Port 25 - Communications from the open source community at Microsoft

Comments RSS

1. » Who knows more about Windows Networking? said:

   PingBack from http://www.iqubed.biz/blog/2007/06/01/who-knows-more-about-windows-networking/

   posted at 02:29PM 06/01/2007
2. fluke said:

   Reading in-between the lines of the Erion talk, it appears that interoperability was an after-thought when it comes to SMB over IPv6.  LLMNR is listed in the presentation as a requirement for full interop between Samba and Windows SMB over IPv6.  But going over the summary of what LLMNR does, it sounds like it is just doing what mDNS does.     And several Linux distribution already have an implimentation of mDNS called Avahi.  So, interop should be just as easy as having Samba call the Avahi libraries, right?  Wrong!

   .

   LLMNR is a completely seprate protocol on a completely seprate multicast address and port than the mDNS protocol (all just to accomplish the same exact thing).  Microsoft clearly does not care about interop and throws out use of a protocol already implimented on Linux/FreeBSD as Avahi and Mac OS X as Boujour.  In addition, the details of the mDNS protocol was handled by the Zeroconf IETF working  group of which Microsoft employees where members.  I have yet to find any comparison of mDNS vs. LLMNR that suggest there where any benefits to creating a new incompatible protocol.  In fact, a search reveals complaints from such key community members of Paul Vixie.  For those that don't already recognize the name, he is the President of the non-profit Internet Systems Consortium which handles the on going development for such applications as Bind of which the majority of DNS servers is based off of.

   .

   While Bill Hilf asks that we evaluate Microsoft on what it currently does instead of the past, I find that the word of "those that don't learn for the past are forced to repeat it" have never been more true.  Microsoft blew off developements in DDNS in favor of it's in-house WINS protocol to do the same thing.  Now Microsoft is phasing out WINS as part of it's migration to IPv6, yet Microsoft again blows off interop with an existing protocol and impliments yet another new in-house non-conforming protocol.

   .

   Port 25 posts a PDF pointing out that Samba does not impliment LLMNR which Microsoft/Erion feels is a requirement.  Should anyone be surprised that at a conference three short months after Microsoft got around to publishing it's "informational" RFC on LLMNR that it isn't implimented yet in Samba?  And unlike mDNS where Apple has provided the referrence implimentation (Bonjour) under open source terms, I have yet find any referrence implimentation under open source terms of LLMNR (if Microsoft even provides such a thing).

   .

   My guess is that one of the primary reasons for ignoring mDNS in favor of LLMNR is that Microsoft doesn't have patents on mDNS.  By making a protocol that Microsoft has patents as a requirement for the future of Samba, it can then dictate that the Samba project follows Microsoft "IP bridge" or suffer the chilling threat of legal action.  They then use methods like the "Open" Specification Promise (OSP) which requires that specifications strictly be followed without deviation so that access to the MS "IP bridge" requires paying a toll in that the project results then become inflexiable.  In the case of Samba, MS can apply pressure to avoid the project ever being covered by GPLv3 (which MS claims "tears down the IP bridge").  The GPLv3 fixes such issues as "tivoization" where the legal letter of the GPL is followed but the spirit of the free software concept is not honored.  But Microsoft, instead of the Samba developers, under the "IP bridge" leverage method becomes the only vote that matters in if such fixes to the license can be applied to the Samba project.  MS seems to seek an enviroment where the Samba project will choose GPLv2 over GPLv3 under duress.  I can't state strongly enough the clear conflict of interest that Microsoft has when provided such control.

   .

   Another area where deviation might be desired but stopped under the chill of legal action is in the area of security.  From a practical stand point, Microsoft has tied storage of passwords as unsalted MD4 hashes to using CIFS.  With the pGina and Samba projects, the FOSS community might be in a position to provide a migration path away from this.  It should be possible for pGina to allow XP/Vista to use an alternative authetication method and Samba can be changed to match.  There are clear advantages to doing this.  For a long time, salting password hashes has been a proven concept to help increase the cost of brute force discovery of passwords.  Yet, Microsoft has ignored this concept.  Also, the authors of MD4 acknowledge that it was not the best way to do hashing when they released MD5 back in 1996.  More recently, a concept known as "rainbow cracking" greatly reduces the gap between the time taken to crack MD4 hashes over cracking the previous Microsoft Lanman hashes.  While Microsoft has provided a migration path from storing lanman hashes, they still seem to claim that unsalted MD4 hashes can be considered part of an "enterprise" grade solution.  Having a FOSS solution to this problem could be seen as enough of an embarrassment for Microsoft to ensure that such FOSS projects feels the weight of MS's legal fist for not staying strictly on their designated IP bridge.

   .

   The bottom line:

   Expect "interop" with Microsoft to require the FOSS community to re-invent existing wheels.  While existing protocols may already cover what the new protocols accomplish, Microsoft needs the FOSS projects to impliment it's "new IP" to herd the FOSS projects onto it's "IP bridge."  Then once on the bridge, not strictly remaining on the bridge would be for a FOSS project what it would be for a person jumping off the Golden Gate bridge.  The project can then only go forward or go back in one selected direction but the flexiablity of movement to either side will result in death from falling much like someone travelling perpendicular to the direction of travel while on the Golden Gate bridge would fall to their death.

   posted at 05:46PM 06/04/2007
3. Sam Ramji said:

   @fluke:

   The DNSEXT IETF working group rejected mDNS.

   The DNSEXT WG is targeting LLMNR as the proposed standard.  Read here: http://ietf.org/html.charters/dnsext-charter.html

   When trying to paint Microsoft as a networking maverick, you ignore the facts at your peril.  We have worked closely with the IETF on LLMNR.

   My larger concern is that you are wildly misinterpreting this entire podcast as a criticism of Samba, when in fact it is not.  Dr. Holder noted multiple times that Samba is "IPv6 clean" and has demonstrated interoperability.  He is respected by the Samba team and is raising real issues that we all need to work on.

   We have a ton of respect for the Samba Team and run Samba in the OSSL datacenter.  Having seen the Team in action (such as Steve French hacking code in taxicabs) it's clear to me that they are outstanding engineers.

   Sam

   posted at 01:15PM 06/05/2007
4. einhverfr said:

   Just replying to both Sam and Fluke.

   .

   Windows certainly has been more standards compliant than most people are willing to give credit regarding.  Standards such as The Open Group's DCE/RPC and the like have been embraced by Microsoft (in my opinion, too much so!), and one can essentially have a DCE/RPC server on Linux talking to DCOM on Windows.

   .

   Many UNIX-geeks such as myself however take issue with is not whether standards are adhered to but rather which standards were chosen.  DCE/RPC instead of CORBA, and then using it for everything including the kitchen sink (when the RPC service dies on Windows and you abort the automatic shutdown, many things break including copy and paste.

   .

   (Just to be fair, I find KDE and GNOME's approaches to be not much better, though at least there, the solution is somewhat mandated by the very design considerations of X11.)

   .

   An short, as much as many people say, "Why can't Linux be more like Windows," most of us on the other side like to say, "Why can't Windows be more like Linux?"

   posted at 02:43PM 06/05/2007
5. fluke said:

   Sam Ramji:

   Thanks for the link to the DNSEXT Charter.  If an IETF working group chaired by Olaf Kolkman rejected mDNS then there is probably a good reason.

   .

   On the topic of Samba, I have been rubbed raw by Port 25's alter-ego (Get the Facts) which seems to skew test senarios to bias results.  This is probably an area where I would take offense regard of how unbias Port 25 was in reporting their results.  I'm sorry if it sounds like I was attacking Dr. Holder (both the slides and the talk where well done).

   .

   If I'm still ignoring the facts then can you give me more detail as to what the facts are?  What implimentations of LLMNR are available?  Windows XP?  Mac OS X?  Source code?  What patents cover LLMNR?  What Samba related patents will be covered under OSP or other restrictive licensing terms?

   .

   "When trying to paint Microsoft as a networking maverick, you ignore the facts at your peril."

   .

   I failed to do my homework when it comes to LLMNR and I'm sorry that I did.  But I'm not just trying to "paint"--I *KNOW* Microsoft to be a networking maverick.  I have posted before to Port 25 about Microsoft Sender-ID and the facts seem to be without refute:

   .

   1) The Sender-ID specification hijacks the pre-existing defination of "v=spf1" records and applys a different interpretation.

   .

   2) Microsoft has been requested multiple times to please end the hijacking by changing the "spf2.0/mfrom,pra" interpretation of "v=spf1" records back to the "spf2.0/mfrom" interpretation which would fit the original defination.  Such requests are still ignored.

   .

   3) The "Open" Specification Promise only applies to implimentations that strictly follow the specification as given by Microsoft so the hijacking is *REQUIRED* to impliment any of Sender-ID else any project that follows the advice of the SPF Council to fix the problem can face legal action taken by Microsoft.

   .

   4) If the above isn't the acts of a networking maverick then what does count as being a networking maverick?  Is these the acts of a company we should trust or be on our guard about??

   .

   If you can set me straight on these facts then I will be in a better position to judge my "peril."  Until then, I am of the opinion of that groups that don't remain skeptical of Microsoft do so at their own peril.

   .

   .

   einhverfr: It is too bad that The Open Group took on association with DCE/RPC.  It should have been barried next to the name "OSF."

   .

   I would agree that the *nix geeks tend to be standard snobs.  But there is also still an attitude that something is "good enough" even in those circles.  Giving up DCE/RPC this late in the game would be like getting the GNU/Linux community to give up X11.  Even with CORBA, there will be a fixed number of entry points/services that will be made available across it.  Neither DCOM or CORBA provide the flexiablity of FOSS when it comes to code/object re-use.

   .

   I fundamental migration jump such as DirectX 9 to DirectX 10 would not be possible in the current FOSS community while in the long term it is clear that DirectX 10 is a better standard.  The FOSS community has been given plenty of chances to move away from X11 only to mostly ignore each of them (GNUStep, GGI/KGI, Fresco/Berlin, 8 1/2 & rio).

   .

   However, not all the bloating mess of KDE/Gnome is because of design considerations of X11.  KDE 4 should keep it's dependencies on X11 down to some key base libraries but it isn't clear that it will fix the bloating issue.  KDE 3 has such issues as depending on whole aRts enviroment being installed regardless of if your running on a machine with a sound card.

   .

   Btw, have you tried XFCE or Equinox Desktop Enviroment?

   posted at 06:53PM 06/05/2007
6. einhverfr said:

   Fluke:  My issue has generally been a question of *which* standards are embraced and where they are extended rather than whether these practices occur.  My own thinking is that Microsoft has a history of choosing the wrong standards and then slightly extending them in ways that seem to parallel urban sprawl rather than smart planning.  I have seen many open source projects that suffer from the same issue as well, however, and I think that it is not a problem unique to Microsoft but rather a pandemic in the industry.

   .

   BTW, embrace and extend is a valid product strategy provided that additional anticometitive activity does not come from that.  Should we assume that MySQL or PostgreSQL should just legalistically support the SQL standards and nothing else?  Should Linux or BSD only support POSIX interfaces and nothing else?  The issue is not the extension of standards (everyone does this and this is part of what drives standards on in positive ways) but rather the attempts to drive other parties out of business in unfair ways.  While Microsoft has been found to have engaged in such things, that is where we still need to draw the line.

   .

   Finally, I am working on a whitepaper I intend to publish on my own site entitled "Getting the Facts Straight" looking specifically at my own experiences, comparing these to the Get the Facts papers, and showing *why* I think the data even on Microsoft's site supports migrations to Linux.  Personally I expect the TCO of Linux to remain higher than that of Windows not because it is inherently costly or because people *have* to pay more, but rather because businesses are always willing to pay more in consulting labor, etc. to ensure that a solution meets their needs, not just adequately, but optimally.  The fact that people are paying for such optimization is born out over and over in the data on Microsoft's site.

   .

   In short, the issue with Get the Facts is not usually in the raw data (though there are occasional issues there), but rather what questions are asked and the way the answers are extended into conclusions.

   posted at 01:53PM 06/06/2007