[cisco-voip] Problem wth freeSSHd SFTP backups on CCM 6.0

Mon Nov 26 12:05:12 EST 2007

On Mon, 2007-11-26 at 10:00 -0600, Jonathan Charles wrote:
> How is MS responsible? Or is this just simple 'I am of the Linux
> people, Bill Gates is our Satan...'
> 
> Did MS force Cisco to use SFTP (a protocol I didn't even know existed
> until CCM5...)

That someone else doesn't know a protocol exists shouldn't be *my*
problem.

I think what the poster you replied to probably means is that if
Microsoft were more compliant to world standards (standards that predate
Windows *and* Linux), there would be no problem. Instead, Microsoft
would prefer that you to *buy* a product to solve the problem, whether
from them or business partner.

There is a common misconception among the Microsoft "koolaide drinkers",
that Linux people hate Microsoft just because. Really, it boils down to
duplication of effort. For example, there are standards, well designed
and well documented, for displaying web pages. These standards are
rooted in work done years ago, before Windows and before Linux. They are
good standards and they work. They have been updated continuously as
technology advances. Everything you might want to do with a web page is
covered. What the standard does *not* cover, however, is a way to
display web pages that work only on one brand of browser. That is, by
definition, non-standard. So, what does Microsoft do? Add code to their
browser for different tags that makes things display in a manner
identical to the standards, but then encourage users to use THOSE tags
instead of the standard tags in their web content. The effect is that
when a browser that is standards compliant views that web page, they get
an error, but Microsoft's browser displays it. Ironically, Microsoft's
browser *does* display standards compliant pages correctly because
otherwise, their users would complain about that.

That same proprietary philosophy is rampant in Microsoft's entire
product line. They take a good standard, emulate it's function with
proprietary methods and publish it as if *that* were the standard.

How does this tie to duplication of effort? Simple. Systems admins end
up having to make non-standard allowances for the people running
Windows, and it usually ends up costing money, either in purchased
products or development time. If it's already there, there is no
duplication of effort.

Yes, SFTP is included in virtually every distribution of Linux. Ya know
why? Because it's an accepted world standard and everyone who wants
their computers to work together expects it to be there, like it was
with UNIX and AIX and BSD and SunOS before. It's not there in Windows
and unless you own Microsoft stock, that doesn't make sense.

Here is a well written essay that explains that and other related
problems very well: http://www.cryptonomicon.com/beginning.html  Oh, and
if you are like most Microsoft users and would rather purchase something
that everyone else gets for free (without stealing it), it's also
available on Amazon and the like. Search for Neal Stephenson's "In The
Beginning Was The Command Line".

> On Nov 26, 2007 9:11 AM, Jerky <lists at jerkys.org> wrote:
> > I agree Cisco should have thought about it a bit more when deciding to
> > force the more secure sftp/scp protocols since there aren't many(or
> > maybe even any) solid choices for an sftp service on windows.

Perhaps, but Cisco's "other" business is not just networks, but *secure*
networks. Using a backup protocol that shows your CallManager's admin
password in clear text is a huge step backwards and I wouldn't want the
liability, either.

Robert