Microsoft Warms Up to Linux

prostoalex writes "InfoWorld reports that despite warming to the OS, Microsoft won't be releasing its own distribution of Linux any time soon. From the article: "Hilf acknowledged that Microsoft's commitment to Windows does not preclude the company from continuing a strategy he has led in his 19 months at the software vendor: To see how Microsoft's proprietary technologies can better interoperate with Linux and a host of other open-source software. In fact, that is exactly what will be the focus of a discussion the long-time open-source proponent will lead at this year's upcoming Linuxworld Conference & Expo next month in San Francisco. In a session entitled, 'Managing Linux in a Mixed Environment ... at Microsoft?' Hilf, who polished his open-source evangelism skills working on Linux deployments at IBM Corp., will talk about how he and the team at the Linux/Open Source lab run open source technologies in "the most Microsoft-centric IT environment on the planet." "

Warms up?

[Magada]

You know what they say ... if you can't beat them ... embrace and extend.

Re:Warms up?

[Enigma_Man]

You embrace it, and then extend what you embraced in your own image. IE: Microsoft: Oh we love C++, now it's Visual C++! (embrace, extend), in order to help maintain vendor lock-in.

-Jesse

Re:Warms up?

[interiot]

Embrace -- pretend you warm up to a standard because you actually like it

Extend -- Make some Microsoft-specific tweaks to the standard, and encourage others to use them. Make sure those tweaks lock-in users into your software. Bundle it with your OS and Office Suite to give your tweaks an edge. If it's too easy for others interoperate with your modified version of the standard, keep modifying it until others lose relevance, and you have 90% of the market share.

Tinfoil

[savagedome]

Best way for Microsoft to kill Linux is to embrace it.

Re:Tinfoil

[frodo+from+middle+ea]

How exactly ?

For anyone who modded Parent insightful think about it for a second....

They can't kill linux, in the hobbiest circle for obvious reason, unless people start getting jailed for not using a mircosoft branded OS, I can't see geeks all over the world giving up linux, or BSD etc.

And guess what, the IT literacy is probably much higher now, than it was in the early 90s, so not all bosses/decission makeres are PHBs.

And even the PHPs can not argue against cost cutting which is something linux has been promising for a long time now and justifiably too.

Besides last time I checked linux is not some company that can be bought over in a hostile takeover.

Re:Tinfoil

[jarich]

A Linux distro is not a single program. It's thousands of programs, some GPL, some not. MS can write (or rewrite) a few core networking applications. Even if they release the changes required to the included GPL libraries, they can still hold the tool itself back.

Old saying

[suso]

Keep your enemies closer?

Re:No Linux from MSFT?

[mnemonic_]

Certainly the amount of low-level hardware control a user has through the Windows GUI far exceeds that in the Linux world. Usually it's impossible to update the video card drivers in Linux without using the command line.

Iinteroperation with Linux ?

[tpgp]

a strategy...to see how Microsoft's proprietary technologies can better interoperate with Linux and a host of other open-source software.

If Microsoft wants better interoperation with linux, they do not need to create a Linux/Open Source lab to ïnvestigate interoperability.

All they need to do is release specifications or source-available implementations of their network protocols and file formats.

Is this really so hard to understand?

Re:Iinteroperation with Linux ?

[thisissilly]

You do not understand the MicroSoft definition of "interoperate":

"Making sure you cannot talk to us without giving us per-client money."

Re:Iinteroperation with Linux ?

[Red+Flayer]

And lose control of the market? Why, oh why, would anyone in Microsoft's position do that?

MS doesn't want two-way interoperability (though they'll spin it to seem they do).

Microsoft wants Office to be able to read docs from other apps, not the other way around.

This way, when people realize how good Vista really is, they won't be scared to switch over to Windows because of file accessibility issues.

Re:Maybe we could get a usable desktop?

[tomstdenis]

You mean like with nvidia cards [low-end ones which sell for less than a hundred dollars] ???

Is that what you meant? Is it? I really want to know what level of stupidity people like you seek to.

So am I close? Is that what you mean?

Tom

Re:Funny

[donleyp]

Now, come on. There are tons of features in the Linux desktop managers (KDE, GNOME, etc.) that were first seen in Windows. There are even look-a-like themes!

I'm not saying that Microsoft is a greate innovator, but let's give credit where credit is due.

You are correct that they will be looking for things to immitate, but isn't that the sincerest form of flattery?

Re:Quick!

[AKAImBatman]

It's just the same Embrace and Extend tactics that Microsoft has always used. When Windows 2000 came out, Microsoft promised perfect Unix interoperability. Of course, they subtly changed the Kerberos protocol and several other protocols to favor Microsoft's OS in the domain controller position, allowing them to later push Unix as legacy stuff Microsoft is helping you get rid of.

The fun part is that I asked a Microsoft rep about the Kerberos problem and he lied to my face.

You've heard of "If you can't beat 'em, join 'em?"
For Microsoft it's, "If you can't beat 'em, pretend to join 'em, then stab them in the back when they're not looking."

Re:sure

[Lord+Marlborough]

I just hope we don't see those of us supporting Open Source thinking we have won. This feels sort of like a "Peace in Our Time" (http://www.wwnorton.com/college/history/ralph/wor kbook/ralprs36.htm) kind of moment to me.

Re:No Linux from MSFT?

[HateBreeder]

The problem with these kind' a "hacks" is that they're "hacks".

It's an inelegant solution. The script introduces too many dependencies (shell version, paths, etc...) and the whole idea of a gui front end to scripts, is bad design, in my opinion.

An elegant design would be to have X or something, expose an API for video hardware configuration, that way the gui calls the api programmatically, and everything's much more robust.

Linux is too disorganized and has too many developers with different opinions that it's VERY hard to implement standards for anything.

Re:Quick!

[AKAImBatman]

Are you sure he wasn't just plain ignorant (representatives tend to be)?

Quite possibly. But he was one of those training-a-roomful-of-people-on-the-advantages-of- Win2K guys. Microsoft played him off as an engineer type who knew the system. When he got to the training on Kerberos, I got up and asked him point-blank about it only working one way. He told me that Windows 2000 would absolutely work with a Unix Kerberos Domain controller. I pressed him on it and he insisted. I let it go, but it proved to me that the reps will either run with misinformation or outright lie if they feel it will help their case.

A very amusing example of this was the incident where a rep argued with David Korn on Microsoft's version of the Korn Shell. I'll bet Mr. Sullivan felt a bit sheepish after that. ;-)

Re:Quick!

[jurt1235]

One thing is sure in this: If microsoft would make a linux distro it would be less stable (on purpose), lack all kinds of compatibility so your enterprise applications will not run on it, and be completely incompatible with your current MS documents.

For them it will just be a showcase to customers with doubts about their MS environment to show that Linux together with all other helpfull opensource applications is no help to them.

the battle for management is just warming up

[rapiddescent]

I think the Microsoft understand that the battle of the OS is not where the real money is - the real money spinner is beating HP OpenView in the server/desktop management space and also owning the signing-in credentials (Active Directory) - these two things are FAR more important than old wars against Linux and open source. They know that Linux boxes are always going to be in the enterprise so they've thought up a strategy to make sure that they are within the MS management pool. A caring & sharing attitude will also fix some of the perception of arrogance that MS have with the Office of Government Commerce in the UK and similar procurement organisations outside the USA.

for example: In most places I've been to, the customer has MS Active Directory in place. (I'm an enterprise TA specialising in Linux). That makes MS in a very strong position to be first choice for single sign on content management systems, document management platform and also system monitoring & management. The usual BS I hear is that AD makes it easier for the helpdesk to manage users and groups and so on.

MS have been quietly making big investments in enterprise management. remember SCO, how could you forget!, there was one product that SCO sold off to a management buy-out and was rumoured to have been heavily funded by MS - this is Vintela. Vintela sells a single sign on solution for multiple OS (including Linux) that will allow Linux users to sign in as AD citizens into Linux and be managed just like the MS users.

Another example is the new drive for MOM. MOM is essentially where HP Openview was some years ago. HP OpenView has never got the pervasive coverage in organisations because it costs a bloody fortune and HP have been too stupid to commodotise the HPOV server infrastructure into something cheaper. Also, having an enterprise OpenView system takes manpower to setup correctly. The result is a catch 22 - the companies that actually need it; don't have spare manpower - hence the reason they need an enterprise monitoring/management suite! MS MOM is a big step in the direction of Windows simple click (and break!) user interface that is convincing to management who will sign off procurement decisions. The MOM interface is surprisingly better than HPOV - plus MOM will also support Linux and Solaris boxes in the enterprise. I don't think it will be long before MS provides management hooks for JBoss, MySQL, Apache etc into MOM.

By entering the enterprise market like this; MS is targetting products at the areas that control the whole strategy or an organisation: authentication/authorisation and systems management. It is a way of taking control and ensuring that any Linux/otherNix server has MS branding on it because that's how it is looked after...

essentially; Microsoft *have* to include Linux in their plans for their big step into Enterprise domination - Linux is actually helping them in a way because the rapid growth of Linux servers has forced them to consider enterprise platforms that they have not really been competing against in the past.

rd

Re:the battle for management is just warming up

[Tarwn]

Umm...

I am currently logged into this FC3 box using my AD username and password.
When I go out to the DFS servers (from this box) I continue to use that authentication.
When another user views the shares on this box they always see their home folder as an available share based on their auth info. (Did I mention it automatically uses their Windows auth info to allow them to view the shares and their home folder?)
If I log into the box with a user that did not previously have a home folder, it is automatically created, along with various other folders, default X settings, etc. provided they have an Active Directory account.
If I VNC into this box I get a login prompt and use my AD auth info to log in.
SSH auth's from AD.
Basically everything on this box authenticates from AD. Not much is locked down to certain grouops, but a couple groups (like Domain Admins) have some special permissions and accessibility areas.
About the only thing I didn't do was define home folders and such in AD, and thats only because the windows side of that (redirecting My Documents, profiles, etc) hasn't been done yet.

As far as monitoring and such goes, we have microsoft and non-MS solutions in place, sometimes interoperating.

Oddly enough this used to be a 100% Microsoft house, and only two systems run Linux at the moment...but they are both completely transparent (ie, look like any other box on the network).

So, no, I don't think there is any assumed lock-in , that you have to use Windows workstations or servers just because your using Active Directory (MS Source Safe, MS DFS, MS Exchange, IIS, etc).
I was completely new to Samba when I set this box up and it only took a few days to get Samba, Pam, Kerberos, etc playing well with the MS systems.

Re:yaaaaawn

[wlan0]

Step five: MS-Linux needs to be GPLed anyway.

Microsoft Warms Up to Linux

[intnsred]

The title of this article immediately makes me think of that old saying -- what was it? Oh yeah:

Keep your friends close and your enemies closer.

Portability

[catman]

Somehow I'm not sure that word means what you think it means ... but ICBW

What platforms does Visual C++ support, again?

You are wrong.

[mcc]

I am not personally familiar with Kerberos. However, I know how to read documentation. So let's look at the Kerberos spec, shall we? Any emphasis below is mine.

The client prepares the KRB_TGS_REQ message, providing an authentication header as an element of the
padata field, and including the same fields as used in the KRB_AS_REQ message along with several optional fields: the enc-authorization-
data field for application server use and additional tickets required by some options.

And then later on, multiple things to the effect of:

authorization-data[10] AuthorizationData OPTIONAL

The "data authorizaton" you refer to is-- by the spec-- clearly referred to as "optional" every time it comes up. This means that spec implementors are under no obligation to observe its contents. Now, if you go and look up the original problems with the MS Kerberos extension:

From discussions with Microsoft, which were not under an NDA, the situation appeared to be as follows circa October, 1997. This information comes from the USENIX publication ;Login.

NT 5.0 will indeed use Kerberos. However, the protocol has been "extended" by Microsoft, by adding a digitally signed Privilege Attribute Certificate (PAC) to the Kerberos ticket. The PAC will contain information about the user's 128-bit NT unique id, as well as a list of groups to which the user belongs.

The NT PAC is unfortunately not compatible with the PAC's used by the Open Software Foundation's Distributed Computing Environment (DCE). It is also somewhat debatable whether the NT PAC is legal with respect to RFC-1510, the IETF Kerberos V5 protocol specification. The original intent of RFC-1510 prohibited what Microsoft was trying to do, but Microsoft found what they claimed to be a loophole in RFC-1510 specification.

Many folks, including Paul Hill and Ted T'so at MIT, as well as Cliff Neumann at ISI, have tried to work with Microsoft to find a more compatible way of doing what they wanted to do. To that end, we made changes in the upcoming revision of RFC-1510 to add a clean and compatible way of adding extensions such as Microsoft's PAC to the Kerberos ticket.

To Microsoft's credit, they agreed to change NT 5.0 to use a cleaner and more compatible way of adding extensions to the Kerberos V5 ticket ... [snip]

RFC 1510 specifies that the encrypted part of a ticket may include an optional AuthorizationData field. If the authorization-data are present, they are decrypted using the sub-session key from the authenticator. ... [specified encoding of authorization-data field follows]

Microsoft has not fully disclosed their use of the authorization data field. However some information is public knowledge at this time.... [partial, reverse-engineered microsoft encoding of authorization-data field follows]

So what we are left with is this. The Microsoft kerberos extensions took a field clearly marked in the spec as "optional" and made it non-optional, while other implementations took the optional field and ignored it. Ignoring an optional field would be a correct implementation of the specification; requiring it would not. Meanwhile by the information above, the data Microsoft carried in the field is not only seemingly not the proper encoding of the AuthorizationData field given by the spec, but contains information which was not only outside the scope of the spec, but arbitrarily defined by microsoft and then NOT PUBLICLY DOCUMENTED. Microsoft claims a "loophole" not specified justifies this, but if you use a "loophole" to add information to a protocol which breaks compatibility with existing implementations you cannot possibly blame anyone but yourself for this.

It would appear you either are misinformed or trying to mislead us.