[NBLUG/talk] Mono

Roger House rhouse at sonic.net
Tue May 27 11:38:00 PDT 2003


The specification of C# and its runtime, CLR, are public standards.  I
believe anyone can implement them on anything without legal hassles.  See

    http://www.itweb.co.za/sections/software/2003/0304070751.asp

Roger House
rhouse at sonic.net

----- Original Message -----
From: "ME" <dugan at passwall.com>
To: <talk at nblug.org>
Sent: Monday, May 26, 2003 3:05 PM
Subject: Re: [NBLUG/talk] Mono


> Jon Shiring said:
> > If you see Mono as an attempt to create a compiler for a new language, I
> > can't believe people would really want to avoid supporting a new
> > language in Linux simply because MS created it.  Are we going to limit
> > ourselves to Perl and C for the next 50 years of computing because we
> > refuse to be open to new languages that have legit uses?
>
> This is not a stand I took in my reply. Issues of compatability over time
> and any ability to have a project claim to be equitable to C# will never
> be attainable over the long term while a central authority has the right
> to not publish future specifications. There are many C++ compilers. There
> are many C compilers. The "standards" for these languages are published
> and available for all. "ANSI" provides for a standard for all to share.
> The authority of ANSI is not likely to become profit oriented and limit
> access with licenses to generate profit. Anyone can build their own
> compiler and IDE using the specifications. IEEE POSIX is another example
> for a published open specification.
>
> This issue is not "because MS created it" but instead "because a single
> entity with a proven track record for altering specifications not
> publishing all specification can at any time exercise their history over
> users in future versions."
>
> WFWG came out, and so with Windows 95. They supported a share based model
> for authentication for access to network resources. It was effectively P2P
> sharing. As Samba came to fill this gap and offer support for SMB based
> file sharing, MS came out with another model "user based authentication"
> with PDC/BDC and the Domain model. As Samba gained sufficient support for
> acting as a PDC (with exception to a few items) a new model was provided
> by MS (Active Directories.)
>
> A better example is a review of the History of MS vs Netscape (the early
> years.) Both Netscape and MS invented new "isms" (Internet Explorer-ism
> and Netscape-ism) that were outside the scope of the published HTML
> standards. Each tried to create a "feature" available when using their
> clients *and* servers that was not available when you just used their
> client and/or did not use their server. Additions to the HTML standards on
> both sides permitted people to make pages that offered very different user
> experiences to the users. Inconsistency is not easily supportable.
>
> MS is very good at making money. This is their job. They are a
> corporation. They answer to their stock holders. If they find they can
> make profit by altering .net with a new release that has closed specs, or
> only licenses the specifications to businesses at a cost to entities
> willing to sign NDA, they will do it.
>
> An earlier example is IPX/SPX. Who uses this anymore? TCP/IP is an open
> standard with the only central authority that has a mission to publish new
> "Request for Comment"
>
> > The patent issue is absurd, because it implies that MS couldn't use
> > patents to stop other projects.  MS probably has patents that could
> > cover evolution, mozilla, gnomemeeting, and many many other apps.  Heck,
> > mplayer forces you to violate copyrights to play some formats and nobody
> > jabs it as not worthwhile.  Patents shouldn't be an excuse not to create
> > any sort of project, because to fear patent violation would mean
> > stopping almost all open source application development.  MS actually
> > has a good track record in terms of actually using patents as a
> > defensive tactic.
>
> It is a control issue. NPO, and our government have no profit motivation
> with their operation. My issue is based on predicting the future based on
> past actions. (I was also not happy with Sun owning Java.)
>
> > As for changing the protocol, who is to say that compatibility is a
> > must-have?
>
> Sure. Java is a build once, test everywhere. If you are a business, and
> you wish to provide a product for various OS (Windows, Linux, *nix, *BSD,
> Mac OS X, etc.) then you would likely *want* compatability. If you are in
> user support, you also want compatability. If you are an end use, you
> would also likely want compatability. (Even today, you will note that MS
> Word for the Mac is different from MS Word for Windows.)
>
> Compatability is not a "must-have" but is desired. It makes it easier for
> businesses and support groups to include a technology.
>
> > Is language-independent programming, less platform
> > dependence, and a better-designed set of system libraries a bad thing?
>
> It depends. "better-designed" and "bad" are entirely subjective. These are
> matters of opinion. Some will agree and some will disagree.
>
> > Even if it was incompatible with .net it would still be a win.
>
> I'm not so sure it would be a win. Having ".net" for windows and ".net"
> for Linux might send a message to businesses that is not true.
>
> > But
> > given the rate at which the windows APIs change, I suspect it'll be even
> > easier than keeping Wine up to date.  MS is all about client
> > compatibility, they don't screw around with changing APIs very often
> > (file-formats, yes, but if the APIs are stable, tracking file format
> > changes is managable).
>
> They have at least 3 changes in client/server authentication in less than
> 7 years. How many changes have been made to the apache client-server
> HTTP-AUTH in the past 7 years? How about the authentication for ssh,
> telnet, ftp in the past decade? Even MS IIS has had its authentication
> systems changes twice since it first came out.
>
> When MS was notified about insecurities in the NTLANMan authentication
> (exposed by Hobbit and Mudge from L0pht, and built into a product they
> made "l0phtcrack") MS response was to (eventually) provide a hotfix that
> enforced case-sensitive authentication. This (once installed) denied MS
> Windows 9X users to participate in Domains. MS could have provided a patch
> to  Windows 9X to make them work with the new hotfix, but chose not to.
> There was no profit in this.
>
> MS is also encouraging people to upgrade their MS Windows Systems with
> http://windowsupdate.microsoft.com/ (using only MS IE BTW) to remain up to
> date. At least 2 Different releases of ".NET" have been provided by MS
> over time. For MS to make changes to client-server will become easier with
> such a network based upgrade strategy. When everyone shifts to this system
> for upgrading, it will be very easy for MS to impose changes to API,
> protocols, and languages.
>
> (MS has had Service Packs to MS Widows NT 4.0 that made NT machines using
> the older patch unable to authenticate against the machines that had been
> patched.) MS does in fact change their client-server authentication
> systems, and changes them more often than I like. (Another "BTW": when the
> new SP for NT came out that caused this incompatability, Samba
> authentication was broken, and Samba had to be modified too.)
>
> > I'm not saying that .net is "better" than C applications or anything of
> > the sort, I'm saying that when we find ourselves refusing to support new
> > technologies, don't expect to keep programmers flocking to write Linux
> > applications.
>
> Oh. Have you seen MS dev environment for C# as part of .NET? It looks
> really slick. I mean, you can create a UI by dragging and clicking and
> setting buttons and names and make it "look" the way you want, and then
> have it "build" a skeleton set of code that will display it the way you
> just "drew" it. Then you can "click" on buttons and specify the actual
> code that should be used when the user clicks on them.
>
> I like the way it looks, but I do not like the fact that an entity driven
> by profit has control of it. Do I hate MS? Nope.
>
> Let me be clear on this:
> My issue is with a corporation having controlling ownership in what they
> wish to dictate as a new "De facto-standard." I look at the Success of
> HTML (pure), TCP/IP (whole suite), C++, C and HTAUTH (apache) and am glad
> that these offer consistent access.
>
> -ME
>
>
>
> > Jon
> > Programmer, S2 Games
> >
> > On Mon, 2003-05-26 at 06:57, ME wrote:
> >> I agree with Alan on his reasons, but I dont agree that it is
> >> ridiculous.
> >>
> >> MS has a history of changing protocols and formats for existing
software
> >> as alternative projects provide supports to use MS protocols/formats.
MS
> >> word is a great example of this. As the file format for ".doc" files
are
> >> discovered by opensource coders, MS changes the ".doc" format and
> >> releases
> >> a new copy of MS word. This is what they have done, this is what they
> >> will
> >> do.
> >>
> >> However, I do not see an attempt to dev an opensource .net as
> >> ridiculous.
> >> As the coders build their own understanding of .net, they may come up
> >> with
> >> security weaknesses in the .net made by MS.
> >>
> >> Since MS has put so many different things under the name ".net"
> >> weaknesses
> >> found in even a few areas tarnish the whole name. (Attempt to locate
> >> multiple eggs in the same basket to make entry into the market of .net
> >> clones too costly?)
> >>
> >> Of course, I am first to agree that their project to duplicate .net is
> >> ultimately doomed to failure while MS is in control of the protocol,
> >> format, and specifications.
> >>
> >> Though it was not a ".net" failure (more of a web coder failure) there
> >> was
> >> a hole discovered recently in the passport portion of .net and
> >> authentication. It seems that MS had a web page for resetting passwords
> >> that would allow you to reset any user's passport password with a
> >> properly
> >> (improperly?) formatted submission from a form. It seems that MS is/was
> >> willing to trust the client to verify the client was who they said they
> >> were. (Not entirely true, but it sounds better than saying the coder of
> >> the password reset page from MS just botched the job.)
> >
> >
> > _______________________________________________
> > talk mailing list
> > talk at nblug.org
> > http://nblug.org/mailman/listinfo/talk
> >
> >
>
> _______________________________________________
> talk mailing list
> talk at nblug.org
> http://nblug.org/mailman/listinfo/talk
>




More information about the talk mailing list