Slashdot Mirror

← Back to Stories (view on slashdot.org)

China Prepares To Examine MS Windows Code

Posted by timothy on from the and-yours-too-if-you'd-like dept.

Stargoat writes "CNet reports that China is looking into MS's source code for Windows. They are looking both to increase security as well as perhaps create a Chinese version of Linux. Or are they perhaps concerned with rumors of deliberate holes left in the software for the NSA to exploit?" Here's an earlier Slashdot post about the Microsoft-China agreement.

2 of 468 comments (clear)

  1. Re:Would You Trust a Chinese OS? by dalutong · · Score: 4, Informative

    Well, Deng Xiaoping isn't, unfortunately. He was the greatest leader of China since independence.

    I spent seven years in China, from 1992 to 1999, on U.S. government orders. They have done more than a face-lift. They are not perfect, but they are doing a pretty good job of transitioning their country into modernity. I hope that someday a governmental model similar to ours will be applicable, but it just isn't right now.

    Every country has its own peculiarities. A government system can not be super-imposed. That is what led the the failure of the first communist government in China. This new version, a more malleable one, is close to the right thing. And if you want to speak about what is best while considering the past, this is it.

    They need to continue to evolve base on the market and not on some odd 5 or 10-year plans, but they are doing that.

    --

    What comes first, finding a teacher or becoming a student?
  2. Re:Whats the use? by greenhide · · Score: 4, Informative

    You're talking about Ken Thompson's paper, "Reflections on Trusting Trust".

    I don't believe this ever was a "famous hole in cc". Instead, Ken Thomspon merely pointed out that trust in the code you were compiling was not enough; you would have to trust the compiler as well, which inherently meant you had to trust the compiler compiling that compiler, and so on. Essentially the only compiler you could trust is one you wrote yourself in machine code, otherwise you can't be sure what its compiled, binary form contains.

    Whether anyone ever acted on this potential exploit is up for further research, but for it to be effectively done in Open Source, it could only be executed on a per-machine basis. That is, they'd have to change the compiler on your machine, because if they put the exploit right in publically available source code, it wouldn't be too difficult to find it when the code was reviewed.

    What I find interesting is that this is listed as a "Classic" article, and that page is dated 1995! This idea has been out for a while.

    --
    Karma: Chevy Kavalierma.