Maybe I just don't undertand the electronics market, but why is it "...easier to use a proprietary protocol rather than some of the standards on the market"?
Wouldn't it be easier to use a field-tested protocol, like Bluetooth, which already has oodles of cell phones and gadgets to attach to my PC?
You *have to* check out "Embedded" Damn Small Linux. ~50MB download, extract to your USB key, and run a full blown Linux distro in QEMU (Linux and Windows QEMU included).
One suggestion, if you go in the hardware repair/upgrade direction: think now about what you will do when (not if) you break something. Slipping with a screw driver, electrostatic discharge, spill the morning coffee... lots can happen. You need to charge enough to cover these incidents, or get some kind of insurance. Last thing you want is to have to replace that brand spankin' new $1200 Hyper-Core AMtel Semptium processor, when you've only worked on 2 PCs for a total profit of $50.
Just to clarify -- the original article is about how to handle "Identity Management", but many of the comments here on/. refer to the AuthN/SSO capabilities of LDAP. My above comment probably could have been better title "Password Validation via LDAP Simple Bind is Weak Authentication" -- but I was lazy.
But -- to expand and defend my points:
LDAP *does* have the ability to verify ID/Pass pairs, via a "Simple Bind". You don't *have to* use it for this, but it has the ability.
If LDAP is your sole source of SSO (as many try to make it), there is no (e.g.) ticketing mechanism to remember your authN'd state -- you must re-authN at each and every application that is using Simple Binds for authN. Kerberos, CoSign, Shibboleth, Passport etc all provide ticketing mechanism that give you ISO (Initial Sign On)
You are absolutely correct in your statement "What you use that directory for is up to you." However, please take my above comment in the context of SSO/AuthN, as is being discussed in many of the/. comments. Kerberos and LDAP *are* apples and volkswagons -- but many try to hammer LDAP in to do the job that Kerberos was made for. Essentially, my point is that pam_ldap does not a SSO make.
Ok -- a few replies came in about LDAP's strengths. LDAP is *very good* for AuthZ (authorization) -- handling roles, managing access, etc. The combo of Kerberos for AuthN (authentication) and LDAP for AuthZ is excellent.
LDAP, is a directory service, or database, that also has the ability to verify ID/Pass pairs, which is the most basic form of authentication.
For stronger authentication, using tickets for further authorization, use Kerberos. With LDAP, you must punch in your password repeatedly. Yes, it is the same password, but it must still be entered multiple times. In a properly Kerberized environment, you enter the PW once, and that's it. And, if desired, you can do some neat P
And, to head off some arguments -- Kerberos is pretty easy to setup. It is, at least, no harder than OpenLDAP to set up.
Well, I can't figure out how to reply to your blog entry... but, it sounds like you need to use CSS, instead of painting formats. Yeah, you have a pile of old, crufty, non-CSS stuff... but if you get the conversion pain out the way once, future updates will be easy.....
I've just started using NVU 1.0PR, and so far, I really like it. It is extremely simple, and generates very good (HTML 4.01 and XHTML 1.0 compliant) code. It won't do anything too fancy for you, but supports templates, javascript events, and external style sheets. I'd suggest giving it a whirl.
How about OpenAFS ? It is sort of like NFS on steroids, with redundancy, scaling, cacheing, Kerberos-based security... I've just started looking at it myself, but it seems pretty slick.
You are not incorrect, but there are a couple separate modules here. WINE emulates a certain API layer of the Windows platform, on which not only Windows applications (such as Office and Internet Explorer) can run, but Windows libraries (such as MSHTML and ADSI) can be hosted for the applications to run.
WINE stays up to date with the layer that it emulates -- but the applications and libraries that run on top of it can be updated via Windows Update.
For example, if Internet Explorer is running on WINE, and a patch is issued for Internet Explorer, should the WINE developers be responsible for somehow integrating the patch?
SLES 9 does indeed have a beautiful LDAP server setup utility. To respond to other replies to parent, the Yast plugin is not part of SuSE 9.x, but can be snagged from a SLES 9 CD and installed on SuSE 9.x
Unfortunately, SLES 9 comes with OpenLDAP 2.2.6 (fairly old), and has problems when access using GSSAPI....
Focus on HTML,CSS,JavaScript, PHP, plus take a few Educational Psychology courses, and learn about accessibility standards (and federal mandates).
Data driven interaction with backend?
Java, SQL, Perl, XML/SOAP, and learn about the capabilities of your data sources, such as connection pooling, cacheing, etc
B2B/P2P Grid-type services?
Java, SOAP, XML, XML-RPC, UDDI, WSDL
There are too many facets to learn it all. Pick the arena you are interested in, and work with others to develop the entire package. A "Jack of all trades" will usually create software that is mediocre in all areas.
I am lazy and don't want to look this all up myself if someone else already knows, so here is a question: Left over from my undergrad project, I have a FPGA (XC4010XL from Xilinx) plus prototype board (XS40 from XESS), and have used the Xilinx foundation tools to code up some nice VHDL designs under NT. How can I do similar design work under Linux? Will gEDA suffice? Or, will I need a slew of other tools? Any VHDL environments? Or maybe Verilog? Something else? Are any of you super-smart/.-ers doing this purely under linux?
Re:While this is great for open source advocates..
on
TheOpenCD 2.0 Released
·
· Score: 1
But, do open source developers "want" people to use their product, or rather are they just happy when people do?
Do OSS developers gain anything from people using the product?
Does an open source product go "out-of-business" (like dot-bomb) when people do not use it?
The developer's interest may fade, but the development of an open source product will not go "out of business" because of lack of revenue. Revenue (income) is really the only justification for the effort necessary in creating a marketing plan.
Re:While this is great for open source advocates..
on
TheOpenCD 2.0 Released
·
· Score: 3, Insightful
"what open source really needs is a marketing plan"
I hear this often, but why? Nobody is making money off open source, many are doing it as a hobby. Do I need a marketing plan to go build paper airplanes? Or even to share my paper airplane designs?
OpenSource is great (IMHO) because you can use if you want, and ignore it if you don't want it.
Leave it to those that are trying to make money (RedHat, IBM, Sun, Novell, etc) to do the marketing.
Kerberos is good (very good, actually), but does not have quite the same flexibility as SAML based projects, such as Shibboleth. Shib, in addition to providing something like cross-realm auth and federated authZ, provides a layer of privacy, such that the service provider does not necessarily even receive the login ID, but rather just the necessary attributes to grant access (such as, "is this person a student?").
Shib's Identity Provider runs under Tomcat (and probably other J2EE containters), and Service Provider "plugins" exist for Tomcat, Apache, and IIS. Note of course, Shib is (currently?) for Web based applications, where Kerberos is for host applications (at least, until SPNEGO gets better).
Shibboleth, from Internet2, provides much the same, and is being rapidly adopted by Higher Ed and vendors supporting Higher Ed. As SAML 2.0 is adopted, word is that Shib and Liberty Alliance may begin to converge.
"Using KDE is an excercise in frustration for me, and not being able to change it to some sane behavior is even worse."
Bzzzttt! -- wrong answer. This is exactly the difference - KDE CAN be changed. And, if the behavior change you desire is somehow soooo drastic that KDE can no longer handle it, there are DOZENS of other desktop environments, while STILL using the hardware and applications you already have.
When Windows lets me change it's behavior (change ALL hotkeys, truly replace the browser, create multiple desktops, swap window managers, integrate plugins like filesystem PGP encryption, etc), then we'll chat.
BTW -- I am a Windows System Administrator (Active Directory, et al), using a Linux desktop at both work and home.
Slashdot Mirror
Maybe I just don't undertand the electronics market, but why is it " ...easier to use a proprietary protocol rather than some of the standards on the market"?
Wouldn't it be easier to use a field-tested protocol, like Bluetooth, which already has oodles of cell phones and gadgets to attach to my PC?
You *have to* check out "Embedded" Damn Small Linux. ~50MB download, extract to your USB key, and run a full blown Linux distro in QEMU (Linux and Windows QEMU included).
One suggestion, if you go in the hardware repair/upgrade direction: think now about what you will do when (not if) you break something. Slipping with a screw driver, electrostatic discharge, spill the morning coffee ... lots can happen. You need to charge enough to cover these incidents, or get some kind of insurance. Last thing you want is to have to replace that brand spankin' new $1200 Hyper-Core AMtel Semptium processor, when you've only worked on 2 PCs for a total profit of $50.
Good luck!
But -- to expand and defend my points:
You are absolutely correct in your statement "What you use that directory for is up to you." However, please take my above comment in the context of SSO/AuthN, as is being discussed in many of the
Ok -- a few replies came in about LDAP's strengths. LDAP is *very good* for AuthZ (authorization) -- handling roles, managing access, etc. The combo of Kerberos for AuthN (authentication) and LDAP for AuthZ is excellent.
For a loose collection of notes from the random ramblings of my mind, check out http://web.uconn.edu/dotmatt/SSO/
LDAP, is a directory service, or database, that also has the ability to verify ID/Pass pairs, which is the most basic form of authentication.
For stronger authentication, using tickets for further authorization, use Kerberos. With LDAP, you must punch in your password repeatedly. Yes, it is the same password, but it must still be entered multiple times. In a properly Kerberized environment, you enter the PW once, and that's it. And, if desired, you can do some neat P
And, to head off some arguments -- Kerberos is pretty easy to setup. It is, at least, no harder than OpenLDAP to set up.
Try Kerberos -- you'll like it.
Well, I can't figure out how to reply to your blog entry ... but, it sounds like you need to use CSS, instead of painting formats. Yeah, you have a pile of old, crufty, non-CSS stuff ... but if you get the conversion pain out the way once, future updates will be easy .....
There is a Radio Button now, labeled "Retain Original Source Formatting" ...
I've just started using NVU 1.0PR, and so far, I really like it. It is extremely simple, and generates very good (HTML 4.01 and XHTML 1.0 compliant) code. It won't do anything too fancy for you, but supports templates, javascript events, and external style sheets. I'd suggest giving it a whirl.
How about OpenAFS ? It is sort of like NFS on steroids, with redundancy, scaling, cacheing, Kerberos-based security ... I've just started looking at it myself, but it seems pretty slick.
Wow -- so what is the bandwidth of *THIS* station wagon?!?!
Try cURL. Available for every platform under the sun, and does almost everything.
You are not incorrect, but there are a couple separate modules here. WINE emulates a certain API layer of the Windows platform, on which not only Windows applications (such as Office and Internet Explorer) can run, but Windows libraries (such as MSHTML and ADSI) can be hosted for the applications to run.
WINE stays up to date with the layer that it emulates -- but the applications and libraries that run on top of it can be updated via Windows Update.
For example, if Internet Explorer is running on WINE, and a patch is issued for Internet Explorer, should the WINE developers be responsible for somehow integrating the patch?
SLES 9 does indeed have a beautiful LDAP server setup utility. To respond to other replies to parent, the Yast plugin is not part of SuSE 9.x, but can be snagged from a SLES 9 CD and installed on SuSE 9.x
....
Unfortunately, SLES 9 comes with OpenLDAP 2.2.6 (fairly old), and has problems when access using GSSAPI
Gobolinux: http://gobolinux.org/
...
Stow: http://www.gnu.org/software/stow/stow.html
I think you will find that you are not alone
There are too many facets to learn it all. Pick the arena you are interested in, and work with others to develop the entire package. A "Jack of all trades" will usually create software that is mediocre in all areas.
I am lazy and don't want to look this all up myself if someone else already knows, so here is a question: Left over from my undergrad project, I have a FPGA (XC4010XL from Xilinx) plus prototype board (XS40 from XESS), and have used the Xilinx foundation tools to code up some nice VHDL designs under NT. How can I do similar design work under Linux? Will gEDA suffice? Or, will I need a slew of other tools? Any VHDL environments? Or maybe Verilog? Something else? Are any of you super-smart /.-ers doing this purely under linux?
But, do open source developers "want" people to use their product, or rather are they just happy when people do?
Do OSS developers gain anything from people using the product?
Does an open source product go "out-of-business" (like dot-bomb) when people do not use it?
The developer's interest may fade, but the development of an open source product will not go "out of business" because of lack of revenue. Revenue (income) is really the only justification for the effort necessary in creating a marketing plan.
"what open source really needs is a marketing plan"
I hear this often, but why? Nobody is making money off open source, many are doing it as a hobby. Do I need a marketing plan to go build paper airplanes? Or even to share my paper airplane designs?
OpenSource is great (IMHO) because you can use if you want, and ignore it if you don't want it.
Leave it to those that are trying to make money (RedHat, IBM, Sun, Novell, etc) to do the marketing.
Xen
Kerberos is good (very good, actually), but does not have quite the same flexibility as SAML based projects, such as Shibboleth. Shib, in addition to providing something like cross-realm auth and federated authZ, provides a layer of privacy, such that the service provider does not necessarily even receive the login ID, but rather just the necessary attributes to grant access (such as, "is this person a student?").
Shib's Identity Provider runs under Tomcat (and probably other J2EE containters), and Service Provider "plugins" exist for Tomcat, Apache, and IIS. Note of course, Shib is (currently?) for Web based applications, where Kerberos is for host applications (at least, until SPNEGO gets better).
Check it out -- Shib is pretty cool.
Shibboleth, from Internet2, provides much the same, and is being rapidly adopted by Higher Ed and vendors supporting Higher Ed. As SAML 2.0 is adopted, word is that Shib and Liberty Alliance may begin to converge.
Nope -- think "Binary/Boolean" and "Shakespeare"...
"$MySig....that is the question!"
2. XMMS is pretty decent, and has a handful of plugins
4. CLAMAV, Sophos, OpenAntiVirus
"Using KDE is an excercise in frustration for me, and not being able to change it to some sane behavior is even worse."
Bzzzttt! -- wrong answer. This is exactly the difference - KDE CAN be changed. And, if the behavior change you desire is somehow soooo drastic that KDE can no longer handle it, there are DOZENS of other desktop environments, while STILL using the hardware and applications you already have.
When Windows lets me change it's behavior (change ALL hotkeys, truly replace the browser, create multiple desktops, swap window managers, integrate plugins like filesystem PGP encryption, etc), then we'll chat.
BTW -- I am a Windows System Administrator (Active Directory, et al), using a Linux desktop at both work and home.