Slashdot Mirror
Full Frontal Assault on Apache?
MacJedi writes "Freshmeat has an excellent article about a possible Microsoft strategy to capture the web from both the server and the client ends. " The article itself does a good job of dissecting recent comments from Steve Ballmer, as well as what some of the new items in Win2k portend for our favorite web server.
Frontpage 2000 (which implements all the upload stuff which you wrote about) is going to be DAV compatible, as are the new frontpage server extensions (yuck!). Unsurprisingly Apache has a mod_dav available which implements the full DAV standard, and they've even done some work with MS to get the FPSE up to scratch DAV-wise.
,hacker Perl another Just)'
So - you'll be able to do all that with Apache too - and the usual "and more.." stuff that goes with Apache too.
Matt.
perl -e 'print scalar reverse q(\)-:
Matt. Want XML + Apache + Stylesheets? Get AxKit.
I never thought I'd be cheering for AOL, but the truth is, AOL/Netscape is the most powerful non-Microsoft entity out there in the client space.
If AOL really moves to a Mozilla-powered default browser, and makes switching to IE more trouble than it's worth, then no webmaster in his right mind would risk alienating the 18MM+ AOL users out there by using an "enhanced" IIS.
If their customers want something other than an MS solution, then their attitude must be adjusted. The customer is wrong, and MS must show them how they are wrong.
Of all the comments I've ever posted, this is definately one of them
That was a rhetorical question, right?
Of all the comments I've ever posted, this is definately one of them
>The author missed the real thrust of MS's efforts to get more webserver share.
>
>It's not IIS, or some small webserver- it's Office 2k and the followups. No matter what Slashdot readers may
>think of Office, it is the office suite the world runs on. The newest version of Office have very tight integration
>with the web and IIS- for example, you can place live spreadsheets on the web using Excel. This is going to go
>over big in office intranets- it makes sharing documents really trivial.
As valid as your points are, I think MS has a serious weakness in pursuing this strategy: the new Office 2K costs an arm & a leg for what even ZDNet has labelled minor enhancements.
In this battle, MS's biggest opponent is not Apache, Linux or even the *BSDs, but older versions of Office. And the PHBs might listen this time when the techs point out buying the latest software at $600 a seat is not a good idea, & that they should stay with the current revision.
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
I don't see how simply being easier to remote admin automatically makes Unix easier to crack. An unsecured Unix box is easy to crack, obviously, but just because Unix has more remote-admin options doesn't automatically less secure. Please list some specific examples of how this works, as I'm curious.
Your right to not believe: Americans United for Separation of Church and
Thanks for trying to explain, but your arguments don't hold water.
I'll agree that if telnetd or some other terminal access daemon isn't running, then you can't remote admin the system. This would be the case for both NT and Unix - no remote access daemon accepting connections means no remote admin capability. But if both NT and Unix have remote access available (through telnet, ssh, whatever NT uses, etc ) then what makes Unix more crackable? It seems to me that if NT allows an admin to connect remotely, there's no reason that a cracker couldn't do the same thing (assuming they cracked the admin password). This could happen for Unix too, I'll admit, but you are arguing that Unix is less secure, not that the two are of equal security (which I would argue also, but I'm staying on-topic today). What are the specific differences between NT and Unix remote admin mechanisms that make Unix easier to crack?
I'm not an NT admin, so maybe I'm missing something here, but doesn't NT have an Administrator account which has essentially root privileges? If your "granular" security mechanisms prevent an Administrator from making certain changes to the system, then really your box is unmaintainable. Somebody has to have privileges over the entire system, otherwise you couldn't install new stuff, etc. But if an Administrator can make any necessary change to the system, then a cracked Administrator account is no different from a root compromise under Unix.
As I said, I'm not an NT admin, so I'm honestly curious as to exactly why Unix is less secure. That hasn't been my experience, so if you can list specific differences between the Unix and NT security mechanisms which make Unix less secure, let's hear them. So far, it sounds like NT and Unix have functionally similar remote admin security systems, barring buffer overflow exploits and so forth.
Your right to not believe: Americans United for Separation of Church and
Now, what does this mean for open source software? Apache, or Linux, or Mozilla isn't going to close up shop for their is no shop to close. Since these products are open source, people can continue to build and extend forever and there's no way that Microsoft can really "win".
Other competitors that Microsoft has faced have had to deal with keeping stock holders happy, remaining profitable, etc. Eventually, they would be forced to cut their losses and run. That's a total non-issue with OSS stuff.
Microsoft may continue to win in the short term, but eventually one of two things will happen:
1) The government will come in and break them up (if they control the majority of OS's, Webservers, and Web browsers, there's no more room to argue that they aren't a monopoly).
2) Microsoft will get tired, make a mistake, and lose the race. OSS has the advantage because as it becomes better, more people use it, as more people use it, it becomes better and so on and so on...
---
This sig has been temporarily disconnected or is no longer in service
After a rather lengthy discussion about this on Linuxtoday (the original article had some serious flaws, such as assuming IIS costs money), the author revised it. I still don't think it cuts it. For one thing, people don't need web servers on their desktop machines. A couple of people would set them up, but they'd still be pretty useless to them. Until Microsoft starts giving away domain names, dynamic IP addresses are going to make this too confusing for the common user. I don't know of many people that run Linux as their desktop OS because of Apache (sure it's cool, but it's a minor concern). Thus adding this to Windoows 9* isn't going to deter anyone from going to Linux.
So here we have a hypothetical web server from Microsoft, easier to use than IIS but more featue-filled than PWS. It is "free", just like those two, but it is worse than IIS. This will be the same web server used on Windows2000? I can't tell about this part from the essay. Frankly, I don't see the motivation for using this. If you're going to set up a stupid website, PWS should suffice. If you're going to set up a real website that you actually need to have up, you're going to use Apache or IIS. And there's no way you'd run it under Win9*. If people are that gullible, PWS will suffice for them too.
So the way I see it Microsoft could improved PWS or make IIS work on Win9* (does it?) and this would have the desired effect. But why bother? They're losing to Linux in the server market, not the desktop. They don't have to beef up Win9* at all. People will take it as it is. I seriously doubt they're actually concerned about the desktop market yet. They need to beef up WinNT, which they seem to be doing with Office2000. That's where the real new dependence seems to be coming from.
Also, the entire quote from Ballmer talked about how Apache was better at multiple hosting on a single machine, not in general.
And that would be why I put "free" in quotes. It doesn't come close to being free like Apache, but it's close enough for the purposes of this article. The author was assuming that Microsoft would give away the server. He made no mention of giving away the OS (which they probably will never do). Thus, for the purposes of this article, IIS and PWS are "free" to anyone who would use them anyway.
Since they are admitting that the price/performance/features equation of Apache is better than anything Microsoft has to offer, it means they have gotten used to the idea, mulled it over, and came up with a solution
That or they're tring to convince the DoJ that there are bits of the world they don't own.
The new free web server / Windows 2000 combination will reduce the appeal of Apache
This won't be as easy as deep-sixing Netscape, for a whole bunch of reasons. Off the top of my head...
1. Targetting home users who'll just click'n'install is a lot easier than replacing entrenched, stable technology in the business world. All the PHBs in all the gin-joints in all the world won't be effective in replacing all the apache installations, but they might impinge (slightly) on new installs.
2. Apache is, and always has been, free. netscape lost out to a certain extent because it took them a year and a day to react to the freebie IE.
3. Netscape had/has advocates; Apache has fanatics.
They are applying their usual strategy to web servers: embrace and extend.
As a Win2000 user, you will get a free web server on your desktop. It will be very easy for you to publish some pages on the web, thanks to this nice tool. Maybe you will even get a few pre-installed scripts and utilities with it, such as a hit counter. Maybe also some FrontPage extensions so that it is easier for you to publish and manage your documents.
By coincidence, you will find the same set of utilities plus much more in IIS. So once you reach the limits of the free server, the only sensible way to upgrade your server will be to move to IIS. It will be easy, and you will not have to re-write any of your code.
On the other hand, upgrading to Apache will be much more difficult, because nobody told you that the nice features offered by the free server were MS-specific and were not available with Apache. So why would you take Apache if it would force you to modify several of your pages? Re-writing these pages could cost more than the price of Windows NT Server + IIS, so you will forget about this "free" Apache that requires more work from you.
And while you are at it, you will also use the nice goodies provided with the server, such as the ones that put active channels on the user's desktop. Never mind of some users cannot use these features because they have a non-standard browser (i.e. a browser that does not come pre-installed with the OS). They will be forced to upgrade sooner or later anyway, so why bother?
Sigh...
-Raphaël
Every one of the things that Conrad says Microsoft will do has already been done in NT4, for all the good it has done them. They cannot do very much more in this regard unless they integrate IIS with Windows 99 or 99++ or whatever they call their next Desktop OS. And we can only hope they do that, since it will push them even closer to the point at which the bubble gum and baling wire give way and their whole messy OS collapses in chaos.
The OS integration strategy was a brilliant response to the threat posed by Netscape. We should not expect them to try the same strategy against Linux. They are more likely to try things that exploit the weaknesses of the Linux community and the strengths of Microsoft, such as setting up bogus benchmarks that compare specially modified versions of an OS running a single task. That is a contest they can be expected to win every time, since they can throw as many full time, well paid engineers at it as needed, while the Linux folks must rely on volunteers - and who wants to put in hours working on a project that only makes sense to a marketdroid or a CIO? The recent PC Week tests showed nothing at all about how NT stacks up against Linux in the real world (try running IIS and Exchange on the same NT box), and have no practical value at all. They were, from an engineering perspective, a complete waste of time.
Rather than meeting this challenge on the battleground chosen by Microsoft, the Linux community would do far better to expose these "benchmarks" for the travesty they are. Then continue on the path that is leading to true greatness, making Linux better in ways that really matter.
Information is not Knowledge
I mean really! How many IIS boxes have been cracked in the last 2 years? Now the network people are supposed to be happy to allow everyone in their respective company to run a weakly secure web server? Ha! And people thought Melissa, et. al. were bad.
On another note, this will really increase the numbers of support jobs out there. This past weekend there were 4 NT/IIS servers cracked (run by various departments within USDA and not the main site). Yesterday, they bring in their "experts" to fix them up and have _8_ people surrounding _2_ servers. I'm not sure what 6 of them were supposedly doing. Meanwhile, me and the only other UNIX guy here are happily playing with our 10 UNIX boxes. They claim NT doesn't take lots of people to maintain it. Sure.
Do really dense people warp space more than others?
The author missed the real thrust of MS's efforts to get more webserver share.
It's not IIS, or some small webserver- it's Office 2k and the followups. No matter what Slashdot readers may think of Office, it is the office suite the world runs on. The newest version of Office have very tight integration with the web and IIS- for example, you can place live spreadsheets on the web using Excel. This is going to go over big in office intranets- it makes sharing documents really trivial.
Guess what- these functions don't run under Apache. Thus, IS staff have to maintain an IIS webserver to get the features that the various Office2k users want. (And I'll assure you they'll want them.)
Best of all, this is a no risk strategy wrt the Justice Department. All they're doing is improving their office suite, which Justice can't stop. Sure they're trying to kill Apache, but Apache isn't a company, and they aren't undercutting Apache's price to drive it out of the market since Apache is already free.
I've got to admire MS on this one. This is one seriously well designed strategy. They can't make headway against basic web stuff, so they'll leverage their real monopoly (Forget Windows- it's Office.) to make the basic web seem much less useful. It might even work.
Eric
"Seven Deadly Sins? I thought it was a to-do list!"
no , thats not what the article means - but they were apparently forced to use it because NT was too sucky. They may know it Apache is superior, but indeed, it is strange Ballmer would actually declare that, MS being so marketing minded.
Juln
I keep hearing that Win95's explorer is somehow related to NeXT's UI. I just don't see it.
As a regular user of NEXTSTEP 3.3 and WinNT 4.0, I find them considerably different. The NeXT's clean simplicity is far ahead of the cluttered look of the windows gui. The start menu is stupidly designed, and the NeXT, while unable to present as many applications to the user (the dock is clever, but inherently limited), does what it does in a much better (and different) fashion than the taskbar/start menu.
If i'm missing something, please tell me!
-awc
This was not mentioned in the article. The Apache Group could fend off such an attack if they get a stable port done before MS manages to pull any of these tricks off. And what with the delays in W2K, they could probably do it.
MS must have thought of this, though, and they are probably thinking of ways to hinder Apache for NT. My guess is that W2K will have undocumented system code for TCP/IP, which they'll use to make their own servers faster and more stable, while the documented code will be slow and buggy.
Always keep a sapphire in your mind
IIS 4.0 is a component of NT 4.0 Option Pack, which is ALREADY FREE.
:- no conspiracy. I am personalising the corporate actions of Microsoft to be entirely driven to destroy Linux. MS motivation is money :- revenue and strategic positioning. This usually comes from a conjunction of factors, one of which is producing the most functional product.
All Balmer is saying is that the current version of IIS has deficiencies, and the new version will address them.
This is not a conspiracy. MS main revenue line is not going to be web servers, it is Operating Systems, hence this the value add is the reason they offer it for free.
Being the best of the breed is their job, of course they are going to attempt to rectify deficiencies in their product.
Repeat after me
So what's being done? Is Linus working on speeding up the kernel's IP support (allowing multiple threads)? Is anyone working on speeding up Apache?
.xls, .doc, .ppt, and .msg) across Linux and Win, then technical people in office situations (and there are a lot of us) would be much more readily able to use Linux in the office, and thereby spread the gospel of Linux.
The good folks at our favorite Linux dists would be wise to start up some performance improvement projects to speed up time-critical apps like Apache, protocol implementations, file servers, graphics drivers and the like.
And speaking of Office, do any Linux apps support a respectable subset of Office file formats? If documents could be readily shared (especially
Just some thoughts,
Marlboro