can't do better than OSkit. Check out Christopher Browne's Novel OS work page for leads to cool things.

  21. For any Penn State Students/Staff by finkployd · · Score: 2, Informative

    DCE is the core middleware at PSU and has been for years. Your access account you use for everything is a DCE principle (Which ends up being KerberosV + some stuff).

    The PASS filespace is DFS which is the distributed filesystem componant of DCE. Webmail and the Portal (wehmail.psu.edu portal.psu.edu) are built on top of the filesystem.

    eLion is a client server application that uses Smalltalk on the web front end and Natural/Adabas for the backend (running on an IBM zSeries mainframe). A custom in house developed DCE RCP middleware mechanism is used to get them to talk to each other. This lets us do dynamic load balancing without special hardware, adding and removeing backend servers and automatically have them put into the locally managed "server pool" on each web server front end, and validating the calls on the backend via the kerberos credentials of both the web server and the user making the call. (can you guess what I did for the last 3 years?)

    Now, IBM has end of lifed DCE, which screws us (and several National Labs, Merck, Cal Poly Tech, Buffalo U, Pain Webber, a handful of other universities, etc). PSU is migrating off of it to MIT KerberosV, LDAP, a "yet to be determined filesystem" (probably OpenAFS, which is a 10 year step backward), and I have absolutely NO idea how we will replace the RPC.

    Anyway, PSU people have been using DCE heavily for about a decade and many didn't even know it :) It really was/is a cool and powerful system. Its one major failing it the complexity and effort needed to set it up.

    Finkployd

  22. You can't admit you're wrong on /. !!! by Anonymous Coward · · Score: 0

    Its a long tradition, you have to troll or flame- admitting a mistake, even if you backpedal with an insightful point, is not allowed. Maybe you could try dazzling people with knowledge of obscure acronyms and technical references- and then lay on the bullsh*t

  23. Nice software, but...... by jd · · Score: 1

    ....It uses DES for encryption! Yuck!!!!! Big time! At the very least, they could have hacked it so you could use AES instead, if you wanted.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:Nice software, but...... by finkployd · · Score: 1

      And now we can :) And some of us have been ITCHING to do this.

      A KerberosV based, authenticated RPC that can optionally encrypt the RPC call with AES. Yummy :)

      Finkployd

    2. Re:Nice software, but...... by lkcl · · Score: 2, Interesting

      ah - that's the beauty: GSS-API has been added to FreeDCE already, by Luke Howard of www.ldap.com.

      and if it's added to FreeDCE, then DCE 1.2.2 gets it too - once DCE 1.2.2 has been autoconf'd and brought up-to-date like FreeDCE already is.

    3. Re:Nice software, but...... by jd · · Score: 1

      Now THAT is seriously cool...

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  24. Entegrity hosts the 1.2.2 documentation as PDFs by finkployd · · Score: 2, Informative

    Enjoy

    http://support.entegrity.com/private/doclib/indexD CE.shtml#osf122

  25. Re:The Open Group now known as the AbandonWare Gro by Anonymous Coward · · Score: 0

    so because you havent used them that is relevant how?

  26. Is this an End of Life announcement? by fuzzy12345 · · Score: 1
    Pardon my cynicism, but does anyone else get the impression that the new End of Life announcement is framed in terms of "we are pleased to announce the open source release of..."

    i.e. Let's outsource support for this sucker! I mean, how excited am I supposed to get, in 2005, about a techmology that allows me to marshall/unmarshall data and call remote procedures over the 'net? Isn't that already being done (a lot) by the various CORBA and RPC stuff already running on my Linux box?

    --

    Everybody's a libertarian 'till their neighbour's becomes a crack house.
    1. Re:Is this an End of Life announcement? by jd · · Score: 1
      IIRC, CORBA is derived from DCE. DCE's only advantage over CORBA is that it's not quite so heavy, so should run faster.


      The relationship between DCE and Sun's RPC, I'm not sure. I -think- Sun's RPC is the RPC component of DCE broken out and modified to be stand-alone, making it the lightest-weight of the lot.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    2. Re:Is this an End of Life announcement? by lkcl · · Score: 1

      DCOM is to DCE/RPC as
      CORBA is to CORBA's underlying RPC mechanism.

      DCE/RPC bears no relation to CORBA's RPC mechanism.

      Sun's ONC/RPC bears no relation to DCE/RPC.

      ONC/RPC uses something called XDR for its data representation;

      DCE/RPC uses NDR (network data representation) which was designed by Apollo (who were acquired by HP)

    3. Re:Is this an End of Life announcement? by lkcl · · Score: 2, Funny

      fucking alphabet soup. no wonder my head has turned to jelly from too much slashdotting.

    4. Re:Is this an End of Life announcement? by libkeiser · · Score: 1

      Please don't give Sun's (ONC) RPC anywhere near that much credit. ONC RPC really pales in comparison to DCE RPC. First of all, ONC RPC uses XDR for serialization, whereas DCE RPC uses NDR. While, I would _love_ to see an RPC protocol based upon ASN.1 take off, at least NDR is multicanonical. Also, don't forget that the DCE RPC endpoint mapper integrates considerably more code to transparently handle things like authentication, authorization and directory services integration. The only thing ONC RPC brings to the table is GSS-API authentication.

    5. Re:Is this an End of Life announcement? by jd · · Score: 1
      Errrr. Ok. :)


      I hate TLA's.


      Seriously, thanks for clearing that up.

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  27. Major examples/failures by dhfoo · · Score: 1

    Using Accentures implementation as an example doesn't say much about DCE/RPCs robustness. It has been plagued by problems as Computer Weekly reports.

  28. This means DFS as well. by Ober · · Score: 1

    Given what a good filesystem DFS is this will be nice to have access to all the features of DCE/DFS and give OpenAFS a run for its money.

    But seriously DFS has a lot of core features that can even cause problems for DFS vendor Entegrity.

    I smell a new project called OpenDFS

  29. Microsoft RPC != 'proper' RPC by Anonymous Coward · · Score: 0

    About 8 (?) years ago I was working on an architecture for a client server system - we had a mix of Unix and Microsoft servers and we wanted something that would tie them together so we could use the best that each had to offer.

    From what I had read, RPC was definitely the way to go. I experimented with the Unix stuff and it worked like a charm.

    Enter Microsoft RPC - after cajoling updated sets of working DLL's it worked just fine between MS platforms (Win 9x NT) and ran happily over TCP/IP. HOWEVER IT WOULD NOT INTEROPERATE WITH UNIX.

    The Microsoft RPC implementation is an 'embrace and extend' derivative and is not compatible with anything other than the Microsoft toolchain. MS may have borrowed architectural tools from DCE, but it's an example of Microsoft at it's best - pick a good standard, bastardise it so that it only works within the Windows community, and then tout it as being a good thing.

    It really burnt us

    1. Re:Microsoft RPC != 'proper' RPC by lkcl · · Score: 1

      that's since been sorted out. FreeDCE now basically is wire-compatible and IDL-compatible with MSRPC.

      it's been a long time (like almost a decade) but it's there.

      i'm sorry you didn't have my email address when you needed it, i could have done with the extra work.

    2. Re:Microsoft RPC != 'proper' RPC by psykocrime · · Score: 1

      About 8 (?) years ago I was working on an architecture for a client server system - we had a mix of Unix and Microsoft servers and we wanted something that would tie them together so we could use the best that each had to offer.

      I faced the same problem, but about 5 years ago. My solution was to use ONC (Sun) RPC instead of DCE. ONC RPC has been supported on Linux / Unix forever, and I found a port to Windows (from the original Sun code) that worked nicely.

      Since then however, it looks like that port of ONC RPC to Windows has disappeared off the 'Net... I'm not sure what that's all about. But I can definitely say that RPC between Windows and Linux works, at least using Sun RPC.

      --
      // TODO: Insert Cool Sig
  30. Where's the LGPL? by ukh · · Score: 1

    Apart from the press release, where does it actually
    say that it's licensed under LGPL? The press release does not even make it clear that it really is the GNU LGPL, nor exactly what version of DCE the "Open" Group is supposed to release. But, if they really do release the stuff (although it's probably 10 years late), better now than never.

    1. Re:Where's the LGPL? by lkcl · · Score: 2, Informative

      from the press release:

      Previously, the DCE source was only available under a traditional license. Making it available under a recognized open source license (LGPL) both increases the accessibility of DCE as an interoperability technology, and permits a broader community to work on the source to expand its features and keep it current.

    2. Re:Where's the LGPL? by Dave_ML · · Score: 1

      The LGPL is GNU v2.1. The license is now on the DCE download page.

  31. Re:working links if needed by hackstraw · · Score: 1

    Try this -- MS

    Try this -- Solaris

    Preview exists for a reason, doh!

  32. BREAKING NEWS! by krbvroc1 · · Score: 2, Funny

    Tandy Corporation is rumored to have just made TRS-80 firmware open source. With the competitive race to open source things, several dead vendors are trying to ride on the OSS coat tails.

    Rumor has it that SwiM Motif may up the ante. Not to be outdone, the Transmeta Linux distribution is being resurrected. OS/2 Warp may follow. Stay tuned...

    1. Re:BREAKING NEWS! by Anonymous Coward · · Score: 0

      Actually, an open sourced OS/2 Warp might actually be interesting, if only for the Windows compatibility code.

  33. DFS, AFS, etc., Was: freedce by Monkius · · Score: 1

    Luke,

    Indeed, this is a very interesting development. With an LGPL license for DFS, it's time to give the DCE descendent of AFS another look.

    But we have AFS, too, and although OpenAFS is not GPL-compatible, its free software in a real sense, and more important, it has a living community of developers who've worked on the code stretching back into the 1980s.

    I'm not as convinced now as I might have been 3 years ago that DCE is a better mousetrap than Rxgk is shaping up to be.

    There will probably be crossover between OpenAFS and DFS ideas--I just hope that working with DCE people doesn't turn out to be a Samba/Active Directory driven experience. It would be easier and more pleasant to fork.

    --
    Matt
    1. Re:DFS, AFS, etc., Was: freedce by lkcl · · Score: 1

      the crucial thing is to find the people and quickly those who are depending on this code, and who have been let down by ibm's end-of-lifecycle decision.

      dfs is just far too good at what it offers to let it go piss down the toilet.

      remember: dfs was the stuff that transarc got their teeth into _after_ they released afs, and so they had a few more years to hammer at an _already_ stunningly good bit of code. ... where's me openafs mailing list alias gone?

    2. Re:DFS, AFS, etc., Was: freedce by lkcl · · Score: 1

      https://lists.openafs.org/pipermail/openafs-devel/ 2005-January/011370.html

      looks like somebody noticed.

  34. Re:The Open Group now known as the AbandonWare Gro by takis · · Score: 1

    DCOM is still in heavy use and AFAIK it's using DCE.

  35. too late... by tetabiate · · Score: 1

    we already have KDE and gnome.

    1. Re:too late... by be-fan · · Score: 1

      What do you think DCE is?

      --
      A deep unwavering belief is a sure sign you're missing something...
  36. Readable version by Anonymous Coward · · Score: 0

    http://shit.slashdot.org/article.pl?sid=05/01/14/1 833226

  37. Not just the RPC by Krisbee · · Score: 2, Informative

    Some clarification.
    It's not just the DCE RPC that has been released, it's the whole schebang, including:

    * The build environment (ODE)
    * The vast documentation with specs
    * Threads (Ugh!, Please don't use)
    * RPC
    * Directory services
    * Security services
    * Time sync
    * File service (DFS) including the Episode file system.
    * Test procedures
    * The various administration tools
    * The tools needed to make DCE applications.

    The code is old, however and building this is not for the faint of heart, but there's lots of good stuff in there.

  38. * time sync (Ugh!, Please don't use) #Use ntp by 6800 · · Score: 1

    Nuf said!

  39. Late? by 4of12 · · Score: 1

    I don't mean to sound like a troll, but what does DCE/DFS buy me now?

    With kerberos, pam, ldap and NFSv4 it seems like alternatives are available. And the 90% of computer users in the enterprise needing authentication, directory service on Windows users are getting embraced by AD.

    Plus, last time I remember using DCE/DFS about 7 or 8 years ago it was sloooooow.

    --
    "Provided by the management for your protection."