[NBLUG/talk] Mono

ME dugan at passwall.com
Tue May 27 11:52:00 PDT 2003


Present version, but not necessarily future ones.

MS has a history of
"Embrace and extend."

Roger House said:
> The specification of C# and its runtime, CLR, are public standards.  I
> believe anyone can implement them on anything without legal hassles.  See
>
>     http://www.itweb.co.za/sections/software/2003/0304070751.asp
>
> Roger House
> rhouse at sonic.net
>
> ----- Original Message -----
> From: "ME" <dugan at passwall.com>
> To: <talk at nblug.org>
> Sent: Monday, May 26, 2003 3:05 PM
> Subject: Re: [NBLUG/talk] Mono
>
>
>> Jon Shiring said:
>> > If you see Mono as an attempt to create a compiler for a new language,
>> I
>> > can't believe people would really want to avoid supporting a new
>> > language in Linux simply because MS created it.  Are we going to limit
>> > ourselves to Perl and C for the next 50 years of computing because we
>> > refuse to be open to new languages that have legit uses?
>>
>> This is not a stand I took in my reply. Issues of compatability over
>> time
>> and any ability to have a project claim to be equitable to C# will never
>> be attainable over the long term while a central authority has the right
>> to not publish future specifications. There are many C++ compilers.
>> There
>> are many C compilers. The "standards" for these languages are published
>> and available for all. "ANSI" provides for a standard for all to share.
>> The authority of ANSI is not likely to become profit oriented and limit
>> access with licenses to generate profit. Anyone can build their own
>> compiler and IDE using the specifications. IEEE POSIX is another example
>> for a published open specification.
>>
>> This issue is not "because MS created it" but instead "because a single
>> entity with a proven track record for altering specifications not
>> publishing all specification can at any time exercise their history over
>> users in future versions."
>>
>> WFWG came out, and so with Windows 95. They supported a share based
>> model
>> for authentication for access to network resources. It was effectively
>> P2P
>> sharing. As Samba came to fill this gap and offer support for SMB based
>> file sharing, MS came out with another model "user based authentication"
>> with PDC/BDC and the Domain model. As Samba gained sufficient support
>> for
>> acting as a PDC (with exception to a few items) a new model was provided
>> by MS (Active Directories.)
>>
>> A better example is a review of the History of MS vs Netscape (the early
>> years.) Both Netscape and MS invented new "isms" (Internet Explorer-ism
>> and Netscape-ism) that were outside the scope of the published HTML
>> standards. Each tried to create a "feature" available when using their
>> clients *and* servers that was not available when you just used their
>> client and/or did not use their server. Additions to the HTML standards
>> on
>> both sides permitted people to make pages that offered very different
>> user
>> experiences to the users. Inconsistency is not easily supportable.
>>
>> MS is very good at making money. This is their job. They are a
>> corporation. They answer to their stock holders. If they find they can
>> make profit by altering .net with a new release that has closed specs,
>> or
>> only licenses the specifications to businesses at a cost to entities
>> willing to sign NDA, they will do it.
>>
>> An earlier example is IPX/SPX. Who uses this anymore? TCP/IP is an open
>> standard with the only central authority that has a mission to publish
>> new
>> "Request for Comment"
>>
>> > The patent issue is absurd, because it implies that MS couldn't use
>> > patents to stop other projects.  MS probably has patents that could
>> > cover evolution, mozilla, gnomemeeting, and many many other apps.
>> Heck,
>> > mplayer forces you to violate copyrights to play some formats and
>> nobody
>> > jabs it as not worthwhile.  Patents shouldn't be an excuse not to
>> create
>> > any sort of project, because to fear patent violation would mean
>> > stopping almost all open source application development.  MS actually
>> > has a good track record in terms of actually using patents as a
>> > defensive tactic.
>>
>> It is a control issue. NPO, and our government have no profit motivation
>> with their operation. My issue is based on predicting the future based
>> on
>> past actions. (I was also not happy with Sun owning Java.)
>>
>> > As for changing the protocol, who is to say that compatibility is a
>> > must-have?
>>
>> Sure. Java is a build once, test everywhere. If you are a business, and
>> you wish to provide a product for various OS (Windows, Linux, *nix,
>> *BSD,
>> Mac OS X, etc.) then you would likely *want* compatability. If you are
>> in
>> user support, you also want compatability. If you are an end use, you
>> would also likely want compatability. (Even today, you will note that MS
>> Word for the Mac is different from MS Word for Windows.)
>>
>> Compatability is not a "must-have" but is desired. It makes it easier
>> for
>> businesses and support groups to include a technology.
>>
>> > Is language-independent programming, less platform
>> > dependence, and a better-designed set of system libraries a bad thing?
>>
>> It depends. "better-designed" and "bad" are entirely subjective. These
>> are
>> matters of opinion. Some will agree and some will disagree.
>>
>> > Even if it was incompatible with .net it would still be a win.
>>
>> I'm not so sure it would be a win. Having ".net" for windows and ".net"
>> for Linux might send a message to businesses that is not true.
>>
>> > But
>> > given the rate at which the windows APIs change, I suspect it'll be
>> even
>> > easier than keeping Wine up to date.  MS is all about client
>> > compatibility, they don't screw around with changing APIs very often
>> > (file-formats, yes, but if the APIs are stable, tracking file format
>> > changes is managable).
>>
>> They have at least 3 changes in client/server authentication in less
>> than
>> 7 years. How many changes have been made to the apache client-server
>> HTTP-AUTH in the past 7 years? How about the authentication for ssh,
>> telnet, ftp in the past decade? Even MS IIS has had its authentication
>> systems changes twice since it first came out.
>>
>> When MS was notified about insecurities in the NTLANMan authentication
>> (exposed by Hobbit and Mudge from L0pht, and built into a product they
>> made "l0phtcrack") MS response was to (eventually) provide a hotfix that
>> enforced case-sensitive authentication. This (once installed) denied MS
>> Windows 9X users to participate in Domains. MS could have provided a
>> patch
>> to  Windows 9X to make them work with the new hotfix, but chose not to.
>> There was no profit in this.
>>
>> MS is also encouraging people to upgrade their MS Windows Systems with
>> http://windowsupdate.microsoft.com/ (using only MS IE BTW) to remain up
>> to
>> date. At least 2 Different releases of ".NET" have been provided by MS
>> over time. For MS to make changes to client-server will become easier
>> with
>> such a network based upgrade strategy. When everyone shifts to this
>> system
>> for upgrading, it will be very easy for MS to impose changes to API,
>> protocols, and languages.
>>
>> (MS has had Service Packs to MS Widows NT 4.0 that made NT machines
>> using
>> the older patch unable to authenticate against the machines that had
>> been
>> patched.) MS does in fact change their client-server authentication
>> systems, and changes them more often than I like. (Another "BTW": when
>> the
>> new SP for NT came out that caused this incompatability, Samba
>> authentication was broken, and Samba had to be modified too.)
>>
>> > I'm not saying that .net is "better" than C applications or anything
>> of
>> > the sort, I'm saying that when we find ourselves refusing to support
>> new
>> > technologies, don't expect to keep programmers flocking to write Linux
>> > applications.
>>
>> Oh. Have you seen MS dev environment for C# as part of .NET? It looks
>> really slick. I mean, you can create a UI by dragging and clicking and
>> setting buttons and names and make it "look" the way you want, and then
>> have it "build" a skeleton set of code that will display it the way you
>> just "drew" it. Then you can "click" on buttons and specify the actual
>> code that should be used when the user clicks on them.
>>
>> I like the way it looks, but I do not like the fact that an entity
>> driven
>> by profit has control of it. Do I hate MS? Nope.
>>
>> Let me be clear on this:
>> My issue is with a corporation having controlling ownership in what they
>> wish to dictate as a new "De facto-standard." I look at the Success of
>> HTML (pure), TCP/IP (whole suite), C++, C and HTAUTH (apache) and am
>> glad
>> that these offer consistent access.
>>
>> -ME
>>
>>
>>
>> > Jon
>> > Programmer, S2 Games
>> >
>> > On Mon, 2003-05-26 at 06:57, ME wrote:
>> >> I agree with Alan on his reasons, but I dont agree that it is
>> >> ridiculous.
>> >>
>> >> MS has a history of changing protocols and formats for existing
> software
>> >> as alternative projects provide supports to use MS protocols/formats.
> MS
>> >> word is a great example of this. As the file format for ".doc" files
> are
>> >> discovered by opensource coders, MS changes the ".doc" format and
>> >> releases
>> >> a new copy of MS word. This is what they have done, this is what they
>> >> will
>> >> do.
>> >>
>> >> However, I do not see an attempt to dev an opensource .net as
>> >> ridiculous.
>> >> As the coders build their own understanding of .net, they may come up
>> >> with
>> >> security weaknesses in the .net made by MS.
>> >>
>> >> Since MS has put so many different things under the name ".net"
>> >> weaknesses
>> >> found in even a few areas tarnish the whole name. (Attempt to locate
>> >> multiple eggs in the same basket to make entry into the market of
>> .net
>> >> clones too costly?)
>> >>
>> >> Of course, I am first to agree that their project to duplicate .net
>> is
>> >> ultimately doomed to failure while MS is in control of the protocol,
>> >> format, and specifications.
>> >>
>> >> Though it was not a ".net" failure (more of a web coder failure)
>> there
>> >> was
>> >> a hole discovered recently in the passport portion of .net and
>> >> authentication. It seems that MS had a web page for resetting
>> passwords
>> >> that would allow you to reset any user's passport password with a
>> >> properly
>> >> (improperly?) formatted submission from a form. It seems that MS
>> is/was
>> >> willing to trust the client to verify the client was who they said
>> they
>> >> were. (Not entirely true, but it sounds better than saying the coder
>> of
>> >> the password reset page from MS just botched the job.)
>> >
>> >
>> > _______________________________________________
>> > talk mailing list
>> > talk at nblug.org
>> > http://nblug.org/mailman/listinfo/talk
>> >
>> >
>>
>> _______________________________________________
>> talk mailing list
>> talk at nblug.org
>> http://nblug.org/mailman/listinfo/talk
>>
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/mailman/listinfo/talk
>
>




More information about the talk mailing list