[nylug-talk] are we about to lose something?

[Gary Mort]

Kevin Mark wrote:
> As a comparison, Microsoft made its smb, cifs, etc. technology.  Linux
> was born and started to seek interoperability. Like the 'fair use' of
> old, we didn't ask permission, secure a licence or pay royalties.  Why?
> Because they methods that we used were allowed.
>
> Now, Novell is seeking to get permisson to stuff from Microsoft to help
> them interoperate. None of it can be under a FLOSS license. So it does
> not contribute to the FLOSS collective. Sure Novell can use it for their
> advantage, but its worthless to us. 
>   


Correction IBM created smb file sharing.  
http://en.wikipedia.org/wiki/Server_Message_Block

Microsoft and IBM extended it through their joint developement of the 
OS/2 operating system(very similiar to how Novell and Microsoft plan to 
be working together)

Microsoft then took the technologies developed there and extended them 
further, adding various encryption routines as it was discovered that 
sending clear text passwords over networks was not a good idea.

Even today, you can turn off that password encryption functionality in 
all the derivatives of SMB and run them with complete interoperability.

The problem comes into play with the encryption routing Microsoft uses.

Now, you say that Novell's joint partnership won't provide us with 
anything.  I disagree.  SAMBA servers on Linux have reached a point of 
diminishing returns.  There are some passwords that Windows clients when 
they encrypt them don't match the encrypted passwords the Linux SAMBA 
server has on file.

With this partnership, I'll assume some Samba developer will be 
interested in getting Samba completely working for Novell.  So he will 
go out and look at the source code and discover why it doesn't work.

Possibly, the problem is that Microsoft windows doesn't actually encrypt 
certain combinations of passwords.  Special charectors might get 
replaced with some other charector - making for a weaker password 
system.  Or maybe they truncate the passwords, so "thisisalongpassword" 
and "thisisalongerpassword" would both be truncated to "thisisalong" and 
then encrypted.  If it is something like this, he can make a fix for 
Novell, announce how the fix works, raise the security concern and the 
Samba community can decide whether to sacrifice security to implement 
the same fix in open source product.   Open Source gains.

Possibly, the problem is that Microsoft windows uses a slightly 
different encryption algorythm.  So Novell Samba is born which supports 
this different algorythm.  In this case, since the algorythm is owned by 
Microsoft, we have a fork of Samba.  Those who want to use it will be 
stuck with Novell's Linux.  5 years down the road, the partnetship 
dissolves, Microsoft pulls their normal routine on Novell.  Novell, in 
return can say "well, all those technologies we jointly developed we 
both have joint ownership of.  So Novell will release ours for anyone to 
use for free."  And the Samba community can now use Novell's free 
license to incorporate the technology into the Open Source version.  
Again we win.

Alternatively, perhaps the Samba community will look at what is being 
done and say "this whole password encryption routine would be more 
secure if we did X" and provide an implementation for Samba.  Novell can 
incorporate it for their systems.  Microsoft can incorporate it for 
theirs, and we all get to interoperate.

-Gary