Networking

I haven’t been networking as long as SJVN but he seems to have forgotten how good networking is in a UNIX-like OS when he writes, “7’s many networking improvements and new features, they offer a fine reason to upgrade from XP”
Networking is useful and it actually makes almost any PC much more useful whether it is just surfing the web or complicated mingling of computing resources on the LAN. In TFA, SJVN outlines several “new” features of “7”:

  1. libraries – no not collections of linkable resources in a file-system, but M$’s new name for a directory containing links to other resources including local and networked files and folders.
  2. Home Group – shared libraries I guess.
  3. Easy Connect – help desk interaction.
  4. Location-aware printing
  5. View Available Networks
  6. URL-based QoS
  7. Direct Access – no, not storage but VPN or something
  8. Branch Cache – yes file caching comes to the LAN

I don’t see anything in there that is new or worth the cost of migrating from XP to “7”. These are all minor tweaks that could mostly be obtained by reconfiguration of existing systems. Renaming something is not usually considered innovation or worth tons of money but M$ needs customers to believe this is innovation. I am surprised SJVN uses this as support for his thesis that “7” is somehow so much better than XP for networking that a migration requiring replacement of almost every PC and server and a new set of paid software licences is justified.

Good old NFS will do the first two as long as you set permissions accordingly, use global authentication like openLDAP, and share folders and not invidiual files. The only place where I see sharing individual files important is when thee are too many files in a folder to scroll about. That’s an issue of file-management, not networking. If I had 10k files in a folder, I would use search to find them rather than scrolling, but that’s just me. I never got the hang of knowing where to file everything because I have not much short-term memory. Items 1 and 2 seem to me to be a way to make the file-system more complicated, increasing lock-in as usual. I have met many people using XP that could not find files recently saved. I have that problem from time to time as well, hence I use search. My Downloads folder is huge but I almost never scroll in it.

Location-aware printing again is a matter of configuration. When we boot our machines they can choose one configuration file or another depending on the location. I doubt people have more than a few places to print in-house. On the road is a problem but a travelling salesman is unlikely to have permission to print anyway otherwise malware would use all the paper.

Branch Caching. I have seen GNU/Linux systems caching network accesses to the web and local and LAN file accesses
for years. I don’t see it as something new at all. Perhaps it is in that other OS. If you really want to cache stuff efficiently for a bunch of users put them on a GNU/Linux terminal server. It will treat the cache of the networked file as a local copy in RAM for as long as it can. That’s how I get such quick logins and window openings on a GNU/Linux terminal server. The files are almost always in RAM. It looks like “7” is keeping its copy on the hard drive giving issues of synchronicity and security. If you are pulling files from a server, the LAN should be faster than the local hard drive in many cases. If that server has the files cached in RAM the first bytes will arrive before your local hard drive can start its seek. That situation will be more important in a busy system.

View Available networks? Is this new? I have wicd running here and it tells me about all the neighbours’ wireless networks. I am not sure users examining the LAN for resources is a good thing for security. Administrators may need information about all available networks but the user of a machine running “7” should not. When the malware takes over, do we want the malware to know where everything is and where it’s going?

Easy Connect sounds a lot like VNC. I do that over SSH to administer users’ PCs. That’s not new for XP. That’s been around for many years. I guess if they change the name M$ gets to claim it as a feature.

Direct Access – see Easy Connect but change VNC to plain SSH. It’s pretty easy to scoot all over a network with port forwarding and SSH. That’s old, too.

If anything, these features should be grounds to migrate to GNU/Linux. The migration will cost less and you get all the features of a properly networked OS for one low price, $0 instead of $100+ per seat and CALs and server licences… I expect many system comfortable with XP will find a way to migrate to GNU/Linux instead of staying on the Wintel treadmill. If your are in a hole, stop digging. GNU/Linux is like a ladder helping you get out.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

7 Responses to Networking

  1. ChrisTX says:

    You have to differentiate there. For an IT professional, HomeGroups aren’t. As a matter of fact, I myself, am not using them. However, for an end user they are.

    “Passwords are inherently insecure. When the badguy gets the password, you are toast.”
    That also depends on your setup. If you enforce smart card etc. authentication – which is for an enterprise or similarily big deployment obviously the best option – then not of course.

    “That still does not seem like anything that would cause a decision to move to “7″.”
    HomeGroups are a piece of the whole thing. Windows 7 itself features a lot of new things that do make it worth to upgrade to – even from Vista. However, I’d criticize SJVN’s list of reasons here. DirectAccess is surely not usable for a home user and HomeGroups are certainly useless in an enterprise deployment. But considering SJVN is one of the characters who is constantly talking without actually knowing something, this doesn’t surprise me either. I’m sure he’ll find somebody among his readers for whom URL-based QoS or DNSSEC is very important!

  2. That still does not seem like anything that would cause a decision to move to “7”. We can encrypt files and put them on the server the same way. I am not sure giving end-users authority over network security is a great idea. Probably a cloud-like service would be the way to do this sharing.

    A neat way for users to share is to put them in the same group and then make a folder that the group can access. I usually use a file-server combined with authentication as a small terminal server. It is very fast, flexible and secure. Passwords are inherently insecure. When the badguy gets the password, you are toast.

  3. ChrisTX says:

    Maybe you’re not quite following but I never doubted you could setup a non-interactive auth for sshfs, NFS or SMB. You can for all of these.

    That’s not the point either of HomeGroups. The point makes two things:
    – HomeGroups can be created ad hoc: No need to put something in somewhere, you just give your friends one password they enter and you’re connected. For SSHFS you need a login which is obviously not that handy.
    – HomeGroups do not require any technical knowledge: Maybe you failed to realize it, but the amount of users who would care on how to setup a non-interactive auth by putting some login command somewhere isn’t that big. See, you can also use NFS + Kerberos for that or use passworded SMB, but neither is really popular, simply because it requires a certain amount of technical knowledge. HomeGroups work for everyone and do not. You don’t need to put a login command somewhere, instead you select the folders you want to share, and get a token you can hand around, somewhat like PSK WLAN authentications work.

    “LDAP does provide user auth information from a database. AD uses LDAP, too. It works.”
    Yeah, because I didn’t know what LDAP is before. Must be that.

  4. @ChrisTX

    See man sshfs
    “SYNOPSIS
    mounting
    sshfs [user@]host:[dir] mountpoint [options]”

    Put that in /etc/rc.local or the user’s login scripts. The user who needs access to the files in dir needs passwordless ssh setup and the access will be always on for him.

    etc.

    I do not work for you. Don’t ask. I have done this stuff for a living whether you think so or not. LDAP does provide user auth information from a database. AD uses LDAP, too. It works.

  5. ChrisTX says:

    “LDAP + SSH can do all of this in GNU/Linux.”
    So show me how you create your SSH always on connection owned by the system. I’d like to see that for a beginning. Not to mention that you cannot create any kind of invitation files/passwords similar to TeamViewer.

    Also show me how you do branch cache for NFS, please.

    NFS also cannot exchange lists of available files, as a matter of fact, not even a DFS equivalent is available for NFS. You need other technology for even that.

    About home groups and libraries, there is another thing you entirely failed to understand (including my point about passwords): You can of course setup LDAP with KRB V/SPNEGO for SMB or NFS shares, but this requires a central logon. Now take the word “HomeGroup”. Notice the emphasis on HOME? Sure, next LAN party I’ll just fire up my Active Directory PDC and tell the guys on my LAN party to just authenticate against it, so we can access DFS! Or we just use HomeGroups and use the passwords it generates for us. Which is the point of a HomeGroup, that you can exchange files safely without the need to setup anything, with having however a list of protected shared folders and files you can share. Setting up OpenLDAP or ADDS is not an option in that scenario.
    Easy Connect is the same idea: It was possible before, but its point is to secure and faciliate ad hoc deployment!

    I doubt you understand the technology you talk about, no matter whether it is about Linux or Windows. Let me quote myself here: “considering there is no such thing as AD on Linux – LOL, NIS, LOL” LDAP/NSS is using authentication stored in “NIS from an LDAP server”. Basically you told me, wait the thing you didn’t say is possible with X is possible because you don’t know about X. KEWL STORY BRO.

    While we’re on facts: Windows can expose ADDS information per NIS, too. So basically, Windows allows you to host a DC that allows LDAP/NSS authentication AND Active Directory authentication at the same time.

    I got a good book for you: http://amzn.to/gYretS
    “I’ve had systems with 700 user accounts use this technology with NFS to handle everything and each user had their own web-page all run from a single server. The clients ran their applications on a few terminal servers and had all this goodness back in 2006 when it was tried-and-true technology that had been around forever.”
    OH SHI- SO CASH. IT’S LIKE YOU CAN’T DO THAT WITH WINDOWS! Except for Windows having NFS serverside and clientside support.

  6. LDAP + SSH can do all of this in GNU/Linux.

    You log in and use passwordless ssh to access your files anywhere in a secure fashion. No need to type passwords again to access the files. “passwordless” does not mean “without authentication” with ssh it is strong authentication at login and it applies to your file accesses through NFS and SSHFS.

    see http://packages.debian.org/sid/sshfs

    see http://wiki.debian.org/LDAP/NSS

    I’ve had systems with 700 user accounts use this technology with NFS to handle everything and each user had their own web-page all run from a single server. The clients ran their applications on a few terminal servers and had all this goodness back in 2006 when it was tried-and-true technology that had been around forever.

  7. ChrisTX says:

    “1.libraries – no not collections of linkable resources in a file-system, but M$’s new name for a directory containing links to other resources including local and networked files and folders.”
    Actually not. It’s something entirely different. It allows grouping media folders, documents and such by indexing local harddrives or home group shared files. All available files will be grouped together in a single folder view.

    “2.Home Group – shared libraries I guess.”
    Even less. A home group allows easy and secure file sharing. Yes, you could do this before, but not by exchanging a simple password on a LAN party etc. You either have got no auth or password-based one.

    “3.Easy Connect – help desk interaction.”
    Lol’d. No, actually, Windows Remote Assistance has been around for 9 years. Try to read about it sometime. Easy Connect is just allowing to perform the connection more easily, similar to what TeamViewer offers.

    “7.Direct Access – no, not storage but VPN or something”
    Totally. It is VPN, but a very special form of such. Mentioning SSH is a vast fail here, because SSH cannot deliver the core advantage of DA: A permanent connection with automated reconnection and entire integration. Unlike SSH, DA allows for mobile clients to have the LAN available at all times without having to explicitely initiate a connection. Considering this is based on the much safer MOBIKE/IKEv2 (IPsec, that is), which SSH cannot deliver any comparable security against… (still rolling out your CAs with OpenCA? Oh well, I suppose you lost the game)… Show me.

    Ok, so I know you’ll ask me how this is different from SSH or a revolution over it? The advantage that the remote connection is always *bi-directional* on. Means your IT Administrator has the ability to deploy new software or policies while you’re away… Oh, I’m sorry, considering there is no such thing as AD on Linux – LOL, NIS, LOL – you’re not going to understand the point.

    “8.Branch Cache – yes file caching comes to the LAN”
    Moron. Branch cache works on a network edge and caches as the word says for the whole branch. File caching was introduced earlier, see NT4. Oh and yes, this is available by using either P2P or a dedicated host. Advantage is that if you’ve got say 10+ branch offices all over the world, using internally a LAN connection and being connected per WAN, you can reduce the WAN usage a lot, as a shared cache is possible.

Leave a Reply