Slashdot Mirror
China's Green Dam, No Longer Compulsory, May Have Lifted Code
LionMage writes "Much has been made previously of how China's Green Dam software must be installed on all new PCs in China, and of more recent revelations that the software may create exploitable security vulnerabilities or even provide the Chinese government with a ready-made botnet to use for potentially nefarious purposes. (One of those prior articles even discusses how Green Dam incorporates blacklists from CyberSitter.) Now the BBC is reporting that Solid Oak's CyberSitter software may have had more than just a compiled blacklist lifted from it. Solid Oak is claiming that actual pieces of their code somehow ended up in Green Dam. From PC Magazine's article: 'Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.'" Relatedly, reader Spurious Logic writes that Green Dam won't be mandatory after all, according to an unnamed official with China's Ministry of Industry and Information Technology.
What do you expect from China? High quality originality?
left who doesn't think that China will do anything and everything to steal, cheat, kill, lie to reach its goal of world domination?
No surprise.
now how am I going to build a cheap botnet?
If china PCs had been hammering my servers for updates to their plagiarized software, I'd have called the CIA to see what to slip in next update. Much more fun but oh so less publicity :/
"even makes calls back to Solid Oak's servers for updates.'
er... problem solved? Sell the bot net to raise money. A botnet the size of china would be pretty valuable. You could even use it for good--- turn it into a rosetta at home client!
Some drink at the fountain of knowledge. Others just gargle.
Oh China, you never change...
But oh man, it would have been so hilarious to see what happened to Solid Oak's update servers when the ENTIRE NATION of China hit them at once! I predict flames.
A Chinese software product --- with stolen code? Gasp!!!
Wow. Another story about how the Chinese are ripping off everybody else. Is this really even news anymore?
Now if they can just figure out a way to get those DLLs to display "The Chinese Government is Oppressing you. Remember the valiant souls who gave their lives trying to earn your freedom at Tienanmen Square!" on all the computer screens in China...
1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them.
2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code.
3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.
1 is certainly possible. 2 is truly frightening on a number of levels. 3 is just wrong and may be a violation of federal law. As they are a US company, contributing code to the development of a Chinese firewall product could be subject to the same verbiage as a US firewall, i.e something similar to:
Under U.S. law, the Software may not be downloaded or otherwise exported, reexported, or transferred to restricted countries, restricted end-users, or for restricted end-uses. The U.S. currently has embargo restrictions against Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria. The lists of restricted end-users are maintained on the U.S. Commerce Department's Denied Persons List, the Commerce Department's Entity List, the Commerce Department's List of Unverified Persons, and the U.S. Treasury Department's List of Specially Designated Nationals and Blocked Persons. In addition, the Software may not be downloaded or otherwise exported, reexported, or transferred to an end-user engaged in activities related to weapons of mass destruction.
and/or:
The Software available to download from this Site is commercial computer software as that term is described in 48 C.F.R. 252.227-7014(a)(1). If acquired by or on behalf of a civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal Acquisition Regulations ("FAR") and its successors. If acquired by or on behalf of any agency within the Department of Defense ("DOD"), the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 227.7202-3 of the DOD FAR Supplement ("DFAR") and its successors.
(Completely and totally plagarized from the ZoneAlarm legal page, http://www.zonealarm.com/security/en-us/legal.htm )
Armaments, 2-9-21 And Saint Attila raised the hand grenade up on high, saying, 'O Lord, bless this Thy hand grenade' N
Here's the best write-up I've seen on the absurdities of Green Dam Youth Escort. http://people.oii.ox.ac.uk/hanteng/2009/06/12/shanzhai-nature-inside-the-green-dam-youth-escort-software/ The adoption of this software has the following absurdities: 1. It simultaneously embodies paranoid totalitarianism (surveillance and internet access controls) and extreme incompetence (this opens a huge security hole everywhere it is installed, the folks at the NSA must be grinning). 2. It embodies an ethos both puritanical (blocking porn) and piratical (taking commercial and BSD software without attribution). Plus more I'm sure. It's my new favorite software.
China is in a cold war and is doing everything possible to control their population, while trying to destroy the west. And yes, the chinese gov has NO issues with stealing from the west.
A recent slashdot posting talked about how China had some of the best programmers in the world, you'd think they would be able to program something better than cybersitter let alone just copy some code.
Reminds me of when the KGB used to spend a huge chunk of their resources stealing American technology, then slavishly copying it to the tiniest detail, right down to the manufacturers' logos on the dies.
There's something about Communism that eats home-grown innovation alive. . . .
Regards;
I'm not really surprised by the censorship and monitoring things as they've been doing that all the time... but...
That piece of software, coming out from the central government itself - it's run by former engineers you know, is so stupid! If people can fly by being stupid then we don't need rockets! We just strap our astronauts to this guy, who is executing the plan, and everyone will get a ride to the moon for free! I can imagine false positives and false negatives aren't really big problems from the government's viewpoint. But... the censoring list is not encrypted?! Are you stupid? So basically you're telling everyone in China what sort of topics the government is afraid of and thus... get them to look for those things? pr0n isn't really a big problem actually but a kid having an unencrypted list of pr0n sites is still disturbing. Now kids in China don't need to look for pr0n from Baidu anymore, they just get the government-approved pr0n site list from this Green Dam CD and surf away!
Now foreign countries have found their code being by from this software... WTF? Where are the checks and balancing in place to make sure such obvious things would not happen? By obvious I mean whenever you contracted someone to write software in China, you should expect potential IP problems from their code because everyone copies code there! So you have this piece of software that you KNOW will surely be scrutinized closely by foreigners, and you also know there's a significant probability that your contractor would just nick the code from someone else... Then it doesn't take a rocket scientist to figure out you need to put some checks in place to prevent a potential foreign relation disaster, right?
Man, this is so stupid. Whoever responsible for implementing this plan must be smoking something good.
Now all they need to do is write the code to take down the "Great Fire Wall of China" and put it on auto update
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Is pretty hard to get new PC without the US Blue Dam software (so is almost a must), anywhere in the world by now. Seems that too the software (by not so recent revelations) may create exploitable security vulnerabilities, or even (according to some tinfoil hat users) provide the US government with a ready-made botnet to use.
But at least the chinese software name is less boring than "Windows".
"China...makes calls back to Solid Oak's servers for updates."
I think it's fairly obvious to most what is going on.
Political goon in China wanted to get brownie points for "protecting the children." He has connections with Jinhui. Jinhui is complete incompetent, but the boss there wanted the money... they took the money from the government. Hacked together some "filtering software." Assumed this would be like the "red flag linux" mandated software... eg, make it a law, but not actually enforce it to get political bronie points. Except in this case someone outside the loop, and probably much higher up in the party didn't know this was just an embezzlement scheme and actually tried to enforce its use.
CCP member and government official "Mister Wang" finds out about a party directive to more directly control internet surfing in one of the "secret" directives often issued by the government to the MII. So he calls his nephew, "Mister Lee," and tells him that if he has a software package that can meet the following requirements (secret list supplied), he will fast track approval for the software and split the revenue (silently, of course...through a foreign bank account). Because after some initial "trial period" the computer companies will be forced to purchase this software. Instant revenue stream. ka-ching (which means "fucking pay me, you laowai clod" in Mandarin)
Unfortunately, Mister Lee has no such software. So he hires some Chinese black hats to grab the code from something resembling the requirements from a foreign company. The foreign company will have zero recourse since Mister Wang is "connected" and the Chinese government tends to wink at this behavior anyway. Since Mister Wang is steamrolling the software through the government's maze of approvals, nobody even bothers to QC the code prior to mandating its use.
With the exception of the surnames, I'm reasonably sure that's EXACTLY how this clusterfuck was perpetrated.
All your code are belong to us. Set us up the firewall....
Are the Chinese still dependant on Windows???
They are owned by Microsoft at a very low level, and could have all kinds of implanted stuff from the NSA, etc.
hahahah all their computer are belong to US!!!!!
how can this be called stolen code?
The originators still have it.
And oddly nobody on slashdot is yet pointing this out (unlike what would have happened if a USian were accused of stealing Photoshop, for example.
Is this because it's China doing it?
You can opt out by being taken outside and shot.
Send your spendthrift head of state this
In China, "copyright" means right to copy.
It has been in the culture for thousands of years, and no one thinks it is wrong. For example, for thousands of years honoring the greatest artist and scholars meant training to copy their work exactly. Chinese just don't get the whole western copyright thing. Especially in a communist / socialist country where all property is officially property of the State. They might be right.
I worked at Chinese University. We had a guy that we called "Mr. Copy". He worked in the English department during the day making photo copies of exams and materials for teachers, audio tapes, whatever. At night he would setup his table in the main plaza and sell the latest pirated DVD movies for less than a $1, including all the screeners that had not been released in the States yet. There where hundreds if not thousands (e.g. 8-10 at the base of my apartment building alone) of these guys just around the one University I was at.
Living in Chile
from Solid Oak!
I'll wager that Bob Hayes of Media3 and Bennett Haselton of Peacefire will read this story and laugh their freaking balls off...
When the Chinese government announced that shipping a CD with the Green Dam software constituted compliance with the July 1st directive, that told me the government was implicitly agreeing that the software wouldn't be compulsory. I suspect we have to thank the PC manufacturers for this turn of events. It's a lot easier to throw a disk into the box. Parents might install Green Dam out of concern for their kids' browsing, but I can't imagine anyone who might be politically relevant would do so, especially if it's not illegal to operate a computer without it.
On the subject of infringement, what happens if it is demonstrable that Green Dam contains code stolen from Solid Oak? Can an American manufacturer, say Dell, continue to ship this product in China knowing that it infringes on the product of another American firm? Obviously Dell couldn't be sued in China, but could it be sued in the US?
I can evict you from my property.
The government *can* evict me from my property because they have an army.
However, that requires they DO something.
All China has to do is not recognise the copyright.
Rather like the US did for foreign works in the turn of the 19th century.
So real property is real rights. I can look after it myself.
Copyrights require that someone else do my protecting for me, since I'd NEVER know if someone was misappropriating my "IP" and I lose nothing over it that I can see if it is.
I can see if someone has been eating MY porridge.
PS about the "they use our DLL's", does it? or is this like saying since my 3D graphics game uses D3D I must have stolen it from Microsoft?
So I guess I'm right, this IS because it's China doing it...
Ripped off Edison's patents.
Simba/Zimba from Disney.
Harry Potter/Larry Potter (well Hollywood doesn't mind making money from someone else doing it either).
BT's US patent on hyperlinks (cf the FAT patent which is of the same quality and patentability).
And the 1900's when US recognise copyright from US authors not foreign ones and the 1800's when they didn't realise ANY copyrights.
Oh, and patents on engines from the UK given to them to help the war effort and then kept by the US for commercial exploitation, locking out the UK originators.
You can hardly point a finger, bub.
DMCA, PATRIOT and the KP laws.
Big things from the US.
All cover the same paranoia that you ascribe to China.
How close the two become...
Since when are we expecting honestly from the Chinese Government? I mean they tried to put on a show during the Olympics with fake buildings and the Great Firewall, they forced gymnasts birth certificates. This isn't surprising that they stole code. The only difference is this time they got caught. If the program is calling back to Solid Oak servers, why not tell the servers to send back malicious code to crash the program? It would be sweet sweet revenge for Solid Oak.
Just because you are wrong and I called you out on it doesn't mean I am a Troll.
What would the legal ramifications be for US-based computer manufacturers selling computers with stolen code included?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Wait, is that the (new) cultural parallel for reading Star Trek's Ferengi? Dunno who was the original model, but this sounds like it fits now!
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
So how about we have CyberSitter push an update to all PCs with an Chinese IP address that encrypts all the data and disables the computer. We'll send China the decryption keys if they forgive their share of the U.S. taxpayer's national debt (less than England and Japan on last count, but still significant). Either we get our money back for free or the Chinese people oust their undemocratic government for stupidity.
Wait, wait, that won't work. If we go around ousting governments for stupidity, we'll have anarchy here in the U.S. too.
Or at least not as much as a corporation, though less than an individual.
Look, I'm not liking it either, but this code isn't stolen, even if China HAS taken a copy of the code. Copyright infringement isn't theft.
But that isn't happening in this article, is it.
According to a copy of the writer's bible for TNG that I read once, the Ferengi were supposed to be modeled after Yankee Traders. Don't bother looking that up on Wikipedia, since the article there is about some stupid BBS turn-based game that loosely relates to the historical concept of a Yankee Trader, and borrows the term as its name. Yankee Traders were American merchants who, when the United States was still young, practiced a sort of wild and wooly capitalism which was characterized (or caricatured) by rapacious greed and dishonest dealings. "Swindler" is given as a synonym for "Yankee horse trader" by some older dictionaries.
Makes sense when you realize that the United States was a so-called "pirate nation" in its early years, with 14-year copyrights for us and no recognition of anyone else's copyrights -- we had a lot of books published here with no money going to their European authors.
sending two-girls-one-cup. That'll teach them.
ok sorry for the somewhat off topic reply, but I just had to ask about this one; when syndicated through Google Reader this story had a Scientology.org Flash ad embedded within it - are they really advertising on /. now?? :)
I'm pretty sure it's not Google doing it, since not all feeds have this kind of embedded ad.. (i.e. it's within the post itself, right below the "Read more of this story at Slashdot." link)
It may no longer be compulsory, but woe betide anyone caught without it!