China's Green Dam, No Longer Compulsory, May Have Lifted Code 116
LionMage writes "Much has been made previously of how China's Green Dam software must be installed on all new PCs in China, and of more recent revelations that the software may create exploitable security vulnerabilities or even provide the Chinese government with a ready-made botnet to use for potentially nefarious purposes. (One of those prior articles even discusses how Green Dam incorporates blacklists from CyberSitter.) Now the BBC is reporting that Solid Oak's CyberSitter software may have had more than just a compiled blacklist lifted from it. Solid Oak is claiming that actual pieces of their code somehow ended up in Green Dam. From PC Magazine's article: 'Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.'" Relatedly, reader Spurious Logic writes that Green Dam won't be mandatory after all, according to an unnamed official with China's Ministry of Industry and Information Technology.
even makes calls back to Solid Oak's servers (Score:3, Interesting)
"even makes calls back to Solid Oak's servers for updates.'
er... problem solved? Sell the bot net to raise money. A botnet the size of china would be pretty valuable. You could even use it for good--- turn it into a rosetta at home client!
*sigh* (Score:4, Interesting)
Oh China, you never change...
But oh man, it would have been so hilarious to see what happened to Solid Oak's update servers when the ENTIRE NATION of China hit them at once! I predict flames.
Sounds like Cybersitter contributed (Score:5, Interesting)
1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them.
2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code.
3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.
1 is certainly possible. 2 is truly frightening on a number of levels. 3 is just wrong and may be a violation of federal law. As they are a US company, contributing code to the development of a Chinese firewall product could be subject to the same verbiage as a US firewall, i.e something similar to:
Under U.S. law, the Software may not be downloaded or otherwise exported, reexported, or transferred to restricted countries, restricted end-users, or for restricted end-uses. The U.S. currently has embargo restrictions against Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria. The lists of restricted end-users are maintained on the U.S. Commerce Department's Denied Persons List, the Commerce Department's Entity List, the Commerce Department's List of Unverified Persons, and the U.S. Treasury Department's List of Specially Designated Nationals and Blocked Persons. In addition, the Software may not be downloaded or otherwise exported, reexported, or transferred to an end-user engaged in activities related to weapons of mass destruction.
and/or:
The Software available to download from this Site is commercial computer software as that term is described in 48 C.F.R. 252.227-7014(a)(1). If acquired by or on behalf of a civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal Acquisition Regulations ("FAR") and its successors. If acquired by or on behalf of any agency within the Department of Defense ("DOD"), the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 227.7202-3 of the DOD FAR Supplement ("DFAR") and its successors.
(Completely and totally plagarized from the ZoneAlarm legal page, http://www.zonealarm.com/security/en-us/legal.htm [zonealarm.com] )
Re:Given the situation (Score:5, Interesting)
Or maybe Solid Oak could have done some good with an update: see to it that all traffic in and out of the computers is heavily encrypted, and has to pass through one of several servers outside of China in order to be decrypted and sent on it way. That way they could have helped bring free speech to the Chinese.
From the Shanzhai angle, it's hilarous (Score:5, Interesting)
Re:Given the situation (Score:1, Interesting)
in the 70s, many Xerox machines sold to foreign countries would contain storage that would save off an image of everything that was copied for later retrieval by a Xerox "repairman".
I'm sure we're doing similar things with software (see Crypto AG)
Re:Sounds like Cybersitter contributed (Score:4, Interesting)
Or they're just using DLL's.. I mean you can just call the functions inside them without too much trouble..
And even if you _do_ do some reverse engineering.. You don't have to fully reverse everything to get stuff to work.. I mean as long as you get a chuck of opcodes and you know where the entry point is and what parameters you have to push into them, then you can run code without doing much reverse engineering at all.
I'm a Chinese and even I'm gobsmacked (Score:2, Interesting)
That piece of software, coming out from the central government itself - it's run by former engineers you know, is so stupid! If people can fly by being stupid then we don't need rockets! We just strap our astronauts to this guy, who is executing the plan, and everyone will get a ride to the moon for free! I can imagine false positives and false negatives aren't really big problems from the government's viewpoint. But... the censoring list is not encrypted?! Are you stupid? So basically you're telling everyone in China what sort of topics the government is afraid of and thus... get them to look for those things? pr0n isn't really a big problem actually but a kid having an unencrypted list of pr0n sites is still disturbing. Now kids in China don't need to look for pr0n from Baidu anymore, they just get the government-approved pr0n site list from this Green Dam CD and surf away!
Now foreign countries have found their code being by from this software... WTF? Where are the checks and balancing in place to make sure such obvious things would not happen? By obvious I mean whenever you contracted someone to write software in China, you should expect potential IP problems from their code because everyone copies code there! So you have this piece of software that you KNOW will surely be scrutinized closely by foreigners, and you also know there's a significant probability that your contractor would just nick the code from someone else... Then it doesn't take a rocket scientist to figure out you need to put some checks in place to prevent a potential foreign relation disaster, right?
Man, this is so stupid. Whoever responsible for implementing this plan must be smoking something good.
Re:Given the situation (Score:5, Interesting)
Re:ChiCom Intelligence strikes again (Score:3, Interesting)
There was a History channel program about how the Soviets copied the B-29 Superfortress. In late 1944, three American B-29s made emergency landing in the USSR after a bombing run over Japan. Stalin ordered his defense people to copy them *exactly*.
Even though the Russians had some pretty decent aircraft designers who understood aircraft systems well, nobody wanted to offend Stalin and risk getting sent to the goulags... so they copied EVERYTHING, including the repair marks made on the side panel on one of the original American B-29!
In China, "copyright" means right to copy. (Score:4, Interesting)
In China, "copyright" means right to copy.
It has been in the culture for thousands of years, and no one thinks it is wrong. For example, for thousands of years honoring the greatest artist and scholars meant training to copy their work exactly. Chinese just don't get the whole western copyright thing. Especially in a communist / socialist country where all property is officially property of the State. They might be right.
I worked at Chinese University. We had a guy that we called "Mr. Copy". He worked in the English department during the day making photo copies of exams and materials for teachers, audio tapes, whatever. At night he would setup his table in the main plaza and sell the latest pirated DVD movies for less than a $1, including all the screeners that had not been released in the States yet. There where hundreds if not thousands (e.g. 8-10 at the base of my apartment building alone) of these guys just around the one University I was at.
Re:The most likely scenario... (Score:3, Interesting)
Holy carp, there's some insight! I'm in the middle of some dealings with Chinese manufacturing, and your assessment is maddeningly accurate. It's like engineered corruption all the way through.
Didn't they capitulate on this already? (Score:3, Interesting)
When the Chinese government announced that shipping a CD [news.com.au] with the Green Dam software constituted compliance with the July 1st directive, that told me the government was implicitly agreeing that the software wouldn't be compulsory. I suspect we have to thank the PC manufacturers for this turn of events. It's a lot easier to throw a disk into the box. Parents might install Green Dam out of concern for their kids' browsing, but I can't imagine anyone who might be politically relevant would do so, especially if it's not illegal to operate a computer without it.
On the subject of infringement, what happens if it is demonstrable that Green Dam contains code stolen from Solid Oak? Can an American manufacturer, say Dell, continue to ship this product in China knowing that it infringes on the product of another American firm? Obviously Dell couldn't be sued in China, but could it be sued in the US?