Slashdot Mirror
China Prepares To Examine MS Windows Code
Stargoat writes "CNet reports that China is looking into MS's source code for Windows. They are looking both to increase security as well as perhaps create a Chinese version of Linux. Or are they perhaps concerned with rumors of deliberate holes left in the software for the NSA to exploit?" Here's an earlier Slashdot post about the Microsoft-China agreement.
And what do you base that on? When is the last time they have secretly snuck in anything to their software that did anything to track you, database you, categorize you, spy on you, download your personal records, view your documents, etc?
Well, the windows media player GUID comes to mind. And of course all the useless meta data in Word files which may not be entirely surrepticious, but it's inconvenient none the less. Windows update sent, then stopped, and now again sends way too much information back home (and is enabled by default), Internet Explorer hijacked miss-typed domain names years before verisign did, according to several EULA's (windows update again, hotmail) all your information are belong to Microsoft (would you know if they read your hotmail?). Then there's product activation and registration all collecting vast amounts of personal data for no good purpose, and of course the venerable Passport, which has had some "incidents" in the past. I'm sure I'm forgetting some things..
SCO employee? Check out the bounty
It is called Red Flag Linux and has been around for a couple of years.
Well, Deng Xiaoping isn't, unfortunately. He was the greatest leader of China since independence.
I spent seven years in China, from 1992 to 1999, on U.S. government orders. They have done more than a face-lift. They are not perfect, but they are doing a pretty good job of transitioning their country into modernity. I hope that someday a governmental model similar to ours will be applicable, but it just isn't right now.
Every country has its own peculiarities. A government system can not be super-imposed. That is what led the the failure of the first communist government in China. This new version, a more malleable one, is close to the right thing. And if you want to speak about what is best while considering the past, this is it.
They need to continue to evolve base on the market and not on some odd 5 or 10-year plans, but they are doing that.
What comes first, finding a teacher or becoming a student?
On a more serious note, I find this somewhat worrying given the allegations made by Taiwan about organized cyber attacks coming from the mainland. Whether this is being reciprocated or not, I can't help but get the feeling that this is akin to handing China the cyber equivalent of a fusion bomb to use against Taiwan. Who knows what other exploits are lurking in the Windows code waiting to be found by the Chinese hackers doing the code review?
Of course, they could always surprise us and give Microsoft a respectable advance notice to issue fixes before coming up with a zero day full disclosure bug report. I guess time will tell as to which way the outcome is going to lean, towards a blessing or a curse, but it's going to be an interesting time finding out. Looks like that Chinese proverb is right again!
UNIX? They're not even circumcised! Savages!
We should try not to forget that during the MS antitrust trial, MS VP for Windows Jim Allchin testified that it would be a threat to US national security for the code to Windows to be revealed:
A senior Microsoft Corp. executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed.
Now, they are showing this same code to the Chinese government? Has anyone asked them why this should be OK? Are they trying to endanger US interests with a fierce competitor? Or were they blatantly lying at the trial? And in either case, is anybody going to do anything about it?
You're talking about Ken Thompson's paper, "Reflections on Trusting Trust".
I don't believe this ever was a "famous hole in cc". Instead, Ken Thomspon merely pointed out that trust in the code you were compiling was not enough; you would have to trust the compiler as well, which inherently meant you had to trust the compiler compiling that compiler, and so on. Essentially the only compiler you could trust is one you wrote yourself in machine code, otherwise you can't be sure what its compiled, binary form contains.
Whether anyone ever acted on this potential exploit is up for further research, but for it to be effectively done in Open Source, it could only be executed on a per-machine basis. That is, they'd have to change the compiler on your machine, because if they put the exploit right in publically available source code, it wouldn't be too difficult to find it when the code was reviewed.
What I find interesting is that this is listed as a "Classic" article, and that page is dated 1995! This idea has been out for a while.
Karma: Chevy Kavalierma.
The USA has also had it's share of killing student protesters, most notably the Kent State massacre .
I suggest you cast out the mote from your own eye before pointing out the mote in your brother's.