Thread: [Openvpn-als-devel] Future of Adito/OpenVPN ALS
Brought to you by:
francisdinha,
mattock
Menu
▾
▴
openvpn-als-devel
|
From: <sam...@gm...> - 2010-04-07 09:02:28
|
(I've initiated this discussion simultaneously on both mailinglists and on the "Open Discussion" forum) Hi all, As you may have noticed, ALS has not been developed actively since last summer / early autumn: * http://sourceforge.net/apps/trac/openvpn-als/wiki/scrum_chatlogs * http://dir.gmane.org/gmane.network.openvpn.als.devel In addition, the lack of maintenance development since the fork (in May 2008) means some parts of the code are falling apart already due to changes in Adito/ALS operating environment (the UNIX auth module, CIFS support in networkplaces...). Also, there are at least two known security vulnerabilities and expecting a fix would be unrealistic: * <http://sourceforge.net/apps/trac/openvpn-als/ticket/2> * <http://thread.gmane.org/gmane.network.openvpn.als.user/12> I had hoped that OpenVPN Technologies Inc. - my current employer, btw - would have allocated development resources into the project. However, after having long discussions with James (CTO) and Francis (CEO) we decided not to support OpenVPN ALS. Just for the record I fully agree with them on this. The rationale behind our decision boils down to this: * We already have a similar product, OpenVPN Access Server, which - serves 90% of the same needs as ALS - we know very well (as we wrote it) - does not require hiring JavaEE developers * We only need the reverse proxy / replacement proxy capabilities of ALS, for which there other more lightweight solutions * We do not wish to support) ALS as a separate product alongside Access Server There are many generic problems with monetizing on OpenVPN ALS - the biggest problem being the GPLv2 license coupled with the lack of full copyright to the whole codebase. This prevents 3sp-style proprietary add-ons without going against the spirit of the license, e.g by trying to circumvent the GPLv2 limitations in "NVIDIA style". I can't think of any other commercial business model that would work for this particular project. I don't think there has been any significant demand for commercial support services, even though they've been available for a long time now: * <http://sourceforge.net/apps/trac/openvpn-als/wiki/commercial_support_options> To make things worse, the project is ill-suited for a community-driven project. There are quite a few reasons for this: * There's very little high-level documentation available * Codebase is very large and the components are tightly integrated, meaning that - nobody really knows the codebase inside out well enough to help new developers - the barrier to entry for new developers is _very_ high - application maintenance is very costly * The application is built on a semi-obsolete JavaEE framework (Struts Classic), which means that - big parts would have to be rewritten soonish, probably in a couple of years - the code is very difficult to understand unless you know Struts Classic conventions * The scope of the application is very narrow which means that - it can't be used as a building block for other projects (which would increase development effort) - the userbase (=number of potential contributors/developers) is pretty small Earlier I tried to organize s.c. "Joint commercial development" without any success: * <http://sourceforge.net/apps/trac/openvpn-als/wiki/joint_commercial_openvpn-als_development> The problem is that the companies that have SSL-Explorer/Adito/OpenVPN ALS customers seem to be small and either don't have JavaEE programmers on the payroll or can't allocate them to the project even part-time. This prevents any developers ever reaching a level of skill which would enable them to develop ALS itself, rather than just extensions. I have to assume that the lack of skills in community-driven OSS development also plays a part in this, so even if there are competent developers out there, they do not participate in the project. Now, what can we do? Personally I can only see three ways forward for the project: 1) Discontinue the project and let it die slowly 2) Get a single entity to create a commercial version and give them our full support 3) Get a single entity to support the community version, but gather funding from the users Currently we're clearly heading towards 1). Option 2) would probably require circumventing the GPLv2 license and proprietary add-ons to make commercial sense. I don't know of any company interested in that option, either. I think 3) is least unrealistic, but would be very difficult to organize and manage. It's also quite difficult to make people pay for something they get for free - it's much easier to just have a nice ride and jump off when boat starts sinking. From Extension Store statistics I know that there are ~1700 Adito/ALS installations out there. However, I assume many/most of those are used by private persons who are unlikely to fund the project. Companies and other organizations might, if contributing is easy enough. I personally don't want to take responsibility for organizing this, though. I _am_ willing to help whoever wants to take the challenge. Now, there are ~60 people on both of our mailinglists and some unknown number of active people on the forums. So the only way to reach every installation we need to use the built-in RSS feed reader in ALS. I feel using that is necessary if we want to try option 3). So what do _you_ think we should do with our project? Samuli PS. I have pondered most the above issues earlier on these Wiki pages: * <http://sourceforge.net/apps/trac/openvpn-als/wiki/commercial_use_of_openvpn-als> * <http://sourceforge.net/apps/trac/openvpn-als/wiki/enterprise_extensions> * <http://sourceforge.net/apps/trac/openvpn-als/wiki/modernization_project> * <http://sourceforge.net/apps/trac/openvpn-als/wiki/standardization_project> * <http://sourceforge.net/apps/trac/openvpn-als/wiki/releasing_parts_of_openvpn-als_as_separate_projects> * <http://sourceforge.net/apps/trac/openvpn-als/wiki/project_redesign> |
|
From: Jelle de J. <jel...@po...> - 2010-04-07 17:06:46
|
Hi Samuli, sam...@gm... wrote, on 07-04-10 11:02: > As you may have noticed, ALS has not been developed actively since last > summer. So what do _you_ think we should do with our project? First let me thank you for the excellent mail. The status of the project is important to me. I am also sorry to hear the project is currently dying slowly. The thing I can do for the project is a small donations around 100 Euro for either migration support or continuation of the development. As a customer/user of OpenVPN-ALS I have the following needs; I need a reverse proxy solution that can use Microsoft Active Directory for authorisation with the access controls features available in OpenVPN-ALS. I can also make my needs more basic, security is king and maintainability and sustainability is second. (OpenVPN-ALS currenlty has issues on this) I have several Intranet websites, (wiki's, e-hours, device interfaces, medical portals etcetera) that needs to become available trough one singe portal system that can handle individual access controls. Currently OpenVPN-ALS provides this. I would be said if OpenVPN-ALS discontinues, but I would really like to be supported in a functional migration to an other solution. A _migration_ how to for Squid or Pound as the "webforwarding" replacement for OpenVPN-ALS would be appreciated! Also remember that users can have large investment in excising OpenVPN-ALS in both time as money. I know of installations that have very expensive SSL certs for OpenVPN-ALS, lot of man hours to configure OpenVPN-ALS with for example user access controls and webforwardings, and all the time for the project management politics. (this can sum op to more then two full months of work) Best regards, Jelle de Jong |
|
From: <sam...@gm...> - 2010-04-08 08:42:02
|
>> As you may have noticed, ALS has not been developed actively since last >> summer. So what do _you_ think we should do with our project? > > First let me thank you for the excellent mail. The status of the > project is important to me. I am also sorry to hear the project is > currently dying slowly. The thing I can do for the project is a small > donations around 100 Euro for either migration support or continuation > of the development. Thanks for you mail, Jelle! We'll have to wait and see if others are willing to shell out some cash to support the project. I think the core problem with ALS is that it was originally (as SSL-Explorer) developed as a _product_, not as a OSS project. Many of the design decisions in SSL-Explorer reflect this; unfortunately what makes sense for a company-led project does not necessarily make sense for a community-driven project. A few examples: - integrating everything into big, complex blob (Jetty, HSQLDB, webapp, agent, webdav servlet, etc.) - adding many (unnecessary) layers of complexity (dynamic extension system, extension store, etc.) - lack of (public) developer documentation The most successful community-driven projects are relatively small and simple (which makes barrier to entry low) and pretty general purpose (which allows for a large user/developer base). > As a customer/user of OpenVPN-ALS I have the following needs; I need a > reverse proxy solution that can use Microsoft Active Directory for > authorisation with the access controls features available in OpenVPN-ALS. > > I can also make my needs more basic, security is king and > maintainability and sustainability is second. (OpenVPN-ALS currenlty > has issues on this) > > I have several Intranet websites, (wiki's, e-hours, device interfaces, > medical portals etcetera) that needs to become available trough one > singe portal system that can handle individual access controls. > Currently OpenVPN-ALS provides this. > > I would be said if OpenVPN-ALS discontinues, but I would really like > to be supported in a functional migration to an other solution. A > _migration_ how to for Squid or Pound as the "webforwarding" > replacement for OpenVPN-ALS would be appreciated! I would not say OpenVPN ALS gets discountinued - slowly fading away would be more proper way to put it. There is simply not enough interest and/or resources for developing it in purely community-driven fashion. I discussed the relative merits of application-layer and data link / network-layer SSL VPN's with James (CEO of OpenVPN) a while back. We concluded that the main advantage of an application-layer SSL VPN (such as ALS) is that it does not require a separate client installation (besides a web browser). Pretty much everything can be easily accomplished with a data link/network-layer SSL VPN such as OpenVPN: <http://www.openvpn.net/index.php/open-source.html> For example, you can easily limit which user (=IP) has access to which servers (=IP). The application itself needs to take care of access control and authorization. Many things such as drive mapping can be taken for granted when VPN operates on data link layer, whereas they are _very_ complex when operating on application layer, see <https://sourceforge.net/apps/trac/openvpn-als/wiki/drive_mapping_extension> In some environments OpenVPN (=the original one) may be somewhat difficult to configure properly. In most cases, however, it's at least as fast to setup as ALS. I managed to set up a simple VPN in ~6 hours with no prior experience. OpenVPN's user and developer communities are _very_ active and helpful in case you get stuck. I think writing migration guides (e.g. to OpenVPN (AS), Squid, Pound) would make sense. This is where our Wiki comes handy: <http://sourceforge.net/apps/trac/openvpn-als/wiki> > Also remember that users can have large investment in excising > OpenVPN-ALS in both time as money. I know of installations that have > very expensive SSL certs for OpenVPN-ALS, lot of man hours to > configure OpenVPN-ALS with for example user access controls and > webforwardings, and all the time for the project management politics. > (this can sum op to more then two full months of work) True. However, there's nothing I can do about this. I don't have the skills, time or interest to maintain the project myself and unfortunately the community-driven development model does not seem to work for ALS (for reasons stated above). Samuli |
|
From: Andrew S. <sou...@sn...> - 2010-04-12 08:50:22
|
Thanks very much for this discussion, Samuli. > I discussed the relative merits of application-layer and data link / > network-layer SSL VPN's with James (CEO of OpenVPN) a while back. We > concluded that the main advantage of an application-layer SSL VPN (such > as ALS) is that it does not require a separate client installation > (besides a web browser). This is indeed, for our site, a key advantage. I and several of my users work on locked-down systems at work, where we don't have privileges to install software, nevermind to install and configure (virtual) network interfaces. But we are able to browse HTTPS sites and run Java applets within our browsers, and this allows us to get complete connectivity through ALS. For us, that's where the value is. Andrew. |
|
From: Jacques L. <la...@te...> - 2010-04-12 09:36:35
|
On 04/12/10 10:41, Andrew Schulman wrote: > Thanks very much for this discussion, Samuli. > > >> I discussed the relative merits of application-layer and data link / >> network-layer SSL VPN's with James (CEO of OpenVPN) a while back. We >> concluded that the main advantage of an application-layer SSL VPN (such >> as ALS) is that it does not require a separate client installation >> (besides a web browser). >> > This is indeed, for our site, a key advantage. I and several of my users work > on locked-down systems at work, where we don't have privileges to install > software, nevermind to install and configure (virtual) network interfaces. But > we are able to browse HTTPS sites and run Java applets within our browsers, and > this allows us to get complete connectivity through ALS. For us, that's where > the value is. > > Andrew. > > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Openvpn-als-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel > Hi, First, thank you Samuli, for all that work you have done to manage Adito/ALS and keep it as a free project. Same for us : The value in Adito/ALS stays in its "client free" solution. The signed pre-configured java applet is the main reason why int the past we chose sslExplorer and migrated to Adito/ALS. Jacques Landru |
|
From: <sam...@gm...> - 2010-04-14 07:12:49
|
> On 04/12/10 10:41, Andrew Schulman wrote: >> Thanks very much for this discussion, Samuli. >> >> >>> I discussed the relative merits of application-layer and data link / >>> network-layer SSL VPN's with James (CEO of OpenVPN) a while back. We >>> concluded that the main advantage of an application-layer SSL VPN (such >>> as ALS) is that it does not require a separate client installation >>> (besides a web browser). >>> >> This is indeed, for our site, a key advantage. I and several of my users work >> on locked-down systems at work, where we don't have privileges to install >> software, nevermind to install and configure (virtual) network interfaces. But >> we are able to browse HTTPS sites and run Java applets within our browsers, and >> this allows us to get complete connectivity through ALS. For us, that's where >> the value is. >> >> Andrew. >> >> >> > Hi, > > First, thank you Samuli, for all that work you have done to manage > Adito/ALS and keep it as a free project. > > Same for us : The value in Adito/ALS stays in its "client free" > solution. The signed pre-configured java applet is the main reason why > int the past we chose sslExplorer and migrated to Adito/ALS. > > Jacques Landru Thanks for your comments, guys! Running the Adito/ALS project has been fun and _very_ educational. Now we'd need somebody to start work on a similar project done with an eye for the community-driven development model. Probably the only part of Adito/ALS that could be reused is the Agent - either client part (incl. the applet) or both client and server parts. The second option would provide SSL-tunneling and would be simple enough to maintain as an OSS project. Also, it would not be tied to the obsolete Struts Classic framework as it operates outside the scope of the webapp. However, even separating the Agent would be a lot of work due to tight integration of all components in ALS. Samuli |
|
From: Eric M. <em...@fr...> - 2010-04-14 07:40:19
|
Le 14/04/2010 09:12, sam...@gm... a écrit : Hello Samuli, > Thanks for your comments, guys! Running the Adito/ALS project has been > fun and _very_ educational. Nice to hear. > Now we'd need somebody to start work on a similar project done with an > eye for the community-driven development model. Probably the only part > of Adito/ALS that could be reused is the Agent - either client part > (incl. the applet) or both client and server parts. The second option > would provide SSL-tunneling and would be simple enough to maintain as an > OSS project. Also, it would not be tied to the obsolete Struts Classic > framework as it operates outside the scope of the webapp. However, even > separating the Agent would be a lot of work due to tight integration of > all components in ALS. The agent model is a great idea. The key feature is that Adito/SSLExplorer is clientless, and it had saved me in the past (locked down machine in an internet café for example). Kind regards and thanks for your work on Adito. Eric Masson |
|
From: Dave W. <da...@na...> - 2010-05-13 12:45:24
|
> > Thanks for your comments, guys! Running the Adito/ALS project has been > fun and _very_ educational. > > Now we'd need somebody to start work on a similar project done with an > eye for the community-driven development model. Probably the only part > of Adito/ALS that could be reused is the Agent - either client part > (incl. the applet) or both client and server parts. The second option > would provide SSL-tunneling and would be simple enough to maintain as an > OSS project. Also, it would not be tied to the obsolete Struts Classic > framework as it operates outside the scope of the webapp. However, even > separating the Agent would be a lot of work due to tight integration of > all components in ALS. > > Samuli > I would like to add my thanks to you for all that has been done so far. As for your points about the agent, et al, I was put in mind of the Java Tunnel Service (https://javatunnelservice.dev.java.net/), which seems to be a reasonable starting point for an agent replacement. Comments? Cheers, Dave |
|
From: Arne M. J. <arn...@gm...> - 2010-04-08 10:23:10
|
I don't have much to add to the discussion but I just wanted to make one point of why a web-based SSL VPN is useful. In my experience OpenVPN is easy to setup and works pretty well. My main problem is the administrative overhead when trying to distribute logons for all the users. Having 500+ (new comming in all the time) mobile users and then distributing them is such a mess. A web based solution that integrates with RADIUS or Active Directory is so much easier and also easier for the end-user. That being said, I think it's sad that the project is fading away. Commercial alternatives are so expensive. Like $100-200 per user. Sadly our economic situation is not so good that we can afford to support this project, then it would just be cheaper to go commercial. I think a project of this magnitude needs at least $150 000 to get started again and attract new developers. 2010/4/8 sam...@gm... <sam...@gm...> > >> As you may have noticed, ALS has not been developed actively since last > >> summer. So what do _you_ think we should do with our project? > > > > First let me thank you for the excellent mail. The status of the > > project is important to me. I am also sorry to hear the project is > > currently dying slowly. The thing I can do for the project is a small > > donations around 100 Euro for either migration support or continuation > > of the development. > > > In some environments OpenVPN (=the original one) may be somewhat > difficult to configure properly. In most cases, however, it's at least > as fast to setup as ALS. I managed to set up a simple VPN in ~6 hours > with no prior experience. OpenVPN's user and developer communities are > _very_ active and helpful in case you get stuck. > > I think writing migration guides (e.g. to OpenVPN (AS), Squid, Pound) > would make sense. This is where our Wiki comes handy: > > <http://sourceforge.net/apps/trac/openvpn-als/wiki> > > > Also remember that users can have large investment in excising > > OpenVPN-ALS in both time as money. I know of installations that have > > very expensive SSL certs for OpenVPN-ALS, lot of man hours to > > configure OpenVPN-ALS with for example user access controls and > > webforwardings, and all the time for the project management politics. > > (this can sum op to more then two full months of work) > > True. However, there's nothing I can do about this. I don't have the > skills, time or interest to maintain the project myself and > unfortunately the community-driven development model does not seem to > work for ALS (for reasons stated above). > > Samuli > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Openvpn-als-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel > |
|
From: <sam...@gm...> - 2010-04-09 11:45:30
|
Hi Arne, Yes, the client/driver installation on OpenVPN is tedious. I agree that this is the strong point in web-based offerings such as ALS. Perhaps a good overall solution would be to combine a simple web-based reverse proxy / replacement proxy service with full network-layer solution such as OpenVPN. There are quite a few reverse proxy solutions around: <http://nginx.org/en> <http://wiki.squid-cache.org/SquidFaq/ReverseProxy> <http://www.apsis.ch/pound> I don't know if they can be used to replace ALS' reverse proxy functionality completely, though. I feel the core problem with ALS' codebase (for us) is that instead of integrating existing OSS components 3sp reinvented the wheel on many occasions. This means we were left with a big, complex, tightly integrated and hard to understand codebase which can't be easily used by other projects (which would get external developers interested). An entirely separate approach is beneficial for community-driven projects. For example, Linux distributions such as Debian are extremely complex. However, instead reinventing the wheel (=applications) Debian developers just integrate stuff together, thus limiting the effects of complexity. Most of the maintenance overhead is taken care of by external developers, not by Debian project itself. Similar approaches can be used for commercial OSS applications, but 3sp did not go that route - probably for reasons that made sense for them. > I don't have much to add to the discussion but I just wanted to make one > point of why a web-based SSL VPN is useful. In my experience OpenVPN is > easy to setup and works pretty well. My main problem is the > administrative overhead when trying to distribute logons for all the > users. Having 500+ (new comming in all the time) mobile users and then > distributing them is such a mess. A web based solution that integrates > with RADIUS or Active Directory is so much easier and also easier for > the end-user. > > That being said, I think it's sad that the project is fading away. > Commercial alternatives are so expensive. Like $100-200 per user. Sadly > our economic situation is not so good that we can afford to support this > project, then it would just be cheaper to go commercial. I think a > project of this magnitude needs at least $150 000 to get started again > and attract new developers. > > 2010/4/8 sam...@gm... <mailto:sam...@gm...> > <sam...@gm... <mailto:sam...@gm...>> > > >> As you may have noticed, ALS has not been developed actively > since last > >> summer. So what do _you_ think we should do with our project? > > > > First let me thank you for the excellent mail. The status of the > > project is important to me. I am also sorry to hear the project is > > currently dying slowly. The thing I can do for the project is a small > > donations around 100 Euro for either migration support or continuation > > of the development. > > > In some environments OpenVPN (=the original one) may be somewhat > difficult to configure properly. In most cases, however, it's at least > as fast to setup as ALS. I managed to set up a simple VPN in ~6 hours > with no prior experience. OpenVPN's user and developer communities are > _very_ active and helpful in case you get stuck. > > I think writing migration guides (e.g. to OpenVPN (AS), Squid, Pound) > would make sense. This is where our Wiki comes handy: > > <http://sourceforge.net/apps/trac/openvpn-als/wiki> > > > Also remember that users can have large investment in excising > > OpenVPN-ALS in both time as money. I know of installations that have > > very expensive SSL certs for OpenVPN-ALS, lot of man hours to > > configure OpenVPN-ALS with for example user access controls and > > webforwardings, and all the time for the project management politics. > > (this can sum op to more then two full months of work) > > True. However, there's nothing I can do about this. I don't have the > skills, time or interest to maintain the project myself and > unfortunately the community-driven development model does not seem to > work for ALS (for reasons stated above). > > Samuli > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Openvpn-als-devel mailing list > Ope...@li... > <mailto:Ope...@li...> > https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > > > ------------------------------------------------------------------------ > > _______________________________________________ > Openvpn-als-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel |
|
From: <ko...@us...> - 2010-04-08 12:54:06
|
On Thu, Apr 08, 2010 at 12:23:03PM +0200, Arne Morten Johansen wrote: > That being said, I think it's sad that the project is fading away. > Commercial alternatives are so expensive. Like $100-200 per user. Sadly our > economic situation is not so good that we can afford to support this > project, then it would just be cheaper to go commercial. I think a project > of this magnitude needs at least $150 000 to get started again and attract > new developers. Good mail from Samuli. I were interrested about contributing adito some time ago. But when I dig deeper into source I did find same problems. Most discouraging experience were when I was studying Erlang programming language same time with Adito and found out how easily same problems could be solved with Erlang. Actually I think that Nortel built their own similar solution top of Erlang OS web server called YAWS (http://yaws.hyber.org/contribs.yaws). YAWS has ssl support, integrated json support and Linux-PAM authentication - so it supports any authentication Linux supports. I did check out YAWS source code and found out that turning it to Adito replacement would be quite simple (at least when comparing to JEE solution). Actually there is already yaws_revproxy.erl module in YAWS git tree. As usual nice gui would be the biggest job. Agent of course needs to stay JAVA. So I am happy about Samuli's new job and agree with his opinnions, but maybe questioning Arne's view about 'project magnitude' :) (Not that I am going to start such Erlang project, just being smart ass and sharing my findings.) -kontro- |
|
From: <sam...@gm...> - 2010-04-09 12:23:35
|
Interesting post, kontro! So we have several alternatives. If the project goes down the drain (as it seems to), I think as a last effort we should document the alternatives which current Adito/ALS users have. Anyways, perhaps 3sp did the right thing when they sold themselves to Barracuda Networks - they can now relax and concentrate on milking money from their customers ;). Somehow I have a feeling they won't be aggressively developing the SSL-Explorer codebase now that it's as closed as it can be. I don't think 3sp benefited much from SSL-Explorer being OSS, besides good publicity and easier marketing. Also, the code that Adito / ALS community has provided (LDAP, RADIUS, clientcert and pam auth) would have just sabotaged 3sp' "Enterprise" sales. > Good mail from Samuli. I were interrested about contributing adito some > time ago. But when I dig deeper into source I did find same problems. > > Most discouraging experience were when I was studying Erlang programming > language same time with Adito and found out how easily same problems > could be solved with Erlang. > > Actually I think that Nortel built their own similar solution top of Erlang > OS web server called YAWS (http://yaws.hyber.org/contribs.yaws). > YAWS has ssl support, integrated json support and > Linux-PAM authentication - so it supports any authentication Linux supports. > > I did check out YAWS source code and found out that turning it to > Adito replacement would be quite simple (at least when comparing to JEE > solution). Actually there is already yaws_revproxy.erl module in > YAWS git tree. As usual nice gui would be the biggest job. Agent of course > needs to stay JAVA. > > So I am happy about Samuli's new job and agree with his opinnions, but > maybe questioning Arne's view about 'project magnitude' :) > > (Not that I am going to start such Erlang project, just being smart ass and > sharing my findings.) > > -kontro- > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Openvpn-als-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openvpn-als-devel |
Thanks for helping keep SourceForge clean.
X