Apple, more “evil” than Microsoft?

A tad emotive title so I will quickly admit the following :-
– I have been a Windows user.
– I have used OS X intermittently, mostly when trying to get the Macbook for a friend.
– I have experienced “Apple support” when helping a friend who has a Macbook
– I now primarily use Linux and BSD software.
– I am not a Microsoft apologist, most people who meet me think I hate Microsoft, I don’t, I do not agree with their business practices and I think that most of their products are useless.
– I have used MacOS beyond a home user level.
– I have used OS X from a techy level.
– I just want to get stuff done with as little fuss as possible.

There we go, you know a little about me 🙂

This is something I have been wrestling with for a while now, if you go over to typical geek sites like Slashdot or OS News frequently you get idiotic statements like “I hate Microsoft so I use OS X” or “If you hate Microsoft buy a Mac”.

Why do I think these statements are idiotic? well basically because when you actually look at it the only difference between Apple and Microsoft is market share.

Apple insist that you only run OS X on Apple hardware, Microsoft insist that you only run Windows applications on Windows, see it is a tie. Microsoft bundle IE7 and set it as a standard with Windows, Apple does the same with Safari, admittedly most Linux distros do this with Firefox. The reason most people attack Microsoft here is purely historical, if I did a default install of a modern operating system arrived now without a web browser then I would be annoyed. There is the argument that IE is forced upon you for certain tasks in Windows (Windows update for example) and it cannot be removed but I would appreciate it if someone could confirm if the same applies to OS X.

Then the DRM issues, now if I wanted to be emotive then I would say that the latest version of Vista in this aspect amounts to theft. The amount of processing power wasted and features disabled because of DRM on Vista in my eyes amounts to theft, you have taken my computer and made it work for industry groups in America and not me. My toaster does not tell me I can only use Hovis bread in it, I bought the bread, I bought the toaster, both are mine, make me toast damnit! 🙂 Apple are no better, they constantly push their own formats complete with DRM payloads for iTunes and iPods and for the OS itself. Apple are one of the biggest DRM pushers out there.

Abuses of monopoly, again both guilty, Microsoft for virtually every anti-trust issue known to legal systems worldwide, now Apple don’t have the market share to do this to the same extent so they frequently turn on the people who actually buy their products. DCMA takedown notices issued to Mac news sites, new products like the iPhone (possibly the most overhyped thing since the segway) is a closed shop, you can’t develop for it unless Apple say you can. You want something, you buy it from Apple. Apple is also not squeaky clean on the financial front either, they have done their own dodgy dealings like the whole issue of backdated share options, it is just they have a better PR spinner for the legal team 😉

Marketing, marketing, marketing, that is what it boils down to, I do believe that Apple would be far more “evil” than Microsoft if they had the market share to do it with, they seem to prove it with what they do to their customers. I am equally sure that Microsoft would be far more “evil” if everyone wasn’t watching them like a hawk.

Realistically the key difference between the two is that you have to buy your hardware from Apple if you want to run OS X and you buy your hardware from any number of companies if you are running Windows.

Oh the linux thing, I almost forgot to put the boot in… Stop trying to put Linux on Apple kit. It is not helping, you are not motivating Apple to release hardware specifications you are just giving them more money, this also applies to efforts to “free” the Microsoft Zune, if people want to support open standards then buy products that actually support them! Don’t by a Zune, don’t buy an iPod, buy something that will work with everything. Don’t buy an iPhone, get a Neo from FIC, work with the people that believe in the same beliefs as you. Support hardware from people that want to support you, besides reverse engineering is a pain in the arse and can always have hidden bugs. This does not stop at phones, you want a PVR? Get a Neuros device it is everything the Apple TV box is and more and they want you to work with them, they will give you everything you need if you are a developer and if you are a consumer they listen to what you want, this is (also it is in a nice box so don’t tell me it is the aesthetics either…)

These companies are businesses, they have to make a profit, this profit comes from you. Spend wisely 🙂

I am sure I will get flamed for this…

Radius, LDAP and Ubuntu

So off on my adventure of building an LDAP based corp network I come to my next challenge 🙂 I want to have all my network authentication done with Radius, and I want it to backend onto the LDAP directory. The idea is to store EVERYTHING in LDAP to make life as easy as possible.

I have found a wonderful article here :
http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch31_:_Centralized_Logins_Using_LDAP_and_RADIUS
The only problem is that it is done for Red Hat based systems. Not an issue as it is still linux but some things are done differently. Eg. radiusd.conf is in /etc/freeradius on Ubuntu but /etc/raddb on Red Hat.

PAT testing….

Well we have someone doing PAT tests in the office and I am not sure he is paying attention, sure he refused to test my heavy duty power over Ethernet adapter 🙂 (16A commando to an RJ45 :):) “er you don’t plug that in do you?!?” ) but he has amusingly signed off something he shouldn’t have 🙂

The 3 socket 16A adapter from this story : http://theinquirer.net/default.aspx?article=30533 has now got a big shiny PAT test passed sticker on it 🙂

I don’t think his heart is really in it 😛

ed: 19/7/07 Someone tipped him off about it and it is now marked failed 🙂

LDAP GOSA Pain and Suffering :)

It works! It finally works!
Well it is installed 🙂

apt-get install gosa was pretty straight forward, so onward to adding the schema files to openldap, this is where I hit problems.. I was following the instructions for Debian at : http://lena.franken.de/ldap/installing_gosa_debian_sarge.html and utterly failing at step 2 was quite demoralising 🙂 I kept trying removing various schema to enable slapd to start but no joy….
I was getting all sorts of weird errors such as:
root@telfs01:~/ldap/smbldap-installer# slaptest
/usr/share/doc/gosa/contrib/openldap/samba3.schema: line 185: Duplicate attributeType: "1.3.6.1.4.1.7165.2.1.24"
slaptest: bad configuration file!
root@telfs01:~/ldap/smbldap-installer# vim -N /etc/ldap/slapd.conf
root@telfs01:~/ldap/smbldap-installer# slaptest
/etc/ldap/schema/gosa+samba3.schema: line 292: AttributeType not found: "gotoLogonScript"
slaptest: bad configuration file!
root@telfs01:~/ldap/smbldap-installer# vim -N /etc/ldap/slapd.conf
root@telfs01:~/ldap/smbldap-installer# slaptest
/etc/ldap/schema/gosa+samba3.schema: line 292: AttributeType not found: "gotoLogonScript"
slaptest: bad configuration file!

Eventually I find out what is happening with a helping hand from Elleo over on #lugradio (cheers!) and it was a schema problem, now a load of stuff on the web about GOSA mention gohardware.schema but it looks like that has now been split into separate files, so the best thing I can recommend is that you just go to /etc/ldap/schema and just look for anything with the same age at the GOSA schema and bang it in 🙂 In my case :
root@telfs01:/etc/ldap/schema# ls -l

total 344

-rw-r--r-- 1 root root 8231 2006-12-13 15:56 corba.schema

-rw-r--r-- 1 root root 20591 2006-12-13 15:56 core.ldif

-rw-r--r-- 1 root root 19762 2006-12-13 15:56 core.schema

-rw-r--r-- 1 root root 74080 2006-12-13 15:56 cosine.schema

-rw-r--r-- 1 root root 1553 2006-12-13 15:56 dyngroup.schema

-rw-r--r-- 1 root root 1116 2007-02-05 13:48 goconfig.schema

-rw-r--r-- 1 root root 3284 2007-02-05 13:48 gofax.schema

-rw-r--r-- 1 root root 3775 2007-02-05 13:48 gofirewall.schema

-rw-r--r-- 1 root root 13032 2007-02-05 13:48 gofon.schema

-rw-r--r-- 1 root root 13640 2007-02-05 13:48 gosa+samba3.schema

-rw-r--r-- 1 root root 13507 2007-02-05 13:48 gosa.schema

-rw-r--r-- 1 root root 8552 2007-02-05 13:48 goserver.schema

-rw-r--r-- 1 root root 12421 2007-02-05 13:48 gosystem.schema

-rw-r--r-- 1 root root 2602 2007-02-05 13:48 goto-mime.schema

-rw-r--r-- 1 root root 6708 2007-02-05 13:48 goto.schema

-rw-r--r-- 1 root root 6360 2006-12-13 15:56 inetorgperson.schema

-rw-r--r-- 1 root root 13984 2006-12-13 15:56 java.schema

-rw-r--r-- 1 root root 2471 2006-12-13 15:56 misc.schema

-rw-r--r-- 1 root root 7723 2006-12-13 15:56 nis.schema

-rw-r--r-- 1 root root 3391 2006-12-13 15:56 openldap.ldif

-rw-r--r-- 1 root root 1601 2006-12-13 15:56 openldap.schema

-rw-r--r-- 1 root root 19689 2006-12-13 15:56 ppolicy.schema

-rw-r--r-- 1 root root 2968 2006-12-13 15:56 README

-rw-r--r-- 1 root root 16327 2007-07-16 14:44 samba.schema

-rw-r--r-- 1 root root 19059 2007-07-16 15:00 samba.schema.backup

I have put the ones I needed in bold 🙂

I am not sure if these need to be in a specific order but I have goto.schema near the end and gosa+samba.schema at the very end, so the top of my slapd.conf is :

# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/nis.schema

include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/goconfig.schema
include /etc/ldap/schema/gofax.schema
include /etc/ldap/schema/gofirewall.schema
include /etc/ldap/schema/gofon.schema
include /etc/ldap/schema/goserver.schema
include /etc/ldap/schema/gosystem.schema
include /etc/ldap/schema/goto-mime.schema
include /etc/ldap/schema/goto.schema
include /etc/ldap/schema/gosa+samba3.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on

# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2

I am sure if it was not a Monday this would not have been so painful….

More Compiz Fusion Demos

Compiz fusion is the name that of the recently merged Compiz and Beryl projects (Beryl was a fork of Compiz) and it all got very complicated but they have agreed to bury the hatchets and work together again 🙂 which is good news, anyway I got sent this YouTube clip the other day which is a demo of some of the new stuff they are working on 🙂

http://www.youtube.com/watch?v=E4Fbk52Mk1w

Pretty snazzy stuff, I am merely running vanilla compiz here at the moment, but apparently the next version of Ubuntu in the autumn will have Compiz Fusion instead 🙂 🙂

SAMBA/LDAP Installer

At work I am in the process of building/designing a new corporate network, one of the key parts of this is a SAMBA server with an LDAP back end. I am trying to keep the whole backend stored in LDAP and make the whole setup as standards compliant as reasonably possible. The reason for using LDAP is that at somepoint we will probably have to chuck in a Windows server and fortunately this is one of the few standards it talks 🙂

Anyway, the server is running Ubuntu, the choice for this was motivated by the fact the the people doing the day to day stuff on this are not Linux users but Windows techs, therefore I am trying to make this as user friendly for them as possible.

I have been through all the howto tutorials I can find on SAMBA/LDAP and did get it working at one point but it was a painful experience until I happened to come across:

http://majen.net/smbldap/

This is a wonderful script that does all the work for you 🙂 It does not just run on Ubuntu but several other distros too 🙂

IIRC the only thing I needed to do was edit /etc/samba/smb.conf and add :


ldap delete dn = Yes
add user script = /usr/local/sbin/smbldap-useradd -m "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

And then everything just works 🙂