Slashdot Mirror
Taiwan Asks Microsoft To Open Windows Source
Andy Tai writes "According to this China Times article (in Chinese), the Republic of China government has asked Microsoft to open Windows source code. The official, Lin Jua-Cheng, in charge of the 'e-government' initiative, says many other countries have also sent similar requests to Microsoft. Lin explains that without Windows source code, the government cannot add custom firewall functionalities to Windows based systems in wide use, and that is very bad for the information security of Taiwan. Microsoft refused to publicly release the source in the past using reasons of copyright protection, but Lin emphasizes this request is reasonable since it is based on (government users') necessity." Read on for a bit more, too. (Can anyone suggest an online Chinese English translation engine that produces other than gibberish?)
Andy continues "Lin points out that GNU/Linux systems, because of their freeness and high security (due to the availability of the source code, which can be modified to add firewalls and other security measures), have become widely used in government computer systems (especially in militaries and intelligence agencies) of many nations and the Pentagon, the FAA, and the air force of the U.S. Lin says the government cannot rely on a single vendor, and to promote the alternatives, the government has set up a 'Free (libre) Software Steering Committee' directing government efforts. The two aims of the ROC government's current software policy is making Windows source code openly available and the development of Free (libre) Software in Taiwan."
See here for more discussion.
Heres why
Windows 2000 has built-in support for IPSec and the ability to filter port. It's similar in function to personal firewalls except it might be a bit more difficult to configure properly.
I don't think MS would see this as a valid reason to open it's Windows source up. I'm guessing instead they'll simply tell Taiwan to go by XP which has similar functionality.
Remember, folks. Taiwan is the Republic of China (ROC) and mainland China is the People's Republic of China (PRC).
This is dealing with the ROC, not the PRC. The PRC claims the ROC is a renegade province, the ROC is just sitting back with the US covering its ass waiting to be able to truly flip the PRC off.
My own pointless vanity vintage computing page
So what do you need the Windows source code for to filter access to a given site? There's any number of proxy servers that will do exactly that.
ok, that's not funny; it's just stupid.
the spy plane crashed on the chinese island of hainan, which is nowhere near taiwan (relatively speaking). secondly, taiwan is not china, and vice versa. that's like mixing up the us and mexico. big difference, people will get insulted on either side if you fail to see the distinction.
"I DARE you to make less sense!"
The site provides GB, BIG5, and image for peoplel without the Chinese fonts. Here's a link to the BIG5 page. http://content.sina.com/news/23/49/3234936_1_b5.ht ml?skin=newscenter
The Federal Ministry of the Interior in Austria is the first government body in Europe to be granted the source code for Windows XP under Microsoft's Shared Source Initiative
(This is taken from slashdot comments from awhile ago.)
;-)
So it must be true, right?
(Relax, I'm kidding. I don't doubt what you're saying. Your citation, however, cracked me up.)
More famously, there was a version of a very popular C compiler
"Reflections on Trusting Trust," Communications of the ACM, August '84. Read it here.
I write in my journal
"More famously, there was a version of a very popular C compiler that would put in a back-door whenever it noticed itself compiling a common bit of Unix login code,"
Nope. This was a theoretical attack presented by Ken Thompson. It was never out in the wild, to the best of anyone's knowledge.
The point still remains that you can't trust code unless you can personally verify it at any level, because the moment you give any important code trust, the code can potentially use that as a way of subverting the entire system.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Pretty entertaining reading...
Bruce
Bruce Perens.
Having said that, they're a pain in the ass to write. There's quite a dearth of information on this type of driver, which means you have to rely a lot on MS sample code -- never a good thing IMHO. I'm not sure how having the source would remedy that, though.
There's also some kind of IP stack hook independent of MS made specifically for this type of thing. Last I checked, though, it could only be hooked by a single caller.
Roving Web-Teleoperated Robot
I was referring to the dissolution of the Taiwan Provincial Assembly.
In principle they have, that's what one china two systems means. In practice they're less than happy with that, of course, not the least because ROC officials are so obviously working to Helsinkify Taiwan and return it to it's state as a vassal of Japan instead. And A-bians title in quotes is hardly limited to the mainland - you must admit, the circumstances of his election are suspicious, to say the least. One country, two systems does not have anything to do with Taiwan, just Hong Kong and Macau have that. That doesn't mean China accepts the Taiwanese authorities. Why did it block Taiwan's participation in the WHO?
Two points, first that's not a very good analogy at all, I was consciously avoiding it, because the Confederacy never claimed any authority over the rest of the US , and second because Cuba was never part of the US. Taiwan was ruled by Japan through the end of WWII, yes, but then again, for most of that time so was Manchuria, ("Manchuguo" ring a bell?) what's your point? Taiwan has been part of China for centuries, and a few years of occupation doesn't exactly change that. China didn't officially claim Taiwan until 1887, and they foreited all claims to it "in perpetuity" in 1895(Treaty of Shimonoseki). BTW, the San Franciso Peace Treaty did not return sovereignty of Tawain to the Chinese. The ROC army was allowed on Taiwan to oversee the disarmament of the Japanese troops there. (Just as the US occupied Japan and South Korea) I agree, I didn't give the best analogy because the CSA did not claim the whole USA.
If they were belligerent they would have hit something with them. Or hit someone, somewhere, outside of China maybe? Let's see, there was the dustup with India, and they intervened at the very last minute to prevent North Korea from becoming a US stronghold, but other than that I can't think of any instances of belligerence from the PRC. They tend to stick to terrorising people inside China, which is bad, and I'm not condoning it, but belligerence implies terrorising people distant from your own borders, and I just don't see that in the PRC. We must just have different definitions of belligerance. And don't forget the attack on Vietnam in the late 70's. BTW, when you say "terrorising people distant from your borders", you must be admiting that Taiwan is beyond the borders of China.
Uhhhh, you speak for yourself. I, the people I work with, and many, many others DO use a custom firewall in Windows. My personal choice is Tiny Personal Firewall. It installs itself in the Windows network layer as the orignal poster said. From watching traffic with sniffers and scanning it with things like nmap it is easy to confirm that it indeed is doing its job. Only trafic as per its rules gets passed.
Tiny Software is not affiliated with MS and the product is theirs alone. Also, they aren't the only ones that have a firewall that operates like this. There is plenty of verification that Windows will not interfere with a custom firewall and has no backdoors around one (the way the network stack is built it really couldn't).
This is a non-issue.
You don't understand. You can design any kind of firewall (or any other addition you like) and sitkc it in the network stack. The APIs are well documented for doing so. You can even add your own protocols if you like.
So, you write your firewall, and then install and test it. Simple as that. Even if I was using an OSS OS, I'm not oging to trust a matter of national security (or even the security of my own computer) to hoping it's all working and nothing is interfering with it. I'll scan the thing with scanners like nmap, and sniff the packets it is passing. Only once I am convinced that it works right am I then confident.
I'm not sure when OSS gives peopel such a warm, fuzzy, feeling. As the famous C-compiler trojan proved, there is no way to be sure just because you have the source. You need to do some kind of external verification to REALLY make sure your system is secure. I don't trust my firewall for any reason other than that I have tested it, and confirmed it works.
P.S. Major enterprises, universities, government instutions, etc trust Cisco firewalls and their source is not open.
But I dont see how that self replicating program
in your link works.
I'll explain just the compiler half first, then the password half.
BACKDOOR CODE:
Scan source code while it gets compiled, if it looks you are compling a compiler then insert BACKDOOR CODE into the source. (You don't actually change the source file, you just read the source as if it was there.)
Now you take compiler source and put in the BACKDOOR CODE and compile it. You now have a compiler EXE with BACKDOOR CODE. Now take clean compiler code, make improvements and compile. The infected compiler invisibly inserts the backdoor into it and your clean source produces infected compiler EXE.
Now you can hand everyone the compiler EXE and the clean source without the backdoor. Even if they write a compiler from scratch it will still get infected if they use your compiler to compile it.
Now that we have a an invisible self perpetuating backdoor, we add a payload to it. Add in a another secotion to the BACKDOOR CODE: Scan to see if you are compiling LOGIN source, if so insert a backdoor root level password. Now any any version of Linux complied from perfectly clean source will have a backdoor root login, and an infected compiler.
It is extremely insidious. Everyone looks at the source and thinks everything is fine. The only way to detect the problem is to actually read through the EXE, and that's an extremely long, laborous, and error-prone process. You THINK you know what's in there already, so why would you do it? The only way to FIX the problem is to create a new compiler EXE BY HAND. That's an extremely long, laborous, and error-prone process as well.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Here's a rough translation of the article, by hand. Feel free to point out any mistakes, it was done too rapidly. Note that according to the article, the government has already made this request to MS.
Reading the article as a whole, I think the talk about firewalls is a polite smoke screen and that the Taiwanese, like the Mainlanders, are really concerned about backdoors and such.
Government Asks MS To Open Source Code
Lin Shuling reporting from Taipei
On the eve of MS's submission of its administrative reconciliation plan to the Fair Trade Committee, the chairman of the Administrative Research Committee Lin Jiacheng stated that in order to increase administrative security and loosen monopoly, the Government has already requested MS to release its source code. But he emphasized that there's no connection between this request and the FTC proceeding. Asking MS to release its source code and promoting development of open-source software are two linch pins of government policy.
Lin, head of e-government planning, said that in addition to Taiwan, many other countries have recently asked MS to open its source code and he believes that MS is now making a full appraisal of these requests, as it must given the wave of these requests.
Lin emphasized that as open-source programming gives users the opportunity to access source code, government users could take advantage of this access to build firewalls, and thus create relatively safe protection for government data. But looking at MS's operating system now, government agencies don't have the source code and thus can't themselves properly design a firewall and increase data protection.
Lin also stated that since MS's operating system is relatively widely used by the government, the failure of MS to make its source code available is particularly disadvantageous.
Regarding MS's previous "copyright protection" excuse for not making its source code available, Lin noted that source code can be opened on many different levels and opening the source code of the entire operating system is just one level, opening just a part is another level. He emphasized that in view of operating needs, "asking MS to open its source code is very reasonable."
Lin believes that since IBM, HP, Shengyang, and other MS competitors are now actively developing Linux-based operating systems, government cannot as a matter of policy rely solely on one vendor, MS. Given the importance of safe-keeping its data, the government must act to protect itself.
As a related official pointed out, when source code is open, the user can modify and improve it directly, and thus good and cheap and secure Linux has made inroads into become an operating system for large government systems worldwide, especially in military and intelligence fields. The US Pentagon, Air Force, FAA and other agencies are now using Linux.
Lin Jiacheng believes that from a policy standpoint "asking MS to open its source code" and "promoting open-source software" are hand-in-hand measures, and government data systems can't rely on a single supplier. The relevant organ of the Administrative Yuan has already established a Guiding Committee On Open-Source Software with the goal that by 2007 at least 30 percent of public and commercial internet servers will use open-source software and 10 percent of PCs will run on open-source platforms.
Source: Zhongshi Dianzi Bao 2002-11-10
Ummm... so the government of China says MS needs to open its source because it stops them from doing firewall stuff for Taiwan?
Taiwan is a separate country not owned by China, so what the hell does China have to say about anything? The headline should be CHINA asks MS to open its source. If the guy from China actually mentioned Taiwan, he was probably talking about how China has been itching to bomb the crap out of them and take it over for decades now.
Esperandi