[Am-info] Request for info

Joe Barr warthawg@austin.rr.com
Sat, 12 Jan 2002 21:27:22 -0600 

The Microsoft theft of Kerberos is quite a story.  They spent two
or three years working with the open standard group to learn enough
about Kerberos to add it to Windows 2000.  They promised all during
that period to not take "extend and embrace" it, yet in the end that
is exactly what they did.

They have had an easy time defending their actions because what they
did was subtle, and not one person in a hundred understands what
Kerberos is doing in the first place, let alone how Microsoft found
a way to steal it.  So they can lie with misdirection, with non-
sequiturs, with non-responses to the charges and get away with it.
And they have.  Time and time again.  And their shills have offered
up their fecal encrusted versions on this very list.

But the people who know Kerberos best know full well what Microsoft
has done.  The head of the MIT Kerberos team referred to Microsoft
as slime in a published interview.  Ted T'so and Jeremey Allison have
been quite vocal about the theft as well.

One defense Microsoft has offered up in their perennially duplicitous
manner is that what they did was allowed by the Kerberos design. But
the problem is not what they did with Kerberos, it's what they didn't
do.  They didn't document it.  That means nobody else other than
Microsoft can interoperate fully with Windows machines.  Their public
promises not to do exactly that were simply abandoned.

Because of the outcry, Microsoft decided to offer documentation, and
they did.  They offered it under terms which made it impossible for
anyone to use the documenation in any environment, especially in an
open source environment.  That was the action which prompted the MIT
project lead to call Microsoft slime.








problem is that what they did was done under cover of darkness in a
completely undocumented way.



On 11 Jan 2002 12:13:35 -0500
Sujal Shah <sujal@sujal.net> wrote:

> On Fri, 2002-01-11 at 11:59, Gene Gaines wrote:
> [SNIP]
> > I have been asked for specific examples of "(3) corrupt a standard
> > not owned by Microsoft.
> > 
> > You guys are the experts and have documentation in hand.  Can you
> > provide me any examples of my statement with details?  I am
> > swamped, and cannot spend any time on this myself.  Thanks!
> 
> Kerberos (Windows 2000/XP authentication) - used an undefined field in a
> non-compatible manner, making it difficult (though not impossible) to
> integrate Windows networks into existing Kerberos authentication
> schemes.  Would not release documentation for interop (I'm not aware of
> any updates to this issue, either).
> 
> Java - one could argue this isn't a standard (it isn't).  That depends
> on whether you meant "standard" as in a specification
> approved/maintained by an independent third party, or standard as in "de
> facto standard." However, they extended the Java API and the VM to
> support some Microsoft specific things.  
> 
> Both of the above can be tracked down via simple google searches.
> 
> THere are some others that I'm blanking on, I think things like some
> aspects of SOAP and default character sets used in HTML pages generated
> by Front Page (the ? instead of apostrophes problem if you're on a
> non-MSFT browser and/or platform).
> 
> Sujal
> 
> > 
> > Gene Gaines
> > gene.gaines@gainesgroup.com
> > Sterling, Virginia 
> > 
> > _______________________________________________
> > Am-info mailing list
> > Am-info@lists.essential.org
> > http://lists.essential.org/mailman/listinfo/am-info
> 
> 
> _______________________________________________
> Am-info mailing list
> Am-info@lists.essential.org
> http://lists.essential.org/mailman/listinfo/am-info