[nycbug-talk] [Fwd: Security Threat Watch 028]

Bob Ippolito bob
Tue May 11 17:27:31 EDT 2004


On May 11, 2004, at 5:44 PM, Pete Wright wrote:

> Bob Ippolito wrote:
>
>>
>> On May 11, 2004, at 4:50 PM, Pete Wright wrote:
>>
>>> Bob Ippolito wrote:
>>>
>>>>
>>>>>> If you're an OS X shop that forces everyone into using SMB, 
>>>>>> you're  just
>>>>>> making your life more difficult.
>>>>>>
>>> yea i disagree here, sorry.
>>
>>
>> Obviously, it's hard to say that the time you've invested in making  
>> sure that only this more "open" protocol is supported hasn't bought 
>> you  more than resource fork ugliness, mysterious long file transfer  
>> interruptions, filename handling peculiarities, and permission 
>> issues.   Most of these things can probably be worked around, but 
>> that takes time  that would've probably been better spent leaving 
>> things to AFP for an  "OS X shop".
>
> couple things then i gotta work ;)  i don't rely on smb.  sorry if it 
> came out like that.  frankly i use the best tool for the job at hand.  
> nine times outta ten it's nfs.
>      now, do i run a "pure" apple shop.  no, aside from home users and 
> apple corp. i can't think of any apple only shops.   in fact i would 
> argue that it would be a bad thing to rely on a single 
> technology/vendor for anything.  thank god steve figured that out and 
> let's me mix and match all sorts of crazy things like 
> smb/nfs/sneaker-net(that's my favorite)/afp to get things working.
>    from what i've seen working at various places in the city is that 
> people are using OSX on the desktop and building a cheap linux/bsd 
> fileservers for storage.  it works, takes less than a day to implement 
> and everyone is happy.  is it ideal?  no.  thank god, otherwise i'd 
> prolly be outta work ;^)

You didn't say you had clients and servers running other operating 
systems.  In any case, as Isaac points out, there are plenty of 
implementations of AFP to choose from that more than likely work just 
fine with your cheap linux/bsd fileservers.

>>>>> sure, but its also a very chatty protocol, which is enough to  
>>>>> generally
>>>>> steer me away from it.
>>>>
>>>>
>>>>
>>>> Are you sure you're not talking about AppleTalk, the network layer  
>>>> that AFP doesn't depend on or even typically use in OS X?
>>>
>>>
>>> so what does OS X use now on the "network" layer?
>>> here's an interesting link regarding AppleTalk and the OSI layers:
>>>
>>>
>>> http://developer.apple.com/documentation/mac/Networking/Networking 
>>> -21.html
>>
>>
>> TCP/IP / ZeroConf / Rendezvous / LDAP takes the place of AppleTalk.
>>
> which one is it by default?  i'm honestly interested.  i was under the 
> assumption that DDP("AppleTalk") was being used when i enable 
> "AppleTalk" in the OSX controll panel.  how else would OSX clients be 
> able to play with OS 8/9 clients and vice-versa?

TCP/IP - Base network layer
ZeroConf - Gets an IP address without a DHCP server
Rendezvous - Service discovery
LDAP - More service discovery, SSO
(ZeroConf and Rendezvous are actually the same spec, but I'm using the 
names to mean different things)

AppleTalk did all of these things.  When you enable AppleTalk in the OS 
X control panel it's enabling AppleTalk, which allows it to talk to 
OS8/9 clients and vice-versa.  AppleTalk is not on by default, because 
they've replaced it with open standard technologies.

>>>> Even if it *were* particularly chatty, the protocol was originally  
>>>> designed a long time ago.  Could it even have a remotely possible  
>>>> chance of bogging down your 100mbit or faster ethernet?
>>>
>>>
>>> yes, yes it can.  it's happend to me a couple times actually.
>>>
>>> i've spent far too much time trying to debug AppleTalk problems 
>>> during  the OS8/9 days to even go back to that situation.  now i'm 
>>> really  curious tho, i'd like to see some comparisons between afp 
>>> over  appletalk vs. non-appletalk.  does it run as quickly, what 
>>> about the  overhead etc...
>>
>>
>> You're talking about AppleTalk again, I was talking about AFP.  It's  
>> well known that AppleTalk is indeed chatty, but I haven't heard 
>> anyone  ever say that same of AFP.
>>
> yea i know i was.  still think it's interesting tho...

The current implementation runs better over TCP/IP.

-bob





More information about the talk mailing list