Slashdot Mirror
China Prepares To Examine MS Windows Code
Stargoat writes "CNet reports that China is looking into MS's source code for Windows. They are looking both to increase security as well as perhaps create a Chinese version of Linux. Or are they perhaps concerned with rumors of deliberate holes left in the software for the NSA to exploit?" Here's an earlier Slashdot post about the Microsoft-China agreement.
Well, Deng Xiaoping isn't, unfortunately. He was the greatest leader of China since independence.
I spent seven years in China, from 1992 to 1999, on U.S. government orders. They have done more than a face-lift. They are not perfect, but they are doing a pretty good job of transitioning their country into modernity. I hope that someday a governmental model similar to ours will be applicable, but it just isn't right now.
Every country has its own peculiarities. A government system can not be super-imposed. That is what led the the failure of the first communist government in China. This new version, a more malleable one, is close to the right thing. And if you want to speak about what is best while considering the past, this is it.
They need to continue to evolve base on the market and not on some odd 5 or 10-year plans, but they are doing that.
What comes first, finding a teacher or becoming a student?
On a more serious note, I find this somewhat worrying given the allegations made by Taiwan about organized cyber attacks coming from the mainland. Whether this is being reciprocated or not, I can't help but get the feeling that this is akin to handing China the cyber equivalent of a fusion bomb to use against Taiwan. Who knows what other exploits are lurking in the Windows code waiting to be found by the Chinese hackers doing the code review?
Of course, they could always surprise us and give Microsoft a respectable advance notice to issue fixes before coming up with a zero day full disclosure bug report. I guess time will tell as to which way the outcome is going to lean, towards a blessing or a curse, but it's going to be an interesting time finding out. Looks like that Chinese proverb is right again!
UNIX? They're not even circumcised! Savages!
You're talking about Ken Thompson's paper, "Reflections on Trusting Trust".
I don't believe this ever was a "famous hole in cc". Instead, Ken Thomspon merely pointed out that trust in the code you were compiling was not enough; you would have to trust the compiler as well, which inherently meant you had to trust the compiler compiling that compiler, and so on. Essentially the only compiler you could trust is one you wrote yourself in machine code, otherwise you can't be sure what its compiled, binary form contains.
Whether anyone ever acted on this potential exploit is up for further research, but for it to be effectively done in Open Source, it could only be executed on a per-machine basis. That is, they'd have to change the compiler on your machine, because if they put the exploit right in publically available source code, it wouldn't be too difficult to find it when the code was reviewed.
What I find interesting is that this is listed as a "Classic" article, and that page is dated 1995! This idea has been out for a while.
Karma: Chevy Kavalierma.
The USA has also had it's share of killing student protesters, most notably the Kent State massacre .
I suggest you cast out the mote from your own eye before pointing out the mote in your brother's.