Slashdot Mirror

← Back to Stories (view on slashdot.org)

Taiwan Asks Microsoft To Open Windows Source

Posted by timothy on from the now-why-would-you-want-to-see-that dept.

Andy Tai writes "According to this China Times article (in Chinese), the Republic of China government has asked Microsoft to open Windows source code. The official, Lin Jua-Cheng, in charge of the 'e-government' initiative, says many other countries have also sent similar requests to Microsoft. Lin explains that without Windows source code, the government cannot add custom firewall functionalities to Windows based systems in wide use, and that is very bad for the information security of Taiwan. Microsoft refused to publicly release the source in the past using reasons of copyright protection, but Lin emphasizes this request is reasonable since it is based on (government users') necessity." Read on for a bit more, too. (Can anyone suggest an online Chinese English translation engine that produces other than gibberish?) Andy continues "Lin points out that GNU/Linux systems, because of their freeness and high security (due to the availability of the source code, which can be modified to add firewalls and other security measures), have become widely used in government computer systems (especially in militaries and intelligence agencies) of many nations and the Pentagon, the FAA, and the air force of the U.S. Lin says the government cannot rely on a single vendor, and to promote the alternatives, the government has set up a 'Free (libre) Software Steering Committee' directing government efforts. The two aims of the ROC government's current software policy is making Windows source code openly available and the development of Free (libre) Software in Taiwan."

30 of 456 comments (clear)

  1. As much as we'd all like to see this... by Verteiron · · Score: 4, Insightful

    ... I think I'm going to have to say "fat chance". I don't believe that MS will reverse its stance on security-through-obscurity... not even at the request of a nation.

    --
    End of lesson. You may press the button.
    1. Re:As much as we'd all like to see this... by Micah · · Score: 4, Insightful

      Actually I think there's a reasonably possibility that Windows will eventually be open sourced, but ONLY IF it becomes apparent that Linux has a serious chance of taking over the desktop market (and I am personally 100% convinced that will happen; it's just a matter of how long it will take).

      Once that happens, Microsoft will pretty much HAVE to Open Source Windows to have a chance. Everyone will realize the benefits of OSS and they won't want to lock themselves into a proprietary platform.

      If/when Windows becomes OSS, I may or may not endorse using it. At that point I'll judge it vs. Linux technically.

  2. Also by Anonymous Coward · · Score: 4, Informative

    See here for more discussion.

  3. Uh...duh? by MikeyLove · · Score: 4, Funny

    It isn't surprising to me that Microsoft won't open the source. I've even asked them a few times, and they just won't budge!

    1. Re:Uh...duh? by bsharitt · · Score: 4, Funny

      I think they are releasing the source to their new operating system. Its just to bad that it won't be avalible for another year.

  4. don't beleive the hype... by bmajik · · Score: 5, Insightful

    I am highly dubious that the person quoted here is smart enough to write any kind of a firewall, much less a ruleset for linux or Windows. ... which is all secondary to the point i am going to make:

    In W2k and later, the entire network stack is completely pluggable. You can insert any layer you want to that sits between NDIS and a protocol driver, and you can create other layers as required. I'd be very surprised if they couldn't do everything required with windows exactly as it sits today.

    I think this is just making political noise, and not based on any shred of technical accuracy.

    --
    My opinions are my own, and do not necessarily represent those of my employer.
    1. Re:don't beleive the hype... by Spock+the+Vulcan · · Score: 5, Insightful

      Sure, you can insert whatever layer you want in the network stack, but the point here is, how can you trust the rest of the stack if you don't know what's in it? How can a government/organization/individual be sure that Microsoft didn't put in backdoors into their software?

    2. Re:don't beleive the hype... by 3-State+Bit · · Score: 5, Insightful

      so, you compile your compiler from source, right and build everything from scratch?

      wrong. you compile everything from source BY HAND.
      The first FORTRAN compiler was written in FORTRAN and compiled...by hand. Of course, without any optimizations. A very un-optimized and bulky and messy FORTRAN compiler now existed, and it was used to compile a clean version of itself from the source the reasearchers usd to create it. So you see, the first FORTRAN compiler was really a person. (This is taken from slashdot comments from awhile ago.)

      More famously, there was a version of a very popular C compiler that would put in a back-door whenever it noticed itself compiling a common bit of Unix login code, so that the author could use a certain password and get in on any system running a unix compiled with that compiler. More deviously, the author also made the compiler detect when it was compiling a version of itself and to add in the same code with which it itself was modified. (ie. 1, to change unix when it noticed it was compiling it, 2. to change a compiler, when it noticed it was compiling it, such that the changes make for a compiled compiler that both changed unix and detected/changed a version of itself, whenever it was asked to compile one.) In this way, the backhole remained through many versions of the comiler, since it did not appear in the source and could not be detected. Imagine if gcc 3.0 changed Linux every time it was compiling it, because it was compiled using gcc 2.x, which was compiled using gcc 1.x, which was changed in such a way as to change the gcc compiler, whenever it was compiling it.

      So changes can propagate through the executable compilers, from generation to generation, without appearing in the source. Unless you step through the compiler as it's compiling a version of unix (hairy stuff!) or of itself (even hairier!!), you'll never be any the wiser.

      Devious stuff!

    3. Re:don't beleive the hype... by SirSlud · · Score: 5, Interesting

      > You have to trust someone at some point.

      Of course, but you'll find people want to trust groups of people more than one person.

      If _everybody_ is using a compiler, you can trust it. (or trust that if there is a backdoor, _everybody_ has the backdoor, so you're still on a level playing field.)

      But not _everybody_ is using windows to install custom firewalls. The trust can't come from a wide community of users, so it has to come from examining the actual construction of the product itself.

      People don't trust a company nearly as much as they trust groups of people who should have already encountered the problems youre attempting to avoid should a problem in the product exist. Since that is impossible (or at least difficult) with respect to Windows as a custom firewall platform, because of the lower visibility of use and the lesser amount of people using it in this fasion, I'd realize I had no groups of users to trust and this I'd only trust the innards of the product once I could examine them myself.

      --
      "Old man yells at systemd"
    4. Re:don't beleive the hype... by Sycraft-fu · · Score: 4, Informative

      You don't understand. You can design any kind of firewall (or any other addition you like) and sitkc it in the network stack. The APIs are well documented for doing so. You can even add your own protocols if you like.

      So, you write your firewall, and then install and test it. Simple as that. Even if I was using an OSS OS, I'm not oging to trust a matter of national security (or even the security of my own computer) to hoping it's all working and nothing is interfering with it. I'll scan the thing with scanners like nmap, and sniff the packets it is passing. Only once I am convinced that it works right am I then confident.

      I'm not sure when OSS gives peopel such a warm, fuzzy, feeling. As the famous C-compiler trojan proved, there is no way to be sure just because you have the source. You need to do some kind of external verification to REALLY make sure your system is secure. I don't trust my firewall for any reason other than that I have tested it, and confirmed it works.

      P.S. Major enterprises, universities, government instutions, etc trust Cisco firewalls and their source is not open.

  5. The obvious answer by bsharitt · · Score: 5, Funny

    I guess the obvious answer would be to use something other that Windows. I hear this Finnish kid is working on something.

  6. Lame by PtM2300 · · Score: 5, Interesting

    If you ask me, this request is quite lame. Microsoft has created a product, and the government of China can use it if they so desire. If they need it to create a firewall-type software package for their machines, why not ask Microsoft to create that instead? Something just seems overly fishy here. Besides, an external firewall would most likely provide better control and better performance for all users.

    1. Re:Lame by SirSlud · · Score: 5, Insightful

      > why not ask Microsoft to create that instead?

      You're right. And instead of the Army servicing their own F14s, the hoods should be locked shut, and they should outsource all their service and development to Kinkos. And police shouldn't be allowed to tamper with their bullet proof vests to confirm that there really is kevlar in them. They should just trust the company that made it for them.

      Am I the only person who understands that software companies build software .. this isn't like some magic voodoo cult. They're just building something. Why shouldn't I be able to actually confirm that what I bought is what I'm getting, and why shouldn't I be able to customize that product I just bought? Why the hell should I be forced into forking over more cash when I can just do the goddamn work myself.

      The gall people have. When folks bitch about the government wasting money, your proposal is the PERFECT example of wasting money. Why waste the money when you can do it in house? WHY, GOD, WHY?

      WHY do we support the abject protection of intellectual 'property' in order to keep the market functioning when that goal of protection can be used to tamper with market forces? Think about it; a market isn't just somewhere where you can get what you want. Its important that you have the option _not_ to be forced to go back into the market when you can just do the work yourself.

      --
      "Old man yells at systemd"
    2. Re:Lame by SirSlud · · Score: 5, Insightful

      > Why doesn't everybody write their own OS, server and client to do a shopping cart on the web?

      Because most people cant. Why doesn't everybody outsource the prodecure of putting the toilet lid down when they're done? Because they can.

      Point is: if you can do it (and there are fuckloads of cases where its cheaper to do something yourself), you shouldnt be forced to buy into the market. Thats not a free market, thats a free market youre not free to avoid when it makes you wealthier (one of the goals of healthy capitalism, no?)

      --
      "Old man yells at systemd"
  7. Will this mean... by BeBoxer · · Score: 4, Insightful

    If Microsoft actually goes along with this, will it mean that I'll be able to buy a CD-ROM of the Windows source code for $0.99 or whatever on the streets of China? Probably. Which makes me think that Microsoft isn't ever going to go along with this.

  8. Some geopolitical education... by aussersterne · · Score: 5, Insightful

    For those going on about the Chinese spy plane incident, rampant mainland Chinese software piracy, etc...

    Taiwan is not China. Taiwan is a very urban, very modern nation which participates fairly in the world economy. Much of the technology used in America and throughout the world is manufactured in and imported from Taiwan. Though "officially" it is a Chinese province according to the US government, Taiwan and China have a very antagonistic relationship with one another -- Taiwan wants independence from China and is basically already fully independent in every way except in name. China considers Taiwan to be a 'rogue capitalist province' and the two governments hate one another (going back to the battles between the Chinese nationalists and communists early in the 20th century).

    In fact, the US (if I understand correctly) has a very unusual agreement with Taiwan to jump to their defense if they should ever be invaded by China, even though at the same time the US also officially supports the "one China policy."

    It is entirely possible that Taiwan wants to enhance its information security to protect itself from mainland China.

    --
    STOP . AMERICA . NOW
  9. How often does this happen? by mao+che+minh · · Score: 5, Insightful
    I want to know what other governments (as mentioned in the post) have submitted similar requests to Microsoft. I would imagine that this can't be an all too uncommon occurence when it comes to Microsoft. Afterall, this is a very legitimate concern for all governments (and it should also be a point of interest for all businesses that handle sensitive data).

    Microsoft products should never have been chosen for government implementation to begin with.

  10. Translation by tmark · · Score: 4, Funny

    (Can anyone suggest an online Chinese English translation engine that produces other than gibberish?)

    Here's a translation:

    - We would like Microsoft to open the source code for Windows.
    - We would also like the drug companies to develop a cure for cancer in the next year or so
    - It would be ideal if the Israelis and Palestinians could come to some sort of agreement
    - We propose that all record companies make their content available for free, so that all consumers who like the songs will send in a reasonable payment for each song, while consumers who don't like the song will delete it.

    All completely reasonable propositions !

  11. Geography Lesson by Kamel+Jockey · · Score: 5, Insightful

    The posting refers to Taiwan, not mainland China. Taiwan, also known as the "Republic of China", is not the same country as China, also known as the "People's Republic of China". The former is a peaceful democracy, the latter is a belligerent, brutal totalitarian regime.

    --
    In case of fire, do not use elevator. Use water!
  12. Quick China Note by TellarHK · · Score: 4, Informative

    Remember, folks. Taiwan is the Republic of China (ROC) and mainland China is the People's Republic of China (PRC).

    This is dealing with the ROC, not the PRC. The PRC claims the ROC is a renegade province, the ROC is just sitting back with the US covering its ass waiting to be able to truly flip the PRC off.

    --
    My own pointless vanity vintage computing page
  13. Open Source? by KjetilK · · Score: 5, Funny
    If MS opens the source, will it be Open Source?

    What does this question mean for what we understand by "Open Source"?

    --
    Employee of Inrupt, Project Release Manager and Community Manager for Solid
  14. I think there's something under the surface here.. by airrage · · Score: 5, Insightful

    Honestly, I don't think the article is as straightforward as it seems. We must ask, why even ask that of Microsoft? I believe the answer is politics. Somehow, there is a struggle going on over there, dealing with which road to take technically. I think Microsoft is probably over there pitching and wooing as hard as it can, but Taiwan laid down the guantlet: open up or your out.

    I would also assume that Microsoft has its supporters in governemnt, and this official is simply trying to keep the argument on it's technical merits so as not to upset any politicos. It's framed in such a way, that it's essentially a state-security issue: if Microsoft doesn't open the code, then we are more open to [Chinese] hacking and snooping. Who can argue they're not in favor of a more secure state. Actually, very, very smart on this official's part. Played this way, it appears as though it's Microsoft's problem and not about any particular government official.

    There are probably many other culture differences that we cannot even begin to understand.

    --
    "This isn't a study in computer science, its a study in human behavior"
  15. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  16. Austria got Windows Source last year by Carnage4Life · · Score: 4, Informative

    The Federal Ministry of the Interior in Austria is the first government body in Europe to be granted the source code for Windows XP under Microsoft's Shared Source Initiative

  17. This is ridiculous by scrytch · · Score: 4, Interesting

    This was a publicity stunt from someone who wanted to plug Linux. There are thousands of source licensees for Windows, and I wager the government of Taiwan is one of them. Maybe this person's particular firewall project didn't get a source license -- not to mention how it didn't need one, as MS's network stack is absolutely pluggable and documented in the SDK -- but this doesn't immediately translate into a mandate for MS to give the code away and satisfy one person who could easily vote with his feet and use FreeBSD+netgraph, OpenBSD+ipf, or Linux.

    --
    I've finally had it: until slashdot gets article moderation, I am not coming back.
  18. Trust me...Says the spider.... by Tungbo · · Score: 5, Insightful

    Look. You may not balance your checkbook every month. I know I don't. I DO trust that my bank will do the arithmetic correctly most of the time.

    However, would you like to get a bank statement that just list your beginning and ending balance?

    Not me and I doubt you would accept it too.
    While I don't check the arithmetic usually, the bank knows that I CAN CHECK it any time I want. Thus, they work to make sure that there're no problems.

    Similarly, knowing that the source code is visible makes the vendor think carefully about what to put in it in the first place. And that's worth a lot.

  19. Clouded minds... by Inoshiro · · Score: 5, Informative

    "More famously, there was a version of a very popular C compiler that would put in a back-door whenever it noticed itself compiling a common bit of Unix login code,"

    Nope. This was a theoretical attack presented by Ken Thompson. It was never out in the wild, to the best of anyone's knowledge.

    The point still remains that you can't trust code unless you can personally verify it at any level, because the moment you give any important code trust, the code can potentially use that as a way of subverting the entire system.

    --
    --
    Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
  20. Forced? I don't see a gun at your head. by Inoshiro · · Score: 4, Interesting

    "Why the hell should I be forced into forking over more cash when I can just do the goddamn work myself."

    This breaks your entire rant right there. If you were getting more value for doing the work yourself, you would've already chosen that path. By saying that the money spent is a smaller cost than the personal time needed to master the concepts and develop the software, you are making an economic decision. The type that drives forward the economy. Why eat out when you can cook at home? Why buy carrots from a store when you can grow them yourself?

    You have to specialize at some point, otherwise you'll end up being a person who is ok or decent at many menial tasks, while not really enjoying the benefits modern society has to offer. If you're whinning about how expensive something is when you can do it yourself, you're only trying to distract us from the fact that you haven't done it yourself! Actions do speak louder than whines.

    Before you whine about trust, you should understand the economic underpinnings of these decisions. Since software is digital, the cost is all in the creation phase. You should tell your government to look in to escrow software development. Have a fixed dollar value attached to projects + the condition that it be GPLed upon release, then drum up the funding for it. Some company wanting to make money will invest time in it to reap the money returns, and the government gets software that it can again set contracts on ("we now need to to collate documents. We'll give $4,000 to anyone who gives us this feature").

    You could take the alternate route that customers enter in to a limited-trust scenario. Complete access to source code, provided they do not provide it to anyone else. This lets clients pick over everything, while keeping the accountability that would allow a traditional software company to continue to sell the software + support to other people until the escrow method becomes more popular.

    If today's software companies were to just give away everything as you state, they'd die. When you develop some great algorithm that suites a problem, you've done the work. When someone else comes along and copies it, you have no way of recouping the cost of the work because the copy cost is 0. Without some sort of escrowed payment system and trusted-client relationship for these innovations, software development would mostly grind to a halt.

    --
    --
    Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
  21. C compiler backdoor reference... by Karpe · · Score: 4, Informative
    ...can be found here.

    Pretty entertaining reading...

  22. Disclosed source code is not equal to Open Source by Bruce+Perens · · Score: 5, Informative
    MS might disclose its source code, as so-called "shared source". Shared source does not have the list of rights available for it that are included with Open Source. I think the request we are seeing is for MS to disclose its code, not for it to change its fundamental business model. There is a technical term for what is being asked for. It's called disclosed source code, not Open Source.

    Bruce

    --
    Bruce Perens.