Forgot your password?
typodupeerror
Censorship Software

China's Green Dam, No Longer Compulsory, May Have Lifted Code 116

Posted by timothy
from the when-the-levee-breaks dept.
LionMage writes "Much has been made previously of how China's Green Dam software must be installed on all new PCs in China, and of more recent revelations that the software may create exploitable security vulnerabilities or even provide the Chinese government with a ready-made botnet to use for potentially nefarious purposes. (One of those prior articles even discusses how Green Dam incorporates blacklists from CyberSitter.) Now the BBC is reporting that Solid Oak's CyberSitter software may have had more than just a compiled blacklist lifted from it. Solid Oak is claiming that actual pieces of their code somehow ended up in Green Dam. From PC Magazine's article: 'Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.'" Relatedly, reader Spurious Logic writes that Green Dam won't be mandatory after all, according to an unnamed official with China's Ministry of Industry and Information Technology.
This discussion has been archived. No new comments can be posted.

China's Green Dam, No Longer Compulsory, May Have Lifted Code

Comments Filter:
  • Really.. (Score:4, Funny)

    by Anonymous Coward on Tuesday June 16, 2009 @10:44AM (#28347523)

    What do you expect from China? High quality originality?

    • by nobodie (1555367)
      no cheap shots boys and girls, remember that 1/6 of the world's geniuses live here in China, along with 1/6 of everything else in the world. At the same time the pirate culture here is stronger even than Sweden, we just don't have political parties. I say "we" not as a Chinese person but as a resident here BTW. Now, In almost every public university in China the computers run on a pirated, crippled, ghosted, copy of windows XP. It is all of the above, and this is also true of MS Office and everything else
  • Damn it... (Score:4, Funny)

    by Tinctorius (1529849) * on Tuesday June 16, 2009 @10:47AM (#28347569)
    now how am I going to build a cheap botnet?
    • Re: (Score:3, Informative)

      by abshack (1389985)
      Well, you could always hope that they make Opera 10 the default browser in China and exploit its webserver capabilities...
  • by Anonymous Coward on Tuesday June 16, 2009 @10:50AM (#28347607)

    If china PCs had been hammering my servers for updates to their plagiarized software, I'd have called the CIA to see what to slip in next update. Much more fun but oh so less publicity :/

    • Re: (Score:1, Offtopic)

      man! for an AC you sure have a great idea.

    • by uffe_nordholm (1187961) on Tuesday June 16, 2009 @11:02AM (#28347745)
      It could have been hilarious to see the mess of acusations and finger-pointing if Solid Oak had slipped something really nasty into an "only for you, my special Chinese friend" update.

      Or maybe Solid Oak could have done some good with an update: see to it that all traffic in and out of the computers is heavily encrypted, and has to pass through one of several servers outside of China in order to be decrypted and sent on it way. That way they could have helped bring free speech to the Chinese.
      • by RenHoek (101570) on Tuesday June 16, 2009 @11:55AM (#28348407) Homepage

        The only poetically correct thing to do is to send porn via the updates. :)

      • Unfortunately brownie points don't pay the bills for the hosting.
      • Send 'em a copy of the US Constitution, with the Bill of Rights in red highlight. Think about it, you can use their exploitation to your advantage.

        Besides, it's not like we are getting much use out of the Constitution these days. "No knock warrants," yikes! Maybe they (the Chinese) can do better, one up us in this category.

        • by 1u3hr (530656)
          Send 'em a copy of the US Constitution, with the Bill of Rights in red highlight.

          China's constitution has just as many homilies, pious hopes and guarantees of human rights as the US's. See, eg http://english.peopledaily.com.cn/constitution/constitution.html [peopledaily.com.cn] As does almost every country in the word. It's how it plays in practice that makes the difference. (And last year I might have snarked that you should send one to the White House -- but I'm giving Obama the benefit of the doubt, so far.)

        • by bursch-X (458146)
          Nah, would be to hypocritic. I mean what of the consitutional rights are still 100% guaranteed in the US right now? Just travel in and outside of the US and you'll find you have no right once you're at the borders, regardless whether you're an US citizen or not.
    • Re: (Score:1, Interesting)

      by Anonymous Coward

      in the 70s, many Xerox machines sold to foreign countries would contain storage that would save off an image of everything that was copied for later retrieval by a Xerox "repairman".

      I'm sure we're doing similar things with software (see Crypto AG)

    • by CodeBuster (516420) on Tuesday June 16, 2009 @11:37AM (#28348185)
      This has been done before. During the Cold War, in order to disrupt the Soviet economy and serve them some comeuppance for their industrial espionage activities, the CIA, in partnership with American Technology companies ensured that hardware and software with carefully arranged "flaws" found its way into Soviet hands. In one particular instance a "flawed" natural gas pipeline software and associated hardware went "haywire" (i.e. it ran the ultra-high pressure test) after a planned period of normal operation. The result was the largest non-nuclear man-made explosion ever seen from space (the satellites designed to detect plumes from ICBM launches detected a tremendous flash from the area near Vladivostok where the pipeline in question was located). This article [msn.com] covers some of the details excerpted from the book At the Abyss: An Insider's History of the Cold War as recalled by Thomas C. Reed, a former Air Force secretary who was serving in the National Security Council at the time.
    • Who's to say they didn't? ;)

  • by goombah99 (560566) on Tuesday June 16, 2009 @10:50AM (#28347609)

    "even makes calls back to Solid Oak's servers for updates.'

    er... problem solved? Sell the bot net to raise money. A botnet the size of china would be pretty valuable. You could even use it for good--- turn it into a rosetta at home client!

    • by Nazlfrag (1035012)

      Firstly, there is no botnet, just some idiotic bloggers who think potential security holes = omigod communist botnet. Secondly what you propose is still an immoral hijacking of peoples resources, and is not 'good' in any way.

  • *sigh* (Score:4, Interesting)

    by jbacon (1327727) <jcavanagh617@NOSpAM.gmail.com> on Tuesday June 16, 2009 @10:53AM (#28347643)

    Oh China, you never change...

    But oh man, it would have been so hilarious to see what happened to Solid Oak's update servers when the ENTIRE NATION of China hit them at once! I predict flames.

    • by goombah99 (560566)

      Oh China, you never change...

      But oh man, it would have been so hilarious to see what happened to Solid Oak's update servers when the ENTIRE NATION of China hit them at once! I predict flames.

      Soild oak charcoal..... yummy

    • Re:*sigh* (Score:5, Funny)

      by Garbad Ropedink (1542973) on Tuesday June 16, 2009 @11:35AM (#28348143)

      The correct terminology is the 'Linksys Eruptous'. It's a terrible scenario where a server is so overwhelmed with traffic it tries to leap out the server room and escape the building. They have a bad case of that over at Twitter. They actually have people on staff who're just on standby with nets and scooters.

      • by Synchis (191050)

        Damnit... you almost made me spit my salad all over my monitor.

        Thats what i get for reading /. while eating lunch....

  • by Anonymous Coward on Tuesday June 16, 2009 @10:56AM (#28347683)

    Now if they can just figure out a way to get those DLLs to display "The Chinese Government is Oppressing you. Remember the valiant souls who gave their lives trying to earn your freedom at Tienanmen Square!" on all the computer screens in China...

  • by ekimminau (775300) <eak@kimminau.org> on Tuesday June 16, 2009 @11:00AM (#28347721) Homepage Journal
    We have 1 of three possible scenarios:
    1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them.
    2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code.
    3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.
    1 is certainly possible. 2 is truly frightening on a number of levels. 3 is just wrong and may be a violation of federal law. As they are a US company, contributing code to the development of a Chinese firewall product could be subject to the same verbiage as a US firewall, i.e something similar to:

    Under U.S. law, the Software may not be downloaded or otherwise exported, reexported, or transferred to restricted countries, restricted end-users, or for restricted end-uses. The U.S. currently has embargo restrictions against Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria. The lists of restricted end-users are maintained on the U.S. Commerce Department's Denied Persons List, the Commerce Department's Entity List, the Commerce Department's List of Unverified Persons, and the U.S. Treasury Department's List of Specially Designated Nationals and Blocked Persons. In addition, the Software may not be downloaded or otherwise exported, reexported, or transferred to an end-user engaged in activities related to weapons of mass destruction.

    and/or:

    The Software available to download from this Site is commercial computer software as that term is described in 48 C.F.R. 252.227-7014(a)(1). If acquired by or on behalf of a civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal Acquisition Regulations ("FAR") and its successors. If acquired by or on behalf of any agency within the Department of Defense ("DOD"), the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 227.7202-3 of the DOD FAR Supplement ("DFAR") and its successors.

    (Completely and totally plagarized from the ZoneAlarm legal page, http://www.zonealarm.com/security/en-us/legal.htm [zonealarm.com] )

    • by afabbro (33948) on Tuesday June 16, 2009 @11:13AM (#28347867) Homepage

      We have 1 of three possible scenarios: 1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them. 2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code. 3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.

      I think the most likely scenario is that someone walked out of Cybersitter, Inc. with a thumb drive full of code. I guess you could call that (2), but I think it's more likely that a contractor (or even offshore development team) pinched the code via copy than a team of black hats in Hunan broke into Cybersitter's servers.

      By the way, you might find google's toolbar, which spellchecks, helpful before you compromize and plagurize more posts ;-)

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        We have 1 of three possible scenarios: 1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them. 2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code. 3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.

        4) Cybersitter developed their code using outsourced labor... that had been outsourced to Shanghai

        5) Cybersitted didn't outsource their code, but some of the programmers they hired decided it was easier to hire somebody in Chengdu, so they could just go surfing all day while the person they hired did all the actual work

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      It looks more that they took the dll's from a commercial version of Cybersitter and did some limited reverse engineering to get hands on some function calls. I guess they want to save the effort for keeping a pron blacklist up-to-date.

      It's not so hard and rather dumb than using devilish haxzor skillz to fully reverse engineer Cybersitter.

    • by RenHoek (101570) on Tuesday June 16, 2009 @11:27AM (#28348049) Homepage

      Or they're just using DLL's.. I mean you can just call the functions inside them without too much trouble..

      And even if you _do_ do some reverse engineering.. You don't have to fully reverse everything to get stuff to work.. I mean as long as you get a chuck of opcodes and you know where the entry point is and what parameters you have to push into them, then you can run code without doing much reverse engineering at all.

    • by LionMage (318500)

      Based on TFA (any of the 3 linked articles that are actually about this issue and not links to previous Slashdot coverage of Green Dam), I find your third scenario highly unlikely unless Solid Oak was lying through their teeth about being upset that Green Dam "stole" their code and was hitting their servers. I mean, maybe Solid Oak was just putting up a smokescreen about threatening legal action and was really supplying their code to China for Green Dam, but if that's the case, you'd think they'd have been

    • >> Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.

      I'm missing where 'China' is in that list.

    • by Nazlfrag (1035012)

      Why would working on a firewall with China be illegal? From your first quote:

      The U.S. currently has embargo restrictions against Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria

      How would this restrict trade with China? I have no idea what you are implying with the second quote, could you elaborate?

  • by GeoVizer (724140) on Tuesday June 16, 2009 @11:05AM (#28347783)
    Here's the best write-up I've seen on the absurdities of Green Dam Youth Escort. http://people.oii.ox.ac.uk/hanteng/2009/06/12/shanzhai-nature-inside-the-green-dam-youth-escort-software/ [ox.ac.uk] The adoption of this software has the following absurdities: 1. It simultaneously embodies paranoid totalitarianism (surveillance and internet access controls) and extreme incompetence (this opens a huge security hole everywhere it is installed, the folks at the NSA must be grinning). 2. It embodies an ethos both puritanical (blocking porn) and piratical (taking commercial and BSD software without attribution). Plus more I'm sure. It's my new favorite software.
    • Shanzhai? What does this have to do with shanzhai? Nothing whatsover! This is just typical Chinese government, doing what it does best, ruling by committee. Don't just call it shanzhai because it comes from China, they are private companies.
      • by salimma (115327)

        A private company "developed" the Green Dam software. Granted that the Chinese government obviously did not screen them properly, but why is this not Shanzai?

  • by Anonymous Coward
    China is in a cold war and is doing everything possible to control their population, while trying to destroy the west. And yes, the chinese gov has NO issues with stealing from the west.
    • Re: (Score:3, Insightful)

      by Icegryphon (715550)
      If you where them wouldn't you do the same?
      They are on a war footing, apparently we keep fooling ourselves into thinking everyone wants to play nice.
      We also fool ourselves that they need us. Well news for those reading, They don't.
      There is a reason they laughted at Geithner [businessinsider.com]
  • What a waste (Score:5, Insightful)

    by theinvisibleguy (982464) on Tuesday June 16, 2009 @11:21AM (#28347951)
    A recent slashdot posting talked about how China had some of the best programmers in the world, you'd think they would be able to program something better than cybersitter let alone just copy some code.
    • Re: (Score:2, Insightful)

      by gzipped_tar (1151931)
      Best programmers want the best pay. Stealing may be cheaper.
      • by bursch-X (458146)
        Well, OK, but they could steal the best programmers. After all they are a repressive regime. North Korea stole some of their best spies overseas...
  • by Hasai (131313) on Tuesday June 16, 2009 @11:25AM (#28348029)

    Reminds me of when the KGB used to spend a huge chunk of their resources stealing American technology, then slavishly copying it to the tiniest detail, right down to the manufacturers' logos on the dies.

    There's something about Communism that eats home-grown innovation alive. . . .

    • Re: (Score:3, Interesting)

      by Spy Handler (822350)

      There was a History channel program about how the Soviets copied the B-29 Superfortress. In late 1944, three American B-29s made emergency landing in the USSR after a bombing run over Japan. Stalin ordered his defense people to copy them *exactly*.

      Even though the Russians had some pretty decent aircraft designers who understood aircraft systems well, nobody wanted to offend Stalin and risk getting sent to the goulags... so they copied EVERYTHING, including the repair marks made on the side panel on one of t

    • by macbeth66 (204889)

      ...something...

      Since when is China a communist state? It is a brutal, oligarchical dictatorship. There is NOTHING about China that is communist. Actually, there has never been a communist state anywhere at anytime. China is a slave state.

      • by hjf (703092)

        oh, no, not this shit again. fucking commies. dude, get over it: communism only exists in books. Cuba, the USSR, China, whatever. all of them tried to be communist countries and failed. I don't get why you communist claim that everything we know about communism, isn't. What are we suppossed to do? Vote for you to show us what it's really like? How do we know you won't turn out to be the same?

        Grow up

    • by T Murphy (1054674)
      That is exactly how Chernobyl happened.
    • by anarche (1525323)
      Profits provide motivation to innovate.
  • I'm not really surprised by the censorship and monitoring things as they've been doing that all the time... but...

    That piece of software, coming out from the central government itself - it's run by former engineers you know, is so stupid! If people can fly by being stupid then we don't need rockets! We just strap our astronauts to this guy, who is executing the plan, and everyone will get a ride to the moon for free! I can imagine false positives and false negatives aren't really big problems from the gov
    • Re: (Score:3, Insightful)

      by RenHoek (101570)

      I don't think the Chinese government cares at all about "checks and balances".. The whole Chinese culture is about getting the cheapest product possible.

      Remember the flash games for the Olympics website that were re-skinned ripoffs?

      Remember the babies that died from the milk that had a whitening substance in it so they could water it down?

      This is the countrie that sells fake eggs. It's like a sausage.. This is the country that sells cardboard with fat and food coloring as hotdogs.

      For a 'communist' nation

      • Remember the flash games for the Olympics website that were re-skinned ripoffs?

        Remember the babies that died from the milk that had a whitening substance in it so they could water it down?

        This is the countrie that sells fake eggs. It's like a sausage.. This is the country that sells cardboard with fat and food coloring as hotdogs.

        You can sum these all up in a few words: rational, but brutal. Cheapest isn't really a good description to everything that's happening here - the Beijing Olympics opening ceremony isn't exactly cheap, right? And for the record, the government had done the rational thing to stop the latter two items (which are public safety AND foreign relation disasters) immediately after they're discovered - whether they know about it BEFORE those things are discovered is quite another question.

        But look at Green Dam it's

      • Wait, is that the (new) cultural parallel for reading Star Trek's Ferengi? Dunno who was the original model, but this sounds like it fits now!

        • by LionMage (318500)

          Dunno who was the original model

          According to a copy of the writer's bible for TNG that I read once, the Ferengi were supposed to be modeled after Yankee Traders. Don't bother looking that up on Wikipedia, since the article there is about some stupid BBS turn-based game that loosely relates to the historical concept of a Yankee Trader, and borrows the term as its name. Yankee Traders were American merchants who, when the United States was still young, practiced a sort of wild and wooly capitalism which was

  • Fantastic!!! (Score:3, Insightful)

    by Big Hairy Ian (1155547) on Tuesday June 16, 2009 @11:46AM (#28348293)
    Now all they need to do is write the code to take down the "Great Fire Wall of China" and put it on auto update
    • by serutan (259622)

      I was thinking similarly. Solid Oak could wreak some happy fun by adding banned political sites to the OK list or banning the Chinese government's own sites.

    • by powerlord (28156)

      I say we try to get them to all download a certain Rick Astley [wikipedia.org] song.

      We can call it "Rickshaw Rolling". ;)

  • Is pretty hard to get new PC without the US Blue Dam software (so is almost a must), anywhere in the world by now. Seems that too the software (by not so recent revelations) may create exploitable security vulnerabilities, or even (according to some tinfoil hat users) provide the US government with a ready-made botnet to use.

    But at least the chinese software name is less boring than "Windows".
  • by Ritz_Just_Ritz (883997) on Tuesday June 16, 2009 @12:13PM (#28348711)

    CCP member and government official "Mister Wang" finds out about a party directive to more directly control internet surfing in one of the "secret" directives often issued by the government to the MII. So he calls his nephew, "Mister Lee," and tells him that if he has a software package that can meet the following requirements (secret list supplied), he will fast track approval for the software and split the revenue (silently, of course...through a foreign bank account). Because after some initial "trial period" the computer companies will be forced to purchase this software. Instant revenue stream. ka-ching (which means "fucking pay me, you laowai clod" in Mandarin)

    Unfortunately, Mister Lee has no such software. So he hires some Chinese black hats to grab the code from something resembling the requirements from a foreign company. The foreign company will have zero recourse since Mister Wang is "connected" and the Chinese government tends to wink at this behavior anyway. Since Mister Wang is steamrolling the software through the government's maze of approvals, nobody even bothers to QC the code prior to mandating its use.

    With the exception of the surnames, I'm reasonably sure that's EXACTLY how this clusterfuck was perpetrated.

    All your code are belong to us. Set us up the firewall....

    • Re: (Score:3, Interesting)

      by Dielectric (266217)

      Holy carp, there's some insight! I'm in the middle of some dealings with Chinese manufacturing, and your assessment is maddeningly accurate. It's like engineered corruption all the way through.

  • You can opt out by being taken outside and shot.
  • by cenc (1310167) on Tuesday June 16, 2009 @12:51PM (#28349429) Homepage

    In China, "copyright" means right to copy.

    It has been in the culture for thousands of years, and no one thinks it is wrong. For example, for thousands of years honoring the greatest artist and scholars meant training to copy their work exactly. Chinese just don't get the whole western copyright thing. Especially in a communist / socialist country where all property is officially property of the State. They might be right.

    I worked at Chinese University. We had a guy that we called "Mr. Copy". He worked in the English department during the day making photo copies of exams and materials for teachers, audio tapes, whatever. At night he would setup his table in the main plaza and sell the latest pirated DVD movies for less than a $1, including all the screeners that had not been released in the States yet. There where hundreds if not thousands (e.g. 8-10 at the base of my apartment building alone) of these guys just around the one University I was at.

    • by byolinux (535260) *

      Maybe Green Dam contains copied without authorization -- I don't know.

      But referring to copied code as "piracy" or "stolen" is propaganda, just as bad as the Chinese government's propaganda. The term "intellectual property" makes the article a vague and confused as the term itself -- http://www.gnu.org/philosophy/not-ipr.html [gnu.org].

      Whenever someone uses that term, you can't tell what in the world he might be talking about (unless you are an expert and can figure it out from other knowledge).

  • by yuna49 (905461) on Tuesday June 16, 2009 @01:20PM (#28349985)

    When the Chinese government announced that shipping a CD [news.com.au] with the Green Dam software constituted compliance with the July 1st directive, that told me the government was implicitly agreeing that the software wouldn't be compulsory. I suspect we have to thank the PC manufacturers for this turn of events. It's a lot easier to throw a disk into the box. Parents might install Green Dam out of concern for their kids' browsing, but I can't imagine anyone who might be politically relevant would do so, especially if it's not illegal to operate a computer without it.

    On the subject of infringement, what happens if it is demonstrable that Green Dam contains code stolen from Solid Oak? Can an American manufacturer, say Dell, continue to ship this product in China knowing that it infringes on the product of another American firm? Obviously Dell couldn't be sued in China, but could it be sued in the US?

  • Since when are we expecting honestly from the Chinese Government? I mean they tried to put on a show during the Olympics with fake buildings and the Great Firewall, they forced gymnasts birth certificates. This isn't surprising that they stole code. The only difference is this time they got caught. If the program is calling back to Solid Oak servers, why not tell the servers to send back malicious code to crash the program? It would be sweet sweet revenge for Solid Oak.
  • What would the legal ramifications be for US-based computer manufacturers selling computers with stolen code included?

    • by LionMage (318500)

      Actually, you're the second (someone else asked the exact same question 36 minutes before you did). But although IANAL, I can say that there's probably a substantial amount of legal liability there. The only question is if it's worth suing over. Solid Oak probably can't afford the legal muscle to do something like this.

      Assuming that a legal challenge can be brought, the next question is whether the computer manufacturer can mount a defense. It's not clear how much shielding a US-based manufacturer gets

  • So how about we have CyberSitter push an update to all PCs with an Chinese IP address that encrypts all the data and disables the computer. We'll send China the decryption keys if they forgive their share of the U.S. taxpayer's national debt (less than England and Japan on last count, but still significant). Either we get our money back for free or the Chinese people oust their undemocratic government for stupidity.

    Wait, wait, that won't work. If we go around ousting governments for stupidity, we'll have an

    • by anarche (1525323)

      Wait, wait, that won't work. If we go around ousting governments for stupidity, we'll have anarchy here in the U.S. too.

      Its ok, we'll forgive you since you democratically choose you idiots

  • ok sorry for the somewhat off topic reply, but I just had to ask about this one; when syndicated through Google Reader this story had a Scientology.org Flash ad embedded within it - are they really advertising on /. now?? :)

    I'm pretty sure it's not Google doing it, since not all feeds have this kind of embedded ad.. (i.e. it's within the post itself, right below the "Read more of this story at Slashdot." link)

Facts are stubborn, but statistics are more pliable.

Working...