Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Group Releases DCE 1.2.2 as Free Software

Posted by michael on from the run-with-the-big-boys dept.

lkcl writes "The Open Group announced 12th January 2005 that they are releasing DCE/RPC 1.2.2 as a Free Software Project - under the LGPL. This is a major coup for Free Software: the Distributed Computing Environment is known to be involved in some major projects. There is a mirror at opendce.hands.com which runs rsync, ftp, and there is also a dce122.tar.bz2.torrent bittorrent running as well."

27 of 162 comments (clear)

  1. freedce by lkcl · · Score: 3, Informative
    Article at Advogato with some more details.

    This is one _monster_ big deal for Free Software.

    This is the code that allows big companies such as IBM, Fujitsu, Entegrity etc. to bid for £500m contracts.

    We have FreeDCE already, which is the DCE 1.1 Reference implementation autoconf'd and updated...

    1. Re:freedce by eviltypeguy · · Score: 2, Informative

      I would like to point a somewhat glaring inaccuracy in the article linked in the parent post.

      The article author claims:

      "...Global File System (which is proprietary anyway, available from Redhat)..."

      Except, GFS is NOT proprietary. Behold, the source code:

      http://sources.redhat.com/cluster/gfs/

      And by the way, as my first impression I think Advogato sucks if only because there is no obvious way to contact the author or reply to the article to point out this inaccuracy or anyone at the site to contact about the article. Bleh.

  2. Re:Ummm by stratjakt · · Score: 3, Funny

    In precisely the same way you can call your product Kool Aid, when it helps nobody, and is in no way affiliated with Kool and the Gang.

    Or in the same way that you drive on a parkway, and park in a driveway.

    --
    I don't need no instructions to know how to rock!!!!
  3. WTF? by Otter · · Score: 2, Funny
    My first thought was to say "DCE/RPC under the LGPL! Wow! Would you mind telling us what the hell the thing is?"

    But, I figured I'd be socially productive, RTFA and post an explanation myself.

    The OSF Distributed Computing Environment (DCE) is an industry-standard, vendor-neutral set of distributed computing technologies. DCE is deployed in critical business environments by a large number of enterprises worldwide. It is a mature product with three major releases, and is the only middleware system with a comprehensive security model.
    OK, now can I say "WTF?"
    --
    What I'm listening to now on Pandora...
    1. Re:WTF? by stratjakt · · Score: 4, Funny

      It's basically a library of Open Source buzzwords, with which you can raise venture capital.

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:WTF? by stratjakt · · Score: 2, Insightful

      Basically, Free DCE is DCOM for linux/BSD/OSS.

      I know I already replied. I'm doing it again.

      --
      I don't need no instructions to know how to rock!!!!
    3. Re:WTF? by finkployd · · Score: 2, Interesting

      Quick description. It is a couple of things.

      Importantly, it is an extension of KerberosV to store group information in the ePac (like MS Kerb only not digitally signed by a private key that only they can use to lock everyone else out).

      It is a secure, authenticated RPC with authorization support.

      Built on top of this is a distributed filesystem that is basically 10 years or so ahead of OpenAFS (DFS was the sucessor to AFS way back when, AFS has not nearly caught up in features yet)

      It also is a directory system (CDS) which is largly irrelevent now since we have LDAP (both are decended from x.500 and LDAP is heading back towards that more every day)

      Finkployd

    4. Re:WTF? by lkcl · · Score: 2, Informative
      the lock-out you describe was done by _microsoft_ as part of their use of kerberos in "active directory": they used the "application specific" field in order to save on round-trips (and then extended their bloody SMB protocol in order to _add_ a couple. bastards).

      DCE did a "proper" job by using the available fields of kerberos for the correct - documented - purpose.

      the use of CDS being largely irrelevant was recognised by TOG in 1999: you need to pay IBM stacks of $$$ to get the code _but_ it was recognised: OpenGroup link here. fortunately, someone has created a set of free software plugins - nss and pam etc. already

      AFS, OpenAFS, DFS - it's a long long story for another day, methinks :)

    5. Re:WTF? by finkployd · · Score: 2, Interesting

      the lock-out you describe was done by _microsoft_ as part of their use of kerberos in "active directory": they used the "application specific" field in order to save on round-trips (and then extended their bloody SMB protocol in order to _add_ a couple. bastards).

      And now that it is open sourced, perhaps someone (or me, whatever :) can get around to fixing the screwy case issue with dce cell naming that prevents us from making a one way trust setup between active directory and dce (having the ms kdc being a slave to the dce kdc)

      AFS, OpenAFS, DFS - it's a long long story for another day, methinks :)

      We (PSU) being to my knowledge the largest and most active DCE shop still around (130,000+ active principals, custom designed DCE-RCP apps everywhere and I KNOW I am the only person to port a custom full featured DCE-RPC server to OS/390, lots of stuff built on top of DFS, etc), are unfortunately really aware of this. NFSv4, while supporting K5 is a joke for what we need, OpenAFS I believe still uses some kludgy K5->K4 conversion internally and is missing byte level locking, some of the replication, and file level ACL features we use and love, and SANS are kind of a joke too.

      *sigh* I'm glad this happened, but we REALLY could have used it a year or two ago. There is a lot of work ahead for the community to make this useful.

      Finkployd

  4. Re:Ummm by crow · · Score: 5, Informative

    The Open Group was formed by the merger of X/Open and the Open Software Foundation. The use of "open" in all those names predates the phrase "open source." The term it relates to is "open systems," which refers to standardized Unix systems, as opposed to mainframes.

  5. From wikipedia by Oriumpor · · Score: 4, Informative

    The Distributed Computing Environment (DCE) is a software system developed in the early 1990s by a consortium that included Apollo Computer (later part of Hewlett-Packard), IBM, Digital Equipment Corporation, and others. The DCE supplies a framework and toolkit for developing client/server applications. The framework includes a remote procedure call (RPC) mechanism, a naming (directory) service, an authentication service, and a distributed file system (DFS). DCE RPC was derived from an earlier RPC system called the Network Computing System (NCS) created at Apollo Computer. The naming service was derived from work done at DEC. DCE DFS was based on the Andrew file system (AFS), originally developed at Carnegie-Mellon University, and later extended by Transarc Corporation (which was later merged into IBM)

    Link here

  6. My, how times have changed by loose+canons · · Score: 3, Interesting

    In '93, I was making the big bucks at a defense contractor because I could tell them how/where to use DCE.
    It is interesting to see the difference between the openess of the OSF and the openess of the open source movement [all that gnu software!] begin to blur.
    I hope that exposure of the security code buried in DCE, especially where it uses kerberos, will help polinate other open source projects with improved security features.

    --
    You call that a troll? I have a whole beltway full of trolls better than that!
  7. Re:Open the code, but charge for documentation? by PDXNerd · · Score: 3, Informative

    Short answer : yes. Long answer : The code is Free means the code is Free. The code is released under the LGPL. If you can't look at the code and figure it out, what does it really matter anyway? On top of this, if you are involved in a large project with many developers chances are your organization will pay for it. The API is well documented in more places than just their pay-per-book service.

  8. Re:Didn't M$ steal this? by lkcl · · Score: 2, Informative

    they didn't steal it but from what i can gather they took the DCE 1.1 reference implementation (available under a BSD-like license before most people had even _heard_ of free software licenses!) which is basically "stubs"... ... and then they integrated it with NetBIOS and SMB (inventing ncacn_np which is DCE/RPC over NT's NamedPipes - heard of those? look up CreateNamedPipe on the MSDN :) ... and then they added WINS as a resolver... ... and then they added NTLMSSP authentication... ... and then they created NT Domains with it... ... and then they put _every_ single administrative interface behind a DCE/RPC client-server architecture (really easy: the Win32 Registry API is one!)... ... and then they started on exchange... ... and then they created ncacn_http which is RPC over HTTP because some idiots started blocking exchange packets and they needed to punch a hole through firewalls [what do you mean, the web _is_ the internet, you stupid microsoft support idiot!] ... oh, and don't forget DCOM on which an entire generation of MSDN-created software is based!

    hijacked? naaah. microsoft _really_ recognised a good thing, and unlike a lot of people who go "duuuh, i wish...", just snowballed with it.

  9. Re:Open the code, but charge for documentation? by goldspider · · Score: 3, Insightful
    "Is the code really open and free if you have to pay money to learn how to use it?"

    Of course the code is open... unless you consider man pages acceptable documentation.

    And last I knew, those O'Reilly books aren't free either.

    --
    "Ask not what your country can do for you." --John F. Kennedy
  10. DCE, Microsoft and DCOM by Earlybird · · Score: 2, Interesting
    Microsoft's RPC framework, which is built into Windows, is actually an implementation of DCE. While it's a long time since Microsoft used it directly, it's a nice platform for remote communication; it's a mature API that supports a wide variety of protocols (eg., TCP, UDP, local pipes), authentication mechanisms, marshaling mechanisms etc.

    Microsoft's COM (also known as DCOM) sits on top of this RPC layer to implement a distributed component object model -- one of Microsoft's finest and most underrated inventions. It's also one of their most copied technologies -- KDE, GNOME, OpenOffice (UNO) and Mozilla (XPCOM) all implement very similar object models.

    Of course, DCE RPC is also famous for the UUID (aka GUID) algorithm -- 128-bit identifiers whose uniqueness is mathematically guaranteed as long as the generator can access a network card with a unique MAC address.

    1. Re:DCE, Microsoft and DCOM by mihalis · · Score: 2, Interesting

      Microsoft's COM (also known as DCOM)

      No, DCOM is distributed COM, not identical to COM, but a superset. COM itself is a component-object model that is a nice piece of work in my opinion.

      COM is a binary, language independent standard for using services provided by objects without depending on the implementation.

      Instead of direct linkage to functions, for example, clients must request access to interfaces, and only use the services if the request succeeds.

      Interfaces amount to a C-Cstyle struct with function pointers, with the first three methods being QueryInterface(), AddRef() and Release(). The latter two functions are merely ref-counting for tidiness, so the primary way to use services depends on driving QueryInterface to discover other Interfaces and then call them.

      There is a nifty mapping of this struct definition into C++ pure virtual base classes so that COM programming in C++ can be quite nice (especially with smart pointers).

      It's really other stuff layered on top of COM in the standard Windows way that makes the whole programming experience less pleasant (e.g. MFC message maps, ATL thunking - thinks that just puzzle me when I bump into the code).

      By the way, this all works pretty nicely on Unix (especially modern ones like Solaris or Linux). You just need a certain maturity in the C++ compiler so that static_cast works nicely to have all of this goodness available, and you need to link your "DLL"s (aka shared objects) properly (reduce the scope of the functions you aren't making available to clients of the library e.g. with linker mapfiles).

      Unfortunately Eric S. Raymond's "The Art of Unix Programming" is hopelessly weak when it dismisses these aspects of Windows programming which for me somewhat undermined the entire book. Then again, I don't think ESR is very fond of C++, which was one of the big problems that COM solved (e.g. the unstable C++ ABI for many, many years).

  11. For any Penn State Students/Staff by finkployd · · Score: 2, Informative

    DCE is the core middleware at PSU and has been for years. Your access account you use for everything is a DCE principle (Which ends up being KerberosV + some stuff).

    The PASS filespace is DFS which is the distributed filesystem componant of DCE. Webmail and the Portal (wehmail.psu.edu portal.psu.edu) are built on top of the filesystem.

    eLion is a client server application that uses Smalltalk on the web front end and Natural/Adabas for the backend (running on an IBM zSeries mainframe). A custom in house developed DCE RCP middleware mechanism is used to get them to talk to each other. This lets us do dynamic load balancing without special hardware, adding and removeing backend servers and automatically have them put into the locally managed "server pool" on each web server front end, and validating the calls on the backend via the kerberos credentials of both the web server and the user making the call. (can you guess what I did for the last 3 years?)

    Now, IBM has end of lifed DCE, which screws us (and several National Labs, Merck, Cal Poly Tech, Buffalo U, Pain Webber, a handful of other universities, etc). PSU is migrating off of it to MIT KerberosV, LDAP, a "yet to be determined filesystem" (probably OpenAFS, which is a 10 year step backward), and I have absolutely NO idea how we will replace the RPC.

    Anyway, PSU people have been using DCE heavily for about a decade and many didn't even know it :) It really was/is a cool and powerful system. Its one major failing it the complexity and effort needed to set it up.

    Finkployd

  12. Re:Didn't M$ steal this? by finkployd · · Score: 3, Informative

    lkcl covered the other stuff, I'll touch on DCOM.

    DCOM is literally a reverse engineered DCE-RCP, to the point where it is wire compatible with it. DCE-RPC is an authenticated RPC which uses KerberosV for the authentication token, and since DCE puts group information into the ePac (like MS did with their Kerb) it also allows for group based authorization at the RPC level.

    Microsoft ripped out all the security (who is suprised?) and called it DCOM. Of course the idl compilers are different so they are not compatible at that level, but once compiled, a DCE rcp client/server can talk to a DCOM client/server, assuming you are not trying to use any of the security built into the DCE-RPC

    Finkployd

  13. Entegrity hosts the 1.2.2 documentation as PDFs by finkployd · · Score: 2, Informative

    Enjoy

    http://support.entegrity.com/private/doclib/indexD CE.shtml#osf122

  14. Re:Nice software, but...... by lkcl · · Score: 2, Interesting

    ah - that's the beauty: GSS-API has been added to FreeDCE already, by Luke Howard of www.ldap.com.

    and if it's added to FreeDCE, then DCE 1.2.2 gets it too - once DCE 1.2.2 has been autoconf'd and brought up-to-date like FreeDCE already is.

  15. Re:Didn't M$ steal this? by lkcl · · Score: 2, Interesting

    ... mr fink, i'm sorry but i do have to correct you on a couple of points.

    namely, that microsoft got hold of the BSD-like-licensed DCE 1.1 "reference" implementation so the "stripping of all security" was done by TOG not by microsoft.

    MS, who had and still have someone from Apollo working for them, knew and knows how DCE/RPC works _in_side out, and so was able to sort stuff out for them.

    MS _did_ have to add some stuff like "implicit handles" and MSRPC _does_ have the ability to do Unicode Strings (and between Wez Furlong, Luke Howard and myself, that's all now been added to FreeDCE).

    i'm still working on adding NTLMSSP and NT Named Pipes to FreeDCE - something that luke howard has already done for his proprietary XAD server (www.ldap.com).

    the differences are not _that_ significant, is the bottom line.

  16. Re:Didn't M$ steal this? by lkcl · · Score: 2, Interesting

    none - the reference implementation was available almost right from the start - i _think_ - otherwise microsoft wouldn't have been able to get hold of it and use it for Windows NT 3.1.

    FreeDCE, however, has _two_ security plugins: GSS-API (thanks to luke howard), and NTLMSSP (code from samba tng which i wrote, based on my and paul ashton's "welcome to the samba domain" work in august 1997)

  17. Re:Is this an End of Life announcement? by lkcl · · Score: 2, Funny

    fucking alphabet soup. no wonder my head has turned to jelly from too much slashdotting.

  18. Re:Where's the LGPL? by lkcl · · Score: 2, Informative

    from the press release:

    Previously, the DCE source was only available under a traditional license. Making it available under a recognized open source license (LGPL) both increases the accessibility of DCE as an interoperability technology, and permits a broader community to work on the source to expand its features and keep it current.

  19. BREAKING NEWS! by krbvroc1 · · Score: 2, Funny

    Tandy Corporation is rumored to have just made TRS-80 firmware open source. With the competitive race to open source things, several dead vendors are trying to ride on the OSS coat tails.

    Rumor has it that SwiM Motif may up the ante. Not to be outdone, the Transmeta Linux distribution is being resurrected. OS/2 Warp may follow. Stay tuned...

  20. Not just the RPC by Krisbee · · Score: 2, Informative

    Some clarification.
    It's not just the DCE RPC that has been released, it's the whole schebang, including:

    * The build environment (ODE)
    * The vast documentation with specs
    * Threads (Ugh!, Please don't use)
    * RPC
    * Directory services
    * Security services
    * Time sync
    * File service (DFS) including the Episode file system.
    * Test procedures
    * The various administration tools
    * The tools needed to make DCE applications.

    The code is old, however and building this is not for the faint of heart, but there's lots of good stuff in there.