Slashdot Mirror
Taiwan Asks Microsoft To Open Windows Source
Andy Tai writes "According to this China Times article (in Chinese), the Republic of China government has asked Microsoft to open Windows source code. The official, Lin Jua-Cheng, in charge of the 'e-government' initiative, says many other countries have also sent similar requests to Microsoft. Lin explains that without Windows source code, the government cannot add custom firewall functionalities to Windows based systems in wide use, and that is very bad for the information security of Taiwan. Microsoft refused to publicly release the source in the past using reasons of copyright protection, but Lin emphasizes this request is reasonable since it is based on (government users') necessity." Read on for a bit more, too. (Can anyone suggest an online Chinese English translation engine that produces other than gibberish?)
Andy continues "Lin points out that GNU/Linux systems, because of their freeness and high security (due to the availability of the source code, which can be modified to add firewalls and other security measures), have become widely used in government computer systems (especially in militaries and intelligence agencies) of many nations and the Pentagon, the FAA, and the air force of the U.S. Lin says the government cannot rely on a single vendor, and to promote the alternatives, the government has set up a 'Free (libre) Software Steering Committee' directing government efforts. The two aims of the ROC government's current software policy is making Windows source code openly available and the development of Free (libre) Software in Taiwan."
See here for more discussion.
Remember, folks. Taiwan is the Republic of China (ROC) and mainland China is the People's Republic of China (PRC).
This is dealing with the ROC, not the PRC. The PRC claims the ROC is a renegade province, the ROC is just sitting back with the US covering its ass waiting to be able to truly flip the PRC off.
My own pointless vanity vintage computing page
The Federal Ministry of the Interior in Austria is the first government body in Europe to be granted the source code for Windows XP under Microsoft's Shared Source Initiative
"More famously, there was a version of a very popular C compiler that would put in a back-door whenever it noticed itself compiling a common bit of Unix login code,"
Nope. This was a theoretical attack presented by Ken Thompson. It was never out in the wild, to the best of anyone's knowledge.
The point still remains that you can't trust code unless you can personally verify it at any level, because the moment you give any important code trust, the code can potentially use that as a way of subverting the entire system.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
Pretty entertaining reading...
Bruce
Bruce Perens.
You don't understand. You can design any kind of firewall (or any other addition you like) and sitkc it in the network stack. The APIs are well documented for doing so. You can even add your own protocols if you like.
So, you write your firewall, and then install and test it. Simple as that. Even if I was using an OSS OS, I'm not oging to trust a matter of national security (or even the security of my own computer) to hoping it's all working and nothing is interfering with it. I'll scan the thing with scanners like nmap, and sniff the packets it is passing. Only once I am convinced that it works right am I then confident.
I'm not sure when OSS gives peopel such a warm, fuzzy, feeling. As the famous C-compiler trojan proved, there is no way to be sure just because you have the source. You need to do some kind of external verification to REALLY make sure your system is secure. I don't trust my firewall for any reason other than that I have tested it, and confirmed it works.
P.S. Major enterprises, universities, government instutions, etc trust Cisco firewalls and their source is not open.