Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Authentication is the Key

michael posted more than 13 years ago | from the are-you-the-Keymaster dept.

Microsoft 330

jeffwolfe writes: "In his latest column in InfoWorld, Nicholas Petreley claims that Microsoft's attack on the GPL is merely a diversionary tactic to distract the Open Source community from Microsoft's real goal: authentication services."

Sorry! There are no comments related to the filter you selected.

This guy.... (1)

Anonymous Coward | more than 13 years ago | (#136500)

is just your standard Slashdot troll with some articulation skills.

Not quite (1)

Anonymous Coward | more than 13 years ago | (#136501)

Enterprises still want the infrastructure of single sign-on, because they want to only manage one user accounts database. They don't want people to have separate user accounts on every machine. They want global user accounts, and global groups, and the ability to then grant resource access based on membership in those groups. Ideally, they want the ability to partition users/resources into different groups, and then grant admin rights to some people for some of those partitions, without granting admin rights for all of the partitions. Welcome to the "enterprise".

Re:Remember Ghandi (1)

Anonymous Coward | more than 13 years ago | (#136502)

We have a winner! Congratulations, richardmguy, you're the first person to post the tired "First they ignore you" Gandhi quote!

As a reward for your devotion to the fine craft of Slashbotting, we are pleased to offer you some CAFFEINATED MINTS FROM THINKGEEK.COM! That's right -- Thinkgeek.com [adfastsurf.com] , your source for everything geek.


Re:Why I'm Not Using Windows Anymore (1)

Anonymous Coward | more than 13 years ago | (#136503)

1. The MS's hidden files idiocy has been throughly debunked.
The guy who wrote it does not have a clue about what he is talking about. Anyone who does have a clue will get a great laugh out of it though. Be grateful idiots like that don't use Linux.
read: http://arstechnica.infopop.net/OpenTopic/page?q=Y& a=tpc&s=50009562&f=48409524&m=3840916991

follow the links from there, too. It'll be a struggle to read to the end, it is amazing that someone can run the wrong way for so long without a tiny bit of common sense ever coming in play. If you don't want to read that much retardation (it'll corrode your brain), be assured that the moron gets everything wrong.

2. It's been updated, thankfully. It was even reported on Slashdot.

3. and 4. are both utterly moronic, but believable if you are a rabid MS hater (hello, slashdot!). They are not, from my moderately neutral perspective, not even remotely believable.

In general: The Register has never published an accurate sentence about Microsoft, ever.

The NSA claims have _never_ been backed up by any evidence either. I'm not going to dig up links to rebut it for you, google is your friend. MS don't deny involvement because the claims are so retarded. Why even respond to such drivel? (Something the OSS community should think about in the face of MS FUD.)

MS's past history isn't quite as awful as you seem to think.

I've said this before: there are plenty of genuine reasons to hate/despise MS. Why do people so often ignore the valid reasons and make up bullshit to justify their anti-MS stance?

Sunrays work right (2)

Tony (765) | more than 13 years ago | (#136511)

That's what we're doing here at work-- Sunrays on the desktop, with Solaris boxes doing the heavy lifting. We've only rolled out a few (about a hundred or so), but we will hopefully have everyone on them soon.

The NC *has* been done right. The Sunray is just the most recent (and perhaps the best) example. And it *is* a grand idea.

It won't work, of course. Even here we feel the pressure to move to MS software. We've resisted so far; but find a corporation-wide financial system that can run exclusively on Unix. Pretty much every financial package has an MS-Windows front-end, even if the database runs on Oracle or DB2.

Petreley was right-- it doesn't exist until Microsoft invents it.

Re:Other conclusions possible... (2)

Jason Earl (1894) | more than 13 years ago | (#136518)

Microsoft is not out to test the validity of the GPL. The last thing that Microsoft wants is to set any precedent that would limit the power of copyright. After all, they rely on the power of copyright to limit the legal use of their software a lot more than the GPL does.

Other than that, I agree. What Microsoft says is always smoke and mirrors. Heck, I wouldn't believe them if they told me the sky was blue (because in the background they would probably be working on changing the color of the sky).

Re:the appeal of a single sign on (5)

Jason Earl (1894) | more than 13 years ago | (#136522)

It's already been done. Mozilla will happily remember your usernames and passwords for as many sites as you like. If you wish you can password protect this information store (I believe that IE does something similar as well). This is a much better solution than putting all of the information about everyone in one huge database. Sure, some people will probably lose their passwords when their hard drives crash, and some will have their master password stolen by thieves. But I can guarantee you that if everyone's information was in one net connected database eventually someone would learn to steal that information from everyone (the only trick would be to steal the information slowly enough so that Microsoft wouldn't notice).

Of course, if you put me in charge of the database that would be a different thing altogether. I would never use it for nefarious purposes, and I would be very careful to make sure it never was stolen :).

The funny thing is that this could really work, but not if Microsoft insists on charging money for it. Heck, they should be giving away Windows XP and then hold everyone's data hostage.

Close, but not quite (5)

Bookwyrm (3535) | more than 13 years ago | (#136529)

I think the article is close to the target, but it's not quite there. It's not that authentication by itself is the key, it's the directory services that's part of the authentication which is the key.

Any one remember archie? The difference it made in using FTP? The key part of the phrase "You can find anything on the Internet" is *find*, it's not that any thing and every thing is on the Internet, it's that you can *find* it. (In some way, this is may be what Sun's CEO meant about not having any privacy -- there have always been records kept on people in all sorts of places, just now it is possible to find the records, index them, use them to *find* what you like, or *find* people that like certain things.)

File transfers have been around for a while now. Napster was interesting because it let people, tada, find the files they were looking for that other people have. eBay lets sellers find buyers. Social communities have formed up on the Interent because people have found other people who share similiar interests.

This probably seems all terribly boring, but think about it for a moment. If Microsoft does create a single sign-on authentication system, they will (potentially) have one of (if not the) largest online directory of people (competing with AOL.)

Authentication is just part of it. If Microsoft controls the directory services, they can control who (or what -- i.e. smart tags , etc.) can be found ... or not found. Heck, even forget the authentication bit -- anyone serious will have their own level of authentication and authorization, probably -- the first step in authentication of a person is *finding* their record.

Just look at the whole DNS root server mess, Network Solutions and such making money off of basically directory services. The battle over whether or not AOL will have an icon on the Windows desktop. Instant messaging -- which is basically the idea of presence (which appears to be one of the big buzzwords coming up), or rather, making it easier to be found.

Take a look at how much money is made from the sale of .com domains, etc. Now suppose Microsoft had the equivalent of the root DNS servers, but for a directory of identities rather than domain names. How much would someone pay to have an identity of "John Doe" rather than "jdoe@someplace.onthe.net"... just type "John Doe" in your MS email program... Windows Messenger... goodness, maybe even your web browser. Now, wouldn't that be something? MS could let you type in 'identities' or keywords (i.e. "John Doe" "Amy Smith" "Microsoft Corporation" "Plumber" "Sun Microsystem") into your browser/Windows Messenger (off-topic, SIP blows chunks) and pop up perhaps their web page, a phone call, an instant message, or what not. Mmm. Do away with all that messy 'domain name' bit, or rather replace it with the Microsoft authenticated identities. Hmm. Interesting idea, isn't it?

Look, if you want to change the face of the network, the killer app is directory services. Online the map is literally the terrain -- the domain name system is the map we use to find things! That is, if you replaced the current DNS system with something new, that could change web browsing, email, all the services that depend on it to find people, places, and things.

Re:Likelihood of .NET and hailstorm success is low (2)

garcia (6573) | more than 13 years ago | (#136532)

there isn't any advantage, that's why I have a strong feeling that they want to eventually force you to use their services...

better control == more money for them.

I am very very afraid.

Re:Old stuff (3)

garcia (6573) | more than 13 years ago | (#136533)

it will only be monopolized if we continue to let them create this positive spin on the control of our lives!

people are alowly accepting large organizations as the maintainers of databases w/all of our personal information. Do you really want MS to control EVERY single facet of your computer connection? I am scared enough of centralized databases of credit info that companies sell to each other for mass marketing, but I would be ESPECIALLY afraid of MS controlling 90% of every computer remotely...

Bill of Borg is really starting to get closer to reality :(

you can get that (2)

Archfeld (6757) | more than 13 years ago | (#136534)

from a 2000 single domain forrest/tree set-up, without giving all your data to M$. Single signon can be managed thru Tivoli also on a multi platform environment. Only Solaris presents real problems in the password intercept area, Aix/Tandem/M$/TRU64/VMS and of course LINUX all work well. There are also products out there like ControlSA that handle single signone and multiplatform access well.
None of these are opens source but they are M$ controlled either....

small form factor PC's (2)

Archfeld (6757) | more than 13 years ago | (#136535)

are what we are placing for admins and tellers, COMPAQ makes a case smaller than a VCR that mounts easily just about anywhere. In a corporate environment the PC lifespan is short anyways, and with long term (10year) deal with the PC vendor for 2 year replacement, it is cheaper to replace 20 PC's than 1 decent server that could support 20 working thin clients. Give me a entire giga-bit fiber network and some uptime agreements from M$ and maybe it will make some headway.

Who has MS convinced ?? (5)

Archfeld (6757) | more than 13 years ago | (#136536)

I work for the 2nd largest M$ exchange implementation worldwide, and our management along with several other fortune 50 companies told M$ to stick .net where it was safe...Ballmer's deep dark hole. Data security is PARAMOUNT and M$ would not pony up the $$$'s for insurance and bonding nor would they provide ANY sort of IRON CLAD uptime/access agreement. With VPN and broadband so prevalent these days we are going the exact opposite, to the hardware vendors' delight, and deploying PC's everywhere with VPN clients to access our data on our OWN SAFE and SECURE machines. If I were a sales business or some such heavy travel industry I MIGHT be able to see 'some' value in a .net structure but otherwise...NOT.
Can someone present an argument PRO .net beyond M$'s security and uptime smokescreen ?

Re:Sun is as bad as M$ (1)

Nessak (9218) | more than 13 years ago | (#136539)

I don't think the auther wanted NC to be under complete control of SUN or anyone else. What the artical is suggesting is that total control of authentication from any one entity is bad, unless that entity is Open.

Re:Which means... (4)

landley (9786) | more than 13 years ago | (#136541)

> Or, alternately, move in with Stallman

Nah, I've been in his office. There's no room.

And now that he's dating again, he might be more inclined to insist on a bit of privacy. (The collective response of the FSF people to Stallman's acquisition of a significant other after all these years was, basically, "Thank God!". This info is a good four months out of date now, though. Dunno how things are going in Boston...)

What on earth needs 350 meg!!! (1)

Sangui5 (12317) | more than 13 years ago | (#136543)

First off, yes it is true that my example doesn't scale. Cutting 99% is a fairly extreme.

But consider MS Office. Many of the DLL's were statically linked, even when there was no reason too, or if another portion of the same binary required the DLL anyway. Excel 95 did have that flight sim in it. And how much sheer cruft did they have anyway (megs of clipart, the damn paperclip, overlapping functionality, etc). My point is that just about all programs can be put on a huge diet.

Another small point. Look the size of linux binaries. Compare them to equivilent Windows binaries (equivilent! compare CLI picture viewer to CLI picture viewer, compressor to compressor, etc). The linux binaries are almost always much smaller (half or less), for the simple reason that GCC makes very efficient use of shared libs. It almost never generates statically linked code. That cuts down the binaries to what is fairly unique to them. On the other hand, Windows programmers are familiar with DLL hell - the random and undetectable changing of DLL's that their programs require. Becuase it isn't safe to use dynamic linking, almost all 'doze binaries are statically linked, and if they are dynamic, they include a copy of the dll in the distro, and require it to be located in the same directory as the binary to work. They may have code reuse, but there is no binary lib reuse.

Yes, NIS and kerberos are useful (1)

Sangui5 (12317) | more than 13 years ago | (#136544)

But what Hailstorm is is having the same centralized authentication for many separate sites.

If the local NIS server gets 0wn3d, my /. login is still safe. If /. is hacked, my home box is still secure. And my credit card information isn't on any of them.

But if passport is hit, then it's all gone. Even worse, because of the way Passport has to authenticate for other sites, they have to store the tokens there for many sites. With NIS, the local machine passes on my password to the NIS machine, which checks it for validity. The NIS server doesn't know my password, it just is able to positively ID my password. Not necessarily true of Passport.

Smaller isn't impossible, just more difficult. (3)

Sangui5 (12317) | more than 13 years ago | (#136547)

Here is a little anectdote relating to executable size

I recently recompiled my kernel, and put in the MagicSysRq support. I had been playing with fork, and the killall/nukem-now support it offers was attractive. However, can be dangerous, and as such you have to put a '1' into /proc/sys/kernel/sysrq before it will work. Putting a '0' in instead will also work.

Now, I wanted to be able to turn this on/off from my user account w/out going to root. A script wouldn't do it as /proc isn't world writable, and you can't suid a script safely. Therefore I needed a very simple binary program. Being the lazy person that I am, I wrote it in C++:

int main(){
ofstream out;
out << "1";
return 0;

Now, when I compiled it, I noticed that the filesize was a whopping 354K. 354K just to write a single character!!! That is way too much. So I decided to put it on a diet. First step: strip. Strip removes all of the debugging information from a file, which can really shrink it's size. It did, but still left a whopping 71K.

I then realized that the problem was using C++. So I switched to C, using file pointers, fopen, putc, and so on. This brought things down to a mere 12K. Stripping this brought a final size reduction to 3276 bytes. A very very slight reduction could be achieved by using the more raw calls to open() write() and close(), but only a couple of bytes.

Now, what is the moral of the story? It was a little harder to write the small version. I had to look up the exact semantics for fopen (I don't use C very often). I had to know about the existence of strip (or the -s flag for gcc will do the same). And I had to have the will to cut the size down. As a result I cut the binary to less than 1% of it's original size.

Now how many end-user apps:

  • have been written with absolutely no attemt to keep the size of the binary down?
  • haven't had their debugging symbols stripped?
  • statically link to common libraries rather than dynamically link?
  • statically link multiple times to the same library, and then dynamically link once or twice more just for good measure (hint: MS Office).
  • have lots and lots of extra features that only a small percentage of people use?
  • have totally unnecessary things (a whole flight sim in Excel!!)?
  • are written in "big" languages like C++ (especially for GUI work), or are written by people who would rather save themselves 5 minutes coding rather than slim something down, even a large amount?

The answer is "a lot"

Network computing is perfectly possible. It just takes a small amount of effort

Forget the privacy implications (4)

Sangui5 (12317) | more than 13 years ago | (#136548)

Just consider for a moment the security implications.

You must remember that this is MS running the servers. Now, last I checked, they didn't exactly have a very good track record on security. Just think of what bad things could happen the first time somebody breaks into the Hailstorm servers and steals millions of people's login info at once. Or credit card info too, as there is talk about using Hailstorm to handle online purchasing too.

The very idea of a centralized single signon is moronic. I would hope that most people on /. realize that by now.

Re:Likelihood of .NET and hailstorm success is low (3)

WasterDave (20047) | more than 13 years ago | (#136564)

MY data is one SOMEONE ELSE's machine.

The problem is that while you're comfortable with data being on your machine, 99% of people (joe consumer) would rather it wasn't. They have no idea how to do backups, are uncomfortable with the idea of disk crashes, and (ironically) are used to the idea that computers just do go wrong even if they have no idea that it's our friends in Redmond that cause it.

So they want someone else to look after their data.

Dave :(

Re:So name the open source alternatives (1)

pangloss (25315) | more than 13 years ago | (#136569)

some implementation of LDAP, or its big brother, X.500? maybe in conjunction w/ using certs?

but what does merely having an available open source implementation get you? who's going to run it? someone who you are going trust? just because it's open source certainly doesn't mean someone is going to run it for free in competition against microsoft.

and if not microsoft, what, is petreley implying that sun would have been a better candidate for holding a monopoly position on auth services? pah!

maybe some single, monolith authentication service isn't the direction to be looking to in the first place. seems like trust issues keep cropping up....

Re:Scary - but it may be Microsoft's downfall (1)

JMax (28101) | more than 13 years ago | (#136572)

baptiste wrote:

> The money is NOT with personal PCs - hell half are using pirated software anyway!
> Its the business customers.

Are you kidding? Music, movies, television... that's what this is about; it isn't about "office productivity" anymore, it's the entertainment industry. This is about MSNBC, and Disney, and Sony, and all those people.

Use an affiliated .edu/.org for your CA (2)

lazzaro (29860) | more than 13 years ago | (#136575)

I've always thought universities were the perfect certificate authority for their graduates; you would get the service as part of joining the alumni association, along with the bad magazine and the alumni email address. Grads are already using them as an authority every time they request a transcript, and certifying someone completed a degree is a pretty strong claim of identity, more strong than Verisign has to offer.

The idea can be extended to handle people who don't go to college too -- there are enough organizations in this world, from churches to unions to professional organizations to AARP to AAA, most of whom collect money from their members while providing various value-adds. Certs could just be another thing along with the discount health insurance.

Other conclusions possible... (2)

dead_penguin (31325) | more than 13 years ago | (#136581)

While the article does make some interesting points (you *did* read it, didn't you?), I'm not quite sure I'd go so far as to see this as a huge consipiracy to draw our attention away from "authentication services".

It's probably true that Microsoft isn't as concerned with the GPL as it appears in previous articles here, but I think their "concern" with it is a pretty good indication that they are taking it seriously. Aside from the fact that this is classic MS FUD-mongering, I'd imagine that before they went and made any such statements that their lawyers had taken a very, very close look at the wording and workings of the GPL.

Rather than the current smear tactics (comparing something a "cancer" is *not* playing nice) being a diversion, I think they are being carried out because Microsoft actually believes that the GPL could stand up in a court of law, and that their corporate lawyers *probably* couldn't fight it effectively.

Of course if you want a real conspiracy, you could even go so far as to conclude that MS has already (secretly) violated the GPL, or is planning to do so...

"Intelligence is the ability to avoid doing work, yet getting the work done".

Re:So name the open source alternatives (3)

jfunk (33224) | more than 13 years ago | (#136583)

PAM, Pluggable Authentication Modules.

Note that it is not solely for logging your UNIX box. Check out http://pam.sourceforge.net/mod_auth_pam/ [sourceforge.net] for an Apache module.

It's really a pretty cool solution and you can authenticate to almost anything: LDAP, RADIUS, even SMB.

Of course, there's still the problem of centralised control. What I would really like to see is a PGP or PGP-like solution where the user has control over their private key and each site grabs the public key when they sign up (with this, a signing up process could be transparent to the user). That way, you get the common authentication method and there's no need to store complete data about you anywhere but on your computer. Imagine getting a popup: "Whatever site has requested the following information:...." Each piece could be accompanied by a checkbox so the user can accept/deny specific pieces of information.

This is probably doable such that it will easily integrate into current systems, too.

Of course, I could be totally wrong, and I'd expect someone to point that out. :-)*

Which means... (4)

brianvan (42539) | more than 13 years ago | (#136590)

While we were all vigorously arguing on Slashdot, they snuck in the room and put little black boxes between our network interfaces that record a micropayment for every TCP/IP packet.

Nice diversion!

Sarcasm aside, Microsoft is still a big corporation... and smaller means quicker. So it's not really about Microsoft sneaking anything past us... it's about the quality of our decisions and actions, and how effective they are to counter moves by Microsoft.

But hey, the best solution is to just give in, buy their stock, and move to a remote Pacific island to live off the profits. Or, alternately, move in with Stallman and start amassing the GPL cult that will eventually take over the world like... Pac Man...

Open Source Alternative... maybe? (1)

metacosm (45796) | more than 13 years ago | (#136591)

I do not know of any open source alternative to the microsoft purposed system. But I have a concept (very off the cuff). What if you used FreeNet as the data-store. Your data would be replicated, cached and encrypted. Once you access it from your place of work, you place of work would have a cached verion of it, when you try to access it from somewhere else, whatever node you are using as your "server" will go out and look for you current information in the FreeNet service, replicating it along the way back. I am not going into details, because I don't know how this might work, is it possible? Anyone with more knowledge of freenet/universal login system care to comment? I just see there being LOTS of servers rather than a centralized few, and once you get your data in the building you are working at, it stays there until you try to access it from somewhere else (home) and then it is replicated. This would use the power of P2P to be the load of a universal login/data storage system to the edges of the network, decentralize control, and allow local administrators to setup Nodes for ther users data, which would become a part of the FreeNet network as needed (accessed). Just a comment, I don't know if it possible or what, just wanted to throw it out there.

The problem? (3)

interiot (50685) | more than 13 years ago | (#136594)

I don't see the problem with this. Well, there's the ever-present plans of MS to take over the world, but that's nothing new.

What microsoft has always been good for is successfully implementing the grandiose ideas that nobody else could. Do you remember the Windows 3.1 days? If you had a new graphics card or new printer, what was the only thing that could talk to it? That's right, MS Windows. And MS shared the love by allowing any program running within it to talk to those devices as well.

And now there's network computing, with its related monstrosities, central directory and PKI infrastructure. Many big heads have tried to tackle these; none has come close to success. These are ideas that would expand the usefulness of computers beyond belief, but they can only be pulled off if there's a strong center to hold everything together.

In case you're worrying that "center" means monopoly, think again. The center is shrinking! MS is no longer trying to have a stranglehold on the Apps or the OS, just the authentication and the basic protocol which can be run on any hardware. We should rejoice!

Unlike visa or doubleclick, they're not trying to put themselves in a position to snoop on you. They're trying to give us something that no one else can.

Re:Forget the privacy implications (1)

stroppy (52303) | more than 13 years ago | (#136595)

Ah, you see when they have the amount of control they want, they get their tame politicians, tame attorneys, and tame reptiles of the press to convince the 'public ' that security holes are good for Freedom Loving Peoples(TM) everywhere.

As to authentication generally, I look forward to the day when I can Sit Down (R) at my Computer(TM) and Work (C) while have A Lot More Fun (Pat. Pending) at the same time.

And while we're on the subject: Is it just me or does Ballmer REALLY look like the monster from Young Frankenstein (pron. Fronk-en-steen)

MicroSquish for authentication? (5)

jcr (53032) | more than 13 years ago | (#136597)

Yeah, right. Like I'm going to trust an outfit that puts a Turing-complete interpreter in a MAIL CLIENT, and gives it full access to both the filesystem and the outgoing mail queue for ANYTHING related to security.

The long and short of it is, MicroSquish knows precisely *squat* about multi-user computing, data security, and crypto.

When Hugh Daniel went up to Redmond to do interoperability testing between FreeS/WAN and their half-assed IPSEC, he asked them which crypto algorithms they'd implemented, and they told him "40-bit DES". Nothing else.

Hugh just left. I would have, too.


Re:Why I'm Not Using Windows Anymore (1)

Old Wolf (56093) | more than 13 years ago | (#136598)

That "Microsoft's Hidden Files" page is a crock. It writes all this sensationalist text in order to point out the existance of caches.

It's the same sort of thing as "Linux is conspiring against you and recording your every moves, because it creates .bash_history files".

I am not sure about this... (1)

clump (60191) | more than 13 years ago | (#136603)

Im afraid I don't quite see what he was arguing. "Authentication services" is a pretty loose term and was not adequately defined in the article. I assume Nick meant the term to be used as how we can connect to .NET. If so, the article's conclusion that we need to beat 'Microsoft to the punch' makes little sense with a network/platform in which a single company holds all rights.

Re:Makes perfect sense, really. (2)

clump (60191) | more than 13 years ago | (#136604)

"If you can keep the appropriate people focussing their attention on trying to justify themselves, even against rather pointless and ineffectual attacks, they don't get quite as many people thinking "what are they up to?"
One side effect of Microsoft's attempt to slander volunteer software production is that they are now making the target of their attacks ever more visible and understood. In that I mean Microsoft is inadvertantly creating debates that can cast critical eyes on their own proprietary software models and can raise awareness of the existance of free/better alternatives. Microsoft has the hurdle of trying to make philanthropy look "bad".

Imagine what would happen if WalMart suddenly attacked and lobbied against thrift stores or charitable institutions. They could quite easily argue that the very exitance of low-cost/zero-cost goods destroys the industy. They would, however, endure a backlash they likely could not comprehend.

Likelihood of .NET and hailstorm success is low (5)

Bilestoad (60385) | more than 13 years ago | (#136606)

They still haven't addressed the biggest problem with the model -

MY data is one SOMEONE ELSE's machine.

Even if you have a local backup that introduces issues with consistency. And just who is reading your work? Why will people suddenly trust a third party to provide their environment? It didn't work for Sun in the 90s (which although Petreley mentions MS fought, was not a failure because of MS opposition) and it won't work for MS now - in fact this could be the undoing of Microsoft. We have huge, cheap hard drives, great technology like IMAP, and software that works. I can't see the compelling advantage.

Hesiod, anyone ? (1)

shall555 (62373) | more than 13 years ago | (#136608)

There *is* a standard for distributed authentication.

So, why not use Hesiod ?

Maybe it needs updating for today's environment, but it worked great a few years ago within
a corporate domain I'm familiar with.


no no... the Wizard said it best... (3)

stefanlasiewski (63134) | more than 13 years ago | (#136609)

(To misquote the 'Wizard of Oz [rr.com] '):

"Pay no attention to that man behind the curtain!"

This "microsoft conspiracy" thing is getting old (2)

quartz (64169) | more than 13 years ago | (#136611)

No really. Why should anyone in the free software/open source communities give a rat's ass about what microsoft does? I know that as long as something is made by Microsoft, I won't use it. And as long as there's a free software community I'll share my software with them. Microsoft can go to hell. They can't make me use their software, no matter what they do.

So c'mon people, let's spend less time bitching about microsoft and more time providing ourselves with the software that we want. I can understand journalists, they can't help blabbing on about microsoft vs. open source, it's their job (and I bet they're praising the patron saint of journalism right now for such a long-running and juicy story source as the oss-microsoft war). But us? We have far better things to do...

Re:Likelihood of .NET and hailstorm success is low (1)

samantha (68231) | more than 13 years ago | (#136613)

Your email stays on any server you want. Including your own. Some things benefit by being server based or mediated or replicated through a network of machines. Others don't. Why do we keep trying to make single statements that cover all cases? There is no single magic bullet technology. When will we grow up enough to not forget that?

don't get it (2)

samantha (68231) | more than 13 years ago | (#136614)

Network Computing is still a step into the past. Timesharing revisited. A system that ignores the power of user machines in favor of doing as much as possible on servers and to top it of uses only HTML for GUI is seriously broken and I am amazed it is even considered in this day and age. What a waste of the last 40 years of hardware and communication advances! We should be seeing massively P2P architectures and as much work as possible being offloaded to clients that have their configuration managed as automatically as possible.

If MS wants to play the Open Standard game then simply make sure the keeper of the Standard is independent and the standard is really Open and independently certifiable with no bogus gotchas that prevent Open Source implementations from being certified.

Re:Makes perfect sense, really. (1)

binner (68996) | more than 13 years ago | (#136615)

Welcome to the Machiavellian world of PR. It's a lot more difficult to meta-moderate out there, and Microsoft is trolling.

If this isn't the most brilliant quote on /. in years, then I don't know what is.

Thanks for the laugh.


Re:So name the open source alternatives (2)

technos (73414) | more than 13 years ago | (#136618)

They're not.. They're just going to make sure that every bit of software running on their OS requires authenticated user credentials to run, and the only place they're going to let you get that authentication is passport.

Re:Forget the privacy implications (2)

technos (73414) | more than 13 years ago | (#136619)

Moronic, sure.. But so are the millions that want it. And only Microsoft, who has experience in the 'So you got hacked! What am I supposed to do about it. You only paid us $40K for out software, you didn't pay us to make it secure!' business is going to be moronic enough to try it.

Re:NC? (2)

pete-classic (75983) | more than 13 years ago | (#136625)

I think that NCs will get a niche. Secretaries, POS, stuff that is better off centralized and doesn't benefit from being local.

Out side of that, I think that they are doomed to fail as a mainstream "PC replacement" for a reason I haven't seen anyone else cite. That reason is; PCs are cheap. By the time you buy 10 NCs, with displays, and a bad-ass 4 (or more) way server to service them, you may as well have bought the same 10 displays and 11 PCs, the 11th for file/print sharing.

And I think that NCs have a negative economy of scale. I.e., if you have 100 desks instead of 10 you need 10 times what I described above, plus a SAN, and a bunch of network upgrades to handle the load.

Or, I suppose, you could do a shoddy job. Only buy enough processor power to handle average load. (And have human beings sitting around waiting for the system at peak times. That ain't cheap.) And sit the whole thing on whatever network infrastructure you happen to have. (Hope you've got 100Mb switched, buddy.) Leaving you with a crappy system that cost as much as giving everyone a PC.

And don't give me a bunch of TCO crap. You aren't going to convince me that the army of real admins that will be needed to keep all those terminal servers going is going to be cheaper than running a helpdesk with a Ghost image on hair a trigger.


Re:Smaller isn't impossible, just more difficult. (2)

nihilogos (87025) | more than 13 years ago | (#136635)

354K??? The same program compiles to 5978 bytes using g++ on my system.

Re:Why I'm Not Using Windows Anymore (1)

Jaborandy (96182) | more than 13 years ago | (#136643)

My stupid response to a troll:
  • Hidden Files: This makes me laugh. The author complains about cache files, and can't figure out the ASCII encoding of his attachments by Outlook Express. Pure paranoia.
  • Passport Terms of Use: They've been changed to correct this misunderstanding.
  • Spying: This is unconscionable, and would be illegal in the US because spam faxes are banned. Is this legal in the UK? If not, I highly doubt that this story is true.
  • Stealing information: Who knows what misunderstanding could have made some Taiwanese companies think this in '98. It's unsubstantiated, but I can't discount it.
  • NSA key: MS did deny NSA involvement. That key is there because the NSA required it for export purposes. Specifically, MS had to validate its crypto routines to make it harder for people to plug in strong crypto modules in violation of US export laws. MS signed crypto routines to tell the OS what strength it was. First of all, it was a signing key. Second of all, the NSA never had a copy of the keys. So yes, MS did deny NSA involvement. Third of all, I get the impression that MS doesn't care if you defeat this mechanism, since it's only there because the stupid US gov had dumb export laws, which have now been changed anyway.
portege00, you're a Slashdot M$ basher.

WinXP comes with a personal firewall. I'd happily hang that ass on the net, but that's a totally different conversation (win9x does suck, I agree. NT is the one that compares to linux).

He's right you know (1)

Korgan (101803) | more than 13 years ago | (#136649)

All this latest flaming and full frontal attacks from Microsoft is totally out of character. And its worked. Nearly everyone has stopped thinking about .NET and is taking notice of these comments from MS. I know I did for one.

MS are very smart in this regard. They know that people have a lot of pride in the OpenSource community and by attacking OpenSource directly, people will instantly react. Everyone moves to take on these attacks from Microsoft while the .NET platoon out-flanks and out-manuvers the OpenSource community.

The only way to resolve this is to ignore Microsoft's public comments like this. Instead, concentrate on what they're actually producing, not what they're flaming. Let guys like RMS throw the mud back (I suggest him because he does it so well) and let the rest of us carry on doing what we do best... Building a great community, pretty damn excellent software and something that everyone can use freely and openly without fear of "The Man".

If it weren't for work, I'd be totally free of MS software and their crap. If I didn't have to keep up with issues about their software, I'd completely ignore them altogether. Nothing I do in my own time has anything to do with them, my software isn't trying to use or emulate their 'standards', just provide an alternative that does what I want the way I want it to.

Those that can, I strongly suggest that you ignore the statements MS make like this. Just keep an eye on the products they actually produce (its not smart to not know what "the other side" is doing).

Re:Who else can control this chaos (1)

Korgan (101803) | more than 13 years ago | (#136650)

Only MS is seasoned enough to provide such services

Oh so not true!!! IBM, Sun, Novell are all capable of doing exactly the same thing. IBM would never get the 'job' because its always been likened to Big Brother ever since Apple's famous SuperBowl add in the 80's (Either Steve Jobs was a great forward thinker, or he fluked that one). Lotus Notes/Domino could quite easily be modified to be very much along the same lines as .NET is intending, it just doesn't have the advertising budget or the market share to make it worth while.

Sun.... Well, they tried... But everyone was against it then so it didn't happen.

Novell... OneNET is actually functional and you could use it right now if you wanted. But its biggest hurdle is market share and advertising. Every ad I've seen from Novell is about the company and what it can do, not about individual products.

Microsoft are not the only ones, they're just the ones that have made it seem like a good idea and have put a huge (as they always do) marketing hype to push it forward quite outstandingly.

NC? (4)

cadfael (103180) | more than 13 years ago | (#136651)

I honestly doubt that NC's are the future that the author of the article does. Many of the app's that people cannot work without are rather large (and perhaps bloated). These often include Big Bad Bill's homegrown programs. I do not see a lot of development for the PC (I speak specifically of the Windows environment here) for the public that is smaller, tighter, faster code.

Until NC's can deliver the same punch as a PC continuously (in terms of performance and customizability), people will continue to purchase PC's.

-- The Hollow Man

Re:As always, Cosmo said it best... (1)

dciman (106457) | more than 13 years ago | (#136654)

That was an amazingly cool movie. Sure some of the stuff they did was a little sketchy (ie wiring up that box to the computer and being able to watch the screens of data "decrypt" in front of their eyes), but the cast was great and they really pulled it off.

Old stuff (1)

aralin (107264) | more than 13 years ago | (#136656)

I've read the article before I left for vacation one week ago. This is hardly some news.

On the other hand I can agree partly with the article. In case that we will have service oriented software, the authentication is likely to get monopolized and thus who will win the authentication services is going to dictate terms similar to the way when you control the platform. Although this monopoly might not be so stable and we should definitely go for open standards to prevent it.

Why I'm Not Using Windows Anymore (3)

portege00 (110414) | more than 13 years ago | (#136657)

These types of actions on Microsoft's behalf is exactly the reason why I bought an Apple iBook with OS X recently, learned how to use Unix over the last four years, and put a LINUX firewall between my Microsoft machines and the Internet--I don't trust M$ products enough to hang a Winbox's bare ass off the network like I would Linux or OpenBSD.

I don't mean to sound like a Slashdot M$ basher. I have my reasons...

I can't find the link right now, but Microsoft and the NSA have backdoors into your system. Microsoft doesn't deny NSA involvement, either.

Given their past history, anyone who uses .NET is either ignorant, foolish, or just doesn't care.

Where do you want to be violated today?

Re:Other conclusions possible... (1)

DarkProphet (114727) | more than 13 years ago | (#136660)

Get real! Its a proven fact that M$ will play dirty pool if its threatened enough (see Netscape v. Microsoft in the browser wars). Yeah, you're right, M$ may want to test the validity of the GPL in court, but M$ is smart enough to cover thier bases. Lets look at some reasons M$ would be so vocal to the general public about the GPL (remember, Joe Sixpack isn't reknowned for giving a shit about licenses):
  • By trying to convince the general consumer that the GPL is bad, it makes M$ look like the helpful innovative company that they wish they were. "Hey people, these GPL commies are trying to destroy our economy!"
  • Since Microsoft _has_ been so vocal, it seems to me they have weighed the possibility of testing the GPL in court. They wouldn't call attention to something unless they were willing to face it head on. M$ might not take on the GPL in court, but I'd dare to bet that someone will, and probably pretty soon. M$ will be watching.
  • Its an obvious attempt to try to distract and fragment the open source community. United, we are a very real threat to MS, but if we start squabbling about liscenses (GPL vs MPL vs BSD flamewars), we'll be a little too preoccupied to worry about what M$ is up to. M$ has tried this experiment before, and they know full well we fall for it everytime. Its a diversion alright
  • With all the dot coms going belly up, its a good I toldja so from M$. M$ could quite easily quote quite a few companies (RH, VA, Caldera) who have had quite the hard time generating positive net earnings. Of course alot of closed source companies had the same problem, but M$ is known for leaving out details.
When it comes down to it, M$ is up to something more than just flaming the GPL. Sure, us OSS zealots would like to think its because M$ is scared of the GPL. Yes, they are, but we'd be naive to think it ends there. It does not. M$ will take pot shots like this at us, BECAUSE IT BUYS THEM TIME! It gives them time to develop something new, and market it as the Next-Big-Thing(tm) that the consumer HAS to have. And it will conspicuously have no OSS alternative.

It would be in our best interests if Slashdot (and open source developers in general) stopped paying attention to the M$ FUD machine. It'd be infinitely more wise to pay attention to what M$ is doing not what its saying.

Re:Forget the privacy implications (1)

malfunct (120790) | more than 13 years ago | (#136662)

I thought the idea of hailstorm was not to centralize the data storage but to unify the client used to look it up. Make one standard to get all the data and it doesn't matter where the data is stored in the end.

Re:So name the open source alternatives (2)

susano_otter (123650) | more than 13 years ago | (#136663)

My guess is that this sort of global "one ID everywhere" solution only makes sense (and money) when you have a large, locked-in user base.

Microsoft probably hopes to integrate, MSN, Hotmail, Explorer, .NET, and Subscription Licenses under one monolithic service umbrella, with global access to "everything you could ever want or need" provided by Passport.

The open source community doesn't have anything like this because of the prohibitive costs of trying to integrate too many disparate - and often competing - services under one centralized authentication solution.

Re:Likelihood of .NET and hailstorm success is low (2)

gengee (124713) | more than 13 years ago | (#136664)

Firstly, All Your Data Already Belongs To Someone With Root. That is, unless you only distribute data on physical media.

But it's a legitimate concern. Hell, I wouldn't feel comfortable with it either. So I would refer you to TCFS [www.tcfs.it] .
TCFS is a cryptographic network file system featuring group sharing of encrypted files. TCFS will encrypt your files before sending them to the file server
and will decrypt them before they are read by the requesting application. Because the encryption/decryption process takes place on the client host, no
clean data will travel the network. This is particularly valid for the encryption key.

TCFS does it's thang at the kernel level. This is certainly convenient, but not necessarily practical. If that is the case, there's a userland counterpart to TCFS called CFS that does basically the same thing.
signature smigmature

So name the open source alternatives (4)

DrXym (126579) | more than 13 years ago | (#136668)

If MS is selling authentication services, what are the open source equivalents?

Surely someone somewhere in GPL land has written some code that let's you do what their passport software does. If so let's hear about it!

Re:Likelihood of .NET and hailstorm success is low (2)

rgmoore (133276) | more than 13 years ago | (#136674)

You must deal with very different people from me. I don't know anyone who wants their data stored on somebody else's machine. Even at my work, where we have some kind of confidence that the data will be secure and well looked after, ITS has had a hell of a time convincing people to save their data over the network instead of locally. Most "Joe consumer" types still live at the ends of narrow pipes and find downloading even modestly sized files obnoxious; they're not going to put up with having to do that with the files they own as well as the ones they're downloading from somebody else.

Sun is as bad as M$ (5)

abde (136025) | more than 13 years ago | (#136675)

while I appreciate raising the alarm - this is an insightful piece - I couldn't help but wonder why he thinks NC would have been good under Sun's control. Clearly .NET will be a nightmare under the monopolistic control of M$ - but Sun is just as hungry for monopoly as Microsoft, and would hardly have shepherded the concept any more benevolently than M$ would. The NC *was* a failed concept and for good reason!

not true (5)

Karrade (137360) | more than 13 years ago | (#136676)

I think MS has a good chance of making this happen. Its not a certainty but it is very possible. IMHO it all starts from the desktop monopoly.

The key is that when Hailstorm gets integrated into applications (instead of being "on the web") people won't feel as uncomfortable with it. They won't even notice its happening.

Imagine that some music distribution company offers a jukebox like system where you pay a small amount of money to instantly play a song. If they teamed up with MS, they could install this ability in MS Media Player to log you into Hailstorm so you could "securely" transmit finaical information neccesary to get the song. And the normal user barely even notices becasue all the info gets typed into regular windows dialog boxes that don't look anything like the "scary, unsafe" web. For the music industry its great because they don't have to worry about keeping user accounts and the security. For MS its great becasue they get money even though they have nothing to do with music. Hell, that might even make it easy for artists to directly charge for music. Easy distribution, and easy money collection. It works with anything. Like the MLB's plan to charge people for the game broadcasts.

Its all perception. People get scared only when they take out their credit card and type it into the computer. Imagine MLB get you to type in your credit card just once into Hailstorm. From then on all you'll see is a dialog box that pops up saying "Do you want to buy this? YES NO" Peopel will just hit yes and barely think about. Since all the info is already in Hailstorm, you won't need to retype your cc.

Once people are in the system and comfortable with it other companies will dive in. Make the same modification to Internet Explorer and then companies can sell you stuff over the internet using Hailstorm as the payment scheme (a la PayPal)Companies probably won't even give you any option other than paying via Hailstorm since its a lot easier for them.

And this is exactly what the article is getting to. MS suddenly becomes the doorway to a whole host of services. In other words _everyone_ is dependant on MS. MS can raise prices however they see fit since comapanies would need the MS user db to conduct transactions.

the anti-UNIX (1)

characterZer0 (138196) | more than 13 years ago | (#136677)

Sure, end users may like this idea, but if those running the computer systems don't go for it, it won't fly. I would think those who know and love UNIX and its 'many tools' philosophy will be aprehensive about .NET's one really big monolithic (bloated?) tool.

the appeal of a single sign on (4)

fetta (141344) | more than 13 years ago | (#136683)

Having a single sign-on has real benefits from the point of view of a non-technical user. End users want the experience that Hailstorm theoretically offers (at least some of the time). They are tired of remembering dozens of separate password. Unfortunately, lots of people don't worry that much about the privacy implications.

Is there a good open source alternative that can provide the same experience?

As always, Cosmo said it best... (5)

gilroy (155262) | more than 13 years ago | (#136693)

There's a war out there, old friend. A world war. And it's not about who's got the most bullets. It's about who controls the information. What we see and hear, how we work, what we think... it's all about the information!
(from Sneakers [imdb.com]

The film was about 10 years too early, but it amazes me how much it captured.

Re:Makes perfect sense, really. (2)

Morbid Curiosity (156888) | more than 13 years ago | (#136694)

Imagine what would happen if WalMart suddenly attacked and lobbied against thrift stores or charitable institutions. They could quite easily argue that the very exitance of low-cost/zero-cost goods destroys the industy. They would, however, endure a backlash they likely could not comprehend.

I think the main difference there is that the everyday person-on-the-street knows thrift stores and charitable institutions. They understand them, and recognise what they do. To most people, open source is something they don't know or understand, and their main source of information about it has been FUD marketed to them by people who don't like it.

Debunking that FUD is all well and good, but if people aren't also educated about what open source is and how it works, then they're never going to be able to make an informed decision, one way or the other.

Makes perfect sense, really. (5)

Morbid Curiosity (156888) | more than 13 years ago | (#136695)

If you can keep the appropriate people focussing their attention on trying to justify themselves, even against rather pointless and ineffectual attacks, they don't get quite as many people thinking "what are they up to?" as they would if they were just getting on with quietly rolling out their .NET plans - they're quite obviously whinging lamely about open source, right?

By giving the more zealous and vocal open source advocates a giant red "Kick Me!" sign to fire at (and fire they will; the target's too good to pass up), then commentary on the other things they're doing might just get lost in the noise.

Welcome to the Machiavellian world of PR. It's a lot more difficult to meta-moderate out there, and Microsoft is trolling.

Two .NETs at issue here (5)

Pinball Wizard (161942) | more than 13 years ago | (#136697)

So, according to Petreley, NC's have withered on the vine because of a massive and insidious FUD campaign by Microsoft to spur everyone not to buy one.

I'm sure the fact that you can buy a complete PC for what a NC cost had nothing to do with their demise.

As far as .NET is concerned the issue of authentication is overblown a little. People seem to focus on the evil-looking parts of .NET like authentication services and ASP software, and forget about what .NET really is. It is a runtime, like Java, that can run code written in several different languages. That part of it will succeed. The authentication stuff however will go down the tubes just like the ASPs are doing now.

There is not a widespread need for third-party authentication. Certainly not enough for there to be widespread services that everyone uses. The ASP model has failed to a large degree as well. If the 3rd party goes down(as MS has often done) or tanks as a business you are hosed. Most people won't risk this.

The part of .NET that will succeed is the programming model, because it does solve a need for a lot of programmers.

So what we have really is 2 .NET's, one which will succeed, and one which will not do so well.

Re:Likelihood of .NET and hailstorm success is low (1)

elliotw (171181) | more than 13 years ago | (#136698)

If consumers are so uncomfortable with their data being on someone else's machine, then how do you explain the popularity of...

1. web-based e-mail (www.hotmail.com),
2. online storage services (photos.yahoo.com), and
3. financial portals (www.fool.com) where people enter their portfolio contents.

Re:Likelihood of .NET and hailstorm success is low (2)

elliotw (171181) | more than 13 years ago | (#136699)

If consumers are so uncomfortable with their data being on someone else's machine, then how do you explain the popularity of... 1. web-based e-mail (www.hotmail.com), 2. online storage services (photos.yahoo.com), and 3. financial portals (www.fool.com) where people enter their portfolio contents.

Re:Likelihood of .NET and hailstorm success is low (2)

sulli (195030) | more than 13 years ago | (#136716)

Right. Petreley wildly overstates the support for .NET. My impression was that people don't yet know they don't want it - because they don't yet realize that it's another one of these godawful-stupid centralized data storage ideas.

Hey everyone in the biz: People like their PCs! They like controlling their own data and apps. If Hailstorm/.NET try to remove this control from the users, they will have the same level of success as, say, Microsoft Bob.

Re:Sun is as bad as M$ (2)

sulli (195030) | more than 13 years ago | (#136717)

NC sucked balls and I'm glad it lost. The specter of losing all control of your PC to Larry Ellison's Oracle empire was perceivd as, if you can believe it, worse than Microsoft to the user base, and so it died. Good riddance.

Re:blather (1)

jchristopher (198929) | more than 13 years ago | (#136723)

Parent is "+5, funny"? More like "+5, deadly accurate".

Re:Smaller isn't impossible, just more difficult. (1)

groomed (202061) | more than 13 years ago | (#136726)

So you saved ~350K on a ~354K file. But that doesn't mean that you'll also save ~350M on a ~354M application distribution.

Re:No, really, I insist. (2)

GunFodder (208805) | more than 13 years ago | (#136731)

This is a good point. That's why I keep all of my money at home stuffed in my mattress. Most people foolishly trust a bank to hold that money, but who knows what they will do with it? They might mistakenly transfer it to some bozo or accidentally divide my balance by 2.

Some friends tell me it is convenient to use these ATM things, but I can always go home and get more money if I need it, I don't ever want to leave town anyway. And this way I get to set up my own security. They tried to sell me some fancy alarm system, but I just keep the door locked and all the windows except for on the second story, 'cause no one is going to climb into a second story window.

Re:NC? (3)

GunFodder (208805) | more than 13 years ago | (#136732)

The apps that I use the most are a browser, a media player, a text editor, an email client and a terminal. Only the text editor isn't specifically network-centric, although most of the files I edit are scattered across many computers.

The NC isn't necessarily a terminal with no hard drive and a crummy processor. The central premise is that your data lives in a central location that you can access from anywhere. I would love to be able to access my MP3s from my car or edit code while kicking back at the beach. That is the power of the NC.

timing (1)

evocate (209951) | more than 13 years ago | (#136733)

The state of computing has changed somewhat since Ellison and McNealy first started touting the NC. That was about 5 years ago, and if you believe Moore's Law then computers are about 10 times faster today than they were in 1996. That means today you can really use a VM (like JVM) to run programs. In 1996 computers really were just too slow, even with the elusive JIT compilers. Bandwidth to the Internet was different too. Most people had somewhere between 14.4K and 56K. That just wasn't fast enough to realize the NC vision. Today, DSL and Cable are providing 10x to 100x the bandwidth for roughly the same price. So, we've had a 10x jump in computing power and a 10x jump in bandwidth. I hate to see Microsoft monopolize just as much as the next geek, but timing is everything and their timing is much better. They've kept their powder dry until it was pragmatically feasible and now they're unleashing Hell. Don't get mad, get even. Or...

mind-control ray (1)

scum-e-bag (211846) | more than 13 years ago | (#136736)

None of this would have been possible without the mind-control ray, which has been working beautifully.

Now we know why MS has such a dominant position in the desktop market... They have a mind-control ray... Thats why they have been able to convince the weak minded drones to comply.

Do NOT follow fuckmicrosoft's advice... (2)

Kasreyn (233624) | more than 13 years ago | (#136746)

...deliberately harmful "advice" there which will hose your Windows box. I suspect the site is either a cruel prank or a sarcastic joke, but it's certainly not clear to any poor Windows luser who stumbles by that they shouldn't ACTUALLY delete win386.swp (THE SWAP FILE).

The only "tips" on that page are for clearing temp internet files and other stuff that's only slightly beyond the average AOL luser. Nothing actually worth reading (that is, nothing I didn't discover a month after I started using Windows).


.NET (3)

corky6921 (240602) | more than 13 years ago | (#136752)

Funny, I was just reading an article by Bill Gates [microsoft.com] on .NET. The article explains .NET quite elegantly: "A company offering an online electronic-payment service can expose its service to partners, so that they can deliver it as part of their own offering -- regardless of what platform they are using."

Of course, Microsoft will always push their platform as the "best" one to build Web services on. But I think we should applaud the fact that two major proprietary behemoths have finally started pushing "open standards" -- IBM and Microsoft. Don't forget how unrealistic this would have been only a few years ago.

I think it's time to take a step back from all of this Microsoft-bashing and realize that at least we finally pushed them into a corner. They can't push a Windows-only solution anymore. Sun has cornered the market on "open standards" with Java. Microsoft HAS to counter -- as long as they keep pushing something Windows-only, they will lose customers.

What we are seeing here is what we have been asking for all along -- "Microsoft, will you finally support standards?" Why is it that when they agree to support XML and SOAP, and at least do lip-service to the "open standards" idea, we continue to bash them and whine about how Sun did this 10 years ago?

I'm not gonna do XP (1)

DaHat (247651) | more than 13 years ago | (#136755)

Authentication *shuddering* This is the whole reason I will be avoiding Office XP and Windows XP. 2000 does what I need and I will stay with it until it doesn't ... and if MS still believes in authentication then I will jump ship to Linux or BeOS where I can be me without worry about getting permission to use my computer.

M$ has done a better job than the competition (3)

rfsayre (255559) | more than 13 years ago | (#136763)

I think this cat is overlooking how much M$ has done make the idea of NC-type operations palatable to consumers. I'm not a big fan, but they've done a couple useful things.

1.) They make great web browsers. Sure, they've got privacy issues and they're closed, but they work pretty damn well. I type this from IE5 mac, which is a pleasure to use. Making web pages look as good as MS Word documents gives consumers confidence.

2.) They run Hotmail. Everybody's used this at least once. It's a great example of data accessibility. Another great examlpe is Corbis.

Another factor here is connectivity. There's much better and faster Net access now than there used to be. People couldn't see the benefit of NCs when all they had was 10base-T at work and modem everywhere else. At that time, NCs offered little benefit over carrying a floppy over to your co-worker's desk. With the spread of broadband, 802.11b, and faster ethernet, NCs are a much more practical idea.

M$ is also launching services, rather than trying sell you what appears to be a shitty computer. I think this is pretty key. The problem with previous NC initiatives is that they were hardware based. A guiding principle of NC thought should be that "hardware matters little". So why in the world would Sun be interested?

Art At Home [artathome.org]

Scary - but it may be Microsoft's downfall (4)

baptiste (256004) | more than 13 years ago | (#136765)

Lets be realistic here, is this really going to happen? Microsoft sure thinks so but maybe they're going to have another massive project blow up in their face (remember Bob?)

The money is NOT with personal PCs - hell half are using pirated software anyway! Its the business customers. Well, do you think any IT Director with half a brain is going to suggest letting Microsoft a) handle authentication to their sensitive data nad b) allow that data to be stored @ microsoft? I didn't think so. Plus can you imagine the strain on the already overloaded internet pipes of most major companies? Same goes for personal users - till that last mile is fiber - well .NET will just be too slow.

Now MS may make $$$ selling a .NET type package that runs on internal corporate PCs, but ala samba, we'll just emulate it was necessary while adhering to whatever standard comes out of all this.

Personally, I agree with teh author one one point - the NC got shafted. From a corporate view it was an AWESOME idea. Having maanged PC deployments and disk images, etc it was awful. Being able to toss a cokie cutter box onto the network, hit power and it boots up based on serial # and user config - what a dream - too bad nobody could make it work right :(

Re:You know.. (1)

Fuzion (261632) | more than 13 years ago | (#136767)

First of all get your facts straight. Bill Gates donates billions of dollars to charities, and in his will, he's leaving 3 or 4 million dollars to his family, with the rest being donates to charities. I don't like Microsoft any more than the average slashdot reader, and I don't agree with Microsoft's or Bill Gates' opinions, but that has nothing to do with Bill Gates himself, and what he does with his money. Pierre Elliot Trudeau, a former Canadian prime-minister said the following, "Never attack the individual. One can be in total disagreement with someone without denigrating him as a consequence"

Re:Which means... (3)

alcmena (312085) | more than 13 years ago | (#136781)

Agreed, Microsoft is a big company. That's why when they enter new areas they're like a huge elephant: they go slow, but there isn't much that can stop 'em once they start moving.

Smaller doesn't mean quicker though. Sticking to the same analogy, the smaller companies are more like mice. They can quickly dart back and forth, but obstacles can really slow them down.

I firmly believe that Microsoft can be beaten. It's just important to remember that just because they're big and slow does not make them an easy target at all.

The NC isn't really a failed concept (1)

hal9000(jr) (316943) | more than 13 years ago | (#136783)

There are two big stumbiling blocks to the NC:
1) Applications tailored to the NC and not simple screen scrapes of Word, Money, or Notes
2) The reliability users rightly expect for an appliance
Where .NET as it is being promoted is making a mistake is expecting users to pay per play. Charge a reasonable flat fee and .NET (Or NC) style apps will have a far better chance of success.
BTW, there is lots of rooom for providers to do interesting things with the .NET strategy that make MS a transport.
But I think .NET will not have the impact envisioned largely because few vendors want to put that much of their business into someone else's hands.

Re:Likelihood of .NET and hailstorm success is low (2)

slashdot.org (321932) | more than 13 years ago | (#136785)

great technology like IMAP

Huh?! You mean where your email stays on the server? Aren't you contradicting yourself here?

No, really, I insist. (3)

CoachS (324092) | more than 13 years ago | (#136789)

The thing I didn't like about network computing and the thing I don't like about application service providers and the thing I won't like about .NET or other plans for centralized computing is...

...I don't want vendors deciding who will host the customer's (MY) data. I want to host my data. And my applications. I don't want to be wholly dependant upon the bandwidth provided by an outside vendor just to access my basic applications and data.

Currently our enterprise provides applications and data to our users via a 100Mbit, switched, LAN with all of our cabling and physical plant under our direct control. No ISP can provide me with that kind of bandwidth on a cost-effective basis. If a switch goes down we know about it and can repair/replace it immediately. If it's too congested we can upgrade it when we're ready to -- we don't have to beg our provider and wait for them to call us back.

I am very uneasy about allowing other organizations to completely control access to the data and applications we depend upon for our business. What happens when they goof up the billing and cut us off for 3 days because they think we didn't pay the bill? What happens when they misallocate our IP address and we get dropped off the network? I won't leave our company at the mercy of somebody else's clerical error any more than absolutely necessary.

No. We'll keep our essential applications and data in-house. Thanks anyhow.


Re:So name the open source alternatives (1)

pa_jones (337006) | more than 13 years ago | (#136790)

http://www.microsoft.com/billgates/speeches/2001/0 3-19hailstorm.asp Remarks by Bill Gates, HailStorm Announcement, Redmond, Wash., March 19, 2001

"Passport is achieving very significant critical mass. All Hotmail users, of course, get a Passport. There are many third-party Web sites that we are working with to make sure that they get people to use Passport as part of their authentication. In fact, that was part of the relationship we had with people like eBay and many others, is to say, let's get Passport, so you only have to log in one time, and you get exactly what you want there. So it's our goal to have virtually everybody who uses the Internet to have one of these Passport connections"

I agree that Hailstorm/Passport is not generating the degree of analysis/discussion that it might - I was very suprised that there were not more comments about Passport and Hailstorm in the responses to Katz' recent articles about Microsoft's success.

Hailstorm seems to be about XML and SOAP driven by (in a business sense) Passport authentication. Is something like Zope (www.zope.org) an open source project which should be better developer supported in response?

blather (5)

underpaidISPtech (409395) | more than 13 years ago | (#136792)

.Net is tasty and palatable because it has the MS marketing machine behind it. Pointy-heads and suits like to identify with products, and campaigns. .NET is just the thing. They will be much happier purchasing a complete solution is a snazzy, glossy box, with a snazzy, glossy label like ".NET IIAS Server 2002", than cobbling together gnusnorf 0.13beta and gnufroop-2.73 into a custom built app, that performs as well on hardware they already own.

People like to shop, and companies like to drop down bucks on new hardware and shiny new CD's. Tarballs aren't sexy.

As for blind-siding Open Source, pfft. That was just a headline-grabber, nothing more. Online news has discovered that to increase revenues, they need to get posted on /. Just mention the words Microsift and Linux in the same sentence. C'mon, a full third of this clown's article was devoted to touting his awesome prophetic powers from back in the day.

The security problem of centralized NC (1)

The Milky Bar Kid (411137) | more than 13 years ago | (#136793)

all the world's secrets
on one server - cracked - not secret.
Just use peer-to-peer.

This post is about Truth, Beauty, Freedom, and above all things, Karma.

Why government is a *Good Thing* (3)

Thurn und Taxis (411165) | more than 13 years ago | (#136795)

There's an easy way to prevent Microsoft from controlling our identities. Let the government(s) control them instead. They control our identities now, by issuing licenses and passports. When was the last time you tried to buy a bottle of single-malt scotch with your MSCE certificate as ID? The way to stop Microsoft from controlling our identities is to convince at least one US state government to legislate the online identification of its citizens. Once digital identification is claimed as a right of the states in the US, it's taken out of the hands of M$. That's gotta be a step up, right?

You ARE the Missing Link. Goodbye!

Re:NC? (4)

Professor J Frink (412307) | more than 13 years ago | (#136798)

Until NC's can deliver the same punch as a PC continuously (in terms of performance and customizability), people will continue to purchase PC's.

Erm, wouldn't a powerful customizable NC just be a PC anyway?

Think how many people just want to read email, use a web browser and maybe write something in a word processor or let the kids draw pictures etc, at most. Make something cheap and powerful to do that and it should meet those people's needs.

The problem is education as always. People seem to be of the idea (maybe through the much greater advertising) that you need a huge, powerful PC to get the best out of the "web" or "multimedia". Rubbish, people were doing both very well indeed on the PCs of yesterday, which are likely to be about the same power as a modern NC. Plus with NCs being more limited in scope (which has to be stressed isn't a bad thing, your video only records and plays things for example but it does them well) they can be set up and coded tighter than the general, allpurpose PC.

NCs. They should be an ideal, cheap addition to any home, but PC arrogance and ignorance is kinda getting in the way...

And don't ask me if I'd buy one because of course I wouldn't. I'm an intelligent geek and therefore represent a very small minority of the world population. Why try to force people to become geeks to use our hardware when they can stay as they are and use something designed for them?

Re:NC? (1)

rudy_wayne (414635) | more than 13 years ago | (#136799)

I have to deal with Network Computing every day at work and it is a major pain in the ass.
When the server goes down - guess what. Not only am I unable to send or receive e-mail
(which you expect), I also cannot access any e-mail messages that I have previously
sent or received - or the documents attached to them. Because .... they're all on the server!!

NC blows.

Re:Say it enough, they'll listen (1)

haruharaharu (443975) | more than 13 years ago | (#136803)

Bob Dobbs, Who else?

Re:Sun is as bad as M$ (1)

haruharaharu (443975) | more than 13 years ago | (#136804)

All the NC stuff i've seen from Sun were in corporate settings. Since the corp owns your data there, it makes sense.

Say it enough, they'll listen (1)

jeffy124 (453342) | more than 13 years ago | (#136812)

Now that Microsoft has convinced much of the mainstream media that .NET is something new

Sounds similar to how George W won the election, he kept saying "I'm the president-elect," and he got the office.

Re:the appeal of a single sign on (1)

jeffy124 (453342) | more than 13 years ago | (#136813)

Should biometrics become mainstream someday (fingerprint scanners, etc), the problem of remembering passwords and user names would be simplified. You would simply use your biometric agent (retina, index finger) in places that currently ask for username/password.

Re:the appeal of a single sign on (1)

jeffy124 (453342) | more than 13 years ago | (#136814)

I posted a message [slashdot.org] elsewhere on this page about something in Java that also has the capability for single-sign-on. It's the Java Authorization & Authentication Service library.

Re:So name the open source alternatives (1)

jeffy124 (453342) | more than 13 years ago | (#136815)

some implementation of LDAP, or its big brother, X.500? maybe in conjunction w/ using certs?

You're describing somethign akin of PKIs: Public Key Infrastructures. If the name doesnt imply this, they also carry an entity's public key, in addition to certs.

True Confession/Rant of Ex Microsoft User! (2)

exMicrosoftJunkie (461707) | more than 13 years ago | (#136828)

I'm currently helping a client to switch their internal applications from NT/IIS/ASP/COM to a JVM/JSP-centric solution. In the client's current scenario, NT, IIS, and COM - all Microsoft-specific, proprietary, closed technologies - are required components to support ASP. With JSP, this changes to a scenario in which the JVM and JSP can be deployed on any mainstream operating system and web server, providing a solution which can be sourced by multiple vendors, and for which published standards and source code is usually available. This reduces dependency on a single vendor and makes it possible to solve problems oneself, without being forced to rely on underqualified tech support personnel and a company which has little interest in actually fixing the bugs in their products, as opposed to forcing upgrades to the next entirely new and untested version.

This perspective is based on multiple experiences in which serious bugs in MS products - like memory leaks in IIS/ASP - were never addressed. Being a highly competent developer, it is not acceptable to me to be at the mercy of a company that does not even do a good job of pretending to have my interests as a customer at heart.

Much the same feeling applies to the operating system and OS-level tools. I know experienced Microsoft systems integrators who have had endless problems with Microsoft's tools, Proxy Server being a prominent example. Problems with Exchange are legion and legendary; System Management Server is a spectacular failure; and their DNS server is little more than a joke. MS Service Packs and hotfixes are as likely to break major functionality as to fix bugs - the original Service Pack 6, and the more recent Exchange hotfix are cases in point.

From my perspective, Microsoft peaked at around the time NT 4.0 came out and has been wandering directionless since then, changing acronyms (DNA anyone?) on a regular basis to attempt to hide the lack of any significant innovation.

Two technologies originally led me to be pro-Microsoft: NT itself, and COM. NT was a good product, for its time, when the betas of NT 3.1 came out in 1992 or so. NT 4 made the catastrophic mistake of importing the Windows 95 user interface, and then turning the ever-buggy Internet Explorer into the GUI shell. Since then stability has only deteriorated, and almost no fundamental progress has been made in making NT/2000/XP support some of the more powerful capabilities and configurability long provided by Unix - proper remote administration capabilities not least amongst those.

It seems that any overall vision that had existed at the time NT or COM were conceived have since deteriorated into a mad rush to maintain control in a changing market, driven by the Internet, which is something Microsoft is still trying to control rather than "get". Factions within Microsoft with backgrounds in things like mainframe transaction server systems argue at cross-purposes with advocates of academically pure object-oriented systems. If there's someone with a global vision at Microsoft, I don't know who it is: Nathan Myrhvold left long ago, and Bill Gates has spent too much of his career making billions to be a competent software architect today.

Microsoft has also never quite gotten the hang of TCP/IP - with the possible exception of the core of IIS, its Internet-oriented tools uniformly suck. I've already mentioned Proxy Server and DNS. In Win2K, Microsoft finally gave up the battle in some areas and fell back on pure BSD tools, such as the telnet implementation. The Wall Street Journal's recent story [wsj.com] on Microsoft's reliance on open source software gives more examples of this admission of defeat.

But even while they're resorting to open source code, Microsoft seems to completely miss the power of simplicity and interoperability evident in Unix/Internet tools; or this may be a deliberate strategic policy. If tools are too simple, extensible, interoperable, or open, customers will have too much ability to control their own destiny, and thus won't be as easy to suck into a recurring-revenue future in which Microsoft bills its customers annually and provides arbitrarily chosen upgrades in return ("this new dancing paperclip is better than the old one, honest!")

In addition, Microsoft's own insistence on reinventing everything works against it: sucky initial implementations of Winsock led to applications which didn't get the concept of asynchronous communication. You still see this in products like Outlook today: they can lock up for extended periods while doing network access, something that should be completely transparent and in the background. [I'll say one thing positive here though: I/O completion ports are pretty sweet, and I've used them to good effect in some server applications. They've also helped IIS be an excellent performer. But one good API feature isn't enough, especially when the application developers don't understand how to use it.]

It isn't as difficult as one might imagine to convince hard-nosed business-oriented customers of the perspective I'm outlining: Microsoft's threatening lawyer's letters about license compliance, sent blunderbuss-style to all customers regardless of any evidence of lack of compliance, don't win friends amongst IT staff and CxOs. The threat of rental models, browsers which modify the web sites of other companies [wsj.com] , and critical coverage of these things from quarters such as the Wall Street Journal, all combine to make you wonder: is Microsoft aware that it will ultimately need to rely on more than its current desktop monopoly, and instead convince customers to buy its products based on their merits, and the quality of service it provides?

There's no long-term strategy there, just an attempt to keep the excessive revenue flowing until the next set of CxOs can take over and inherit the mess. As a profit generator, Microsoft represents an incredible and possibly unprecedented feat, which I can respect from a certain perspective; but that doesn't mean I want to number myself amongst the cattle slaughtered to feed its unholy appetites.

Server software has become a commodity, and Microsoft is desperately trying to tie unrelated components together and avoid standards, so that customers have no option but to accept the entire package, and pay serious money for that which has become freely available elsewhere. This is done at every level of its software offerings, so that in the application area I'm talking about, for example, the operating system is tied to the web server is tied to the transaction server is tied to the template language is tied to the virtual machine is tied to... did I mention the operating system?

Yet you can go and download the source code to systems that do much the same thing - e.g. the Enhydra [enhydra.org] or Resin [caucho.com] application servers - and, as alluded to above, these systems will run on almost any operating system and web server, with no secrets (you have the source), and no lifetime commitment to a development model espoused by exactly one company. And this applies double to commodity products such as file servers, proxy servers, web servers, DNS, email, and the like: the free products are actually significant improvements in terms of functionality and reliablity, over Microsoft's equivalent offerings.

Microsoft has grown too far, too fast, and become way too voracious and greedy. I rode with it to the peak of its wave; that wave has begun crashing, but instead of crashing onto a nice, wide open beach, it's crashing into an inescapable little Microsoft sandbox. I am jumping off to a different wave in which the currents don't work against me as much. I'm don't argue that .NET has no technical merits whatsoever; but the cost of chaining oneself to it is too high.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?