In addition if you run with Noscript and Secure Login it really helps protect you. The former can let you disable javascript (and java/flash too) by default and only enable for sites you trust. The later makes it so that for remembered passwords firefox does not fill in the form. Instead it highlights the fields it would fill in and you have to hit the secure login button to post the form data. Makes it so that you know when you saved passwords are being used and bypasses the input flow so that keyloggers can't even record the data.
I would also recommend installing "Master Password Timeout" which will re-prompt you periodically for the password.
I still recall using the 16-bit OS/2 version under WinNT in order to get long filename support (and have it nto take 100% of the CPU when idle).
I still lvoe that editor. And although I know I will likely loose some geek cred for syaing it, I still don't think I am as fluid under vi as I was under brief. the multiple files at once (easy and low latency switching) and the keyboard commands just seem very natural.
nope. you ain't high. it is interesting, my mom has been a librarian for years (mainly for educational institutions), and it is funny how we so much agree on privacy and censorship issues. I wouldn't be surprised if the national librarian associations ding the trustee for the lack of support as protecting readership privacy is a big issue for librarians.
Yeah you have two basic goals:
- You want a checkmark for your compliance list
- You want to really improve site security
big expensice "security solutions" do much better at the former. have smart employees and using appropriate technology in a proper manner are fat better at the later.
I work for a company that like most businesses care more about the former. Luckily though we are allowed to also do the later. Means both Compliance and I can sleep at night.
FYI, assuming you did an upgrade to 1.0, that is the likely cause of the crash. I haven't done it myself, but from what folks have told me, a fresh 1.0 install is fine. the upgrade from pre 1.0 to 1.0 had some issues.
(I use mozilla on my nt4 box and typing this via konq on fc1 -- why I speak 2nd hand).
how about a "waterproof" pda AND put it in a "waterproof" bag. I put waterproof in quotes for these reasons:
- a co-worker once hadd his on-call cell phone with him when he went ocean kayaking (he was going around the coastline, so still in cell range). was in a supposedly waterproof bag. We took it apart a while later to see why the data connection wouldn't work anymore. the bottom part of the phone had salt corrosion marks on it.
- I have had marine first aid kits in double sealed made for the water "waterproof" bags leak (man that made a mess).
So althought I would not argue to keep it sealed in a bag. having it and the bag be "waterproof" may actuall mean the device will survive the trip. That way when you end up off course (read: lost), you can pull up on shore, get out the gps, and try and figure out how to get back.
the parent post that started this all was quick frankly trolling. bind9 was a complete rewrite from the ground up. I don't recall the last time I had an exploit in bind9. I have had multiple openssl and openssh vulnerabilities in the past year however.
So as I have told many people, every network app is going to have its issues. Some have more than others, but with proper patch management (and despite the original posters claim, you don't have to pay for BIND patches) you can keep your network secure.
And Bind is at least standards compliant. djbdns is not. it doesn't meet all RFC requirements (at least it didn't a year or so ago when I last looked -- due to functionality, support, compatibility and license issues haven't looked at DJB software since). yes zone transfers and the like are more code, but they are standard. And means you can actually interoperate with other providers. This may not seem like a big deal to a lot of folks that only run personal DNS with a few zones, but being able to have zone transfers with other parties/businesses is a big plus.
I hate to feed a troll, but actually copy/paste can be EASIER with a unix desktop (sometimes too easy the single click paste takes a bit to get used to -- I used it for years way back when and was fine but once I started running Windows at work it was a little strange to switch back and forth).
In addition I write this comment on a win2k workstation. It is rather nice to have a clickable link so that in mozilla I can open in a new tab to process later. In other words actually have a hyperlink be clickable isn't a "linux" desire. it is a usual web desire. Sure you can always copy/paste, but the poster should make it easier, especialyl considering how easy it is (the URL auto linking support -- and it isn't link that feature is porrly documented look about two lines below the comment submit button).
Nothing really. Both techniques can be used to make it so that a "semi-public" service does not have an effectively listening port (I say effective becuase the service is always listening but it is not always reachable) all of the time.
If you have a static sequence, then yes if someone is sniffing the traffic then yes you have s security through obscurity layer in protecting blanket access to your service (for sake of discussion let's say SSH).
But you still have your auth on the SSH service.
The idea beind Port knocking (and the UDP method mentioned in the post I am replying to) is it makes it so that blind port scanning/attack attacks on your network won't find the SSH service nor try attacks against it.
now back to port-knocking vs. udp:
- The UDP approach has a big benefit that your data format you send can be more free-form.
- The down side to UDP is that it is easier to see what the special way to open the server port is via packet sniffing. Of course if you use say changing data that is encrypted so that it can't be (or at least is hard to be) faked, then I think the UDP approach is still better.
- Now with the UDP approach means you do have an extra network service running that could be hit by an attack (say a buffer overflow), whereas with port knocking (implemented by a simple daemon looking at the firewall logs) not as likely to have a remote vulnerability.
So depending on how you implement either there can be pros and cons. But the main goal of either system still remains, you augment your security by making the remote "user" have both the normal auth AND another piece of information (port sequence or magic data to be sent via UDP).
(Note: I am not implying the poster I am replying to doesn't understand the augmenting benefits)
hey now, I wouldn't call this a "Linux crybaby convention". It is a crybaby convention, but has nothing to do with Linux.
I will admit that there are probably more crybaby type folks in Linux land than in BSD land, but I think that mainly has to do with the larger base of Linux and you will get more "local users" that way.:).
I am a pretty big Linux guy. However, I was weened on BSD, but liked the earlier usage and consistent aspects of Linux way back when. At that time you didn't have an openbsd, there was (lesse if I can recall) 386bsd, netbsd, freebsd and BSDI (the commercial varient). buddy ran BSDI, I pulled down SLS and used it.
I still am planning on pulling down OpenBSD (and maybe one of the others) one of these days and see if I can get a local install area set up, just need to make some time (also was waiting to get the bigger bandwidth I now have at the office).
I was half expecting someone to ask that. him. And here is the difference. system1.com, system2.edu, system3.net looked like they could be official and not just examples. these days would I think twice? probably. And I had basics down (even more advanced topis based on the things I see people tripped up by). I was running a home server with static IP's, e-mail coming in, doing my own DNS, etc. and this was back before everybody in the world had Internet access at home. shoot this was before most college dorms had fulltime access.
So yup, picked up a script that other admins I knew had used (and they hadn't changed the names either -- as I said the docs didn't mention it) and it worked. anyway...
Ah reminds me oh a time back in the day (was before spam in the early 90's).
I was using a time sync script that used the daytime service instead of ntp (ntp clients for linux weren't as prevelent at that time).
well in the script it listed (I think it was): system1.com system2.edu system3.net as servers to get daytime info from. Well that config worked. It didn't dawn on me when I was setting it up that those were just examples and should be changed. Mainly becuase it did work, I mean even back then responsible folks were shutting down "extra" services and or only allowing access from proper locations.
Well the net admin who ran what system1.com pointed to got really irate at someone hitting that service on his machine. He contacted the ISP I was on (an old community based one called punk.net).
And the guy was too much of an idiot to understand the explaination of what had happened. said things like 'what system1.com?'. Not only had he forgotten he had pointed it at his system (it was the same org by checking whois), but he didn't even know how to check what system1.com was aand where it pointed. To top it off he then threatened to drive up from LA and physically assault me and started port scanning my network. (and yes this was after I had pointed elsewhere for time updating). So I sent him a nice e-mail saying to go ahead and try and I would be contacting the police if he continued... never heard from him again...
One of my first exposures to someone who was runnng a box on the Internet that didn't understand basics (like how to run a whois/hostname lookup).
So my point is yeah example.com is now a IANA reserved, so you should use it. or point it at a spamtrap service you run or have permission to use. it is what I do, provides for some interesting data analysis.
hmm.. lesse I run (on the work servers) bind, postfix, and courier-imap (imap on different servers since we don't run IMAP for public use -- not sure why you are running any DNS or IMAP on your "web servers", but that is another matter). Never have to think about them. bind's syntax ain't bad. I recall way back when people telling me BIND was too obtuse. I actualyl picked up its syntax far quicker than qmail. yeah it is not very englishy, but maybe that is why it is easier for me (I program in C, C++, perl).
As for fast, powerfull and secure. never noticed speed issues. it lets us easily manage hundreds of domain names. we havea distributed name servign environment with a mix of internal/external nameservers, resolvers, etc. We set it up, and it just works.
And as for security I have had FAR more many security updates in openss[lh] in the past 2 years than I have had with bind. In fact I don't recall the last security updated for bind9.
One thing people don't recall is BIND's history. Bind4 was more of initial prrof of concept, written back when people assumed they could trust their neighbors on the Internet (because pretty much back then you basically could). Bind8 was a evolution of Bind4 to have the newer better features from the RFCs. But it still had Bind4's legacy issues. Bind9 is a complete rewrite. so it is like the new alternative guys out there in terms of being written with security in mind.
oh, and for us courier-IMAP stays up fine, on the office servers we run it on (aka the user servers).
we had qmail running originally handling a fraction of e-mail the postfix servers now handle (used to have most inbound e-mail handled directly by an Exchange server) and I spent many a holiday babying the server back to health. Now this was a server I inherited, so it may have been setup wrong.
so this comes down to your mileage may very. For us having system tools that don't try to fight unix, and work with the other parts of the system (init scripts, directory layout, log rotation, etc.) makes it far more easier to maintain and put on auto-pilot.
very true. also, Tanenbaum I think ignores the kernel module and abstration layers in the kernel. one of the points of a message passage system is to have proper interfaces defined so that subsystems can be replaced and interchanged. For people that have watched kernel development over the years, those design benefits are basically in the Linux kernel. yeah it may be "monolithic" in the OS kernel theory deisgn aspect, but it incorporates the design abstrations of a "microkernel" without the performance hits (for the most part on both counts).
Very good take on this. a lot fo the programmers I am seeing these days don't care or think about performance or how it will run operational. They think oh if we have problems we can fix it later. When anyone who has eben doing it for a while nows it is far easier to put in some thought and get it decent (not perfect mind you) the first time.
Right now I am flabergasted at a web application that REQUIRES 64-bit hardware so that it can have 4GB and up heap allocations. And this is for something close to a hello world for web apps (think on-line store with a couple of items and some back end payemtn processing).
I completely agree witht he poster above, just think as you write. yes you want to keep the code readable and maintainable, but don't completely toss performance and making sure it will run right out the window.
Well, in my case, people tend to think I am odd, but I use beleive in knowing what is on my boxes, so I have automated installs (using kickstart) that will bring a box fully up and configured.
So what is nice, I can thrash a box with trying things out and then once I figure out what changes I want to keep (and more importantly what changes I don't want) I can integrate those into the install script and re-install.
now I do have some machines I don't do that to as often, but they don't get "played with". they just get package installs/upgrades done to them.
What a lot of my practicies boil down to is I always want to be abel to reproduce a box. and the only thing I want to have to pull from backup tapes is data not metadata.
not really. the idea behind port knocking is it provides an ADDITIONAL level of screening over and above the usual protections.
You have a service that needs to be available to from anywhere by certain people. so the service woulc ordinarily be open. But you add port knocking so that the port is only open at certain times if people trigger the right open code.
you don't have to knock to close it. simply have your FW allow through established TCP sessions only always, then have the knock open a hole (for say 60 seconds from the specific IP that knocked) to do a TCP session init (AKA syn flag set)
I haven't thought through all of the implications of the above, but what popped up off the top of my head.
Re:Imagine that, another inflammatory Forbes story
on
Red Hat Recap
·
· Score: 1
I think he is smoking the good old forbes crack. Forbes seems to be a Microsoft front on a lot of things.
Basically to sum up the article: Lyons (the forbes writer) and Carey (the "liunx example user" in the article) beleive the typical Microsoft marketing line. Micorsoft == Innovation. nobidy else innovates.
As you metnioned that is a big joke. Shoot a lot of "microsoft's" good ideas over the years they bought from somebody else. so ther are not innovating nearly as much as they like to say they are.
not to mention he (Carey) really isn't familiar with Open Source and Linux if he thinks it is about imitation. So why is it then that things like apache and rsync are getting windows ports and things like cygwin and Microsoft's own sservices for Unix (SFU) exist?
Or if the site is like a lot of the ones I have seen you can pay up front a small few a year and avoid the adds. For example, Weather Underground: http://www.wunderground.com/ (and there are many others, one I thought of off the top of my head that I pay for -- and yes I realize/. has a similar system).
I think it is ~$5/year. I liked the site I subscribed to support it more than avoid the adds, but for a lot of sites I visit, I would pay a small fee to avoid the adds if they started to get annoying.
Re:But who likes CIFS?
on
Implementing CIFS
·
· Score: 2, Informative
uh, actually Microsoft does support NFS, both client and server. see their services for unix. I think this is the correct URL:
http://www.microsoft.com/windows/sfu
It has sounded very promising. Still on the look into list (I am actually more going to be using the auth sharing features to have our unix boxes publish password changes to AD).
I will say I'm not the biggest NFS fan -- mainly becuase of portmap (for some of the reasons, see Steven TCP/IP Illustrated Vol I comments in the dicussion on NFS) -- but to say you can't get NFS support under windows is not accurate.
Slashdot Mirror
In addition if you run with Noscript and Secure Login it really helps protect you. The former can let you disable javascript (and java/flash too) by default and only enable for sites you trust. The later makes it so that for remembered passwords firefox does not fill in the form. Instead it highlights the fields it would fill in and you have to hit the secure login button to post the form data. Makes it so that you know when you saved passwords are being used and bypasses the input flow so that keyloggers can't even record the data.
I would also recommend installing "Master Password Timeout" which will re-prompt you periodically for the password.
ah brief.
I still recall using the 16-bit OS/2 version under WinNT in order to get long filename support (and have it nto take 100% of the CPU when idle).
I still lvoe that editor. And although I know I will likely loose some geek cred for syaing it, I still don't think I am as fluid under vi as I was under brief. the multiple files at once (easy and low latency switching) and the keyboard commands just seem very natural.
nope. you ain't high. it is interesting, my mom has been a librarian for years (mainly for educational institutions), and it is funny how we so much agree on privacy and censorship issues. I wouldn't be surprised if the national librarian associations ding the trustee for the lack of support as protecting readership privacy is a big issue for librarians.
Yeah you have two basic goals:
- You want a checkmark for your compliance list
- You want to really improve site security
big expensice "security solutions" do much better at the former. have smart employees and using appropriate technology in a proper manner are fat better at the later.
I work for a company that like most businesses care more about the former. Luckily though we are allowed to also do the later. Means both Compliance and I can sleep at night.
In addition you can only write it off if the dollar amount is at least a certain percentage of your income (I think that category is 2%).
FYI, assuming you did an upgrade to 1.0, that is the likely cause of the crash. I haven't done it myself, but from what folks have told me, a fresh 1.0 install is fine. the upgrade from pre 1.0 to 1.0 had some issues.
(I use mozilla on my nt4 box and typing this via konq on fc1 -- why I speak 2nd hand).
how about a "waterproof" pda AND put it in a "waterproof" bag. I put waterproof in quotes for these reasons:
- a co-worker once hadd his on-call cell phone with him when he went ocean kayaking (he was going around the coastline, so still in cell range). was in a supposedly waterproof bag. We took it apart a while later to see why the data connection wouldn't work anymore. the bottom part of the phone had salt corrosion marks on it.
- I have had marine first aid kits in double sealed made for the water "waterproof" bags leak (man that made a mess).
So althought I would not argue to keep it sealed in a bag. having it and the bag be "waterproof" may actuall mean the device will survive the trip. That way when you end up off course (read: lost), you can pull up on shore, get out the gps, and try and figure out how to get back.
the parent post that started this all was quick frankly trolling. bind9 was a complete rewrite from the ground up. I don't recall the last time I had an exploit in bind9. I have had multiple openssl and openssh vulnerabilities in the past year however.
So as I have told many people, every network app is going to have its issues. Some have more than others, but with proper patch management (and despite the original posters claim, you don't have to pay for BIND patches) you can keep your network secure.
And Bind is at least standards compliant. djbdns is not. it doesn't meet all RFC requirements (at least it didn't a year or so ago when I last looked -- due to functionality, support, compatibility and license issues haven't looked at DJB software since). yes zone transfers and the like are more code, but they are standard. And means you can actually interoperate with other providers. This may not seem like a big deal to a lot of folks that only run personal DNS with a few zones, but being able to have zone transfers with other parties/businesses is a big plus.
I hate to feed a troll, but actually copy/paste can be EASIER with a unix desktop (sometimes too easy the single click paste takes a bit to get used to -- I used it for years way back when and was fine but once I started running Windows at work it was a little strange to switch back and forth).
In addition I write this comment on a win2k workstation. It is rather nice to have a clickable link so that in mozilla I can open in a new tab to process later. In other words actually have a hyperlink be clickable isn't a "linux" desire. it is a usual web desire. Sure you can always copy/paste, but the poster should make it easier, especialyl considering how easy it is (the URL auto linking support -- and it isn't link that feature is porrly documented look about two lines below the comment submit button).
Nothing really. Both techniques can be used to make it so that a "semi-public" service does not have an effectively listening port (I say effective becuase the service is always listening but it is not always reachable) all of the time.
If you have a static sequence, then yes if someone is sniffing the traffic then yes you have s security through obscurity layer in protecting blanket access to your service (for sake of discussion let's say SSH).
But you still have your auth on the SSH service.
The idea beind Port knocking (and the UDP method mentioned in the post I am replying to) is it makes it so that blind port scanning/attack attacks on your network won't find the SSH service nor try attacks against it.
now back to port-knocking vs. udp:
- The UDP approach has a big benefit that your data format you send can be more free-form.
- The down side to UDP is that it is easier to see what the special way to open the server port is via packet sniffing. Of course if you use say changing data that is encrypted so that it can't be (or at least is hard to be) faked, then I think the UDP approach is still better.
- Now with the UDP approach means you do have an extra network service running that could be hit by an attack (say a buffer overflow), whereas with port knocking (implemented by a simple daemon looking at the firewall logs) not as likely to have a remote vulnerability.
So depending on how you implement either there can be pros and cons. But the main goal of either system still remains, you augment your security by making the remote "user" have both the normal auth AND another piece of information (port sequence or magic data to be sent via UDP).
(Note: I am not implying the poster I am replying to doesn't understand the augmenting benefits)
hey now, I wouldn't call this a "Linux crybaby convention". It is a crybaby convention, but has nothing to do with Linux.
:).
I will admit that there are probably more crybaby type folks in Linux land than in BSD land, but I think that mainly has to do with the larger base of Linux and you will get more "local users" that way.
I am a pretty big Linux guy. However, I was weened on BSD, but liked the earlier usage and consistent aspects of Linux way back when. At that time you didn't have an openbsd, there was (lesse if I can recall) 386bsd, netbsd, freebsd and BSDI (the commercial varient). buddy ran BSDI, I pulled down SLS and used it.
I still am planning on pulling down OpenBSD (and maybe one of the others) one of these days and see if I can get a local install area set up, just need to make some time (also was waiting to get the bigger bandwidth I now have at the office).
I was half expecting someone to ask that. him. And here is the difference. system1.com, system2.edu, system3.net looked like they could be official and not just examples. these days would I think twice? probably. And I had basics down (even more advanced topis based on the things I see people tripped up by). I was running a home server with static IP's, e-mail coming in, doing my own DNS, etc. and this was back before everybody in the world had Internet access at home. shoot this was before most college dorms had fulltime access.
So yup, picked up a script that other admins I knew had used (and they hadn't changed the names either -- as I said the docs didn't mention it) and it worked. anyway...
Ah reminds me oh a time back in the day (was before spam in the early 90's).
I was using a time sync script that used the daytime service instead of ntp (ntp clients for linux weren't as prevelent at that time).
well in the script it listed (I think it was):
system1.com
system2.edu
system3.net
as servers to get daytime info from. Well that config worked. It didn't dawn on me when I was setting it up that those were just examples and should be changed. Mainly becuase it did work, I mean even back then responsible folks were shutting down "extra" services and or only allowing access from proper locations.
Well the net admin who ran what system1.com pointed to got really irate at someone hitting that service on his machine. He contacted the ISP I was on (an old community based one called punk.net).
And the guy was too much of an idiot to understand the explaination of what had happened. said things like 'what system1.com?'. Not only had he forgotten he had pointed it at his system (it was the same org by checking whois), but he didn't even know how to check what system1.com was aand where it pointed. To top it off he then threatened to drive up from LA and physically assault me and started port scanning my network. (and yes this was after I had pointed elsewhere for time updating). So I sent him a nice e-mail saying to go ahead and try and I would be contacting the police if he continued... never heard from him again...
One of my first exposures to someone who was runnng a box on the Internet that didn't understand basics (like how to run a whois/hostname lookup).
So my point is yeah example.com is now a IANA reserved, so you should use it. or point it at a spamtrap service you run or have permission to use. it is what I do, provides for some interesting data analysis.
I just use a text file that is a part of my cvs controlled home directory. then a have a perl script or two for generating stats on it.
hmm.. lesse I run (on the work servers) bind, postfix, and courier-imap (imap on different servers since we don't run IMAP for public use -- not sure why you are running any DNS or IMAP on your "web servers", but that is another matter). Never have to think about them. bind's syntax ain't bad. I recall way back when people telling me BIND was too obtuse. I actualyl picked up its syntax far quicker than qmail. yeah it is not very englishy, but maybe that is why it is easier for me (I program in C, C++, perl).
As for fast, powerfull and secure. never noticed speed issues. it lets us easily manage hundreds of domain names. we havea distributed name servign environment with a mix of internal/external nameservers, resolvers, etc. We set it up, and it just works.
And as for security I have had FAR more many security updates in openss[lh] in the past 2 years than I have had with bind. In fact I don't recall the last security updated for bind9.
One thing people don't recall is BIND's history. Bind4 was more of initial prrof of concept, written back when people assumed they could trust their neighbors on the Internet (because pretty much back then you basically could). Bind8 was a evolution of Bind4 to have the newer better features from the RFCs. But it still had Bind4's legacy issues. Bind9 is a complete rewrite. so it is like the new alternative guys out there in terms of being written with security in mind.
oh, and for us courier-IMAP stays up fine, on the office servers we run it on (aka the user servers).
we had qmail running originally handling a fraction of e-mail the postfix servers now handle (used to have most inbound e-mail handled directly by an Exchange server) and I spent many a holiday babying the server back to health. Now this was a server I inherited, so it may have been setup wrong.
so this comes down to your mileage may very. For us having system tools that don't try to fight unix, and work with the other parts of the system (init scripts, directory layout, log rotation, etc.) makes it far more easier to maintain and put on auto-pilot.
very true. also, Tanenbaum I think ignores the kernel module and abstration layers in the kernel. one of the points of a message passage system is to have proper interfaces defined so that subsystems can be replaced and interchanged. For people that have watched kernel development over the years, those design benefits are basically in the Linux kernel. yeah it may be "monolithic" in the OS kernel theory deisgn aspect, but it incorporates the design abstrations of a "microkernel" without the performance hits (for the most part on both counts).
I haven't looked at the final proposal, only the initial drafts, but I don't think that is how SPF works.
Nothing would stop you (without involvement from you ISP) to list your ISP's mail servers as valid senders for your domains.
basically in SPF land the person who controls DNS for a domain controls who is allowed to send e-mail from that domain.
Very good take on this. a lot fo the programmers I am seeing these days don't care or think about performance or how it will run operational. They think oh if we have problems we can fix it later. When anyone who has eben doing it for a while nows it is far easier to put in some thought and get it decent (not perfect mind you) the first time.
Right now I am flabergasted at a web application that REQUIRES 64-bit hardware so that it can have 4GB and up heap allocations. And this is for something close to a hello world for web apps (think on-line store with a couple of items and some back end payemtn processing).
I completely agree witht he poster above, just think as you write. yes you want to keep the code readable and maintainable, but don't completely toss performance and making sure it will run right out the window.
Well, in my case, people tend to think I am odd, but I use beleive in knowing what is on my boxes, so I have automated installs (using kickstart) that will bring a box fully up and configured.
So what is nice, I can thrash a box with trying things out and then once I figure out what changes I want to keep (and more importantly what changes I don't want) I can integrate those into the install script and re-install.
now I do have some machines I don't do that to as often, but they don't get "played with". they just get package installs/upgrades done to them.
What a lot of my practicies boil down to is I always want to be abel to reproduce a box. and the only thing I want to have to pull from backup tapes is data not metadata.
not really. the idea behind port knocking is it provides an ADDITIONAL level of screening over and above the usual protections.
You have a service that needs to be available to from anywhere by certain people. so the service woulc ordinarily be open. But you add port knocking so that the port is only open at certain times if people trigger the right open code.
you don't have to knock to close it. simply have your FW allow through established TCP sessions only always, then have the knock open a hole (for say 60 seconds from the specific IP that knocked) to do a TCP session init (AKA syn flag set)
I haven't thought through all of the implications of the above, but what popped up off the top of my head.
I think he is smoking the good old forbes crack. Forbes seems to be a Microsoft front on a lot of things.
Basically to sum up the article: Lyons (the forbes writer) and Carey (the "liunx example user" in the article) beleive the typical Microsoft marketing line. Micorsoft == Innovation. nobidy else innovates.
As you metnioned that is a big joke. Shoot a lot of "microsoft's" good ideas over the years they bought from somebody else. so ther are not innovating nearly as much as they like to say they are.
not to mention he (Carey) really isn't familiar with Open Source and Linux if he thinks it is about imitation. So why is it then that things like apache and rsync are getting windows ports and things like cygwin and Microsoft's own sservices for Unix (SFU) exist?
Or if the site is like a lot of the ones I have seen you can pay up front a small few a year and avoid the adds. For example, Weather Underground: /. has a similar system).
http://www.wunderground.com/
(and there are many others, one I thought of off the top of my head that I pay for -- and yes I realize
I think it is ~$5/year. I liked the site I subscribed to support it more than avoid the adds, but for a lot of sites I visit, I would pay a small fee to avoid the adds if they started to get annoying.
uh, actually Microsoft does support NFS, both client and server. see their services for unix. I think this is the correct URL:
http://www.microsoft.com/windows/sfu
It has sounded very promising. Still on the look into list (I am actually more going to be using the auth sharing features to have our unix boxes publish password changes to AD).
I will say I'm not the biggest NFS fan -- mainly becuase of portmap (for some of the reasons, see Steven TCP/IP Illustrated Vol I comments in the dicussion on NFS) -- but to say you can't get NFS support under windows is not accurate.
Somebody mod this guy up as funny. I'm dying right now. Of course, maybe just because I'm enough of a geez to knwo the song reference :).