[Gllug] More Microsoft FUD
Richard Hillesley
richard at linuxuser.co.uk
Thu Nov 8 00:57:44 UTC 2001
> They didn't just break Kerberos
> to stop people interoperating with it, they extended it massively to
> support stuff it should really have supported from the word go.
In general, I don't think we are disagreeing about much, but I would dispute
that. The excuse for extending the protocol is that it could have supported
"stuff it should really have supported from the word go", but didn't.
Everybody knew that. In Jeremy Allison's words:
"There's no common representation of a 'user' across all systems, sure, but
the idea was that you don't pollute the Kerberos ticket with that local
system's idea of what a user is. Microsoft's implementation of Kerberos
actually wraps the authorization in the ticket. They subverted it and put it
inside a standard ticket. The result was that only tickets issued on Windows
2000 machines could be useful on other Windows 2000 machines, without a lot
of a manual mapping, which is a massive pain and is so tedious that no one is
ever going to do it."
> None of this is to suggest that I like this situation though: I just don't
> see any reason to knock Microsoft falsely; that's their game".
Nothing false in this. It is their own declared policy. "Our standards are
industry standards" is their policy.
> We're better than that. Microsoft's anti-Apache benchmark studies prove it
> Free software rules because a community can take criticism on the chin where
> valid and make things right;
only because people protest and fight about it.
> a company like MS needs to spin (doing
> anything less would probably invoke the wrath of the shareholders).
especially when a company has made such unrealistic profits for so long.
> > I can't remember MS security patches being "immediately posted" to their
> > website.
>
> That depends what you mean by 'immediately posted'. I imagine as soon as
> they're finished they're posted immediately.
>
> I suspect that's not what you mean though :)
I think we agree on that. :-)
Best,
Richard
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list