Slashdot Mirror

← Back to Stories (view on slashdot.org)

Taiwan Asks Microsoft To Open Windows Source

Posted by timothy on from the now-why-would-you-want-to-see-that dept.

Andy Tai writes "According to this China Times article (in Chinese), the Republic of China government has asked Microsoft to open Windows source code. The official, Lin Jua-Cheng, in charge of the 'e-government' initiative, says many other countries have also sent similar requests to Microsoft. Lin explains that without Windows source code, the government cannot add custom firewall functionalities to Windows based systems in wide use, and that is very bad for the information security of Taiwan. Microsoft refused to publicly release the source in the past using reasons of copyright protection, but Lin emphasizes this request is reasonable since it is based on (government users') necessity." Read on for a bit more, too. (Can anyone suggest an online Chinese English translation engine that produces other than gibberish?) Andy continues "Lin points out that GNU/Linux systems, because of their freeness and high security (due to the availability of the source code, which can be modified to add firewalls and other security measures), have become widely used in government computer systems (especially in militaries and intelligence agencies) of many nations and the Pentagon, the FAA, and the air force of the U.S. Lin says the government cannot rely on a single vendor, and to promote the alternatives, the government has set up a 'Free (libre) Software Steering Committee' directing government efforts. The two aims of the ROC government's current software policy is making Windows source code openly available and the development of Free (libre) Software in Taiwan."

14 of 456 comments (clear)

  1. Also by Anonymous Coward · · Score: 4, Informative

    See here for more discussion.

  2. Quick China Note by TellarHK · · Score: 4, Informative

    Remember, folks. Taiwan is the Republic of China (ROC) and mainland China is the People's Republic of China (PRC).

    This is dealing with the ROC, not the PRC. The PRC claims the ROC is a renegade province, the ROC is just sitting back with the US covering its ass waiting to be able to truly flip the PRC off.

    --
    My own pointless vanity vintage computing page
  3. ignorance abounds by teh*fink · · Score: 3, Informative

    ok, that's not funny; it's just stupid.

    the spy plane crashed on the chinese island of hainan, which is nowhere near taiwan (relatively speaking). secondly, taiwan is not china, and vice versa. that's like mixing up the us and mexico. big difference, people will get insulted on either side if you fail to see the distinction.

    --
    "I DARE you to make less sense!"
  4. Austria got Windows Source last year by Carnage4Life · · Score: 4, Informative

    The Federal Ministry of the Interior in Austria is the first government body in Europe to be granted the source code for Windows XP under Microsoft's Shared Source Initiative

  5. Re:don't beleive the hype... by Twirlip+of+the+Mists · · Score: 3, Informative

    (This is taken from slashdot comments from awhile ago.)

    So it must be true, right? ;-)

    (Relax, I'm kidding. I don't doubt what you're saying. Your citation, however, cracked me up.)

    More famously, there was a version of a very popular C compiler

    "Reflections on Trusting Trust," Communications of the ACM, August '84. Read it here.

    --

    I write in my journal
  6. Clouded minds... by Inoshiro · · Score: 5, Informative

    "More famously, there was a version of a very popular C compiler that would put in a back-door whenever it noticed itself compiling a common bit of Unix login code,"

    Nope. This was a theoretical attack presented by Ken Thompson. It was never out in the wild, to the best of anyone's knowledge.

    The point still remains that you can't trust code unless you can personally verify it at any level, because the moment you give any important code trust, the code can potentially use that as a way of subverting the entire system.

    --
    --
    Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
  7. Re:Remember Tawian dosent like linux by aussersterne · · Score: 3, Informative

    You're right, except for the reference to communism. Just because China claims to be 'communist' doesn't mean that they are.

    By very nature, 'communism' cannot exist alongside 'dictatorship' because the two are anathema to each other. The US is a much more communist state than China is (the US has many and powerful unions, the DeLeonist perspective, while in China unions are either nonexistent or impotent).

    But you're right, the Chinese government is not helpful to its citizenry at all.

    --
    STOP . AMERICA . NOW
  8. C compiler backdoor reference... by Karpe · · Score: 4, Informative
    ...can be found here.

    Pretty entertaining reading...

  9. Disclosed source code is not equal to Open Source by Bruce+Perens · · Score: 5, Informative
    MS might disclose its source code, as so-called "shared source". Shared source does not have the list of rights available for it that are included with Open Source. I think the request we are seeing is for MS to disclose its code, not for it to change its fundamental business model. There is a technical term for what is being asked for. It's called disclosed source code, not Open Source.

    Bruce

    --
    Bruce Perens.
  10. Re:don't beleive the hype... by Hayzeus · · Score: 3, Informative
    You're correct -- this is total bullshit. In fact, I think NDIS intermediate drivers have been around for longer than win2k.

    Having said that, they're a pain in the ass to write. There's quite a dearth of information on this type of driver, which means you have to rely a lot on MS sample code -- never a good thing IMHO. I'm not sure how having the source would remedy that, though.

    There's also some kind of IP stack hook independent of MS made specifically for this type of thing. Last I checked, though, it could only be hooked by a single caller.

    --

    Roving Web-Teleoperated Robot
  11. Re:don't beleive the hype... by Sycraft-fu · · Score: 3, Informative

    Uhhhh, you speak for yourself. I, the people I work with, and many, many others DO use a custom firewall in Windows. My personal choice is Tiny Personal Firewall. It installs itself in the Windows network layer as the orignal poster said. From watching traffic with sniffers and scanning it with things like nmap it is easy to confirm that it indeed is doing its job. Only trafic as per its rules gets passed.

    Tiny Software is not affiliated with MS and the product is theirs alone. Also, they aren't the only ones that have a firewall that operates like this. There is plenty of verification that Windows will not interfere with a custom firewall and has no backdoors around one (the way the network stack is built it really couldn't).

    This is a non-issue.

  12. Re:don't beleive the hype... by Sycraft-fu · · Score: 4, Informative

    You don't understand. You can design any kind of firewall (or any other addition you like) and sitkc it in the network stack. The APIs are well documented for doing so. You can even add your own protocols if you like.

    So, you write your firewall, and then install and test it. Simple as that. Even if I was using an OSS OS, I'm not oging to trust a matter of national security (or even the security of my own computer) to hoping it's all working and nothing is interfering with it. I'll scan the thing with scanners like nmap, and sniff the packets it is passing. Only once I am convinced that it works right am I then confident.

    I'm not sure when OSS gives peopel such a warm, fuzzy, feeling. As the famous C-compiler trojan proved, there is no way to be sure just because you have the source. You need to do some kind of external verification to REALLY make sure your system is secure. I don't trust my firewall for any reason other than that I have tested it, and confirmed it works.

    P.S. Major enterprises, universities, government instutions, etc trust Cisco firewalls and their source is not open.

  13. Re:don't beleive the hype... by Alsee · · Score: 3, Informative

    But I dont see how that self replicating program
    in your link works.

    I'll explain just the compiler half first, then the password half.

    BACKDOOR CODE:
    Scan source code while it gets compiled, if it looks you are compling a compiler then insert BACKDOOR CODE into the source. (You don't actually change the source file, you just read the source as if it was there.)

    Now you take compiler source and put in the BACKDOOR CODE and compile it. You now have a compiler EXE with BACKDOOR CODE. Now take clean compiler code, make improvements and compile. The infected compiler invisibly inserts the backdoor into it and your clean source produces infected compiler EXE.

    Now you can hand everyone the compiler EXE and the clean source without the backdoor. Even if they write a compiler from scratch it will still get infected if they use your compiler to compile it.

    Now that we have a an invisible self perpetuating backdoor, we add a payload to it. Add in a another secotion to the BACKDOOR CODE: Scan to see if you are compiling LOGIN source, if so insert a backdoor root level password. Now any any version of Linux complied from perfectly clean source will have a backdoor root login, and an infected compiler.

    It is extremely insidious. Everyone looks at the source and thinks everything is fine. The only way to detect the problem is to actually read through the EXE, and that's an extremely long, laborous, and error-prone process. You THINK you know what's in there already, so why would you do it? The only way to FIX the problem is to create a new compiler EXE BY HAND. That's an extremely long, laborous, and error-prone process as well.

    -

    --
    - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  14. Do you guys know nothing about the world? by Esperandi · · Score: 3, Informative

    Ummm... so the government of China says MS needs to open its source because it stops them from doing firewall stuff for Taiwan?

    Taiwan is a separate country not owned by China, so what the hell does China have to say about anything? The headline should be CHINA asks MS to open its source. If the guy from China actually mentioned Taiwan, he was probably talking about how China has been itching to bomb the crap out of them and take it over for decades now.

    Esperandi