Forgot your password?
typodupeerror
GNU is Not Unix Businesses Software IT

Open Group Releases DCE 1.2.2 as Free Software 162

Posted by michael
from the run-with-the-big-boys dept.
lkcl writes "The Open Group announced 12th January 2005 that they are releasing DCE/RPC 1.2.2 as a Free Software Project - under the LGPL. This is a major coup for Free Software: the Distributed Computing Environment is known to be involved in some major projects. There is a mirror at opendce.hands.com which runs rsync, ftp, and there is also a dce122.tar.bz2.torrent bittorrent running as well."
This discussion has been archived. No new comments can be posted.

Open Group Releases DCE 1.2.2 as Free Software

Comments Filter:
  • freedce (Score:3, Informative)

    by lkcl (517947) <lkcl@lkcl.net> on Friday January 14, 2005 @03:51PM (#11365967) Homepage
    Article at Advogato [advogato.org] with some more details.

    This is one _monster_ big deal for Free Software.

    This is the code that allows big companies such as IBM, Fujitsu, Entegrity etc. to bid for £500m contracts. [theregister.co.uk]

    We have FreeDCE [sf.net] already, which is the DCE 1.1 Reference implementation autoconf'd and updated...

    • Re:freedce (Score:1, Insightful)

      by Anonymous Coward
      wow, you submitted the story AND trolled for more page views! Way to go, overselling yesterday's technology!
      • _and_ keeping an eye on the bloody bittorrent client and the server i borrowed to host a mirror of the code - it's a wonder i get to do any work at all, really.
      • Re:freedce (Score:1, Informative)

        by Anonymous Coward
        wow, you submitted the story AND trolled for more page views! Way to go, overselling yesterday's technology!

        He bought the $lashdot Bonus Pack©. That's a story plus a guaranteed 2nd post behind a non karma whoring first post (1st would be to obvious and a karma whore first post might drown it out. Sorry, Lindsy. ) The bonus pack only cost $50 more than the regular $lashvertisement.
    • Re:freedce (Score:3, Informative)

      by eviltypeguy (521224)
      I would like to point a somewhat glaring inaccuracy in the article linked in the parent post.

      The article author claims:

      "...Global File System (which is proprietary anyway, available from Redhat)..."

      Except, GFS is NOT proprietary. Behold, the source code:

      http://sources.redhat.com/cluster/gfs/

      And by the way, as my first impression I think Advogato sucks if only because there is no obvious way to contact the author or reply to the article to point out this inaccuracy or anyone at the site to contact ab
      • it's okay, i'm hanging about, just in case of exactly that sort of thing. my comments were based on someone setting up "opengfs" [sourceforge.net] which i am pretty confused about.
    • Luke,

      Indeed, this is a very interesting development. With an LGPL license for DFS, it's time to give the DCE descendent of AFS another look.

      But we have AFS, too, and although OpenAFS is not GPL-compatible, its free software in a real sense, and more important, it has a living community of developers who've worked on the code stretching back into the 1980s.

      I'm not as convinced now as I might have been 3 years ago that DCE is a better mousetrap than Rxgk is shaping up to be.

      There will probably be crossov
  • by Anonymous Coward
    This isn't nearly as important as claimed here; other technologies supercede it.
  • WTF? (Score:2, Funny)

    by Otter (3800)
    My first thought was to say "DCE/RPC under the LGPL! Wow! Would you mind telling us what the hell the thing is?"

    But, I figured I'd be socially productive, RTFA and post an explanation myself.

    The OSF Distributed Computing Environment (DCE) is an industry-standard, vendor-neutral set of distributed computing technologies. DCE is deployed in critical business environments by a large number of enterprises worldwide. It is a mature product with three major releases, and is the only middleware system with a comp

    • Re:WTF? (Score:4, Funny)

      by stratjakt (596332) on Friday January 14, 2005 @03:58PM (#11366059) Journal
      It's basically a library of Open Source buzzwords, with which you can raise venture capital.
    • Re:WTF? (Score:1, Redundant)

      by lkcl (517947)
      have a quick read of the advogato article as well it gives a few more details. this stuff some people have been working on or with for _twenty years_ :) we're so so incredibly privileged to have been granted this opportunity.
    • From wikipedia (Score:5, Informative)

      by Oriumpor (446718) on Friday January 14, 2005 @04:01PM (#11366098) Homepage Journal
      The Distributed Computing Environment (DCE) is a software system developed in the early 1990s by a consortium that included Apollo Computer (later part of Hewlett-Packard), IBM, Digital Equipment Corporation, and others. The DCE supplies a framework and toolkit for developing client/server applications. The framework includes a remote procedure call (RPC) mechanism, a naming (directory) service, an authentication service, and a distributed file system (DFS). DCE RPC was derived from an earlier RPC system called the Network Computing System (NCS) created at Apollo Computer. The naming service was derived from work done at DEC. DCE DFS was based on the Andrew file system (AFS), originally developed at Carnegie-Mellon University, and later extended by Transarc Corporation (which was later merged into IBM)

      Link here [wikipedia.org]
      • I worked with the orginal NCS back on Apollos. Wow, what an elegant solution for the time. It makes me mad that Sun beat out Apollo for the workstation market, even though Apollos were generations more capable.

        Until very recently with Macs, Apollo's distributed directory was unrivaled for ease integration of new nodes in the network. Plug it in, you're not only on the net, but you have the same account, device, filesystem, etc configuration as every other node on the network. Don't have a disk? Eh, we'll f
    • by arose (644256)
      First imagine a beowulf cluster...
    • Re:WTF? (Score:2, Insightful)

      by stratjakt (596332)
      Basically, Free DCE is DCOM for linux/BSD/OSS.

      I know I already replied. I'm doing it again.

    • Re:WTF? (Score:3, Interesting)

      by finkployd (12902)
      Quick description. It is a couple of things.

      Importantly, it is an extension of KerberosV to store group information in the ePac (like MS Kerb only not digitally signed by a private key that only they can use to lock everyone else out).

      It is a secure, authenticated RPC with authorization support.

      Built on top of this is a distributed filesystem that is basically 10 years or so ahead of OpenAFS (DFS was the sucessor to AFS way back when, AFS has not nearly caught up in features yet)

      It also is a directory s
      • Re:WTF? (Score:3, Informative)

        by lkcl (517947)
        the lock-out you describe was done by _microsoft_ as part of their use of kerberos in "active directory": they used the "application specific" field in order to save on round-trips (and then extended their bloody SMB protocol in order to _add_ a couple. bastards).

        DCE did a "proper" job by using the available fields of kerberos for the correct - documented - purpose.

        the use of CDS being largely irrelevant was recognised by TOG in 1999: you need to pay IBM stacks of $$$ to get the code _but_ it was reco

        • Re:WTF? (Score:3, Interesting)

          by finkployd (12902)
          the lock-out you describe was done by _microsoft_ as part of their use of kerberos in "active directory": they used the "application specific" field in order to save on round-trips (and then extended their bloody SMB protocol in order to _add_ a couple. bastards).

          And now that it is open sourced, perhaps someone (or me, whatever :) can get around to fixing the screwy case issue with dce cell naming that prevents us from making a one way trust setup between active directory and dce (having the ms kdc being
  • Gosh, first Motif, now DCE? What other package that I haven't used in 10 years will be next?
    • I used Motif yesterday in fact. While certainly ugly and headache prone, it does have some significant advantages. It's ubiquitous and available everywhere. It's fully documented. It has stable API (unheard of with other high level X11 toolkits). And it's much much much easier than using bare Xlib.

      I wouldn't recommend it to most people, as it's still low level enough to bog you down in the UI instead of the backend. But it's hardly "abandonware".
  • This is a disturbing trend I've seen cropping up a few times lately, but it seems like all of their useful introductory documentation (at least what they refer to on their website) is available in book format that you have to pay money for. Is the code really open and free if you have to pay money to learn how to use it?
  • by loose canons (823774) on Friday January 14, 2005 @04:04PM (#11366123)
    In '93, I was making the big bucks at a defense contractor because I could tell them how/where to use DCE.
    It is interesting to see the difference between the openess of the OSF and the openess of the open source movement [all that gnu software!] begin to blur.
    I hope that exposure of the security code buried in DCE, especially where it uses kerberos, will help polinate other open source projects with improved security features.
    • ...and for those of you who are still wondering what TFA is about, note that just about every big system and OS vendor [uni-muenster.de] has its own version of DCE. It has been the foundation for a lot of securely networed applications.
    • It is very unfortunate that DCE had the US BXPA export restrictions to contend with: it meant that the US govt REALLY got heavy with a lot of people.

      now, of course, all that free software projects must do is to notify the US govt of what encryption is involved, where they can get it, and you're done. which is very sensible and realistic.

      so now we can start adding kerberos back in - Luke Howard (www.padl.com) has already added GSSAPI as a FreeDCE plugin and that's actually better than going directly via k
    • I really hate to be an annoying terminology pendant -- but "all that gnu software" should really be called free software, not lumped together with the "open source movement". The free software movement was around first, after all, and IMHO have certainly earned the right to be called by their preferred name. There is a difference, and I think that both camps can see the benefit of using the appropriate terminology. The FSF obviously appreciates the distinctiveness, and people who prefer the open source t
  • It's been a while since I've looked at it, but wasn't DCE hijacked by Evil Empire? It was put together by OSF, now called the Open Group, and it seems bittersweet to have it released as free software now. If only they had the foresight to open it from the start.
    • by lkcl (517947)
      they didn't steal it but from what i can gather they took the DCE 1.1 reference implementation (available under a BSD-like license before most people had even _heard_ of free software licenses!) which is basically "stubs"... ... and then they integrated it with NetBIOS and SMB (inventing ncacn_np which is DCE/RPC over NT's NamedPipes - heard of those? look up CreateNamedPipe on the MSDN :) ... and then they added WINS as a resolver... ... and then they added NTLMSSP authentication... ... and then they crea
      • They didn't write it from scratch however, they reversed engineered the DCE RPC. MS RPC is based upon, and with a little hacking, will work with DCE RPC. They did this to avoid paying the full licence from OSF. "Stealing," may be a bit of hyperbole, but it wasn't exactly innovative, either.
        • They didn't write it from scratch however, they reversed engineered the DCE RPC. MS RPC is based upon, and with a little hacking, will work with DCE RPC. They did this to avoid paying the full licence from OSF. "Stealing," may be a bit of hyperbole, but it wasn't exactly innovative, either.

          They reverse engineered the spec, I think you mean. Kinda like what the SAMBA group did when you think about it, and they get a ton of props around here...
    • by finkployd (12902) on Friday January 14, 2005 @04:39PM (#11366585) Homepage
      lkcl covered the other stuff, I'll touch on DCOM.

      DCOM is literally a reverse engineered DCE-RCP, to the point where it is wire compatible with it. DCE-RPC is an authenticated RPC which uses KerberosV for the authentication token, and since DCE puts group information into the ePac (like MS did with their Kerb) it also allows for group based authorization at the RPC level.

      Microsoft ripped out all the security (who is suprised?) and called it DCOM. Of course the idl compilers are different so they are not compatible at that level, but once compiled, a DCE rcp client/server can talk to a DCOM client/server, assuming you are not trying to use any of the security built into the DCE-RPC

      Finkployd
      • by lkcl (517947)
        ... mr fink, i'm sorry but i do have to correct you on a couple of points.

        namely, that microsoft got hold of the BSD-like-licensed DCE 1.1 "reference" implementation so the "stripping of all security" was done by TOG not by microsoft.

        MS, who had and still have someone from Apollo working for them, knew and knows how DCE/RPC works _in_side out, and so was able to sort stuff out for them.

        MS _did_ have to add some stuff like "implicit handles" and MSRPC _does_ have the ability to do Unicode Strings (and bet
      • Of course the idl compilers are different so they are not compatible at that level, but once compiled, a DCE rcp client/server can talk to a DCOM client/server, assuming you are not trying to use any of the security built into the DCE-RPC

        That's not entirely true. DCOM is layered on DCE-RPC yes, but actually activating and programming a remote DCOM object is a lot more work than just using the RPC APIs. DCOM adds some kind of "object oriented"ness to it so you'd have to be able to understand OBJREFS and s

  • The EOSDIS/ECS project. http://eospso.gsfc.nasa.gov/ [nasa.gov] is a good place to start looking at the project I was on. It's currently the largest satellite data processing and science data repository on the face of the planet. :) (toot toot... there goes my own horn ;))

    Anyway... DCE was used to tie several servers together which are the core of the system. I found it very reliable and solid (and that was several years ago).

    GJC
  • by Earlybird (56426) <slashdot@nosPAM.purefiction.net> on Friday January 14, 2005 @04:32PM (#11366481) Homepage
    Microsoft's RPC framework [microsoft.com], which is built into Windows, is actually an implementation of DCE. While it's a long time since Microsoft used it directly, it's a nice platform for remote communication; it's a mature API that supports a wide variety of protocols (eg., TCP, UDP, local pipes), authentication mechanisms, marshaling mechanisms etc.

    Microsoft's COM (also known as DCOM) sits on top of this RPC layer to implement a distributed component object model -- one of Microsoft's finest and most underrated inventions. It's also one of their most copied technologies -- KDE, GNOME, OpenOffice (UNO) and Mozilla (XPCOM) all implement very similar object models.

    Of course, DCE RPC is also famous for the UUID [wikipedia.org] (aka GUID [wikipedia.org]) algorithm -- 128-bit identifiers whose uniqueness is mathematically guaranteed as long as the generator can access a network card with a unique MAC address.

    • Funny: OS/2 had SOM Since 1992 [prodigy.net]...

      This was before the split between Microsoft and IBM. SOM and COM are very similar...

      Yet another "innovation" from Microsoft that was based upon suspiciously similar innovations from other companies...

        • Funny: OS/2 had SOM Since 1992...

        I don't know the details, but I believe that at that time, Microsoft were still on IBM's team developing OS/2. Windows and OS/2 are very similar. Also, both SOM and COM were inspired by CORBA. And there are many differences; COM used DCE-RPC and added UUIDs to interfaces, for example, whereas SOM relied on simple names.

        What these technologies had in common was that they implemented binary interface compatibility between components, in a way that seemed to be the wave o

    • Microsoft's COM (also known as DCOM)

      No, DCOM is distributed COM, not identical to COM, but a superset. COM itself is a component-object model that is a nice piece of work in my opinion.

      COM is a binary, language independent standard for using services provided by objects without depending on the implementation.

      Instead of direct linkage to functions, for example, clients must request access to interfaces, and only use the services if the request succeeds.

      Interfaces amount to a C-Cstyle struct with func

        • No, DCOM is distributed COM, not identical to COM, but a superset.

        In theory, yes; that'd be the case if we were talking about something like a standard. In reality, there's only a single implementation of COM, which today includes the distributed object support; it's all DCOM now.

        • No, DCOM is distributed COM, not identical to COM, but a superset.

          In theory, yes; that'd be the case if we were talking about something like a standard. In reality, there's only a single implementation of COM, which today includes the distributed object support; it's all DCOM now.

          Not true. The product I work on has it's own implementation of COM, but does not use DCOM at all. The standard parts of COM are well-published in books (e.g. the Don Box COM book, the Microsoft ATL book etc - both excellent),

    • I have a faster way of guaranteeing a unique 128-bit identifier given a unique MAC address.

      guid = mac_address + padded_zeros;
      • I have a faster way of guaranteeing a unique 128-bit identifier given a unique MAC address.

        Yeah, and what about all the other UUIDs generated on that host?
        • I have a faster way of guaranteeing a unique 128-bit identifier given a unique MAC address. guid = mac_address + padded_zeros;

        That gives you a single identifier. What do you do when you need another one?

    • I've worked with COM and DCOM a while back and am somewhat familiar with RPC on UNIX boxes.

      I've never programmed in RPC directly, but I do know that it has been a horrible nightmare in terms of security for both the MS and UNIX platforms for many years.

      Its not something that brings a pleasant thought to my mind.

      Microsoft's COM (also known as DCOM)

      Maybe I'm wrong, but I thought there was a difference between the two. COM was Component Object Model while DCOM was Distributed COM (COM on another box).
      • I've never programmed in RPC directly, but I do know that it has been a horrible nightmare in terms of security for both the MS and UNIX platforms for many years.

        You can't make an open ended statement like that and not provide an explaination.

        DCE/RPC (which is what MSRPC basically is) provides integrity and confidentiality using the session key. If you don't properly check input and then yes you're going to have buffer overruns. If you want to program like that use Java.
        • You can't make an open ended statement like that and not provide an explaination.

          I though it was common knowledge and I didn't want to beat a soar wound.

          For MS try

          For Solaris try

          I'm not too familiar with MS products, but a few years back we had about 60 Solaris boxes broken into via an RPC exploit (fortunately not mine).
      • While there is technically a difference between the two protocols, if you are careful when you are developing software for either you can do both simultaneously. Basically, tying yourself to just COM objects can in the long term kill you as a developer.

        Still, trying to create well-behaving COM objects is always tricky, and sometimes they can give you massive fits. In addition, the DCOM procedures provide massive, and I mean massive security holes if you don't watch the default configurations carefully.
    • Microsoft's COM (also known as DCOM) sits on top of this RPC layer to implement a distributed component object model -- one of Microsoft's finest and most underrated inventions. It's also one of their most copied technologies -- KDE, GNOME, OpenOffice (UNO) and Mozilla (XPCOM) all implement very similar object models.

      COM and DCOM are not the same thing: COM is a local component model, DCOM is a distributed layer on top of that.

      And, no, this is not "Microsoft's invention", it is Microsoft's adaptation of
  • by finkployd (12902) on Friday January 14, 2005 @04:34PM (#11366512) Homepage
    DCE is the core middleware at PSU and has been for years. Your access account you use for everything is a DCE principle (Which ends up being KerberosV + some stuff).

    The PASS filespace is DFS which is the distributed filesystem componant of DCE. Webmail and the Portal (wehmail.psu.edu portal.psu.edu) are built on top of the filesystem.

    eLion is a client server application that uses Smalltalk on the web front end and Natural/Adabas for the backend (running on an IBM zSeries mainframe). A custom in house developed DCE RCP middleware mechanism is used to get them to talk to each other. This lets us do dynamic load balancing without special hardware, adding and removeing backend servers and automatically have them put into the locally managed "server pool" on each web server front end, and validating the calls on the backend via the kerberos credentials of both the web server and the user making the call. (can you guess what I did for the last 3 years?)

    Now, IBM has end of lifed DCE, which screws us (and several National Labs, Merck, Cal Poly Tech, Buffalo U, Pain Webber, a handful of other universities, etc). PSU is migrating off of it to MIT KerberosV, LDAP, a "yet to be determined filesystem" (probably OpenAFS, which is a 10 year step backward), and I have absolutely NO idea how we will replace the RPC.

    Anyway, PSU people have been using DCE heavily for about a decade and many didn't even know it :) It really was/is a cool and powerful system. Its one major failing it the complexity and effort needed to set it up.

    Finkployd
  • ....It uses DES for encryption! Yuck!!!!! Big time! At the very least, they could have hacked it so you could use AES instead, if you wanted.
  • Pardon my cynicism, but does anyone else get the impression that the new End of Life announcement is framed in terms of "we are pleased to announce the open source release of..."

    i.e. Let's outsource support for this sucker! I mean, how excited am I supposed to get, in 2005, about a techmology that allows me to marshall/unmarshall data and call remote procedures over the 'net? Isn't that already being done (a lot) by the various CORBA and RPC stuff already running on my Linux box?

  • by krbvroc1 (725200) on Friday January 14, 2005 @07:17PM (#11368775)
    Tandy Corporation is rumored to have just made TRS-80 firmware open source. With the competitive race to open source things, several dead vendors are trying to ride on the OSS coat tails.

    Rumor has it that SwiM Motif may up the ante. Not to be outdone, the Transmeta Linux distribution is being resurrected. OS/2 Warp may follow. Stay tuned...
  • Not just the RPC (Score:2, Informative)

    by Krisbee (644227)
    Some clarification.
    It's not just the DCE RPC that has been released, it's the whole schebang, including:

    * The build environment (ODE)
    * The vast documentation with specs
    * Threads (Ugh!, Please don't use)
    * RPC
    * Directory services
    * Security services
    * Time sync
    * File service (DFS) including the Episode file system.
    * Test procedures
    * The various administration tools
    * The tools needed to make DCE applications.

    The code is old, however and building this is not for the faint of heart, but there's lots of good stuf
  • by 4of12 (97621)

    I don't mean to sound like a troll, but what does DCE/DFS buy me now?

    With kerberos, pam, ldap and NFSv4 it seems like alternatives are available. And the 90% of computer users in the enterprise needing authentication, directory service on Windows users are getting embraced by AD.

    Plus, last time I remember using DCE/DFS about 7 or 8 years ago it was sloooooow.

"Right now I feel that I've got my feet on the ground as far as my head is concerned." -- Baseball pitcher Bo Belinsky

Working...