Slashdot Mirror

← Back to Stories (view on slashdot.org)

Taiwan Asks Microsoft To Open Windows Source

Posted by timothy on from the now-why-would-you-want-to-see-that dept.

Andy Tai writes "According to this China Times article (in Chinese), the Republic of China government has asked Microsoft to open Windows source code. The official, Lin Jua-Cheng, in charge of the 'e-government' initiative, says many other countries have also sent similar requests to Microsoft. Lin explains that without Windows source code, the government cannot add custom firewall functionalities to Windows based systems in wide use, and that is very bad for the information security of Taiwan. Microsoft refused to publicly release the source in the past using reasons of copyright protection, but Lin emphasizes this request is reasonable since it is based on (government users') necessity." Read on for a bit more, too. (Can anyone suggest an online Chinese English translation engine that produces other than gibberish?) Andy continues "Lin points out that GNU/Linux systems, because of their freeness and high security (due to the availability of the source code, which can be modified to add firewalls and other security measures), have become widely used in government computer systems (especially in militaries and intelligence agencies) of many nations and the Pentagon, the FAA, and the air force of the U.S. Lin says the government cannot rely on a single vendor, and to promote the alternatives, the government has set up a 'Free (libre) Software Steering Committee' directing government efforts. The two aims of the ROC government's current software policy is making Windows source code openly available and the development of Free (libre) Software in Taiwan."

17 of 456 comments (clear)

  1. don't beleive the hype... by bmajik · · Score: 5, Insightful

    I am highly dubious that the person quoted here is smart enough to write any kind of a firewall, much less a ruleset for linux or Windows. ... which is all secondary to the point i am going to make:

    In W2k and later, the entire network stack is completely pluggable. You can insert any layer you want to that sits between NDIS and a protocol driver, and you can create other layers as required. I'd be very surprised if they couldn't do everything required with windows exactly as it sits today.

    I think this is just making political noise, and not based on any shred of technical accuracy.

    --
    My opinions are my own, and do not necessarily represent those of my employer.
    1. Re:don't beleive the hype... by Spock+the+Vulcan · · Score: 5, Insightful

      Sure, you can insert whatever layer you want in the network stack, but the point here is, how can you trust the rest of the stack if you don't know what's in it? How can a government/organization/individual be sure that Microsoft didn't put in backdoors into their software?

    2. Re:don't beleive the hype... by 3-State+Bit · · Score: 5, Insightful

      so, you compile your compiler from source, right and build everything from scratch?

      wrong. you compile everything from source BY HAND.
      The first FORTRAN compiler was written in FORTRAN and compiled...by hand. Of course, without any optimizations. A very un-optimized and bulky and messy FORTRAN compiler now existed, and it was used to compile a clean version of itself from the source the reasearchers usd to create it. So you see, the first FORTRAN compiler was really a person. (This is taken from slashdot comments from awhile ago.)

      More famously, there was a version of a very popular C compiler that would put in a back-door whenever it noticed itself compiling a common bit of Unix login code, so that the author could use a certain password and get in on any system running a unix compiled with that compiler. More deviously, the author also made the compiler detect when it was compiling a version of itself and to add in the same code with which it itself was modified. (ie. 1, to change unix when it noticed it was compiling it, 2. to change a compiler, when it noticed it was compiling it, such that the changes make for a compiled compiler that both changed unix and detected/changed a version of itself, whenever it was asked to compile one.) In this way, the backhole remained through many versions of the comiler, since it did not appear in the source and could not be detected. Imagine if gcc 3.0 changed Linux every time it was compiling it, because it was compiled using gcc 2.x, which was compiled using gcc 1.x, which was changed in such a way as to change the gcc compiler, whenever it was compiling it.

      So changes can propagate through the executable compilers, from generation to generation, without appearing in the source. Unless you step through the compiler as it's compiling a version of unix (hairy stuff!) or of itself (even hairier!!), you'll never be any the wiser.

      Devious stuff!

    3. Re:don't beleive the hype... by SirSlud · · Score: 5, Interesting

      > You have to trust someone at some point.

      Of course, but you'll find people want to trust groups of people more than one person.

      If _everybody_ is using a compiler, you can trust it. (or trust that if there is a backdoor, _everybody_ has the backdoor, so you're still on a level playing field.)

      But not _everybody_ is using windows to install custom firewalls. The trust can't come from a wide community of users, so it has to come from examining the actual construction of the product itself.

      People don't trust a company nearly as much as they trust groups of people who should have already encountered the problems youre attempting to avoid should a problem in the product exist. Since that is impossible (or at least difficult) with respect to Windows as a custom firewall platform, because of the lower visibility of use and the lesser amount of people using it in this fasion, I'd realize I had no groups of users to trust and this I'd only trust the innards of the product once I could examine them myself.

      --
      "Old man yells at systemd"
  2. The obvious answer by bsharitt · · Score: 5, Funny

    I guess the obvious answer would be to use something other that Windows. I hear this Finnish kid is working on something.

  3. Lame by PtM2300 · · Score: 5, Interesting

    If you ask me, this request is quite lame. Microsoft has created a product, and the government of China can use it if they so desire. If they need it to create a firewall-type software package for their machines, why not ask Microsoft to create that instead? Something just seems overly fishy here. Besides, an external firewall would most likely provide better control and better performance for all users.

    1. Re:Lame by SirSlud · · Score: 5, Insightful

      > why not ask Microsoft to create that instead?

      You're right. And instead of the Army servicing their own F14s, the hoods should be locked shut, and they should outsource all their service and development to Kinkos. And police shouldn't be allowed to tamper with their bullet proof vests to confirm that there really is kevlar in them. They should just trust the company that made it for them.

      Am I the only person who understands that software companies build software .. this isn't like some magic voodoo cult. They're just building something. Why shouldn't I be able to actually confirm that what I bought is what I'm getting, and why shouldn't I be able to customize that product I just bought? Why the hell should I be forced into forking over more cash when I can just do the goddamn work myself.

      The gall people have. When folks bitch about the government wasting money, your proposal is the PERFECT example of wasting money. Why waste the money when you can do it in house? WHY, GOD, WHY?

      WHY do we support the abject protection of intellectual 'property' in order to keep the market functioning when that goal of protection can be used to tamper with market forces? Think about it; a market isn't just somewhere where you can get what you want. Its important that you have the option _not_ to be forced to go back into the market when you can just do the work yourself.

      --
      "Old man yells at systemd"
    2. Re:Lame by SirSlud · · Score: 5, Insightful

      > Why doesn't everybody write their own OS, server and client to do a shopping cart on the web?

      Because most people cant. Why doesn't everybody outsource the prodecure of putting the toilet lid down when they're done? Because they can.

      Point is: if you can do it (and there are fuckloads of cases where its cheaper to do something yourself), you shouldnt be forced to buy into the market. Thats not a free market, thats a free market youre not free to avoid when it makes you wealthier (one of the goals of healthy capitalism, no?)

      --
      "Old man yells at systemd"
  4. Some geopolitical education... by aussersterne · · Score: 5, Insightful

    For those going on about the Chinese spy plane incident, rampant mainland Chinese software piracy, etc...

    Taiwan is not China. Taiwan is a very urban, very modern nation which participates fairly in the world economy. Much of the technology used in America and throughout the world is manufactured in and imported from Taiwan. Though "officially" it is a Chinese province according to the US government, Taiwan and China have a very antagonistic relationship with one another -- Taiwan wants independence from China and is basically already fully independent in every way except in name. China considers Taiwan to be a 'rogue capitalist province' and the two governments hate one another (going back to the battles between the Chinese nationalists and communists early in the 20th century).

    In fact, the US (if I understand correctly) has a very unusual agreement with Taiwan to jump to their defense if they should ever be invaded by China, even though at the same time the US also officially supports the "one China policy."

    It is entirely possible that Taiwan wants to enhance its information security to protect itself from mainland China.

    --
    STOP . AMERICA . NOW
  5. How often does this happen? by mao+che+minh · · Score: 5, Insightful
    I want to know what other governments (as mentioned in the post) have submitted similar requests to Microsoft. I would imagine that this can't be an all too uncommon occurence when it comes to Microsoft. Afterall, this is a very legitimate concern for all governments (and it should also be a point of interest for all businesses that handle sensitive data).

    Microsoft products should never have been chosen for government implementation to begin with.

  6. Geography Lesson by Kamel+Jockey · · Score: 5, Insightful

    The posting refers to Taiwan, not mainland China. Taiwan, also known as the "Republic of China", is not the same country as China, also known as the "People's Republic of China". The former is a peaceful democracy, the latter is a belligerent, brutal totalitarian regime.

    --
    In case of fire, do not use elevator. Use water!
  7. Open Source? by KjetilK · · Score: 5, Funny
    If MS opens the source, will it be Open Source?

    What does this question mean for what we understand by "Open Source"?

    --
    Employee of Inrupt, Project Release Manager and Community Manager for Solid
  8. I think there's something under the surface here.. by airrage · · Score: 5, Insightful

    Honestly, I don't think the article is as straightforward as it seems. We must ask, why even ask that of Microsoft? I believe the answer is politics. Somehow, there is a struggle going on over there, dealing with which road to take technically. I think Microsoft is probably over there pitching and wooing as hard as it can, but Taiwan laid down the guantlet: open up or your out.

    I would also assume that Microsoft has its supporters in governemnt, and this official is simply trying to keep the argument on it's technical merits so as not to upset any politicos. It's framed in such a way, that it's essentially a state-security issue: if Microsoft doesn't open the code, then we are more open to [Chinese] hacking and snooping. Who can argue they're not in favor of a more secure state. Actually, very, very smart on this official's part. Played this way, it appears as though it's Microsoft's problem and not about any particular government official.

    There are probably many other culture differences that we cannot even begin to understand.

    --
    "This isn't a study in computer science, its a study in human behavior"
  9. Comment removed by account_deleted · · Score: 5, Insightful

    Comment removed based on user account deletion

  10. Trust me...Says the spider.... by Tungbo · · Score: 5, Insightful

    Look. You may not balance your checkbook every month. I know I don't. I DO trust that my bank will do the arithmetic correctly most of the time.

    However, would you like to get a bank statement that just list your beginning and ending balance?

    Not me and I doubt you would accept it too.
    While I don't check the arithmetic usually, the bank knows that I CAN CHECK it any time I want. Thus, they work to make sure that there're no problems.

    Similarly, knowing that the source code is visible makes the vendor think carefully about what to put in it in the first place. And that's worth a lot.

  11. Clouded minds... by Inoshiro · · Score: 5, Informative

    "More famously, there was a version of a very popular C compiler that would put in a back-door whenever it noticed itself compiling a common bit of Unix login code,"

    Nope. This was a theoretical attack presented by Ken Thompson. It was never out in the wild, to the best of anyone's knowledge.

    The point still remains that you can't trust code unless you can personally verify it at any level, because the moment you give any important code trust, the code can potentially use that as a way of subverting the entire system.

    --
    --
    Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
  12. Disclosed source code is not equal to Open Source by Bruce+Perens · · Score: 5, Informative
    MS might disclose its source code, as so-called "shared source". Shared source does not have the list of rights available for it that are included with Open Source. I think the request we are seeing is for MS to disclose its code, not for it to change its fundamental business model. There is a technical term for what is being asked for. It's called disclosed source code, not Open Source.

    Bruce

    --
    Bruce Perens.