<< January 22, 2008 >>
the daily wtg
as mentioned previously, i have been working from home a lot lately. fortunately, most of the resources i need access to are available over the internet, such as bugzilla. but there are a few resources that are so poorly set up and administered that they are only available from the office network or vpn. this is the story of trying to connect to that vpn.
today's novell product that is "worse than groupwise" is...
first of all, there should be a bright red asterisk on that image, with a footnote: DOES NOT ACTUALLY WORK WITH A MAC. i digress a little; it does seem to work on my nearly six year old powerbook (does anyone still have a thinkpad that old?). but not on leopard.
why? at its core, from what i can deduce, the client for this thing is basically a java applet wrapper for either stunnel or openvpn. this is solid architecture. anyway, on leopard, the ppc stunnel crashes, and it for openvpn it gets an error installing the tun/tap driver saying that it requires tiger. of course it doesn't tell you this in the applet, or even in Console.app. you have to watch /tmp for the .pkg file to be downloaded, copy it somewhere before the install fails, and it removes the files, and then install it manually.
even more offensive, it reinstalls the openvpn/stunnel bits every time you start it up. so i can't even, say, throw in a tun/tap driver that works in leopard. i suppose in a functional company that cared about its employees (or, i suppose, even the external customers of the product!) someone would be responsible for releasing and installing some sort of an update here, but i'm not going to hold my breath. it's been almost 2 and a half years since i started at novell, and last i checked, groupwise still could not forward internet email correctly.
but the worst is this: if this applet uses openvpn, why can't i just use openvpn directly? i can install it from darwin ports! there is even a lame but functional gui for the mac available! this is what open software and open protocols are about: give me the hostnames and settings for the server, and let me choose the software to connect to it. what, do they think people trying to hack in are going to stick to using their software?
this all just reinforces my theory that people who write vpn software never actually need to use vpns. i mean, if they did, they might discover that it's pretty useful to be able to access your local network - printers, your file server, maybe your windows machine - while connected to the vpn.
so, i guess i need to set up another linux vm...
relatedly, i find it somewhat amusing that during the original novell/microsoft partnership announcement, ballmer and hovsepian were arguing that each had the better platform for virtualization. this contrasts greatly with my experiences in practice: almost everyone i know actually runs their vms on a mac.
