Path: utzoo!attcan!uunet!lll-winken!ames!haven!umd5!feldman From: feldman@umd5.umd.edu (Mark Feldman) Newsgroups: comp.sys.next Subject: Re: NeXT concerns Message-ID: <4476@umd5.umd.edu> Date: 27 Jan 89 16:40:27 GMT References: <4474@umd5.umd.edu> <3231@ima.ima.isc.com> Reply-To: feldman@umd5.umd.edu (Mark Feldman) Organization: University of Maryland, College Park Lines: 96 In article <32681@tut.cis.ohio-state.edu> J Greely writes: > >Booting off the network is supported, although we haven't had time >to set it up yet here. This is the method of choice for a lab of >student workstations, and NeXT hasn't ignored it. In fact, the >release notes mention several enhancements to BOOTP that will make >it easier to handle the whole process. Ok, but you can't use a NeXT as the BOOTP/NFS server, unless you are willing to pay someone to make sure that it is on all the time. > My real concern with opticals in a student lab is verification of >machines. If J Random Undergrad can reboot from his own disc, I >don't want him being trusted by our network for anything. It boils >down to the statement that if someone has root access to one >optical-equipped NeXT box, he can be root on any others he comes >across. This problem doesn't get any mention in the 0.8 release >notes. There is no way to prevent a user from booting off the optical or prevent them from booting in single-user mode. This means that anyone can become root. Prventing someone from going root helps security somewhat (anything that you can throw in their path is helpful), but not too much as any PC user can go ``root''. What we need is authentication, so we decide to put MIT Project Athena's Kerberos authentication systems on the NeXT. Uh oh, no OS source. We're stuck. In article <3231@ima.ima.isc.com> johnl@ima.UUCP (John R. Levine) writes: > >Given >the hardware on the NeXT, we can expect users to have large files full of >digitized images and sound. Is it really mission critical to have >centralized, backed up copies of 10,000 megabytes of pictures of people's >gerbils and voice mail of light bulb jokes? Good point! Now if only the person sitting at the NeXT could manipulate the optical without having to become root. And while we're sitting in front of the NeXT, it would be nice if the user at the NeXT could prevent other users from popping up windows and making sounds, again, without becoming root. >I was at the developers' camp two weeks ago and at the banquet, Steve Jobs >took questions, many of which concerned source code. The opposition to >making source available seems to be more pragmatic than theological, they >don't want proliferating slightly incompatible versions of everything that >would make it harder to interchange applications. He gave the impression >that reasoned arguments could persuade them to release parts of the code, >particularly the less propritary parts. I was there, too. Did you have the lasagna or turkey (or was it chicken?)? I had the turkey, and as a matter of fact, I was the first person in the group to ask about source. I still think that NeXT is side stepping the issue. For many people, the decision to purchase NeXTs is resting on availability of operating system (not application) source. As I said in my previous posting, we have source licenses from other vendors. We would prefer that the vendors provide all of the support -- quick fixes for bugs and the extensibility needed to integrate their systems into our environmnet, but the vendors cannot provide these services to the extent that we would like, so we have source. Has this cause our other vendors headaches? No. We've been able to do our thing and help them in the process by pointing out (in detail) OS bugs. If the Internet virus of months back happened now and was a NeXT virus, we would be forced to disable much of the networking software or turn our NeXTs off until receiving updates from NeXT. As it happened, our systems staff had the necessary source and quiclky put out fixed software. We are a networked campus with many network services, including NTP (network time protocol) time. We have expertise in both UNIX and NTP -- the UNIX NTP daemon was written here. When the people who wrote the UNIX NTP daemon tried to port it to the NeXT, it hung. Some nasty Mach/networking bug causes the NeXT to forget all of its interrupts or go into a very tight kernel loop. Whateve the case, the NeXT hangs. Can we fix it? Can we find the OS bug and report it to NeXT (helping them!)? No. We don't have the necessary source. > On the other hand, people do seem >to get work done on Macs and PCs without source code, so there's some >suspicion that the demands for source code are based as much on Unix >tradition as on real need. Most PC applications make very little use of DOS, as DOS does not provide many useful services. Many (most?) PC applications talk directly to the harware (keyboard, screen, speaker), so having DOS source doesn't do much for you. Many applications do make use of BIOS routines and the source to BIOS is available. The Mac provides more services and a more structured environment, but it is still much less complicated than a multi-tasking, multi-user workstation (e.g., the NeXT). NeXT must commit itself now to providing what the university community -- its target market -- wants. I have trouble believing that our NeXT concerns are very different from those at any other university, even if I sometimes have trouble putting them into words. He who hesitates is lost, or, in this cae, skipped over at purchasing time. Mark