Slashdot Mirror
Microsoft Opens Source to China
angst7 writes "ZDNet is reporting that Microsoft has signed an agreement which would allow the Chinese government access to Windows source code. This is part of an effort to curb the shift toward Linux in China due to that country's concerns regarding the security of closed source software." Reader NZheretic points out that less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.
just using its own form of open source - you just need to yell "Hey were going to use Linux!" and you get the source ;-)
Well, it looks like terrorists are gonna be the first to see the source... :/
You are great player! Present you with points!
if the Chinese can't recreate the shipping binaries from the source that MS shows them? The last time the question came up (the Caldera suit) Microsoft finally had to admit that even they couldn't reproduce the distribution binaries from source.
Lacking <sarcasm> tags,
can they type: ../configure;make windows;make install?
If not -- then how do they know that the code they are looking at is the same version that goes into the build on their desktops?
(+1 Funny) only if I laugh out loud.
Just curiously... if all the linux users care about is open source, wouldn't the functionality of windows compared to linux IN SOME ASPECTS cause a flux of *nix users to use windows if they could fiddle with it as they liked? I mean besides server issues, windows is the way to go if your computer is really just a PC.
When he swore under oath that opening the source for Windows would be a threat to national security, I completely agreed. The number of security holes in Windows with the source remaining closed was bad enough. Now China gets to see the source, and we don't? Wouldn't that put them at an advantage over US companies that can't audit the code for security holes?
What's the corporate punishment for treason?
What's this Submit thingy do?
Sorting through gigabytes of Microsoft legacy code that was written under the pretense that nobody would ever see it. Now there's a scary thought. I'd hate to be the guy with THAT job...
less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.
So, does this open the door for a purjury investigation? I would think that a number of companies would look upon this with great interest.
Visit Jonesblog and say hello.
This must be a covert attempt from Microsoft to destroy China by weakening its national security!
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
I cant wait to put my hands on that baby, i know, is an ugly one but would be very intersting to look the sources. This make me wonder, with all the security issues that Windows has isnt a bit dangerous to give the source to only one country who could find several bugs and holes by looking at the codes?, isnt it scary?, say bye-bye to Windows on sensitive servers.
Sigs are for morons... Wait a minute...
So the US government needs to either arrest Jim Allchin for perjury or Bill Gates for treason.
--Aumaden
I think what he MEANT to say was that compiling the Windows operating system source code could damage national security.
Trade secrets: Beyond a doubt there are piles of things in the source code that could be considered trade secrets. One way to protect trade secrets is to make certain that they are widely available but not legally available. In the cynic's view (i.e. mine) M$ wants the code to be leaked by China.
If the code is illegally leaked, it is very easy for M$ to accuse other products (future Linux apps?) of using illegally acquired trade secrets. How can the authors, living in countries around the world, prove that none of them have ever seen illegally leaked material?
Based on what I have read about the development of the clone of the IBM BIOS, it appears that the burden of proof de facto lies on the defendant to show that they are not using trade secrets illegally.
This may give M$ a very big gun to point at any colloboratively developed code that they don't care for.
Although I've always felt that "cyberwar" scenarios were rather overblown attempts at giving backroom geeks frontline roles, the military certainly takes it seriously; one well-received military paper a few years ago warned that America's IT defenses were on a par with the ability of Task Force Smith (whose ignominious retreat from Korean forces showed how woefully unprepared America was for the Korean conflict).
As we know, China has been touted as the first great cyberwar enemy; allegedly, China does have a "hacker brigade" tasked with disrupting American networks and computer systems in times of war, to rectify the strategic imbalance between the two nations. Now, Microsoft plans to open to a strategic rival of the U.S. the internal code that will power the Navy's upcoming CVN-77 aircraft carrier, plus other "smart ships."
This raises an interesting question for the Administration: although, as Vann H. Van Diepen (Director of the Office of Chemical, Biological, and Missile Nonproliferation) told Congress, export controls to China are not enforced in "areas where the technology is widely available as commodity items ... such as low-level computers," the source code to a mission-critical operating system used by military C4 systems is certainly not a "commodity item," nor is it "widely available." Will the White House put national security over Microsoft's profits? Les Kinsolving, call your office!
"Freedom is kind of a hobby with me, and I have disposable income that I'll spend to find out how to get people more."
"All warez copies of Windows actually fake versions distributed by the Chinese"
"Microsoft Source Code leaked world-wide"
"Microsoft discontinues entire software division and focuses full force on their Mouse and Keyboard division"
Actually some versions of code red did have code to detect the language that a site's web pages were in and trashed the site if it wasn't in Chineese. Then a few days after this was discovered a second verison of the same worm appeared which did the opposite. Code Red hit at the time that the US spy plane was forced down in China.
There are plenty of examples of politically motivated hacking, the Palestinians and Israelis have been having an ongoing proxy war for some time. However almost all the events appear to be the work of independent agents working on their own rather than being coordinated cyber-warfare.
The only example of state sponsored cyberwarfare I am aware of is the attacks on Usenet by Hasan B-) Mutlu and Serdar Argic who roboposted thousands of anti-armenian propaganda messages. Mutlu and Argic were both pseudonyms used by an officer of thr turkish intelligence service which was concerned that reports on the Turkish massacre of Armenians during world war I were circulating on Usenet and damaging the image of Turkey abroad at a time when the post USSR CIS was fragmenting into racial warfare. So they roboposted claims of a bogus masacre of turks by armenians repeatedly in order to drown out and discredit the genuine claims that the turks massacred the armenians.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
My question is, what happens if they violate this agreement? I mean what could MS possibly do the Chinese government is they (China) decides to modify, redistribute, or simply publish it? Are they (MS) gonna file lawsuits, pursuade the US to go after them, what? An American corp has essentually zero scare power when it comes to a foreign nation.
If they can't compile it into running windows programs, how can they be sure that the programs on their windows CDs are built from the code that they have looked at?
God is REAL! Unless explicitly declared INTEGER
M$ lies (under oath) about security problems with OpenSource, due to its "open" nature.
M$ has FAR more security problems than OpenSource.
Countries (often those who hack into M$ computers) want the source opened, or else, so M$ complies....
M$ won't open their source to the public, who needs knowledge and a defense against those attacks.
Ergo, M$ opens the source to the wrong people, instead of the right ones. This is the difference between the "black hats" and the "white hats."
OpenSource realizes that BOTH can see their source, so the "white hats" patch the holes in anticipation of problems. M$ does not....
While I can see how this will help China discover unintentional backdoors, this won't help them against intentional backdoors.
There was an old hack which Ken Thompson used to give himself access to all Unix systems, as a proof-of-concept of why you shouldn't trust source code. He didn't modify the Unix source code. Nor did he modify the C compiler used to generate the Unix binaries. He modified the C compiler used to compile the C compiler. Full source code access wouldn't help you see the exploit.
Details are atn ed /thompson.html.
http://www.wbglinks.net/pages/reads/hacksexplai
China doesn't have the rights to compile the source code they get. Even if they do (and I'm sure they will, if it's of any use to them) they won't be able to verify that the code is free of intentional backdoors-- because presumably it requires M$'s compiler. Even if they get access to the compiler source code (and I don't think they do) they can't verify that it doesn't have a back door.
If I were China I'd be afraid that the US government has hidden an exploit in Windows. That may seem paranoid, but security folks are supposed to be a little paranoid. I wouldn't trust Windows, source code or not.
Come to think of it, I wouldn't trust the American-designed processor, BIOS, disk controllers, RAM, keyboard controller, chip design tools, etc.