Slashdot Mirror


User: jd

jd's activity in the archive.

Stories
0
Comments
13,841
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,841

  1. It sounds to me... on ESA Moves Forward on New Electric Engine · · Score: 4, Informative
    ...that they've rediscovered the tandem accelerator. This is basically two electric grids placed one after the other, arranged in such a way that the first grid gives particles one round of acceleration, but doesn't decelerate the particle on the other side. The second grid then accelerates the particle but again is screened so that it doesn't slow it down once the particle has gone past it.


    The principle was popular in particle accelerators for a while - I worked at Daresbury some time back, which was a 20 MeV tandem accelerator. It's cheap and easy. A variant, only with reversed electrical fields, was used in old-fashioned thermionic valves. In that configuration, they were termed deflection grids. CRTs use the same technology to steer electrons towards the correct place on the screen.


    Not sure why anyone would need to prove the idea would work in space, since we already use the technology in vaccuum and we already know tandem accelerators can produce greater acceleration than a single grid.


    I would be much more interested in knowing if it were practical to ionize oxygen then use this technique to improve the oxygen/nitrogen ratio in the engine. If you could, it would improve engine efficiency and may help in reducing the complexity of the engine electronics and mechanics.

  2. Self-selecting Eugenics on Miss Digital World 2005 · · Score: 1

    I'd like to offer a small correction. The small-minded, petty and purile will opt for teledildonics and wipe themselves out. And this is a problem, how? As I see it, the ones who will do well here are going to be the artists (who are generally kept in extreme poverty in western - or any other - civilization) and the computer geeks. The ones who will do badly are those who let their testosterone levels think for them - generally the power-drunk people that geeks keep complaining about, along with those who aspire to be power-drunk. I fail to see how anybody actually looses from such people rendering themselves extinct.

  3. I'm certain on Miss Digital World 2005 · · Score: 1

    that there are some exceptionally sick guys who would think that was perfect.

  4. To be precise... on Miss Digital World 2005 · · Score: 1

    ...England used to have Winchester. The capital wasn't moved to London until quite late on.

  5. It could work on Diebold CEO Resigns Under Cloud · · Score: 1
    Here are some schemes by which e-voting COULD be made to work.
    • A person gets a voter registration card in the mail, as they currently do, only this card either has a PROM (mustn't be alterable or erasable) or a barcode that contains the public key half of a public/private key pair. The private keys are electronically collected in a central repository for that district that is physically sealed and fully automated. The two halves of the key pair are NEVER stored together.
    • The person inserts their voter registration card into the computer and places their votes. The filled-in ballot paper is encrypted using the public key and digitally signed with that voting district's digital key. The card is then ejected.
    • The votes are transmitted to a repository that is write-only by the voting machines and read-only by anyone else.
    • The electronic vote counter tries each private key in turn until either one matches or they are all rejected. If all keys are rejected, the vote is fraudulant and ignored. If a given key works, then the decrypted vote is copied into the public repository. The private key that worked is also copied into the public repository and the copy in the central system is destroyed.
    • This continues until all votes are decrypted OR all keys have been destroyed. If the keys have been used up first, then the remaining votes are fraudulant.
    • The repository is public, so anybody can conduct their own tallies and also compare the decrypted votes with the encrypted copies via the published keys. That way, there can be no question that the votes tallied are the same as the votes delivered by the voting machines. The digital signature also verifies that the vote has not been tampered with since leaving the terminal.
    • Since it is considered a difficult problem (ie: nearly impossible) to reverse-engineer a private key that will decrypt a message where part of the content is invariant in order to make the remainder turn out the way you'd like, most districts simply wouldn't have the capacity to conduct voter fraud.
    • Finally, because of all the published information (which STILL preserves anonymity), it would be possible for voters to deliberately vote in a manner that was likely to be unique. Such voters could not only see if their votes were on the site, they could ALSO check that the public key in their posession paired-up with the private key used to decrypt that vote, providing a very nominal verification scheme for voter rights groups.

    To add yet another layer of verification, an ASCII-armoured copy of the encrypted vote could be printed out and placed in a ballot box. You want an encrypted form, to prevent someone removing votes they don't like. If you can't read the vote, you can't tell who the ballot is for. The papers would then be scanned in and compared with the encrypted copies kept in the public archives, in the event of a dispute.

    This method relies on the principle that if those attempting fraud cannot read the ballots OR know how to write them in a way that would be valid, then an attack between the terminal and the vote count is rendered impossible. It still doesn't prevent someone tampering with the terminals, except that (as I said) it would be possible for individuals to deliberately cast unique votes to ensure that these did indeed end up in the list of decrypted ballots. In which case, those voter interest groups would have a fairly solid case to go to court with, rather than just suspicions.

    A second method is a derivative of the first, but reduces (or eliminates) the vulnerability of the terminals. Provide everyone with an electronic tablet, surface-area about the same as a letter-sized piece of paper, and maybe half an inch thick. This device is a wireless computer, which will upload the options on election day and then download the (encrypted) results over a TLS-encrypted session. To make it impossible to detect when a vote is cast, random transmissions

  6. Re:Software is nothing. on IPv6 Transition to Cost US $75 Billion? · · Score: 1
    Most IPv4 machines, these days, are autoconfiguring through DHCP, with the DNS records generated by Active Directory. All you're doing is telling them to pull the configurations via DHCPv6, and Active Directory will generate the AAAA records for you.


    If you want to go stepwise, then you have an IPv4/IPv6 two-way proxy and start from the machines closest to the external network (eg: everything in the DMZ, the gateway router, the site's master DNS server, etc) for IPv6 conversion. With the internal system remaining IPv4 at that point, everything internal can see itself. With the proxy, any external site referenced by name and not IP address will also be visible - regardless of whether it is using IPv4 or IPv6.


    Most of the major corporate sites will have two gateway routers in parallel, switched by means of VRRP or (if the routers are BSDian) CARP. So, you upgrade the offline router if necessary, then run a dual IPv4/IPv6 stack. Then you fail-over the connections to the upgraded router and you repeat for the router that had previously been in use. Depending on settings, this should give you a downtime of 30 seconds or less.


    (If the routers are truly in parallel and load-balancing, then you would only drop to half bandwidth during the firmware upgrade and reboot. So long as you work off-hours, a half-bandwidth drop is going to be insignificant.)


    IPv4 to IPv6 migrations are non-trivial for those who are new to IPv6 and/or haven't got any way of running a dual-protocol proxy and/or have set their topology such that ANY update is going to be difficult to impossible. None of these are the case in the majority of corporate networks.


    Again, I would be more than happy to do more than talk. I could very easily upgrade the entire of either Slashdot or Kuro5hin (routers, servers, DNS, everything) to a dual IPv4/IPv6 configuration with full connection to the 6bone, with zero (yes, zero) downtime.


    Now, I can fully understand not many others could offer the same boast - I've been using IPv6 since it first came out for Linux 2.0.20, so I can genuinely claim to have more hours than most on the new protocol. I also understand if either the Slashdot or K5 crew would rather pass on the offer. A low uid and bunches of karma is not the same thing as knowing the person or having any reason to trust them. Besides which, it seems a safe bet that SOMEONE at one of those sites has experience with setting up IPv6, simply because they're geeks.


    Having said that, if anyone at all would be interested in (safely) testing my claims, tell me some hardware you have access to, and I'll tell you how to turn it into an IPv6 setup that is visible via IPv4. That way, there's no risk and if I turn out to be right, you're not obligated to admit it to anyone if you don't want. You'd not even be obligated to say if you tried at all.


    If you want to be absolutely anonymous, I'll even make my e-mail visible - as if half the folk here and at K5 didn't already know it! - and you can post queries to that. Short of paying people to give IPv6 a try, I have no idea how much easier and safer I could possibly make it.

  7. Re:Where's this cost coming from? on IPv6 Transition to Cost US $75 Billion? · · Score: 1

    TCP Software's TCP/IP stack for Windows 98 supports IPv6. Not sure about Trumpet. (In the Win95/98 days, Trumpet was THE TCP/IP stack - Microsoft's stack didn't even come close.)

  8. Where's this cost coming from? on IPv6 Transition to Cost US $75 Billion? · · Score: 4, Funny
    • Windows Updates: Free. Microsoft Research already provides a stack which is (therefore) already paid for.
    • Linux Updates: Well, you want the USAGI patches if you want top-of-the-line IPv6 support, but either way it's free.
    • *BSD Updates: The KAME stack is already in there.
    • Cisco Updates: Any reasonably recent version of IOS or PIX will have IPv6 as standard. Therefore it's already paid for, therefore it is free. If you've already got a support contract, updating the firmware should also be free.
    • E-Mail Updates: Most e-mail clients (and servers) should already support IPv6
    • Web Updates: Apache is about the only server that matters and that already supports IPv6. I believe all the major clients do, too
    • Multiplayer Games: Probably the one area that doesn't have IPv6 as standard, but it should be possible to provide IPv4-over-IPv6 tunnels for those


    As far as I can tell, the sum total cost for all of this uber-expensive upgrade would cost (in old English currency) about 2'/6, and would take the United States less time than it currently takes for Joe Average to reboot from a BSOD. For this reason, I would like to make the US Government and the various Internet providers a special deal. I will set up IPv6 for them, with full one-year warranty, for a mere $15 billion, paid in advance. If this sounds satisfactory, just mail me the keys to the server rooms and passwords for the servers and routers, and I'll get started.

  9. Re:Local zoo... on USPTO Unable to Find Top Ten Patent Holders · · Score: 1

    Sure, just look inside this klein bottle.

  10. I would agree... on Computer Jobs -- How to Resign Professionally? · · Score: 2
    ...both sides did the right thing. For a traditional IT infrastructure, with root accounts, etc. This is one reason I don't like traditional IT infrastructures - root accounts can be abused by admins (as well as system crackers, viruses, etc) and are simply too damn vulnerable and too damn powerful.


    Part of the problem with the popular alternative (role-based computing, where a designated operation is associated with one or more designated roles, and - ideally - no superuser exists at all) is that nobody has figured out a way to do this efficiently. There tend to be very few IT staff, relative to the number of roles, so role-based computing tends to involve a lot of account switching.


    In the end, though, you really don't want system administrators mucking about with content, or content administrators changing the system. If you could just guarantee that, then the threat of a rogue system admin is greatly lessened. Not eliminated, sure, but definitely reduced.


    Of course, this begs three important questions. First, what company is so oblivious to the mental welfare of their employees that they could not distinguish a responsible employee from a potential psychopath? (Other than all of them, that is.)


    Secondly, what company is so degenerate as to turn someone they've obviously trusted for some considerable time - and therefore know pretty well - into a madman with a vendetta? Sure, some people are evil, some are malicious, and others are ill, but all of those fall into question one for any meaningful timeframe. It seems reasonable to assume that those who are left have been subject to some level of degradation for retaliation on the way out to be plausible. In which case, fixing abuse in the workplace would seem to be a superior solution.


    The third question is why are mission-critical systems being left to a single individual? Even outside of hostility, accidents happen and mistakes occur. If a system is so damn mission-critical that any level of threat - however remote the possibility - is unacceptable, then you should be making it dual-key. Then, if a single admin goes nuts, it doesn't make any difference. The other admin doesn't confirm the operation, so nothing happens.


    So, yeah, with all the existing systems out there and traditional IT departments with their dodgy office politics, when a person resigns, it is certainly proper and correct to place them on leave with pay. Where companies have high turnover, it is also the proper and correct way to go bankrupt - you're doing less and spending more.


    A better design of environment (from the computer OS to the politics of the workplace) should all but eliminate the need of such mechanisms, but since these do not exist in most places, that option does not exist either.

  11. Spoofed DNS servers on Secure DNS a Hard Sell · · Score: 1
    These are a serious problem. It would be relatively trivial for someone to poison DNS by spoofing a server that is pointed to by other DNS servers. The poison will then run downstream, affecting all servers that (ultimately) derive information from what should have been the master server. Because many corporations use SSL only after a person has entered login data, it would be possible for someone to use this to masquerade as a legit bank, with the bank's actual human-readable name but pointed to their own server. A really clever scammer could then pass that info on and relay the results, so that users would be utterly unaware anything had happened at all. (The latter case is sometimes called a man-in-the-middle attack.) Poisoning the public DNS tree to re-direct Windows update traffic could be used to spread viruses and trojans the same way.


    Spoofed DNS can also be used to cause havoc in other ways. Because DNS records are generally cached for a long time, it would be possible for someone to poison DNS by having DNS records point to random machines. Because of the latency in DNS, once such poison starts spreading, it could take days to clear the system.


    Finally, with service discovery, users would not be given the IP address of their DNS server - they would send a service discovery request and they would get the IP of the nearest machine providing such a service. On something like a cable network, where there could be literally thousands of machines closer to your machine than the "official" DNS server, you absolutely do NOT want your machine to auto-discover some private DNS server (shared by accident or design). You want the DNS server you expect.


    Secure DNS would prevent these problems, as only a trusted DNS server would be used - by an existing DNS server or by a user's machine that is autoconfiguring. The parent post is absolutely correct, though, in arguing that nobody is going to use DNSSec unless it is enforced - the same way they won't (not can't, won't) use IPSec, and why raw telnet is still used for public network logins in preference to SSH or even Kerberos-enabled telnet. Inertia is good, when you want a stable environment, but it is BAD when you discover major security holes in that same environment.


    The other problem is that there is a conflict of interest. The US Government controls ICANN, and the US Government's spy agencies and law enforcement divisions don't want a network they can't spoof on or hack, for intelligence-gathering reasons. The moment you secure the Internet against the exploits used by sniffers and spoofers, you secure the Internet against the exploits used by Government wiretappers. Now, arguably, this is no bad thing - only, the ones in charge happen to think otherwise and by being in charge, they get to make the rules.


    (This is one reason I want control of critical services to be taken out of the hands of ANY organization that may have a vested interest in the Internet being broken. I don't so much care how this happens, only that it does. Governments should indeed have an interest in law enforcement and public safety - that is a key function of theirs - but it is precisely for this reason that they should have NO control over critical infrastructure. The separation of powers, to prevent abuse, has been understood as far back as human tradition goes. If done right, it does not harm legitimate needs, but prevents - or, at least, reduces - illegitimate wants.)


    Personally, I would favour someone very high up the heirarchy mandating DNSSec, IPSec and IPv6. The combination of all three would eliminate many vulnerabilities that currently exist on the Internet. It might even help IPS', as there would be the potential to make a LOT of money from such a migration. Mom-and-pop shops could benefit too, as they'd be far more able to make the change - and smoothly - than many of the bigger names, making them much more attractive to customers.

  12. I can think of a good (for Microsoft) reason on Microsoft to Invest $1.7 billion in India · · Score: 1
    They're going through the appeals process in Europe and South Korea over anti-trust issues. They can now put a little pressure on these governments, to the effect of "tell your courts to back off, or we move the jobs elsewhere".


    From a purely technical standpoint, there is no benefit. Microsoft's project management doesn't scale as it stands, and won't support thousands more programmers on the projects they have. They know this - if you want to make a late project later, add more people. It's true of almost any organization. The communications overheads of large teams overwhelms the added work that can be done.


    No, this is a political move, not a technical one.

  13. And only groups benefitted. on Gene Found That May Affect IQ in Males · · Score: 1
    IQ tests are notoriously regional. Someone who did well on a UK IQ test would do badly on a USian one, and vice versa. Someone who did well in either would likely fail an Australian one. And even within each country, there are often multiple IQ tests and people are going to score better on the one targetted at their part of the country or their ethnic group or whatever.


    Unless the people carrying out the study took this into account, their results would not show differences in intelligence at all, but rather differences in the specific skill(s) that that IQ test emphasised.


    This, very likely, would explain why they observed a group benefit - you would see a benefit to those groups whose culture emphasised those skills that the gene enhanced - individuals overall would have a random chance of doing so, so would not appear to show any benefit.


    If we go with this theory, then my guess is that the skill(s) that benefit are culturally deemed masculine and that those females tested who ignored gender stereotypes would show an identical distribution of benefit as per the males.


    This is the problem with studying things by statistical analysis. It is only valid if you have no unaccounted-for variables, and that is usually not the case. Such studies are often simplistic, don't dwell too much on the mechanisms, and don't conduct genuinely random tests (for whatever reason) on a statistically-significant sample of the population.


    In a case like this, where you are dealing with multiple unknowns (the impact of regionalization of the test, cultural biases, gender biases, etc), you would have to be extraordinarily careful in the study - and would STILL need to perform an n-way analysis of variance to prove that none of the other unknowns were statistically significant. (And, because n-way AoV requires that much larger a sample to work, you'd need to scale up the study accordingly.)


    Oh, to complicate things further, the brain's and the body's gender are determined by different mechanisms at different times, so you'd have to conduct further tests to see WHAT gender was significant. Since intelligence is in the brain and not the body, one would assume that the gender differentiation of the brain was more important than that of the body, so a trivial "male/female" analysis doesn't cut it.


    If you REALLY want to get in-depth, you also need to look at the gender-determining chromosomes. You've the XX of the typical female, and the XY or YX of the typical male, but other combinations also exist - XYY and XYYY "supermales" and XXY "superfemales" are rare, but they are there. If we are to assume a link between biological gender and this discovered gene, then "supermales" and "superfemales" should show different results than regular males or females. If it is not a pure genetic relationship, then no such skewing will occur.

  14. Re:Not quite on New Mammal Species Found in Borneo · · Score: 2, Funny

    My bad - the two links I was thinking of (Killer Dino Turned Vegitarian and Dinosaurs Got Munchies For Grass do not refer to T. Rex. (Mind you, they don't completely rule it out, either. "Indiscriminate eaters" is an interesting term.)

  15. Not quite on New Mammal Species Found in Borneo · · Score: 3, Informative
    Baeleen whales do indeed eat plankton (and sometimes krill), as they are filter-feeders. Toothed whales eat larger fish (sometimes caught in a net of air bubbles a group of whales will produce), squid and other larger sea creatures. Dolphins (which are technically in the whale family) are even known to eat porpoises (also in the whale family). Interestingly, there is actually footage of Orcas (which are dolphins) throwing porpoises through the air with their tail repeatedly to each other, before killing and eating them.


    Toothed whales cannot (as far as I know) eat plankton, so they are definitely carnivores. Krill is animal, as are zooplankton (as opposed to phytoplankton, which is plant, and bacterioplankton, which is bacterial). This means that Baeleen whales are eating both plant and animal, so are technically omnivores.


    Dogs are also omnivores - well, maybe I should say that they THINK they're omnivores. T. Rex was probably omnivore - there is evidence it ate plant material - and if they ever extract any DNA from the T. Rex organic material they've found, you may yet get the chance to eat one. Or vice versa.

  16. No, but there was one singing... on New Mammal Species Found in Borneo · · Score: 1

    "Brains, brains, I love brains..."

  17. Re:Schizophrenia on Lack of 'Mirror Neurons' Linked to Autism · · Score: 3, Interesting
    Not a problem. I'm Asperger's myself - hence a lot of MY curiosity! :) There are a number of theories - and therefore a number of treatment approaches - out there, but now that actual mechanism data seems to exist, pdocs might have a better idea of how to approach Asperger's.


    In my case, it's a little confused since I have a mild seizure disorder AND have been diagnosed bipolar as well. However, the treatment I'm on for those does seem to mitigate the negative side of Aspergers some. However, without a baseline fMRI and an on-meds fMRI (plus an expert in this field), I have no hard data on that. It could equally well be that the other stuff aggravated whatever the Asperger mechanism is.


    The extensive research going on is excellent - I'm surprised it took so long for them to use fMRI, I would have thought that one obvious, although I've been told in the past by my own doctor that fMRI couldn't possibly show anything up. Clearly they were wrong on that. (* Gloat *)


    Some more information for the obsessive:



  18. Re:Schizophrenia on Lack of 'Mirror Neurons' Linked to Autism · · Score: 3, Interesting
    The articles I linked to elsewhere in this discussion imply that Aspergers affects one section of the brain, but High and Low Functioning Autism affects two. I suggested there that this might mean that there are two independent mechanisms at play here, where those with Aspergers has one specific one and those with Autism have both.


    I got to thinking though that this would mean you'd have to have some OTHER condition in which only the second of those mechanisms was present. I don't know what the research says on this, but is it possible that the second mechanism on its own is responsible for schizo-effective disorders (of which schizophrenia is the most serious)?


    (This still means that Aspergers and Autism fall on the same spectrum, but would imply that HFA and LFA are Aspergers with a schizo-effective element. That doesn't sound right, but if that is NOT the case, we're looking at THREE independent mechanisms being involved in autism - at least - and I'm even less happy with the idea of having more variables than absolutely necessary to explain it.)

  19. Oh, and better add the Autism Research Centre on Lack of 'Mirror Neurons' Linked to Autism · · Score: 2, Funny

    It's at Cambridge University, so they have plenty of Austistic Spectrum test subjects (most of the students and staff, for example).

  20. Three related articles on Lack of 'Mirror Neurons' Linked to Autism · · Score: 3, Informative
    A study in Australia using fMRI showing why certain forms of autism adversely affect problem-solving abilities.


    A Neurology journal article on the anatomy of Asperger's, as seen from fMRI scans


    Another neurology article, on the anatomy of Autism, as seen from fMRI scans


    The research at the Institute of Psychiatry, by Professor Declan Murphy is beginning to indicate that autism affects the frontal and mid-sections of the brain, whereas Aspergers appears to affect the frontal sections only. Nonetheless, other studies (not linked to here) have shown that those with asperger's have an elevated probability of having autistic children. In other words, there's good evidence they share mechanisms BUT there is also good evidence that autism outside of Asperger's involves additional mechanisms that are NOT present in Asperger's.


    I asked the IoP about research on Asperger's and autism a while back, and they pointed me to the following lecture (which does not appear to be on the web anywhere):


    Frith U. (2004) Emanuel Miller lecture: confusions and controversies about Asperger syndrome. Journal of Child Psychology & Psychiatry & Allied Disciplines. 45(4):672-86, 2004 May


    I hope this information is useful, trivially interesting or even interestingly trivial, depending on perspective.

  21. Minor corrections on Zone Alarm Vs 180 Solutions: Zango hooks? · · Score: 1

    That should, of course, read 'banananana', and the whole thing is intended to be sung as per the middle section of Bohemian Rhapsody.

  22. That's not possible. on Barcode Scam Redux - Target's $4.99 iPod · · Score: 1

    As 62.5% of all statistics are fictional, that only leaves 37.5% that can be bullshit.

  23. It was clearly written by on The Letter That Won US Internet Control · · Score: 2, Funny

    Sir Humphrey Applebey. The total lack of readability, combined with the total demand for power proves it.

  24. Re:Interesting, but is it Good Enough(tm)? on Fedora Directory Server 1.0 Released! · · Score: 1
    I've been using Linux from the days it came on two floppies and couldn't even support X. I used 386BSD before then. I was building my own LANs in the early 1980s, probably before many Slashdot posters had even used a computer. No, I think I know what I'm talking about.


    RPC? DCE? You are -way- behind the times, there, and no sane person alive is going to use protocols with such horrible latency. Have you seen how many layers RPC needs to go through? It was great when it was about the only thing out there, but that was over fifteen years ago. The only way to take your comment seriously is if your name is Rip Van Winkle or you fell into a liquid nitrogen bath.


    Comparing pthreads to UPC or C with OpenMP is astonishing ignorance. Threads are a subset of any parallel programming environment, but they are not a complete subset. That is why parallel extensions to C exist.


    Oh, and sure, you can run parallel programs on Linux right now. On a single box, the built-in threading works just fine. For clusters, I recommend OpenMOSIX with the Distributed Shared Memory patch for most things, but MOSIX, Beowulf/bproc, Compaq's One-Stop SSI patch, etc, exist for those who have different needs.


    To help with clustering, you've a choice of any combination of Active Messages (not a Microsoft product), PVM, MPI-1, MPI-2, BSP and some of the Plan 9 stuff that has been ported over.


    (You get the feeling I might know something about this side of Linux?)


    As for RPC being secure.... Hmmm. This must be why most admins turn off every RPC function they possibly can. No, RPC is not secure. Even with the security extensions, it is notoriously unsafe. Because it has so many layers, it is probably impossible to make safe. As for DCE - I certainly wouldn't trust anything that has been made Open Source solely because nobody else would use it any more. I would need to see some serious work on it, to regard it as the least-bit usable.

  25. Re:Interesting, but is it Good Enough(tm)? on Fedora Directory Server 1.0 Released! · · Score: 1
    If that is the case, it's rather worse than I expected. I've been assuming that they've kept reasonable pace with comparable products, though given all the cruft in Netscape Navigator on its release, I was partly concerned Red Hat might have been forced to lag behind, just to get the code into acceptable shape.


    My main fears were largely concerning how well they tracked highly non-standard variants that are built into key products that the corporate market simply won't do without. Because things like AD are totally non-standard (a quick scan of articles on linking OpenLDAP to AD shows that the best anyone has managed is one-way from AD to OpenLDAP) it is obviously going to take significantly more effort to provide any level of integration beyond the most trivial.


    Given that another major package that uses LDAP is Exchange (also from our favorite Arch Enemy), that Exchange is also very widely used and that Microsoft is likely to be keen on preventing any drop-in replacement that will interoperate 100% with Exchange, I see no reason to believe that Exchange follows the recognized standards, either.


    Red Hat is not a major international corporation on the scale of IBM or Microsoft (or even Sun), it has enormous problems keeping pace with both RHEL and Fedora, it is not known as a major center for reverse-engineering protocols, it has a hard time with keeping even its own internally-written software current and its experience in the mainstream enterprise domain is limited. (The biggest area is through IBM's S/390 series, but there it is IBM that is dealing with the customer.)