Thursday, November 1, 2007

Windows Home Server

I was reading on Gizmodo earlier about Windows Home Server. Apparently, this is a flavor of Windows Server that is being marketed toward average users, with a focus on families. The idea is to facilitate the process of creating a cohesive home network. It is meant to provide easy backups, act as a file server, and even act as a web server. The OS would come pre-installed on server-grade hardware - boxes containing expandable RAID arrays and the like. That is what is intended.

Here is what I think: there is a reason that people who know what they are doing are employed as server administrators. Every service offered creates a new potential attack vector for prospective hackers. I shudder at the thought of someone who knows little to nothing about how a web server functions running one out of their house.

Plus, here is one of the core differences between a Windows client OS (e.g. XP) and a server OS (e.g. Server 2003): the server OS supports more than 8 concurrent SMB connections. The other main difference is that clients can't be domain controllers. That said, if you know what you are doing (that annoying caveat for which MS is trying to obviate the need), you can build such a setup using an XP computer; you don't need a Server OS for this since you probably have less than 8 computers at your house.


Richard said...

"I shudder at the thought of someone who knows little to nothing about how a web server functions running one out of their house."

Hmm, I wonder about this, Chris. As long as web servers and other "server OS" applications are only available in the Microsoft world by buying an expensive operating system -- which is overkill for most home networks -- or going through a painful setup process for a Windows version of software that was probably originally designed for a POSIX system (e.g., Apache), home users don't have any way to learn. Maybe you're right, and they will do dumb things; but it's their right to make the decision not to learn, not Microsoft's. Up until now, Microsoft has been making that decision for them, by shipping crippled versions of IIS and other potentially useful software.

I'm of the general opinion that if you treat your users as if they were incompetent, that's how they're going to act. I am skeptical that Microsoft is becoming enlightened on this point, but at least the Home Server version of Windows might open up a few more opportunities for people.

Of course, I'm not going to root for it. Maybe we can advocate for Debian, Apache and Samba together?

Chris Mustazza said...

I completely agree that the only way to learn how to set up and configure systems like these is to do it, and I agree that people should have the opportunity to do so.

What I disagree with is the marketing schemes used by products like these - that it can be "easy" to set up and run your own web server. I am all for simplicity, but easy in this sense in the black box model - "I'm not really sure how it work, it just kind of does."

This is the kind of attitude that can get you into trouble. There *will* be all kinds of security vulnerabilities with this that need to be patched and if users don't understand that, they will find out the hard way.

Perhaps this: an open source software package that is designed to teach prospective server admins how to do things correctly. It could walk you through an install of Apache, show you configuration errors, etc. Basically, it could teach you how things work rather than give you Pandora's box.

Richard said...

"What I disagree with is the marketing schemes used by products like these - that it can be 'easy' to set up and run your own web server."

Well, I'm with you there. Having recently configured IIS 6.0 from scratch, I've found that the very things that are supposed to make it easy (GUI interface, native integration with the rest of Windows) tend to make administering it infinitely more complex. The help is impenetrable if something goes wrong that you don't understand, and the default settings are so tightly locked down as to be unusable for serving anything but static pages -- and this is the "Enterprise" version of the technology!

There is a steep learning curve just to understand the enterprise admin lingo. The problem is that because of Microsoft's dominance, that becomes the technology: learning their way of doing things so that you can do them quickly.

It can be easy to set up and run your own web server, if the software comes with a brief setup wizard and some reasonable defaults, and has good help when you want to go further. All of these things appear in the free software world, which is no mistake: when users can determine their own needs and customize the software to meet them, the software becomes more usable by anyone with the same needs.

It might seem like I'm doing some MS bashing here, but really, I'd like to see them get smarter about this, not just disappear into oblivion. A software package that teaches people several common methods of doing things and the reasoning behind them (instead of locking down all but a small set of options by default and obscuring them from view) is something the next IIS could really use. But if it doesn't come soon, I'm sure the number of MS web servers out there will fall further behind, which won't bother me much.

On a slightly related note, I'm in the midst of going through the Django tutorial. Pretty sweet stuff! Do you guys use it there at Penn anywhere?