←back to thread

Microsoft Dependency Has Risks

(blog.miloslavhomer.cz)
154 points ArcHound | 1 comments | 25 Jun 25 20:08 UTC | HN request time: 0.199s | source
Show context
firesteelrain ◴[25 Jun 25 21:16 UTC] No.44381913[source]
For most businesses, the cost and difficulty of shifting away from Microsoft outweigh the benefits
replies(4): >>44381959 #>>44381985 #>>44382500 #>>44384846 #
smaudet ◴[25 Jun 25 21:27 UTC] No.44381985[source]
Maybe.

Some things go deep, true. However most businesses don't use most of Microsoft products - even the ones that do, the usage of the more complicated products is far more minuscule than imagined by e.g. CFOs, etc.

The real thing keeping many "in the fold" as it were would be authentication services.

Which are overcomplicated and probably easier to manage without...

replies(2): >>44381991 #>>44382259 #
okanat ◴[25 Jun 25 22:10 UTC] No.44382259[source]
It really depends on the size of the business. With smaller businesses it is easy to use alternatives. However any business beyond 1000 employees will give in to shareholder pressure and adopt distrust as its core value.

Microsoft Active Directory has excellent tooling for middle-management-heavy businesses. For better or for worse it provides the most integrated solution to reduce a desktop PC to a perfect thing for repetitive, boring, soul crushing office work. No other software solution comes close.

While I like Windows as a desktop platform, the reasons that it was designed as it is are very clear. To make cheapest laptops as dystopian as possible, you need systems that can run the same boring software for decades. Not for the good for the environment but for profits.

Windows provides all APIs to deeply integrate with Active Directory and MS Office. All engineering, accounting and finance software are deeply integrated with them. They literally run entire countries. I have seen engineering software that used Visio diagrams for designing factory pipelines. It is near impossible to pull the bigger businesses and governments out of this trap without completely upending entire sectors worth trillions. I think only very determined regimes like China can pull it off.

replies(1): >>44382444 #
andyferris ◴[25 Jun 25 22:41 UTC] No.44382444[source]
Out of curiosity, how hard would it be to copy Active Directory in an open source project (like how Excel is copied by LibreOffice)?

Like if orgs need this capability why is there no good open source solution?

replies(3): >>44382889 #>>44382978 #>>44383026 #
1. kj4ips ◴[26 Jun 25 00:13 UTC] No.44383026[source]
Massive. AD isn't just LDAP and Policies. There's somewhere around 14 services that are involved, even NetLogin still has it's tiny part to play. AD uses LDAP referrals, expects clients to follow them, and use the SRV records to find the DC in the same site (if one exists). AD as it is typically deployed is active/active multimaster with per-record tiebreaking based on edit time, client-based load balancing with proximity awareness, ACLs for every possible field and record, overridable at any point in the tree (389ds can do this, but openldap is a nightmare). There's a full automated PKI in there for managing certs for everything, and that's before we get into the KDC logic, the strange things SYSVOL can do, and various other things that integrate with AD.

Samba, krb5 &co can handle small cases, but it's architecture is still stuck in the nt4 days, and there's limited cohesive integration with LDAP and the other services.