Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Microsoft Opens Source to China 482

angst7 writes "ZDNet is reporting that Microsoft has signed an agreement which would allow the Chinese government access to Windows source code. This is part of an effort to curb the shift toward Linux in China due to that country's concerns regarding the security of closed source software." Reader NZheretic points out that less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.
This discussion has been archived. No new comments can be posted.

Microsoft Opens Source to China

Comments Filter:
  • by lightspawn ( 155347 ) on Friday February 28, 2003 @03:17PM (#5408184) Homepage
    not opens source to China.
    • by thelexx ( 237096 ) on Friday February 28, 2003 @03:50PM (#5408581)
      From an Infoworld article [] on the subject:

      "Governments signing up to the security program will be able to build systems that offer the high levels of security required for national security, Microsoft has said. However, government users will not be allowed to make modifications to the code or compile the source code into Windows programs themselves, according to Microsoft."

      Yeah, real 'open'.

      • by palme999 ( 82528 ) on Friday February 28, 2003 @05:25PM (#5409406)
        My question is, what happens if they violate this agreement? I mean what could MS possibly do the Chinese government is they (China) decides to modify, redistribute, or simply publish it? Are they (MS) gonna file lawsuits, pursuade the US to go after them, what? An American corp has essentually zero scare power when it comes to a foreign nation.
      • by unoengborg ( 209251 ) on Friday February 28, 2003 @05:35PM (#5409475) Homepage
        If they can't compile it into running windows programs, how can they be sure that the programs on their windows CDs are built from the code that they have looked at?

      • by tconnors ( 91126 ) on Friday February 28, 2003 @11:20PM (#5411287) Homepage Journal
        From an Infoworld article [] on the subject:

        "Governments signing up to the security program will be able to build systems that offer the high levels of security required for national security, Microsoft has said. However, government users will not be allowed to make modifications to the code or compile the source code into Windows programs themselves, according to Microsoft."

        Yeah, real 'open'.

        Hmmm - So MS took their windows source, compiled it, modified the code to remove the backdoors, and sent it to China. To ensure that China aren't then going to modify the source, they make sure the source is not buildable - Have in the agreement that they don't give China some important part of the building process.

        So China search through the code, find no backdoors (because they have been removed), but runs the original version of the code with the backdoors still in it, because they are not able to build fresh sources.

        Seems like a good deal to me.
    • by KjetilK ( 186133 ) <kjetil.kjernsmo@net> on Friday February 28, 2003 @04:21PM (#5408883) Homepage Journal
      When /. editors are prone to making this mistake, why do people pretend it is going to be possible to explain this to Joe Average or PHBs?

      I've said it before, we're about to discover that "open source" was a mistake, the battle of the words is important, and we should give it a lot more thought.

      I realize that "Free Software" is not much better, but for those of use speaking Real Languages[tm], which is making the distinction between beer and speech clear, abandoning "Open Source" is, I think, a good idea.

    • by mikehoskins ( 177074 ) on Friday February 28, 2003 @05:54PM (#5409614)
      Am I the only one who notices something?

      M$ lies (under oath) about security problems with OpenSource, due to its "open" nature.

      M$ has FAR more security problems than OpenSource.

      Countries (often those who hack into M$ computers) want the source opened, or else, so M$ complies....

      M$ won't open their source to the public, who needs knowledge and a defense against those attacks.

      Ergo, M$ opens the source to the wrong people, instead of the right ones. This is the difference between the "black hats" and the "white hats."

      OpenSource realizes that BOTH can see their source, so the "white hats" patch the holes in anticipation of problems. M$ does not....

    • You have a lot of faith in Chinese respect for international intellectual property laws. I give it 6 months before it's leaked.

      I personally think this is hilarious. I spit coffee all over when I read it on this morning It's hard to ask to be taken seriously when your proprietary flagship software product is so shoddy and untrustworthy that you have to share the source to get foreign countries to trust it (and compete with other open source projects).


  • by nick-less ( 307628 ) on Friday February 28, 2003 @03:17PM (#5408194)
    just using its own form of open source - you just need to yell "Hey were going to use Linux!" and you get the source ;-)
  • by inburito ( 89603 ) on Friday February 28, 2003 @03:17PM (#5408195)
    And this hurts the US National Security?!? WTF!?!
  • by maverickbna ( 578984 ) <> on Friday February 28, 2003 @03:18PM (#5408197) Homepage
    Well, it looks like terrorists are gonna be the first to see the source... :/
  • by Big_Breaker ( 190457 ) on Friday February 28, 2003 @03:18PM (#5408203)
    Now that China has the source code we can look forward to some really nasty ones.
  • I wouldn't want it (Score:3, Insightful)

    by Adam Booth ( 628536 ) on Friday February 28, 2003 @03:19PM (#5408222) Homepage
    I have heard people discuss this and say something like "Oh boy, I wonder if the code will be leaked and we can be free to modify windows! Yaaaay!" Not. Who would want to modify windows? I mean, you can make workarounds for problems that exist already without having source. If you want a fully modifiable OS, why don't you just go with Linux?
    • I look forward to further security disclosures rather than modifications. If a problem can be found, analyzed, documented, reported, and (after an appropriate time) released, then we may see even more fixes on the way.

      Between Moscow and Beijing, I imagine that money in the right places could see the code compromised.
  • by overshoot ( 39700 ) on Friday February 28, 2003 @03:19PM (#5408223)
    if the Chinese can't recreate the shipping binaries from the source that MS shows them? The last time the question came up (the Caldera suit) Microsoft finally had to admit that even they couldn't reproduce the distribution binaries from source.
    • What good does it do?

      Read the article summary. They're worried about security issues, e.g. Government spyware, that old, wonderful conspiracy theory. Remember that variable nsa_key? =P

      Microsoft is just trying to compete with Linux. It can half-way adopt some of Linux's practices (shared source) and combine that with Microsoft's reputation and necessity (office, etc.) to keep themselves in the market.

      MS doesn't need to go all the way to stay on top.

      Yours truly,
      A Linux Fan
      • by ajs ( 35943 ) <> on Friday February 28, 2003 @03:42PM (#5408492) Homepage Journal
        You missed the original poster's point. He was asking what happens if China gets the source, but cannot verify that the binaries that they were given (e.g. the shrink-wrapped version) is based on this source-code or something else (e.g. this with some special calls to MSNSAWeakenSSLKeySpace(true)).

        Ultimately, if China cannot reproduce the binaries from the source, they will probably have to dismiss this as a marketting stunt.
  • Yes, but.... (Score:5, Insightful)

    by SomeOtherGuy ( 179082 ) on Friday February 28, 2003 @03:19PM (#5408224) Journal
    can they type: ../configure;make windows;make install?

    If not -- then how do they know that the code they are looking at is the same version that goes into the build on their desktops?
  • by Rooked_One ( 591287 ) on Friday February 28, 2003 @03:19PM (#5408228) Journal
    I mean really????? Doom3 was supposed to be under lock and key, but yet i'll bet 90% of the people reading this have it on their hard drive right now.

    Just curiously... if all the linux users care about is open source, wouldn't the functionality of windows compared to linux IN SOME ASPECTS cause a flux of *nix users to use windows if they could fiddle with it as they liked? I mean besides server issues, windows is the way to go if your computer is really just a PC.

    • I'm not sure what circles you travel in, but not everyone is a pirate.

      As far as your comments about Linux users go, that's rediculous. We use Linux because it's more stable, versatile, customizable, etc. Not "just" because it's open-source. Every time I'm forced to use an MS-Windows machine, I'm disgusted and infuriated by how limiting it is... you're only allowed to do what MS says you should want to do.

      If you've never used Unix (enough to understand the concepts beneath it), you shouldn't criticize it or it's users.
    • Just curiously... if all the linux users care about is open source, wouldn't the functionality of windows compared to linux IN SOME ASPECTS cause a flux of *nix users to use windows if they could fiddle with it as they liked? I mean besides server issues, windows is the way to go if your computer is really just a PC.

      Before that would happen, Windows would have to be:

      a) Free software and

      b) No longer controlled by Microsoft.

      That simply isn't going to happen, ever. Microsoft have no incentive to let go of Windows, and until that happens Linux will be as important as it always was, not because it's more stable or tweakable or whatever, but because it's owned by everybody.

  • by G27 Radio ( 78394 ) on Friday February 28, 2003 @03:20PM (#5408233)

    When he swore under oath that opening the source for Windows would be a threat to national security, I completely agreed. The number of security holes in Windows with the source remaining closed was bad enough. Now China gets to see the source, and we don't? Wouldn't that put them at an advantage over US companies that can't audit the code for security holes?
  • Treason? (Score:5, Funny)

    by mmol_6453 ( 231450 ) <> on Friday February 28, 2003 @03:20PM (#5408234) Homepage Journal
    What's the corporate punishment for treason?
  • by hafree ( 307412 ) on Friday February 28, 2003 @03:20PM (#5408235) Homepage
    Sorting through gigabytes of Microsoft legacy code that was written under the pretense that nobody would ever see it. Now there's a scary thought. I'd hate to be the guy with THAT job...
    • by msouth ( 10321 ) on Friday February 28, 2003 @03:36PM (#5408428) Homepage Journal
      Well, that's probably why China wants it.

      "Look, you bring up Tianamen Square ONE MORE TIME and you'll be reading the code for kernel32.dll the rest of your life!"
    • Best job ever (Score:2, Interesting)

      Sorting through 50 million lines of code, finding hundreds of thousands of vulnerabilities to exploit in windows, and thereby becoming the predominant information-warfare player, at least in terms of potential mass disruption, on the planet.

      Someone in China is smiling sagely over this one.
  • Microsoft policy... (Score:5, Informative)

    by $$$$$exyGal ( 638164 ) on Friday February 28, 2003 @03:20PM (#5408242) Homepage Journal
    Here is Microsoft's new policy [] in regards to sharing their source with governments.

    --sex []

  • Purjury (Score:5, Interesting)

    by BWJones ( 18351 ) on Friday February 28, 2003 @03:21PM (#5408243) Homepage Journal
    less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.

    So, does this open the door for a purjury investigation? I would think that a number of companies would look upon this with great interest.
    • Ack!! That's what I get for not previewing. Perjury is the correct spelling.

    • Re:Purjury (Score:3, Insightful)

      by MarvinMouse ( 323641 )
      Actually, I'd be more worried about a treason investigation. If releasing the code actually does damage to national security, and they don't have the blessing of the state (so to speak), then considering the relations of China and US as of late. This would be a very serious concern.
    • Re:Purjury (Score:5, Interesting)

      by kbielefe ( 606566 ) <karl.bielefeldt+ ... com minus threev> on Friday February 28, 2003 @03:58PM (#5408662)
      "Damaging to national security" is almost the exact phrasing used to describe a piece of data that is required to be classified. If the government really felt that it could be damaging, the windows source code would be classified, all MS employees that had access to it would require a security clearance, and there would be a host of other requirements to protect it from being disclosed. Since that hasn't happened, I don't think anyone really took that claim seriously.
  • Not a big deal (Score:3, Informative)

    by quintessent ( 197518 ) <my usr name on toofgiB [tod] moc> on Friday February 28, 2003 @03:21PM (#5408245) Journal
    Many, many countries already have access to the Windows source, not to mention many businesses and universities.
  • Windows operating system source code could damage national security.

    Well, I'm sure they won't open *that* part of the code.... (*cough* *cough* secret backdoors *cough* *cough*)

  • MSFT would say something like this...

    I think China as a whole follows more rules than the loose nuts in the universities and companies in the US.

    They will swear under oath too.

  • ha! (Score:5, Funny)

    by DarkHelmet ( 120004 ) <> on Friday February 28, 2003 @03:21PM (#5408251) Homepage
    Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.

    This must be a covert attempt from Microsoft to destroy China by weakening its national security!

  • Great! (Score:5, Funny)

    by warpSpeed ( 67927 ) <> on Friday February 28, 2003 @03:21PM (#5408256) Homepage Journal
    How long until we can get a CD of the source on a street corner in Hong Kong?

  • Don't worry (Score:3, Insightful)

    by sevensharpnine ( 231974 ) on Friday February 28, 2003 @03:21PM (#5408257)
    ...Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.

    No, it would compromise security if the vagrant open-source developers saw the Win32 source code. China, on the other hand, certainly isn't a threat.

    Just replace "national security" with "microsoft security", and things make sense.

  • by Frobnicator ( 565869 ) on Friday February 28, 2003 @03:22PM (#5408264) Journal
    Microsoft releases the OS source to lots of groups. What's surprising is the reason they're doing it, not the fact that they are doing it.

    They often releases it to schools with various NDA's, as well as businesses under various agreements, but that's usually for educational or development reasons.

    The deal with China seems to be a combination of PR and sales, rather than education and development.


  • So either the source is "open" or "closed"?

    Microsoft would never think of a no-charge license for *some* of the source with a non-disclosure agreement, and keep the national-security sensitive stuff to themselves?
  • Uh? (Score:5, Insightful)

    by m4g02 ( 541882 ) on Friday February 28, 2003 @03:24PM (#5408294)
    I cant wait to put my hands on that baby, i know, is an ugly one but would be very intersting to look the sources. This make me wonder, with all the security issues that Windows has isnt a bit dangerous to give the source to only one country who could find several bugs and holes by looking at the codes?, isnt it scary?, say bye-bye to Windows on sensitive servers.
  • by bobKali ( 240342 ) on Friday February 28, 2003 @03:25PM (#5408303) Homepage
    So the US government needs to either arrest Jim Allchin for perjury or Bill Gates for treason.
  • So which is it, Microsoft? Treason, or perjury (or both)? (Yes, Microsoft bashing is fun, you should try it some time)
  • by jbr439 ( 214107 ) on Friday February 28, 2003 @03:26PM (#5408314)
    Unless the ability to compile the source and run the resulting binaries is there, this is a meaningless gesture as there is absolutely no way of knowing whether a given version of the OS matches up with the allegedly corresponding source.
  • by Otter ( 3800 ) on Friday February 28, 2003 @03:27PM (#5408321) Journal
    Of course, if backdoors are the concern, just looking at source Microsoft provides you doesn't mean the binary you're using isn't compromised.

    I wonder if China and other governments will be tobuilding their own binaries and install CD's...?

  • by Anonymous Coward
    1. Turn over source code to foreign governments hostile to the United States.
    2. Compromise National Security.
    3. ???
    4. Profit!
  • It could damage national security and they've licensed it to China and Russia, but not the US? MS must be living in a really strong reality distortion field ....
    • The US already has a president to take care of endangering National Security.. and not just that of the US. Let China and Russia have M$ to endanger theirs. Over there the DMCA circumvents YOU.. or something like that..

      Ok.. forget this post already!
    • Contrary to your assertion, many people outside of MS do have access to MS source. "Open Source" is not the only way to see source. China will probably sign an NDA just like the US corporations and universities do, and presumably the US government. Hell China might even abide by the NDA, why would they want to let their civilians to have access to the source. They are bigger control freaks than MS.
  • Cynic's view (Score:5, Interesting)

    by Crispy Critters ( 226798 ) on Friday February 28, 2003 @03:32PM (#5408380)
    Someone will tell me if I am way off base, but...

    Trade secrets: Beyond a doubt there are piles of things in the source code that could be considered trade secrets. One way to protect trade secrets is to make certain that they are widely available but not legally available. In the cynic's view (i.e. mine) M$ wants the code to be leaked by China.

    If the code is illegally leaked, it is very easy for M$ to accuse other products (future Linux apps?) of using illegally acquired trade secrets. How can the authors, living in countries around the world, prove that none of them have ever seen illegally leaked material?

    Based on what I have read about the development of the clone of the IBM BIOS, it appears that the burden of proof de facto lies on the defendant to show that they are not using trade secrets illegally.

    This may give M$ a very big gun to point at any colloboratively developed code that they don't care for.

    • Re:Cynic's view (Score:5, Insightful)

      by mugnyte ( 203225 ) on Friday February 28, 2003 @03:51PM (#5408597) Journal
      That would assume microsoft has anything novel in their software to begin with. Their "value-added" pieces are simply specialized (read:bundled) versions of already commoditized software.

      You think anyone really wants to slop through IE code to replace the Opera rendering engine? The original request to make competing companies on par with the MS development. So for example, if you simply cannot get the performance you want out of your TCP/IP stack, you wade through MS's to find their undocumented kernel calls. Or, it lets you learn how to hook your own WM into the system instead of the Explorer WM, but only after you finish trying their published methods. It's on a case-by-case basis, and its certainly harder to read than their documentation, no matter how sparse.

      The only thing I'd want to know about their code is examples of published APIs. Even then, I've not run into too many problems in the latest platforms. Microsoft is not an big innovator IMO, they simply tightly integrate their ever-growing OS functions for personal computer "simplicity of management".

    • Not quite right (Score:3, Insightful)

      by Choco-man ( 256940 )
      Trade secrets: Beyond a doubt there are piles of things in the source code that could be considered trade secrets. One way to protect trade secrets is to make certain that they are widely available but not legally available

      This isn't quite right. Trade secrets are just that - secrets. They are secrets that the company elects to protect by not publishing. However, if those secrets are discovered by someone else, or somehow otherwise made public, you have just lost any rights you may have had. The alternative is to patent them, in which case you gain limited protection (time frame, licensing fees, ect) but have just told the entire world how to do it, step by step. And not every country recognizes the same patent law. There have been recent medical cases where S American countries have broken pharma patents to provide cheap, effective medicine to it's people.
    • Trade Secrets (Score:3, Interesting)

      by overshoot ( 39700 )
      One way to protect trade secrets is to make certain that they are widely available but not legally available.

      DVD-CSS aside, that's not how it's supposed to work. In theory the difference between trade secret and patent is that with a patent, the Government enforces your exclusive right to use the development in return for you telling everyone how it's done. With trade secret, you take the chance of independent discovery. So if an organization chooses to hide a development as a trade secret and the secret gets out, they've got no recourse other than to recover damages for breach of confidentiality. (That only works with those who have a duty of confidentiality in the first place, of course.) The genie doesn't go back in the bottle.

      Of course, that's theory.

      Still, MS would have a decidedly difficult time going after Tridge for "trade secret violation" based on a speculation that he found out about some SMB operation from leaked Chinese source.

  • by watchful.babbler ( 621535 ) on Friday February 28, 2003 @03:38PM (#5408448) Homepage Journal
    "What's good for America, is good for General Motors, and
    vice versa."

    - GM President Charlie Wilson, 1953

    Although I've always felt that "cyberwar" scenarios were rather overblown attempts at giving backroom geeks frontline roles, the military certainly takes it seriously; one well-received military paper a few years ago warned that America's IT defenses were on a par with the ability of Task Force Smith (whose ignominious retreat from Korean forces showed how woefully unprepared America was for the Korean conflict).

    As we know, China has been touted as the first great cyberwar enemy; allegedly, China does have a "hacker brigade" tasked with disrupting American networks and computer systems in times of war, to rectify the strategic imbalance between the two nations. Now, Microsoft plans to open to a strategic rival of the U.S. the internal code that will power the Navy's upcoming CVN-77 aircraft carrier [], plus other "smart ships."

    This raises an interesting question for the Administration: although, as Vann H. Van Diepen (Director of the Office of Chemical, Biological, and Missile Nonproliferation) told Congress, export controls to China are not enforced in "areas where the technology is widely available as commodity items ... such as low-level computers," the source code to a mission-critical operating system used by military C4 systems is certainly not a "commodity item," nor is it "widely available." Will the White House put national security over Microsoft's profits? Les Kinsolving, call your office!

  • Future News (Score:5, Funny)

    by iamdrscience ( 541136 ) on Friday February 28, 2003 @03:39PM (#5408459) Homepage
    "All warez copies of Windows actually fake versions distributed by the Chinese"

    "Microsoft Source Code leaked world-wide"

    "Microsoft discontinues entire software division and focuses full force on their Mouse and Keyboard division"
  • Think Price (Score:3, Funny)

    by Mabidex ( 204038 ) <> on Friday February 28, 2003 @03:39PM (#5408460)

    1- China Gets Source
    2- China uses Message Queing to break or break into asian corps, and small countries which have little security
    3- China now has massive espionage in 2nd/3rd world countries, and united states corporate subsidiaries in those countries
    4- China invests heavily in US stock market
    5- Profit!

    At least that is what an Evil empire would do...
  • ...Alchin was very wrong.

    Or big liar.

    US national security, from the software point of view, was already compromised on all systems running WindowsOS and assosiated backoffice and client side products. The only thing required in this case is to install software and pray for timely releases of security patches, providing MS considers flaws moderate to critical.

    However, this is pretty significant move and raises few questions:

    1. Is US govt backing away from MS code and moving elsewhere entirely?
    1. Is Microsoft becoming desperate for additional revenue?
    1. Are they really THAT strong, so even China's resistance is futile?

    Perhaps none of these but there must be a very good reason.

  • Hey, now that the source to China is open, maybe someone could fix the population leak?

  • Export Restrictions (Score:2, Interesting)

    by OYAHHH ( 322809 )

    Know that there are export restrictions for crypto software and the like and I'm sure MS isn't sharing this type of material.

    But, given the number of times MS software has been shown to be quite a good host for viruses etc. shouldn't there be someone at the Commerce Department reviewing MS's shared code policy.

    Basically, I'm seeing MS sharing source code with probable enemies of the US and it makes me nervous.

    What's China gonna do with this source code.

    Well, they could certainly look for exploits, "No need to try to hack the darn binaries anymore, we got the source Bob."

    After identifying the exploits they could EASILY turn around and use them against computers in the US.

    For example, what about all those Navy ships out there that are being fitted with MS software? Do you really want the ships Phalenx (spelling?) system networked to and sharing network assets with MS OS's that could be compromised by a sneaky Chinese spy onboard with a floppy full of viruses?

    What makes this even worse is that MS is handing over this material to the bad guys and I'll bet you that a majority of our military cannot get their hands on it. Nor can the majority of the FBI personel or the CIA or the NSA I would bet.

    This is similar to handing over nuclear technology to the North Koreans so that they can build a power plant. See where that get us?

    As much as I dislike saying it, if everybody on our side cannot see the source code, then nobody should be allowed to see it.

  • I'd hate to be part of the team that looks at the source code. Those people would never be able to work on open source code again without being accused of 'stealing'.
  • by frankie ( 91710 ) on Friday February 28, 2003 @03:44PM (#5408525) Journal
    A few members of Microsoft's Government Security Program []:
    • China
    • Russia
    • UK
    • NATO (technically not a country, but are you going to tell them no?)
    • USA

    <sarcasm> You'll notice that there are no brown-skinned folks on that list, so rest assured that dangerous information will not fall into the hands of terrorists. </sarcasm>

  • So how long? (Score:3, Interesting)

    by gnovos ( 447128 ) <gnovos.chipped@net> on Friday February 28, 2003 @03:56PM (#5408648) Homepage Journal
    When can we expect to see the $5 knock-off CDs of the source hawked on Hong Kong street corners?
  • Letter to my senator (Score:3, Interesting)

    by Red Leader. ( 12916 ) on Friday February 28, 2003 @04:12PM (#5408806) Homepage
    I tried to write something that was quick to read, but to the point. Who knows, maybe someone will notice. I'm not holding my breath, though.


    Despite the fact that Microsoft's software is widely known to contain many security vulnerabilities, the U.S. government and military heavily rely on Microsoft's Windows operating system to peform vital government functions.

    It is relatively easy to find security vulnerabilities in software when you have access to the source code of that software (source code is what defines software; people read and write source code).

    In light of this fact, Microsoft has claimed that sharing information about its software with competitors could damage national security.

    More important than any competitor to Microsoft, China now has the source code to Microsoft's Windows operating system.

    Shouldn't the U.S. government move in the direction of open software that is not ultimately controlled by any one entity? As a concerned and informed citizen, I would wholeheartedly suggest Senator Warner support open source software and vote against bills like the DMCA that stifle the progress of open source software.
  • Interesting but... (Score:5, Interesting)

    by Eric Damron ( 553630 ) on Friday February 28, 2003 @04:15PM (#5408838)
    I understand that China is not allowed to compile the program. That being the case how can they be sure that they have the complete source.

    The only way that I can see a government feeling warm and fuzzy about this would be if they were allowed to examine all 500 million lines of code and to compile it themselves and distribute that.

    Even doing this they will have to do the same thing to every update and every proprietary piece of software that they run on government computers.

    I think that Linux is still the way to go for China.

  • by g4dget ( 579145 ) on Friday February 28, 2003 @04:18PM (#5408863)
    Disclosing the source code to the US government hurts national security, disclosing the source code to the Chinese government improves it.

    You see, being exposed to Windows source code gives programmers a killer headache, and after having seen it, they'll never be able to write a secure piece of code themselves.

  • by davejenkins ( 99111 ) <> on Friday February 28, 2003 @04:25PM (#5408919) Homepage
    If, theoretically, the USG saw all the source code, couldn't citizens then solicit that same information (the source code) under the Freedom of Information Act?

    I mean-- it comes down to the core issue of privacy-- the gov't would have to prove that it has no unfair advantage that could impede my 4th Amendment rights vis a vis the M$ software.

    Or-- it could prove to be collusion between a private entity and the state, also illegal in the US, and I would think most of Europe...
  • NSA Linux (Score:3, Interesting)

    by Chazmati ( 214538 ) on Friday February 28, 2003 @04:40PM (#5409050)
    If, according to Allchin:

    "It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks," Allchin testified. "Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."

    Then why isn't the military running NSA Linux? Because they don't like OpenOffice? Because they can't see Sorenson video in Quicktime? Because Opera borks their MSN page?
    • Re:NSA Linux (Score:5, Informative)

      by Chazmati ( 214538 ) on Friday February 28, 2003 @04:49PM (#5409108)
      OK, before I get flamed, yes I see in the FAQ:

      Security-enhanced Linux is only a research prototype that is intended to demonstrate mandatory controls in a modern operating system like Linux and thus is very unlikely to meet any interesting definition of secure system.


      Security-enhanced Linux is not part of any currently approved version of Linux and has no special or additional approval for government use over any other version of Linux.

      So maybe NSA Linux isn't the answer, the NSA thing just seemed obvious since we're talking about government use. However, it almost sounds like they might have an approved version of Linux available. Wonder if they're experimenting with that...
  • by theCat ( 36907 ) on Friday February 28, 2003 @05:31PM (#5409437) Journal
    ...maybe Bill G is hoping that having Windows and Linux both "open" in the same chaotic marketplace (Asia) will quickly lead to enough "contamination" in Linux distros to "open" the door to generalized lawsuits.

    We all know that there is really nothing new in code. Part of what makes an open application clean in the sense of free from copyright issues is not the absence of certain ideas or particular implementations of them, but the absence of a means for those ideas to have been lifted entirely from proprietary versions of the same ideas. Microsoft has always protected their code and this is actually a Good Thing for "clean room" OOS developers coming up with the same solutions as M$ codemonkeys.

    Now, if Microsoft could point to Asia and say "our crown jewels made their way into Linux because of our ill-advised opening of Windows in Asia wink wink" do you think a sympathetic judge somewhere might be to slap an injunction on the further distribution of OOS software developed after the date of Windows source release to China? And even if they (M$ and the Chinese) aren't actually thinking along those lines right now, do you think they (M$) will hesitate a New York minute to take such action if the opportunity presents itself?

    So you see my Prince, perhaps the binaries are not the issue. We all know what the issue is for M$, don't we.

    Nicolo Machiaveli
  • All the source (Score:3, Insightful)

    by jaavaaguru ( 261551 ) on Friday February 28, 2003 @05:57PM (#5409645) Homepage
    For this to be of any use, they'd need to open all of the Windows source to China's government. Who knows what they might be hiding inthe bits they've not opened.
  • by David Leppik ( 158017 ) on Friday February 28, 2003 @07:11PM (#5410236) Homepage

    While I can see how this will help China discover unintentional backdoors, this won't help them against intentional backdoors.

    There was an old hack which Ken Thompson used to give himself access to all Unix systems, as a proof-of-concept of why you shouldn't trust source code. He didn't modify the Unix source code. Nor did he modify the C compiler used to generate the Unix binaries. He modified the C compiler used to compile the C compiler. Full source code access wouldn't help you see the exploit.

    Details are at [] ed /thompson.html.

    China doesn't have the rights to compile the source code they get. Even if they do (and I'm sure they will, if it's of any use to them) they won't be able to verify that the code is free of intentional backdoors-- because presumably it requires M$'s compiler. Even if they get access to the compiler source code (and I don't think they do) they can't verify that it doesn't have a back door.

    If I were China I'd be afraid that the US government has hidden an exploit in Windows. That may seem paranoid, but security folks are supposed to be a little paranoid. I wouldn't trust Windows, source code or not.

    Come to think of it, I wouldn't trust the American-designed processor, BIOS, disk controllers, RAM, keyboard controller, chip design tools, etc.

"I prefer the blunted cudgels of the followers of the Serpent God." -- Sean Doran the Younger