According to the NY Times, the government seriously investigated a horizontal breakup, but could not find anyone who wanted to buy rights to Microsoft's code.
The proposal called for forcing Microsoft to auction the source code for the Windows operating system to other companies, which would develop and improve it, creating competition in the operating system business. [...]
But as the states quickly found out, there was one big problem. When they talked to the various companies that might be bidders in the Windows auction, they learned that none had any interest in bidding. The consensus was that the computer code was too complicated, and the price was likely to be too high.
Presumably, Oracle was one of the companies that wanted nothing to do with a horizontal split. --
Yes, Domino as a web application server is the classic "big lie", and the 400 people are eating it up because it's the only web platform they've got.
Futhermore, in addition to the problems with Domino itself, the AS/400 DB2 to Domino connector was so crappy that for a while IBM was recommending that customer run it on the PC card or an external WinNT box. What's the point of running a webserver on a AS/400 if you can't even get at it's local data!
On the other hand, the AS/400 is an excellent server for Notes client machines, and gets used at larger Notes to replace multitudes of WinNT machines. Just take the Domino web server for what it's worth -- a parlor trick to extend existing Notes client apps to web browsers. --
I have a feeling that a general "unix" class would be a total mess. Sure, there are concepts you can teach, but in general, the people in the class are looking for specifics.
Just take a look the classic book "Essential System Administration". The first edition from the 80s was very general, typically only pointing out the differences between BSD- and SysV-based systems.
The current edition is very specific and tends to read like this: "In Solaris do this... On the other hand in AIX do this... OSF/1 is similar, except the flags are different... SCO has a completely different command... Some Linux distributions include this command, but in others you will need to do this..." An instructor trying to teach this kind of material would bore and confuse the students to no end. --
IBM stopped marketing home computers. Even though they were losing money hand over fist with them, they were still so crappy that they were giving IBM a black eye.
Now if we can just get Compaq to do the same - Somewhere on this thread there's probably some kid saying "Compaq Wildfire Alpha Servers suck!! After all, look at this Presario my dad bought me!!" --
...to snoop a computer in my house... ...to compile information about me and my computer uses... ...to deny me access to their product... - and then - I don't use napster, never have used napster, have never pirated anything... Fool
This has to be the best bait and switch I've read in a long time - congrats.
But still, despite the flames, you ain't as stupid as you pretend to be. Using Napster is the equivalent to making a public announcement of what you are up to. Compiling public information about people is sleazy, but it aint a sin. And it certainly ain't illegal.
So, yeah, NetPD tracks illegal material on Napster servers. The credit bureau tracks bad checks. The homeowner's association tracks whether you mow your lawn often enough. You got anymore depressing news about modern society to share with us?
People are innocent until proven guilty
The constitutional right to use Napster... of course. --
There is also a bunch of 20s and 30s cartoons, starring Popeye and Superman and other recognizible characters that have fallen into the public domain. You can pick up very cheaply made videos of these at dollar stores. --
I don't see why this is MS's problem... If Sun or another big Unix vendor wanted to sell file servers, they could have given away free Windows NFS clients. Your problem is that Sun, et al has never been interested in the file server market.
BTW, Microsoft and Novell both charge 'seat licences', so even though the software is built-in you are still paying a couple hundred bucks per $80 client. Windows NFS drivers are in the same ballpark as what MS charges for an NT seat. --
It forces Microsoft to adhere to certain rules if they want to claim Kerberos interoperability.
Really, it's too late for that. Microsoft forked Kerberos for very good reasons (standard Kerberos doesn't do what they want it to), and worked on it for several years. If they lose the right to call it "Kerberos", they will still use it, and frankly, most of their customers won't give a damn - they are far more worried about (missing) NDS interoperability. Kerberos is pretty obscure and not widely deployed in PC-space. --
Yup, they are embedding their version of a UID and GID (called a TID?) into that field along with some other info. Apparently this is what TOG did with DCE Kerberos -- put the Unix UID/GID in the same field and use it for local authorization.
Folks should actually read the illegal slashdot posting of the spec (for security review purposes, of course!) - what's in there is not all that complex, and could probably be clean roomed. --
Well, I don't know if you are right, but hopefully the Samba/MIT people are talking to lawyers and getting an informed opinion about the whole thing.
Meanwhile, the Linux advocacy crowd has been distracted by this Microsoft letter to Slashdot. My theory was that this fight was intentional on Microsoft's part (notice how the letter goes out of it's way to mention "DMCA" as many times as possible).
If you can't legally reverse-engineer or copy the protocol, at the very least, you can forget about this whole/. thing and start lobbying MS to openly release the spec. Quite a few Slashdotters work at big Microsoft shops, and if, as a customer, you let them know that Unix interoperability is important, they might just listen. --
SMB was never an open spec, so it's not quite the same thing.
I'm not sure exactly what you are talking about, but I don't think Microsoft ever intentionally tried to break Samba. They did change the authentication mechinism at some point, but that was because customers were bitching about their crappy authentication protocols. The change was documented, and Samba users had trouble, but so did WfW and Win95a and Win NT 3.5 users. --
is this going to influence the recent legal actions Microsoft pulled against/.
How 'bout this -- Who Cares!
Face it -- this whole slashdot copyright-infringement thing is just a sideshow engineered by Microsoft to distract you guys away from the big issues -- whether or not you will ever get a Unix server that interoperates with your Win2000 MS-RPC clients.
Instead of rebelling against Microsoft by violating their copyrights, someone out there should rebel by using Microsoft's published information to extend Samba and MIT Kerberos to support MS's extensions. Then you can fight the real legal battle over whether or not MS can release a public 'trade secret' and whether they can use a click-wrap license to restrict what you do with information. If you win those fights, Slashdot can remove MS documents all day long, and it won't matter one bit.
Maybe Slashdot will win, and can keep the information on their server. Not much consolation when your Samba/Linux box gets replaced by one running Windows 2000. Just make sure that you are fighting the correct fight and you are keeping your eye on the most important issues at hand. --
Netscape didn't 'bundle' their client and server software together any more than Microsoft has, and by the time all of the Office groupware stuff ships, IE will be tied to Back Office far more than Communicator was ever tied to Netscape's Suite.
Let's be honest here -- Microsoft is really just playing by Netscape's business plan -- give away a quasi-open spec client and make the money back on server products. --
Yup, limiting SMTP access to users is a site issue. You would also need to firewalling, implement smart hosts and so on.
The virus modified the Reg keys that list the software that runs after a user logs in. It would be like a virus modifying the.bashrc (and so on) on Linux. It's irrelevant under 98, but conceptually the same under NT.
(The registry under NT has the same concepts of ownership and permissions as the file system. A user can modify some stuff, and can't modify other stuff.) --
One thing about corporate mail infrastructures like Exchange is that they provide user identification. The idea is by restricting access to SMTP servers, you can diminish someone's ability to send mail as CEO@MyCompany.com or KiddyP0rn@aol.com. Admittedly, this is a site issue, but a pretty common implementation in larger corporate mail environments. (Anyway - I can't get to my Exchange-SMTP gateway - it's running in a DMZ somewhere.)
No, but think how nice file permissions are.
They are, but ILOVEYOU didn't do anything that perms would have stopped - send mail, trash personal files, modify personal home page, modify personal startup scripts. And still a gazillon tons of damage. As you said in your other post, we need infrastructure that gives us something better. --
These points are very well taken, but really address the problems at a high level (which is good), but meanwhile there is still the nuts+bolts issues of defective Microsoft implementations...
As for the "biodiversity" issue, it is a real management and cost problem. One reason we have these huge Exchange installations is because IT was maintaining 39 different mail infrastructures, and realized that by 'standardizing', they could save an enormous amount of money. Well... at least in theory - I wouldn't be suprised if the cost of ILOVEYOU wiped out any potential efficiencies, but the hidden costs of monoculture are difficult to estimate in budget projections.
Cryptography is a great tool, but without a pretty large infrastructure behind it, it's difficult to build the hooks. Besides an Execution Control List (sandbox), Lotus Notes also cryptographically verifies the author of scripting elements. It can only do this because the infrastructure is 'built-in', something you can't say about too many other systems.
Of course, cryptographic infrasturucture comes at a big cost of complexity and additional administration. There isn't a toolset that admins can just grab and implement (and the adhoc nature of PGP/GPG doesn't cut it, and isn't 'integrated'). Microsoft even has the infrastructure with ActiveDirectory, but hasn't found a way to implement it to prevent these situations. We are still a ways off from crypto-verified sandboxed nirvana... --
I agree that there's no complete way to prevent 'applications' from sending mail. However, preventing certain progams like Outlook from making it so easy would slow the propagation of worms by quite a bit. (For example, on many corporate systems, Outlook/Exchange is the only mail system available -- there is no direct SMTP access. A policy solution to prevent situations like this.)
Microsoft has proposed a series of bandaids, but given the situation, that's better than nothing. It's kind of like virus-checking -- it doesn't really 'solve' the problem of viruses, but it does go a long way to prevent the propagation of known viruses (and usually is no help at all for the unknown ones).
One real solution involves making some decision about applicaiton trust, and having some sort of sandboxing built into the OS. Implementing this goes way beyond file permissions, and normal Unix/Linux systems don't do it either. You would need to implement some sort of 'trusted computing base' with crytopgraphic signing and would also need to be able to audit and control all user activities on the machine -- it's a big complex infrastructure that most people don't see the need for. In the short term, shutting down the obvious maldesigned pieces (like Outlook's object model), is a decent point to start at.
I asked you this in another thread -- Microsoft's solution is half-assed, but what is yours? --
"Star Trek" was mostly running on Apple's 68K emulator -- just like the early versions of Apple's PPC MacOS.
I don't know if they seriously considered marketing MacOS on Intel -- I think it was just a technology demonstration of the emulator, before mangement had decided on the PowerPC as their future CPU. --
Apple does not feel any competition from X Window applications -- their primary high-end market is graphic designers who aren't exactly rushing to to the GUI hodgepodge of Unix systems. Quartz is a solution which Apple hopes will improve their standing in the graphics market, and Aqua is just something flashy that might improve their marketshare.
In fact, I'm sure Apple is happy that it's now possible to run X apps on their system -- it might solve a couple people's problems (Look - I can run the Gimp!), and sell a few more boxes. --
Yup, the feature is described as "Object Model Guard", and is definately a big start for Microsoft. For one, they are (sorta) admitting that there is a problem with Outlook's design, and it isn't just a "best practices" problem.
It should also be noted that there are valid corporate 'routing' applications which rely on addressbook scanning and automated mail sending. You commonly see these in Lotus Notes shops, and to some extent in more advanced Exchange environments. So the question is how to let the "good" scripts run while still stopping the "bad" scripts... --
To reply to myself -- apparently Microsoft has actually implemented something like this with their "Object Model Guard":
Object Model Guard prompts customers with a dialog box when an external program attempts to access their Outlook address book or send e-mail on their behalf, which is how insidious viruses such as I Love You spread.
I have to say that I am actually shocked that they would actually implement something that puts the reigns on the automation environment that they have been building for the last 10 years. Not a complete solution, but for them, a pretty big step forward. --
The problem is not programmitic sending of email--after all, a virus could just call MAPI.DLL itself.
No, in the case of ILOVEYOU, this would have stopped the spread of the virus pretty quickly. Imagine if a user had to push "Yes" for each of the several hundred mail messages he/she was sending out. And MAPI.DLL should have similiar protection.
In fact, this approach is exactly how Lotus Notes handles it. Notes has a larger installed base than Exchange, and has had programmatic e-mail sending for 10 years, but yet somehow manages to avoid these mail worms.
So, Fascdot, I'm curious how you would design a solution? It's too easy just to condemn Windows as sucky and let it be -- there's the real possibility that lots of stupid users will be running lots of stupid programs on Linux in a couple years. "Object Model Guard" might not be a full sandbox, but for Microsoft, it's a gigantic step forward in their thought process about application automation. --
Slashdot Mirror
According to the NY Times, the government seriously investigated a horizontal breakup, but could not find anyone who wanted to buy rights to Microsoft's code.
r ticles/30remedy.html
http:// partners.nytimes.com/library/tech/00/04/biztech/a
The proposal called for forcing Microsoft to auction the source code for the Windows operating system to other companies, which would develop and improve it, creating competition in the operating system business. [...]
But as the states quickly found out, there was one big problem. When they talked to the various companies that might be bidders in the Windows auction, they learned that none had any interest in bidding. The consensus was that the computer code was too complicated, and the price was likely to be too high.
Presumably, Oracle was one of the companies that wanted nothing to do with a horizontal split.
--
Yes, Domino as a web application server is the classic "big lie", and the 400 people are eating it up because it's the only web platform they've got.
Futhermore, in addition to the problems with Domino itself, the AS/400 DB2 to Domino connector was so crappy that for a while IBM was recommending that customer run it on the PC card or an external WinNT box. What's the point of running a webserver on a AS/400 if you can't even get at it's local data!
On the other hand, the AS/400 is an excellent server for Notes client machines, and gets used at larger Notes to replace multitudes of WinNT machines. Just take the Domino web server for what it's worth -- a parlor trick to extend existing Notes client apps to web browsers.
--
I have a feeling that a general "unix" class would be a total mess. Sure, there are concepts you can teach, but in general, the people in the class are looking for specifics.
... On the other hand in AIX do this ... OSF/1 is similar, except the flags are different ... SCO has a completely different command ... Some Linux distributions include this command, but in others you will need to do this ..." An instructor trying to teach this kind of material would bore and confuse the students to no end.
Just take a look the classic book "Essential System Administration". The first edition from the 80s was very general, typically only pointing out the differences between BSD- and SysV-based systems.
The current edition is very specific and tends to read like this: "In Solaris do this
--
IBM stopped marketing home computers. Even though they were losing money hand over fist with them, they were still so crappy that they were giving IBM a black eye.
Now if we can just get Compaq to do the same - Somewhere on this thread there's probably some kid saying "Compaq Wildfire Alpha Servers suck!! After all, look at this Presario my dad bought me!!"
--
...to snoop a computer in my house... ... ... Fool
...to compile information about me and my computer uses
...to deny me access to their product...
- and then -
I don't use napster, never have used napster, have never pirated anything
This has to be the best bait and switch I've read in a long time - congrats.
But still, despite the flames, you ain't as stupid as you pretend to be. Using Napster is the equivalent to making a public announcement of what you are up to. Compiling public information about people is sleazy, but it aint a sin. And it certainly ain't illegal.
So, yeah, NetPD tracks illegal material on Napster servers. The credit bureau tracks bad checks. The homeowner's association tracks whether you mow your lawn often enough. You got anymore depressing news about modern society to share with us?
People are innocent until proven guilty
The constitutional right to use Napster... of course.
--
There is also a bunch of 20s and 30s cartoons, starring Popeye and Superman and other recognizible characters that have fallen into the public domain. You can pick up very cheaply made videos of these at dollar stores.
--
I don't see why this is MS's problem ... If Sun or another big Unix vendor wanted to sell file servers, they could have given away free Windows NFS clients. Your problem is that Sun, et al has never been interested in the file server market.
BTW, Microsoft and Novell both charge 'seat licences', so even though the software is built-in you are still paying a couple hundred bucks per $80 client. Windows NFS drivers are in the same ballpark as what MS charges for an NT seat.
--
It forces Microsoft to adhere to certain rules if they want to claim Kerberos interoperability.
Really, it's too late for that. Microsoft forked Kerberos for very good reasons (standard Kerberos doesn't do what they want it to), and worked on it for several years. If they lose the right to call it "Kerberos", they will still use it, and frankly, most of their customers won't give a damn - they are far more worried about (missing) NDS interoperability. Kerberos is pretty obscure and not widely deployed in PC-space.
--
Yup, they are embedding their version of a UID and GID (called a TID?) into that field along with some other info. Apparently this is what TOG did with DCE Kerberos -- put the Unix UID/GID in the same field and use it for local authorization.
Folks should actually read the illegal slashdot posting of the spec (for security review purposes, of course!) - what's in there is not all that complex, and could probably be clean roomed.
--
Well, I don't know if you are right, but hopefully the Samba/MIT people are talking to lawyers and getting an informed opinion about the whole thing.
/. thing and start lobbying MS to openly release the spec. Quite a few Slashdotters work at big Microsoft shops, and if, as a customer, you let them know that Unix interoperability is important, they might just listen.
Meanwhile, the Linux advocacy crowd has been distracted by this Microsoft letter to Slashdot. My theory was that this fight was intentional on Microsoft's part (notice how the letter goes out of it's way to mention "DMCA" as many times as possible).
If you can't legally reverse-engineer or copy the protocol, at the very least, you can forget about this whole
--
SMB was never an open spec, so it's not quite the same thing.
I'm not sure exactly what you are talking about, but I don't think Microsoft ever intentionally tried to break Samba. They did change the authentication mechinism at some point, but that was because customers were bitching about their crappy authentication protocols. The change was documented, and Samba users had trouble, but so did WfW and Win95a and Win NT 3.5 users.
--
is this going to influence the recent legal actions Microsoft pulled against /.
How 'bout this -- Who Cares!
Face it -- this whole slashdot copyright-infringement thing is just a sideshow engineered by Microsoft to distract you guys away from the big issues -- whether or not you will ever get a Unix server that interoperates with your Win2000 MS-RPC clients.
Instead of rebelling against Microsoft by violating their copyrights, someone out there should rebel by using Microsoft's published information to extend Samba and MIT Kerberos to support MS's extensions. Then you can fight the real legal battle over whether or not MS can release a public 'trade secret' and whether they can use a click-wrap license to restrict what you do with information. If you win those fights, Slashdot can remove MS documents all day long, and it won't matter one bit.
Maybe Slashdot will win, and can keep the information on their server. Not much consolation when your Samba/Linux box gets replaced by one running Windows 2000. Just make sure that you are fighting the correct fight and you are keeping your eye on the most important issues at hand.
--
You could save your programs with ROM BASIC -- you just needed a cassette recorder to do it.
...
Of course, since every IBM PC came with floppy disks, one wonders why they even had a cassette interface, and a BASIC to go with it
(Last sighting of ROM BASIC -- 1995, on a ThinkPad 701 "Butterfly".)
--
I kept trying to do that, but Windows 2000 kept putting it back!
--
Netscape didn't 'bundle' their client and server software together any more than Microsoft has, and by the time all of the Office groupware stuff ships, IE will be tied to Back Office far more than Communicator was ever tied to Netscape's Suite.
Let's be honest here -- Microsoft is really just playing by Netscape's business plan -- give away a quasi-open spec client and make the money back on server products.
--
Yup, limiting SMTP access to users is a site issue. You would also need to firewalling, implement smart hosts and so on.
.bashrc (and so on) on Linux. It's irrelevant under 98, but conceptually the same under NT.
The virus modified the Reg keys that list the software that runs after a user logs in. It would be like a virus modifying the
(The registry under NT has the same concepts of ownership and permissions as the file system. A user can modify some stuff, and can't modify other stuff.)
--
One thing about corporate mail infrastructures like Exchange is that they provide user identification. The idea is by restricting access to SMTP servers, you can diminish someone's ability to send mail as CEO@MyCompany.com or KiddyP0rn@aol.com. Admittedly, this is a site issue, but a pretty common implementation in larger corporate mail environments. (Anyway - I can't get to my Exchange-SMTP gateway - it's running in a DMZ somewhere.)
No, but think how nice file permissions are.
They are, but ILOVEYOU didn't do anything that perms would have stopped - send mail, trash personal files, modify personal home page, modify personal startup scripts. And still a gazillon tons of damage. As you said in your other post, we need infrastructure that gives us something better.
--
These points are very well taken, but really address the problems at a high level (which is good), but meanwhile there is still the nuts+bolts issues of defective Microsoft implementations...
... at least in theory - I wouldn't be suprised if the cost of ILOVEYOU wiped out any potential efficiencies, but the hidden costs of monoculture are difficult to estimate in budget projections.
As for the "biodiversity" issue, it is a real management and cost problem. One reason we have these huge Exchange installations is because IT was maintaining 39 different mail infrastructures, and realized that by 'standardizing', they could save an enormous amount of money. Well
Cryptography is a great tool, but without a pretty large infrastructure behind it, it's difficult to build the hooks. Besides an Execution Control List (sandbox), Lotus Notes also cryptographically verifies the author of scripting elements. It can only do this because the infrastructure is 'built-in', something you can't say about too many other systems.
Of course, cryptographic infrasturucture comes at a big cost of complexity and additional administration. There isn't a toolset that admins can just grab and implement (and the adhoc nature of PGP/GPG doesn't cut it, and isn't 'integrated'). Microsoft even has the infrastructure with ActiveDirectory, but hasn't found a way to implement it to prevent these situations. We are still a ways off from crypto-verified sandboxed nirvana...
--
I agree that there's no complete way to prevent 'applications' from sending mail. However, preventing certain progams like Outlook from making it so easy would slow the propagation of worms by quite a bit. (For example, on many corporate systems, Outlook/Exchange is the only mail system available -- there is no direct SMTP access. A policy solution to prevent situations like this.)
Microsoft has proposed a series of bandaids, but given the situation, that's better than nothing. It's kind of like virus-checking -- it doesn't really 'solve' the problem of viruses, but it does go a long way to prevent the propagation of known viruses (and usually is no help at all for the unknown ones).
One real solution involves making some decision about applicaiton trust, and having some sort of sandboxing built into the OS. Implementing this goes way beyond file permissions, and normal Unix/Linux systems don't do it either. You would need to implement some sort of 'trusted computing base' with crytopgraphic signing and would also need to be able to audit and control all user activities on the machine -- it's a big complex infrastructure that most people don't see the need for. In the short term, shutting down the obvious maldesigned pieces (like Outlook's object model), is a decent point to start at.
I asked you this in another thread -- Microsoft's solution is half-assed, but what is yours?
--
"Star Trek" was mostly running on Apple's 68K emulator -- just like the early versions of Apple's PPC MacOS.
I don't know if they seriously considered marketing MacOS on Intel -- I think it was just a technology demonstration of the emulator, before mangement had decided on the PowerPC as their future CPU.
--
Apple does not feel any competition from X Window applications -- their primary high-end market is graphic designers who aren't exactly rushing to to the GUI hodgepodge of Unix systems. Quartz is a solution which Apple hopes will improve their standing in the graphics market, and Aqua is just something flashy that might improve their marketshare.
In fact, I'm sure Apple is happy that it's now possible to run X apps on their system -- it might solve a couple people's problems (Look - I can run the Gimp!), and sell a few more boxes.
--
This allows normal Unix GUI applications to be ported to Darwin/OS X. It does nothing to help port NeXT/OS X applications to other Unixes.
For the latter, look up the GNUStep project, which is trying to reimplement the NeXT/Apple APIs.
--
Yup, the feature is described as "Object Model Guard", and is definately a big start for Microsoft. For one, they are (sorta) admitting that there is a problem with Outlook's design, and it isn't just a "best practices" problem.
It should also be noted that there are valid corporate 'routing' applications which rely on addressbook scanning and automated mail sending. You commonly see these in Lotus Notes shops, and to some extent in more advanced Exchange environments. So the question is how to let the "good" scripts run while still stopping the "bad" scripts...
--
To reply to myself -- apparently Microsoft has actually implemented something like this with their "Object Model Guard":
Object Model Guard prompts customers with a dialog box when an external program attempts to access their Outlook address book or send e-mail on their behalf, which is how insidious viruses such as I Love You spread.
I have to say that I am actually shocked that they would actually implement something that puts the reigns on the automation environment that they have been building for the last 10 years. Not a complete solution, but for them, a pretty big step forward.
--
The problem is not programmitic sending of email--after all, a virus could just call MAPI.DLL itself.
No, in the case of ILOVEYOU, this would have stopped the spread of the virus pretty quickly. Imagine if a user had to push "Yes" for each of the several hundred mail messages he/she was sending out. And MAPI.DLL should have similiar protection.
In fact, this approach is exactly how Lotus Notes handles it. Notes has a larger installed base than Exchange, and has had programmatic e-mail sending for 10 years, but yet somehow manages to avoid these mail worms.
So, Fascdot, I'm curious how you would design a solution? It's too easy just to condemn Windows as sucky and let it be -- there's the real possibility that lots of stupid users will be running lots of stupid programs on Linux in a couple years. "Object Model Guard" might not be a full sandbox, but for Microsoft, it's a gigantic step forward in their thought process about application automation.
--