The SMB Blues

SMB (Server Message Block) is the network protocol glue that binds many file and print servers and clients for Windows and Linux, but it's recently been running into some trouble. First, Microsoft's proprietary take on it, SMB2, has real security problems. Next, Likewise has released a new open-source SMB/CIFS (Common Internet File System) file server software stack to share files among Linux, Mac, Unix and Windows computers, which, in the past, had been based on Samba, the popular open-source SMB server. Samba's leadership is not happy with this.

To bring you up to speed, SMB was created by IBM to help make Windows-based file systems available on a network. It became extremely popular. Today, it's probably the most popular of all network file systems both for Windows and Unix/Linux systems.

Microsoft tried — and failed — to keep SMB a proprietary system. In 2007, European Union court decisions forced Microsoft to open up the protocol. Samba, which earlier had reverse-engineered SMB/CIFS, was legally allowed access to the protocol.

As a result, Microsoft started SMB2. It hasn't worked out that well for them. SMB doesn't add many features, unless you count that Microsoft doesn't have to share it with anyone else. A recently discovered SMB2 flaw was found not only to be able to knock newer versions of Windows out of commission, but to make it possible for hackers to take over Server 2008, Vista and pre-RTM versions of Windows 7. The current SMB2 'fix' is to turn SMB2 off completely.

Meanwhile, back at traditional SMB, which works just fine, Likewise recently released Likewise-CIFS and its commercial brother, Likewise Open 5.3, under the GPLv2. The company claims it is the only commercially supported CIFS/SMB file server for storage vendors and enterprises. Likewise-CIFS supports both SMB1 and SMB2.

So what's the problem? As Krishna Ganugapati, VP of engineering at Likewise, said in a recent interview, "We came to realize that most successful open-source companies must be in a position where they control their own technology destiny." Later, he said, "We now owned our own intellectual property; we held the copyright to all our source code."

This doesn't sound to me like an open-source company working with the community. It sounds like a company trying to get open-source developers to add value to their project for free.

Ganugapati also said, "Trying to push the kinds of changes we needed upstream could be quite time consuming and a challenge in itself." Really? Pushing changes upstream to Samba is a problem?

I don't buy that. At one time, two of Likewise's engineers had full commit access to the Samba source code tree code. Indeed, Gerald 'Jerry' Carter, a Likewise software engineer, was at one time Samba's release manager. How much trouble can you have making changes to Samba's code when you've got that kind of access?

Barry Crist, Likewise's CEO, was aware that people were wondering about this, so he published a blog posting in which he explained why Likewise is leaving behind its Samba roots: "Initially, we explored a major overhaul to Samba and made a number of suggestions and recommendations to the Samba team. Most of these suggestions were not embraced. Additional challenges existed around licensing: Samba moved to GPL v3 and later when they signed Microsoft's MCPP license (Microsoft Communications Protocol Program)."

Thus, Likewise "decided to move away from Samba." Crist added that "Users that are happy with Samba should continue to use it. Happy Samba users are not our target market."

What do the people at Samba think of what could be seen as a fork of their existing company? Jeremy Allison, a lead Samba developer and programmer for Google, told me, "Personally I think not having to sign a copyright assignment agreement to give ownership of code you create to a company to allow them to sell it as proprietary code is one of the advantages to programmers of working with Samba and of true Open Source community development."

Allison continued: "Open Source doesn't just mean being able to look at the code; it means giving up the central control that many commercial companies seem to feel they need. They really don't need that to become successful. You only have to look at the way IBM, Google, Red Hat, Novell, and other companies large and small work with Samba to see that. They collaborate together for the good of all who use the code, with no one organization having control."

I tend to agree with Allison. I really can't see the point of making a new, clean-room SMB server. I hate reinventing the wheel, which is one reason why I've always liked open-source software.

What do the developers among you think? I'm interested to know.

Copyright © 2009 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon