Feeds

Why Microsoft's EU ‘concession’ is no concession at all

Penguin extinction plan

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Microsoft announced an "olive branch" to the EU last week, by offering to document the interfaces to its file and print server protocols. But the offer is less generous than it appears.

Eurocrats may not be pleased to discover that these CIFS protocols - which are considered undocumentable by developers who work with them - were due to be published anyway, as part of a two-year project which involved Microsoft's co-operation.

Microsoft's CIFS, or Common Internet File System, protocols are better known by their former name SMB. The CIFS moniker is misleading: it's not a file system, and it has little to do with the Internet. (SMB is a subset of CIFS). But it is the way that Microsoft has implemented file sharing and network printing since the OS/2 LAN Manager days.

But while other protocols have become commoditized (eight years ago, IBM and Microsoft charged extra for their PC TCP/IP stacks), SMB/CIFS has resisted the trend by presenting a moving target for developers, and introducing inconsistencies in each new Microsoft implementation.

Existing documentation is considered worthless, and so NAS vendors have one of two choices: license the Microsoft code, which is what storage pioneer Network Appliance chose to do, or use the GPL Samba Project, which has been incorporated into dedicated server appliances from Sun's Cobalt division, Hewlett Packard, and many others.

In 2000, the industry trade body the SNIA (Storage Network Industry Association) agreed to work on the CIFS specification, and the first cut of the draft was issued in April the same year. The 120+ page document is now at version 0.9.

And then my troubles bega...
However, such a document doesn't end interoperability problems with Microsoft systems. In fact it doesn't even begin to end them, say insiders.

"There can't be a specification that's worth anything," says Jeremy Allison, joint lead of the Samba Project.

"The source code itself is the specification . The level of detail required to interoperate successfully is simply not documentable - it would produce a stack of paper so high you might as well publish the source code."

That's because software developers who need to interoperate with Microsoft file and print servers must work around the implementation inconsistencies. A pristine specification has little value in the real world, argues Allison.

He illustrates this with an example of an implementation detail which only emerges in real world tests and would never be included in a specification.

When the Samba team tested Windows 2000 clients against Samba servers it discovered a feature of the locking code that threw the servers into a loop. The team traced this to a zero value parameter in a function call that's "virtually never used", and widely implemented as zero.

There is information that the Samba developers want to see: the IDL descriptions for remote procedure calls. These underpin tasks such as adding users, and adding quotas and shares, and Samba developers have successfully decoded them over the wire. But it's hard work.

"These IDL descriptions are *key* for providing interoperability with Microsoft clients," wrote the team in a submission to the EU commissioners earlier this year. "If these IDL descriptions were published, open and equal interoperability with Microsoft products would be greatly enhanced (although still not perfect)."

Allison says the Samba team has requested the IDL definitions from Microsoft annually, most recently at the 2001 CIFS conference, without success.

And he points out - and here we hope that both Judge Konsonant-Kollection and the EU commissioners are listening - that such protocols are not largesse: they're straightforward legal obligations which Microsoft - convicted of breaking the law - has agreed to perform.

"A pessimistic view would be that this is an attempt to make releasing something that the consent decree requires anyway into a separate magnanimous gesture," Allison tell us, wryly.

"Having said that, any further documentation on CIFS is good. However it may not be so helpful in the real world for those working to interoperate with Microsoft servers."

The stakes are high. Microsoft jealously guards its file and print business, and with its embedded Windows kits (which are stripped down, headless NT boxes) seeks to provide an "official" alternative to the Samba industry, by inviting NetApp, Cobalt and others to become Windows hardware OEMs.

We contacted the SNIA, individual contributors to the CIFS draft, and Network Appliance for comment, but have not received a response at time of writing. ®

Security for virtualized datacentres

More from The Register

next story
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
Cray-cray Met Office spaffs £97m on VERY AVERAGE HPC box
Only 250th most powerful in the world? Bring back Michael Fish
Microsoft brings the CLOUD that GOES ON FOREVER
Sky's the limit with unrestricted space in the cloud
'ANYTHING BUT STABLE' Netflix suffers BIG Europe-wide outage
Friday night LIVE? Nope. The only thing streaming are tears down my face
Google roolz! Nest buys Revolv, KILLS new sales of home hub
Take my temperature, I'm feeling a little bit dizzy
Cisco and friends chase WiFi's searing speeds with new cable standard
Cat 5e and Cat 6 are bottlenecks for WLAN access points
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.