[nycbug-talk] [Fwd: Security Threat Watch 028]

Bob Ippolito bob
Tue May 11 14:48:25 EDT 2004

On May 11, 2004, at 2:11 PM, Brad Schonhorst wrote:

> On May 11, 2004, at 3:06 PM, Pete Wright wrote:
>> Bob Ippolito wrote:
>>> On May 11, 2004, at 12:59 PM, Pete Wright wrote:
>>>> Pete Wright wrote:
>>>>> Bob Ippolito wrote:
>>>>>> On May 11, 2004, at 12:24 PM, Pete Wright wrote:
>>>>>>> Mikel King wrote:
>>>>>>>> Has anyone encountered this MAC bug?
>>>>>>> i have heard of it, altho i don't think there is a virus or worm 
>>>>>>> loose yet.  the good news is that it's AFP that has the vuln, 
>>>>>>> which i think most OSX shops have moved away from by now...i 
>>>>>>> hope ;^)
>>>>>> For what, SMB?  NFS?  You must be kidding.
>>>>> no i'm not.  sorry.
>>>> what other crossplatform, mostly open (via samba) network file 
>>>> system would you suggest?
>>> You said "most OSX shops", if it's an OS X shop, you don't care 
>>> about using a protocol that would interop with something else.  In 
>>> my experience, when you have macs talking to macs you use AFP, 
>>> otherwise you use SMB.  You have to go out a little bit out of your 
>>> way on every client and server to use something other than AFP if 
>>> they're both macs.  There is no very compelling reason to move away 
>>> from AFP.
>> hey i'm an OSX shop, but that doesn't mean i shouldn't take into 
>> consideration how things are gonna grow in the future.  I guess the 
>> argument against afp, despite all of it's positive aspects, is that 
>> people are now free to move away from it and use more open 
>> technologies.  i was just assuming most people were i guess.  doesn't 
>> seem to crazy to me...
> As of 10.3 apple is moving towards ldap for managed clients.

If you're an OS X shop that forces everyone into using SMB, you're just 
making your life more difficult.

LDAP is a central directory for metadata, not files, what does that 
have to do with anything?

Apple has no obvious plans of moving to another filesharing protocol 
for their default.  They currently support WebDAV, SMB, NFS, and AFP, 
so the people who want cake can eat it too.

By the way, AFP is a perfectly open technology.  There are open source 
(cross-platform!) implementations, and UNLIKE SMB, the wire protocol is 
publicly documented by the originator, Apple.  I'm not saying it's an 
ideal protocol, but it does what it does well, and it supports the 
platform you're using a whole hell of a lot better than SMB does, so it 
would make your life easier if you used it.  None of the filesharing 
protocols have a history of being secure, and in fact, I would say that 
AFP has the most pristine record of the bunch, so security isn't a real 
good reason either.


More information about the talk mailing list