Red Hat CTO Testifies at MS trial

An anonymous reader writes "Red Hat CTO Michael Tiemann testified on behalf of the 9 states in MS's trial. From the article on SF Gate: "Red Hat Chief Technology Officer Michael Tiemann said Microsoft adds 'extensions' to critical communications methods that computers use to transmit security information, print, and perform other tasks. Those extensions are proprietary to Microsoft, he said, and despite recent actions Microsoft has not been forthcoming in releasing details of those changes.""

Malicious Compliance?

[iceT]

I have noticed a trend in Microsoft's approach to 'standards' and that is that they completely ignore the 'spirit' behind the idea of 'open standards'. One of the key reasons to define open standards is to promote system interoperability. This interoperatility allows two different systems to interface with one another.

Microsoft has begun using open standards as a multi-edged sword: First, to leverage the scalability of these protocols. Second, to save them the 'innovation time' required to develop their own protocols. Third, as a rallying cry/advertising claim/defense against criticism.

The problem is that they are not using the standards to promote interoperatility.

There are two strong examples of this: Windows2000 authentication and Kerberos. Microsoft decided to exploit a (graned) 'user-definable field' in the kerberos packet to store custom information for their authentication scheme. Perfectly legal. But then they listed the contents of the field (as they use it) as proprietary and therefore shutting out any other Kerberos server to provide authentication to a Microsoft client.

A second example is in the Exchange 2000 server. All of the Exchange servers are now capable of using SMTP as their inter-server communication protocol. In fact, they have implemented the SMTP Pipelining RFC (1854) to increase message rates between servers that support that extension. Again. All very valid. Then they also created what they call ESMTP: Encapsulated SMTP. This is different from the ESMTP standard: Extended SMTP. Encapsulated SMTP makes the body of the message proprietary mime type and only another Exchange SMTP server can decode that message. No other server can read it.

Where these aren't technically extensions to the protocol, they do violate the GOAL behind the open-protocols, which is what makes me believe that Microsoft might be even more malicious than people may believe them to be, and that all of these 'exploitations' are so subtle that the court, the general public, and even a lot of systems people will completely miss, untill it is too costly to remove the components from their infrastructure.