Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Opens Source to China

Posted by ryuzaki0 on from the not-part-of-the-axis-of-evil dept.

angst7 writes "ZDNet is reporting that Microsoft has signed an agreement which would allow the Chinese government access to Windows source code. This is part of an effort to curb the shift toward Linux in China due to that country's concerns regarding the security of closed source software." Reader NZheretic points out that less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.

42 of 480 comments (clear)

  1. That's shares source with China, by lightspawn · · Score: 4, Informative

    not opens source to China.

    1. Re:That's shares source with China, by mikehoskins · · Score: 5, Insightful
      Am I the only one who notices something?

      M$ lies (under oath) about security problems with OpenSource, due to its "open" nature.

      M$ has FAR more security problems than OpenSource.

      Countries (often those who hack into M$ computers) want the source opened, or else, so M$ complies....

      M$ won't open their source to the public, who needs knowledge and a defense against those attacks.

      Ergo, M$ opens the source to the wrong people, instead of the right ones. This is the difference between the "black hats" and the "white hats."

      OpenSource realizes that BOTH can see their source, so the "white hats" patch the holes in anticipation of problems. M$ does not....

  2. So Microsoft is by nick-less · · Score: 5, Funny

    just using its own form of open source - you just need to yell "Hey were going to use Linux!" and you get the source ;-)

  3. So now the Chinese have it!!! by inburito · · Score: 4, Funny

    And this hurts the US National Security?!? WTF!?!

    1. Re:So now the Chinese have it!!! by zoward · · Score: 4, Funny

      It sure can. How many times have you seen the phrase "Hacked by Chinese" scrawled across a US website? I saw my company's website thus defaced. US relations with China have not been all that cordial of late...

      --
      "Can't you see that everyone is buying station wagons?"
    2. Re:So now the Chinese have it!!! by mmol_6453 · · Score: 4, Funny

      One wonders if it's treason.

      If it is, who gets the axe?

      --
      What's this Submit thingy do?
    3. Re:So now the Chinese have it!!! by Aumaden · · Score: 5, Funny
      If our national security depends on Windows, the battle is already lost.

      --Aumaden

    4. Re:So now the Chinese have it!!! by Mr.+Slippery · · Score: 4, Insightful
      One wonders if it's treason.

      Either treason or perjury has occured. Long-hair Linux hipies would go to jail for such action, but bribe^H^H^H^H^Hcampain fund producers like MS will not suffer at all. Welcome to America...

      --
      Tom Swiss | the infamous tms | my blog
      You cannot wash away blood with blood
  4. Damage national security, eh? by maverickbna · · Score: 5, Funny

    Well, it looks like terrorists are gonna be the first to see the source... :/

    --
    You are great player! Present you with points!
    1. Re:Damage national security, eh? by matt4077 · · Score: 4, Funny

      Nope, terrorists wrote it in the first place.

      --
      Fleur de Sel
  5. What good does this do by overshoot · · Score: 5, Insightful

    if the Chinese can't recreate the shipping binaries from the source that MS shows them? The last time the question came up (the Caldera suit) Microsoft finally had to admit that even they couldn't reproduce the distribution binaries from source.

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
    1. Re:What good does this do by ajs · · Score: 4, Interesting

      You missed the original poster's point. He was asking what happens if China gets the source, but cannot verify that the binaries that they were given (e.g. the shrink-wrapped version) is based on this source-code or something else (e.g. this with some special calls to MSNSAWeakenSSLKeySpace(true)).

      Ultimately, if China cannot reproduce the binaries from the source, they will probably have to dismiss this as a marketting stunt.

  6. Yes, but.... by SomeOtherGuy · · Score: 5, Insightful

    can they type: ../configure;make windows;make install?

    If not -- then how do they know that the code they are looking at is the same version that goes into the build on their desktops?

    --
    (+1 Funny) only if I laugh out loud.
    1. Re:Yes, but.... by binner1 · · Score: 5, Funny

      Actually, you just click the build button with the little white arrow. Typing is archaic.

      -Ben

  7. Do they really think it will stay secure? by Rooked_One · · Score: 5, Insightful
    I mean really????? Doom3 was supposed to be under lock and key, but yet i'll bet 90% of the people reading this have it on their hard drive right now.



    Just curiously... if all the linux users care about is open source, wouldn't the functionality of windows compared to linux IN SOME ASPECTS cause a flux of *nix users to use windows if they could fiddle with it as they liked? I mean besides server issues, windows is the way to go if your computer is really just a PC.

  8. That IS a little creepy by G27+Radio · · Score: 5, Insightful


    When he swore under oath that opening the source for Windows would be a threat to national security, I completely agreed. The number of security holes in Windows with the source remaining closed was bad enough. Now China gets to see the source, and we don't? Wouldn't that put them at an advantage over US companies that can't audit the code for security holes?

  9. Treason? by mmol_6453 · · Score: 5, Funny

    What's the corporate punishment for treason?

    --
    What's this Submit thingy do?
    1. Re:Treason? by G27+Radio · · Score: 5, Funny

      What's the corporate punishment for treason?

      It's probably a huge fine amounting to about .01% of Microsoft's daily income.

    2. Re:Treason? by timeOday · · Score: 5, Funny

      Corporations can be punished? The whole point of forming one is so you can't be touched.

  10. Worst job ever. by hafree · · Score: 5, Funny

    Sorting through gigabytes of Microsoft legacy code that was written under the pretense that nobody would ever see it. Now there's a scary thought. I'd hate to be the guy with THAT job...

    1. Re:Worst job ever. by msouth · · Score: 4, Funny

      Well, that's probably why China wants it.

      "Look, you bring up Tianamen Square ONE MORE TIME and you'll be reading the code for kernel32.dll the rest of your life!"

      --
      Liberty uber alles.
  11. Microsoft policy... by $$$$$exyGal · · Score: 4, Informative
    Here is Microsoft's new policy in regards to sharing their source with governments.

    --sex

    --
    Very popular slashdot journal for adul
  12. Purjury by BWJones · · Score: 5, Interesting

    less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.

    So, does this open the door for a purjury investigation? I would think that a number of companies would look upon this with great interest.

    --
    Visit Jonesblog and say hello.
    1. Re:Purjury by kbielefe · · Score: 5, Interesting

      "Damaging to national security" is almost the exact phrasing used to describe a piece of data that is required to be classified. If the government really felt that it could be damaging, the windows source code would be classified, all MS employees that had access to it would require a security clearance, and there would be a host of other requirements to protect it from being disclosed. Since that hasn't happened, I don't think anyone really took that claim seriously.

      --
      This space intentionally left blank.
  13. ha! by DarkHelmet · · Score: 5, Funny
    Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.

    This must be a covert attempt from Microsoft to destroy China by weakening its national security!

    --
    /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
  14. Great! by warpSpeed · · Score: 5, Funny
    How long until we can get a CD of the source on a street corner in Hong Kong?

  15. Uh? by m4g02 · · Score: 5, Insightful

    I cant wait to put my hands on that baby, i know, is an ugly one but would be very intersting to look the sources. This make me wonder, with all the security issues that Windows has isnt a bit dangerous to give the source to only one country who could find several bugs and holes by looking at the codes?, isnt it scary?, say bye-bye to Windows on sensitive servers.

    --
    Sigs are for morons... Wait a minute...
  16. An oh-so-typical I-hate-M$ post by bobKali · · Score: 5, Funny

    So the US government needs to either arrest Jim Allchin for perjury or Bill Gates for treason.

  17. Re:Which crime is being committed? by bobKali · · Score: 5, Funny

    I think what he MEANT to say was that compiling the Windows operating system source code could damage national security.

  18. Cynic's view by Crispy+Critters · · Score: 5, Interesting
    Someone will tell me if I am way off base, but...

    Trade secrets: Beyond a doubt there are piles of things in the source code that could be considered trade secrets. One way to protect trade secrets is to make certain that they are widely available but not legally available. In the cynic's view (i.e. mine) M$ wants the code to be leaked by China.

    If the code is illegally leaked, it is very easy for M$ to accuse other products (future Linux apps?) of using illegally acquired trade secrets. How can the authors, living in countries around the world, prove that none of them have ever seen illegally leaked material?

    Based on what I have read about the development of the clone of the IBM BIOS, it appears that the burden of proof de facto lies on the defendant to show that they are not using trade secrets illegally.

    This may give M$ a very big gun to point at any colloboratively developed code that they don't care for.

    1. Re:Cynic's view by mugnyte · · Score: 4, Insightful

      That would assume microsoft has anything novel in their software to begin with. Their "value-added" pieces are simply specialized (read:bundled) versions of already commoditized software.

      You think anyone really wants to slop through IE code to replace the Opera rendering engine? The original request to make competing companies on par with the MS development. So for example, if you simply cannot get the performance you want out of your TCP/IP stack, you wade through MS's to find their undocumented kernel calls. Or, it lets you learn how to hook your own WM into the system instead of the Explorer WM, but only after you finish trying their published methods. It's on a case-by-case basis, and its certainly harder to read than their documentation, no matter how sparse.

      The only thing I'd want to know about their code is examples of published APIs. Even then, I've not run into too many problems in the latest platforms. Microsoft is not an big innovator IMO, they simply tightly integrate their ever-growing OS functions for personal computer "simplicity of management".

      mug

  19. What's good for Microsoft ... by watchful.babbler · · Score: 5, Interesting
    "What's good for America, is good for General Motors, and vice versa."

    - GM President Charlie Wilson, 1953

    Although I've always felt that "cyberwar" scenarios were rather overblown attempts at giving backroom geeks frontline roles, the military certainly takes it seriously; one well-received military paper a few years ago warned that America's IT defenses were on a par with the ability of Task Force Smith (whose ignominious retreat from Korean forces showed how woefully unprepared America was for the Korean conflict).

    As we know, China has been touted as the first great cyberwar enemy; allegedly, China does have a "hacker brigade" tasked with disrupting American networks and computer systems in times of war, to rectify the strategic imbalance between the two nations. Now, Microsoft plans to open to a strategic rival of the U.S. the internal code that will power the Navy's upcoming CVN-77 aircraft carrier, plus other "smart ships."

    This raises an interesting question for the Administration: although, as Vann H. Van Diepen (Director of the Office of Chemical, Biological, and Missile Nonproliferation) told Congress, export controls to China are not enforced in "areas where the technology is widely available as commodity items ... such as low-level computers," the source code to a mission-critical operating system used by military C4 systems is certainly not a "commodity item," nor is it "widely available." Will the White House put national security over Microsoft's profits? Les Kinsolving, call your office!

    --
    "Freedom is kind of a hobby with me, and I have disposable income that I'll spend to find out how to get people more."
  20. Future News by iamdrscience · · Score: 5, Funny

    "All warez copies of Windows actually fake versions distributed by the Chinese"

    "Microsoft Source Code leaked world-wide"

    "Microsoft discontinues entire software division and focuses full force on their Mouse and Keyboard division"

  21. Not even sharing, just showing really by thelexx · · Score: 4, Insightful

    From an Infoworld article on the subject:

    "Governments signing up to the security program will be able to build systems that offer the high levels of security required for national security, Microsoft has said. However, government users will not be allowed to make modifications to the code or compile the source code into Windows programs themselves, according to Microsoft."

    Yeah, real 'open'.

    --
    "Gold still represents the ultimate form of payment in the world." - Alan Greenspan, 1999
    1. Re:Not even sharing, just showing really by Steveftoth · · Score: 4, Insightful

      The point I think the original poster was pointing to was that if China cannot build the binaries themselves, then there is no point to being able to look at the source code.

      MS can give them all the source code they want. They just have to 'leave out' the part that is the security risk. Which seems to be the point of this whole deal.

      It only takes a few lines of code to inject a nasty spy bug/flaw into the system. And if China can't even build their own binaries, then MS can insert many flaws into the OS they give to them.

    2. Re:Not even sharing, just showing really by palme999 · · Score: 5, Interesting

      My question is, what happens if they violate this agreement? I mean what could MS possibly do the Chinese government is they (China) decides to modify, redistribute, or simply publish it? Are they (MS) gonna file lawsuits, pursuade the US to go after them, what? An American corp has essentually zero scare power when it comes to a foreign nation.

    3. Re:Not even sharing, just showing really by unoengborg · · Score: 5, Insightful

      If they can't compile it into running windows programs, how can they be sure that the programs on their windows CDs are built from the code that they have looked at?

      --
      God is REAL! Unless explicitly declared INTEGER
  22. Re:And it was so hard for them to make viruses bef by Zeinfeld · · Score: 5, Interesting
    Modded as "interesting"? I'm sure more viruses have come out the USA than China.

    Actually some versions of code red did have code to detect the language that a site's web pages were in and trashed the site if it wasn't in Chineese. Then a few days after this was discovered a second verison of the same worm appeared which did the opposite. Code Red hit at the time that the US spy plane was forced down in China.

    There are plenty of examples of politically motivated hacking, the Palestinians and Israelis have been having an ongoing proxy war for some time. However almost all the events appear to be the work of independent agents working on their own rather than being coordinated cyber-warfare.

    The only example of state sponsored cyberwarfare I am aware of is the attacks on Usenet by Hasan B-) Mutlu and Serdar Argic who roboposted thousands of anti-armenian propaganda messages. Mutlu and Argic were both pseudonyms used by an officer of thr turkish intelligence service which was concerned that reports on the Turkish massacre of Armenians during world war I were circulating on Usenet and damaging the image of Turkey abroad at a time when the post USSR CIS was fragmenting into racial warfare. So they roboposted claims of a bogus masacre of turks by armenians repeatedly in order to drown out and discredit the genuine claims that the turks massacred the armenians.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
  23. Interesting but... by Eric+Damron · · Score: 4, Interesting

    I understand that China is not allowed to compile the program. That being the case how can they be sure that they have the complete source.

    The only way that I can see a government feeling warm and fuzzy about this would be if they were allowed to examine all 500 million lines of code and to compile it themselves and distribute that.

    Even doing this they will have to do the same thing to every update and every proprietary piece of software that they run on government computers.

    I think that Linux is still the way to go for China.

    --
    The race isn't always to the swift... but that's the way to bet!
  24. ah, but you see by g4dget · · Score: 4, Funny
    Disclosing the source code to the US government hurts national security, disclosing the source code to the Chinese government improves it.

    You see, being exposed to Windows source code gives programmers a killer headache, and after having seen it, they'll never be able to write a secure piece of code themselves.

  25. Re:NSA Linux by Chazmati · · Score: 4, Informative

    OK, before I get flamed, yes I see in the FAQ:

    Security-enhanced Linux is only a research prototype that is intended to demonstrate mandatory controls in a modern operating system like Linux and thus is very unlikely to meet any interesting definition of secure system.

    and

    Security-enhanced Linux is not part of any currently approved version of Linux and has no special or additional approval for government use over any other version of Linux.

    So maybe NSA Linux isn't the answer, the NSA thing just seemed obvious since we're talking about government use. However, it almost sounds like they might have an approved version of Linux available. Wonder if they're experimenting with that...

  26. This won't help them detect intentional back doors by David+Leppik · · Score: 5, Informative

    While I can see how this will help China discover unintentional backdoors, this won't help them against intentional backdoors.



    There was an old hack which Ken Thompson used to give himself access to all Unix systems, as a proof-of-concept of why you shouldn't trust source code. He didn't modify the Unix source code. Nor did he modify the C compiler used to generate the Unix binaries. He modified the C compiler used to compile the C compiler. Full source code access wouldn't help you see the exploit.



    Details are at
    http://www.wbglinks.net/pages/reads/hacksexplain ed /thompson.html.

    China doesn't have the rights to compile the source code they get. Even if they do (and I'm sure they will, if it's of any use to them) they won't be able to verify that the code is free of intentional backdoors-- because presumably it requires M$'s compiler. Even if they get access to the compiler source code (and I don't think they do) they can't verify that it doesn't have a back door.



    If I were China I'd be afraid that the US government has hidden an exploit in Windows. That may seem paranoid, but security folks are supposed to be a little paranoid. I wouldn't trust Windows, source code or not.



    Come to think of it, I wouldn't trust the American-designed processor, BIOS, disk controllers, RAM, keyboard controller, chip design tools, etc.