China's Green Dam, No Longer Compulsory, May Have Lifted Code 116
LionMage writes "Much has been made previously of how China's Green Dam software must be installed on all new PCs in China, and of more recent revelations that the software may create exploitable security vulnerabilities or even provide the Chinese government with a ready-made botnet to use for potentially nefarious purposes. (One of those prior articles even discusses how Green Dam incorporates blacklists from CyberSitter.) Now the BBC is reporting that Solid Oak's CyberSitter software may have had more than just a compiled blacklist lifted from it. Solid Oak is claiming that actual pieces of their code somehow ended up in Green Dam. From PC Magazine's article: 'Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the style of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.'" Relatedly, reader Spurious Logic writes that Green Dam won't be mandatory after all, according to an unnamed official with China's Ministry of Industry and Information Technology.
Really.. (Score:4, Funny)
What do you expect from China? High quality originality?
Re: (Score:1)
Re: (Score:2)
Like every other nation in history?
Damn it... (Score:4, Funny)
Re: (Score:3, Informative)
Re: (Score:2)
Given the situation (Score:4, Insightful)
If china PCs had been hammering my servers for updates to their plagiarized software, I'd have called the CIA to see what to slip in next update. Much more fun but oh so less publicity :/
Re: (Score:1, Offtopic)
man! for an AC you sure have a great idea.
Re:Given the situation (Score:5, Interesting)
Or maybe Solid Oak could have done some good with an update: see to it that all traffic in and out of the computers is heavily encrypted, and has to pass through one of several servers outside of China in order to be decrypted and sent on it way. That way they could have helped bring free speech to the Chinese.
Re:Given the situation (Score:4, Funny)
The only poetically correct thing to do is to send porn via the updates. :)
Re: (Score:2)
Re: (Score:2)
Send 'em a copy of the US Constitution, with the Bill of Rights in red highlight. Think about it, you can use their exploitation to your advantage.
Besides, it's not like we are getting much use out of the Constitution these days. "No knock warrants," yikes! Maybe they (the Chinese) can do better, one up us in this category.
Re: (Score:2)
China's constitution has just as many homilies, pious hopes and guarantees of human rights as the US's. See, eg http://english.peopledaily.com.cn/constitution/constitution.html [peopledaily.com.cn] As does almost every country in the word. It's how it plays in practice that makes the difference. (And last year I might have snarked that you should send one to the White House -- but I'm giving Obama the benefit of the doubt, so far.)
Re: (Score:2)
Re: (Score:1, Interesting)
in the 70s, many Xerox machines sold to foreign countries would contain storage that would save off an image of everything that was copied for later retrieval by a Xerox "repairman".
I'm sure we're doing similar things with software (see Crypto AG)
Re:Given the situation (Score:5, Interesting)
Re:Given the situation (Score:4, Informative)
Interesting, maybe. No longer informative.
Re: (Score:2)
And those who fail to learn from history....
typical 7-digit thinking we're seeing, here.
Re: (Score:2)
Re: (Score:2)
But why write an April Fool's joke in February?
http://www.nytimes.com/2004/02/02/opinion/02SAFI.html [nytimes.com]
Re: (Score:2)
Who's to say they didn't? ;)
even makes calls back to Solid Oak's servers (Score:3, Interesting)
"even makes calls back to Solid Oak's servers for updates.'
er... problem solved? Sell the bot net to raise money. A botnet the size of china would be pretty valuable. You could even use it for good--- turn it into a rosetta at home client!
Re: (Score:2)
Firstly, there is no botnet, just some idiotic bloggers who think potential security holes = omigod communist botnet. Secondly what you propose is still an immoral hijacking of peoples resources, and is not 'good' in any way.
*sigh* (Score:4, Interesting)
Oh China, you never change...
But oh man, it would have been so hilarious to see what happened to Solid Oak's update servers when the ENTIRE NATION of China hit them at once! I predict flames.
Re: (Score:2)
Oh China, you never change...
But oh man, it would have been so hilarious to see what happened to Solid Oak's update servers when the ENTIRE NATION of China hit them at once! I predict flames.
Soild oak charcoal..... yummy
Re:*sigh* (Score:5, Funny)
The correct terminology is the 'Linksys Eruptous'. It's a terrible scenario where a server is so overwhelmed with traffic it tries to leap out the server room and escape the building. They have a bad case of that over at Twitter. They actually have people on staff who're just on standby with nets and scooters.
Re: (Score:2)
Damnit... you almost made me spit my salad all over my monitor.
Thats what i get for reading /. while eating lunch....
Since copyright is a government grant (Score:1, Insightful)
how can this be called stolen code?
The originators still have it.
And oddly nobody on slashdot is yet pointing this out (unlike what would have happened if a USian were accused of stealing Photoshop, for example.
Is this because it's China doing it?
Re: (Score:2)
All property rights -- whether in real property, tangible personal property, or intellectual or other intangible personal property -- are government grants, regardless of whether or not some governments (implicitly or explicitly) invoke quasi-religious ideas of "natural law" as the motivation for granting certain property rights while invoking more utilitarian reasons for other grants of property rights.
Re: (Score:2)
Re: (Score:1)
how can this be called stolen code?
The originators still have it.
Moron
And oddly nobody on slashdot is yet pointing this out (unlike what would have happened if a USian were accused of stealing Photoshop, for example.
Is this because it's China doing it?
Flamebait, I'm guessing from a Chinaman.
Obvious DLL update... (Score:3, Insightful)
Now if they can just figure out a way to get those DLLs to display "The Chinese Government is Oppressing you. Remember the valiant souls who gave their lives trying to earn your freedom at Tienanmen Square!" on all the computer screens in China...
Sounds like Cybersitter contributed (Score:5, Interesting)
1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them.
2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code.
3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.
1 is certainly possible. 2 is truly frightening on a number of levels. 3 is just wrong and may be a violation of federal law. As they are a US company, contributing code to the development of a Chinese firewall product could be subject to the same verbiage as a US firewall, i.e something similar to:
Under U.S. law, the Software may not be downloaded or otherwise exported, reexported, or transferred to restricted countries, restricted end-users, or for restricted end-uses. The U.S. currently has embargo restrictions against Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria. The lists of restricted end-users are maintained on the U.S. Commerce Department's Denied Persons List, the Commerce Department's Entity List, the Commerce Department's List of Unverified Persons, and the U.S. Treasury Department's List of Specially Designated Nationals and Blocked Persons. In addition, the Software may not be downloaded or otherwise exported, reexported, or transferred to an end-user engaged in activities related to weapons of mass destruction.
and/or:
The Software available to download from this Site is commercial computer software as that term is described in 48 C.F.R. 252.227-7014(a)(1). If acquired by or on behalf of a civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal Acquisition Regulations ("FAR") and its successors. If acquired by or on behalf of any agency within the Department of Defense ("DOD"), the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 227.7202-3 of the DOD FAR Supplement ("DFAR") and its successors.
(Completely and totally plagarized from the ZoneAlarm legal page, http://www.zonealarm.com/security/en-us/legal.htm [zonealarm.com] )
Re:Sounds like Cybersitter contributed (Score:5, Insightful)
We have 1 of three possible scenarios: 1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them. 2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code. 3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.
I think the most likely scenario is that someone walked out of Cybersitter, Inc. with a thumb drive full of code. I guess you could call that (2), but I think it's more likely that a contractor (or even offshore development team) pinched the code via copy than a team of black hats in Hunan broke into Cybersitter's servers.
By the way, you might find google's toolbar, which spellchecks, helpful before you compromize and plagurize more posts ;-)
Re: (Score:1, Insightful)
We have 1 of three possible scenarios: 1) The Green Dam developers have fully reverse engineered Cybersitter to the point they can reuse pre-compiled binaries and snippets of code required to call them. 2) Cybersitter's development network has been thoroughly compromized to the point that the Chinese Green Dam developers have fully plagurized another companies proprietary code. 3) Cybersitter has contributed to the development of the Chinese Green Dam and was therefore paid for their effort.
4) Cybersitter developed their code using outsourced labor... that had been outsourced to Shanghai
5) Cybersitted didn't outsource their code, but some of the programmers they hired decided it was easier to hire somebody in Chengdu, so they could just go surfing all day while the person they hired did all the actual work
Re: (Score:2, Insightful)
It looks more that they took the dll's from a commercial version of Cybersitter and did some limited reverse engineering to get hands on some function calls. I guess they want to save the effort for keeping a pron blacklist up-to-date.
It's not so hard and rather dumb than using devilish haxzor skillz to fully reverse engineer Cybersitter.
Re:Sounds like Cybersitter contributed (Score:4, Interesting)
Or they're just using DLL's.. I mean you can just call the functions inside them without too much trouble..
And even if you _do_ do some reverse engineering.. You don't have to fully reverse everything to get stuff to work.. I mean as long as you get a chuck of opcodes and you know where the entry point is and what parameters you have to push into them, then you can run code without doing much reverse engineering at all.
Re: (Score:2)
Based on TFA (any of the 3 linked articles that are actually about this issue and not links to previous Slashdot coverage of Green Dam), I find your third scenario highly unlikely unless Solid Oak was lying through their teeth about being upset that Green Dam "stole" their code and was hitting their servers. I mean, maybe Solid Oak was just putting up a smokescreen about threatening legal action and was really supplying their code to China for Green Dam, but if that's the case, you'd think they'd have been
Re: (Score:2)
>> Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria.
I'm missing where 'China' is in that list.
Re: (Score:2)
Why would working on a firewall with China be illegal? From your first quote:
The U.S. currently has embargo restrictions against Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria
How would this restrict trade with China? I have no idea what you are implying with the second quote, could you elaborate?
From the Shanzhai angle, it's hilarous (Score:5, Interesting)
Re: (Score:2)
Re: (Score:1)
A private company "developed" the Green Dam software. Granted that the Chinese government obviously did not screen them properly, but why is this not Shanzai?
None of this should be surprising (Score:2, Informative)
Re: (Score:3, Insightful)
They are on a war footing, apparently we keep fooling ourselves into thinking everyone wants to play nice.
We also fool ourselves that they need us. Well news for those reading, They don't.
There is a reason they laughted at Geithner [businessinsider.com]
Re: (Score:1)
What a waste (Score:5, Insightful)
Re: (Score:2, Insightful)
Re: (Score:2)
ChiCom Intelligence strikes again (Score:3, Insightful)
Reminds me of when the KGB used to spend a huge chunk of their resources stealing American technology, then slavishly copying it to the tiniest detail, right down to the manufacturers' logos on the dies.
There's something about Communism that eats home-grown innovation alive. . . .
Re: (Score:3, Interesting)
There was a History channel program about how the Soviets copied the B-29 Superfortress. In late 1944, three American B-29s made emergency landing in the USSR after a bombing run over Japan. Stalin ordered his defense people to copy them *exactly*.
Even though the Russians had some pretty decent aircraft designers who understood aircraft systems well, nobody wanted to offend Stalin and risk getting sent to the goulags... so they copied EVERYTHING, including the repair marks made on the side panel on one of t
Re: (Score:2)
...something...
Since when is China a communist state? It is a brutal, oligarchical dictatorship. There is NOTHING about China that is communist. Actually, there has never been a communist state anywhere at anytime. China is a slave state.
Re: (Score:2)
oh, no, not this shit again. fucking commies. dude, get over it: communism only exists in books. Cuba, the USSR, China, whatever. all of them tried to be communist countries and failed. I don't get why you communist claim that everything we know about communism, isn't. What are we suppossed to do? Vote for you to show us what it's really like? How do we know you won't turn out to be the same?
Grow up
Re: (Score:2)
Re: (Score:1)
I'm a Chinese and even I'm gobsmacked (Score:2, Interesting)
That piece of software, coming out from the central government itself - it's run by former engineers you know, is so stupid! If people can fly by being stupid then we don't need rockets! We just strap our astronauts to this guy, who is executing the plan, and everyone will get a ride to the moon for free! I can imagine false positives and false negatives aren't really big problems from the gov
Re: (Score:3, Insightful)
I don't think the Chinese government cares at all about "checks and balances".. The whole Chinese culture is about getting the cheapest product possible.
Remember the flash games for the Olympics website that were re-skinned ripoffs?
Remember the babies that died from the milk that had a whitening substance in it so they could water it down?
This is the countrie that sells fake eggs. It's like a sausage.. This is the country that sells cardboard with fat and food coloring as hotdogs.
For a 'communist' nation
Re: (Score:2)
Remember the flash games for the Olympics website that were re-skinned ripoffs?
Remember the babies that died from the milk that had a whitening substance in it so they could water it down?
This is the countrie that sells fake eggs. It's like a sausage.. This is the country that sells cardboard with fat and food coloring as hotdogs.
You can sum these all up in a few words: rational, but brutal. Cheapest isn't really a good description to everything that's happening here - the Beijing Olympics opening ceremony isn't exactly cheap, right? And for the record, the government had done the rational thing to stop the latter two items (which are public safety AND foreign relation disasters) immediately after they're discovered - whether they know about it BEFORE those things are discovered is quite another question.
But look at Green Dam it's
Re:Chinese product culture (Score:2)
Wait, is that the (new) cultural parallel for reading Star Trek's Ferengi? Dunno who was the original model, but this sounds like it fits now!
Re: (Score:2)
According to a copy of the writer's bible for TNG that I read once, the Ferengi were supposed to be modeled after Yankee Traders. Don't bother looking that up on Wikipedia, since the article there is about some stupid BBS turn-based game that loosely relates to the historical concept of a Yankee Trader, and borrows the term as its name. Yankee Traders were American merchants who, when the United States was still young, practiced a sort of wild and wooly capitalism which was
Fantastic!!! (Score:3, Insightful)
Re: (Score:2)
I was thinking similarly. Solid Oak could wreak some happy fun by adding banned political sites to the OK list or banning the Chinese government's own sites.
Re: (Score:2)
I say we try to get them to all download a certain Rick Astley [wikipedia.org] song.
We can call it "Rickshaw Rolling". ;)
US Blue Dam (Score:2)
But at least the chinese software name is less boring than "Windows".
The most likely scenario... (Score:4, Insightful)
CCP member and government official "Mister Wang" finds out about a party directive to more directly control internet surfing in one of the "secret" directives often issued by the government to the MII. So he calls his nephew, "Mister Lee," and tells him that if he has a software package that can meet the following requirements (secret list supplied), he will fast track approval for the software and split the revenue (silently, of course...through a foreign bank account). Because after some initial "trial period" the computer companies will be forced to purchase this software. Instant revenue stream. ka-ching (which means "fucking pay me, you laowai clod" in Mandarin)
Unfortunately, Mister Lee has no such software. So he hires some Chinese black hats to grab the code from something resembling the requirements from a foreign company. The foreign company will have zero recourse since Mister Wang is "connected" and the Chinese government tends to wink at this behavior anyway. Since Mister Wang is steamrolling the software through the government's maze of approvals, nobody even bothers to QC the code prior to mandating its use.
With the exception of the surnames, I'm reasonably sure that's EXACTLY how this clusterfuck was perpetrated.
All your code are belong to us. Set us up the firewall....
Re: (Score:3, Interesting)
Holy carp, there's some insight! I'm in the middle of some dealings with Chinese manufacturing, and your assessment is maddeningly accurate. It's like engineered corruption all the way through.
Not mandatory at all. (Score:2)
In China, "copyright" means right to copy. (Score:4, Interesting)
In China, "copyright" means right to copy.
It has been in the culture for thousands of years, and no one thinks it is wrong. For example, for thousands of years honoring the greatest artist and scholars meant training to copy their work exactly. Chinese just don't get the whole western copyright thing. Especially in a communist / socialist country where all property is officially property of the State. They might be right.
I worked at Chinese University. We had a guy that we called "Mr. Copy". He worked in the English department during the day making photo copies of exams and materials for teachers, audio tapes, whatever. At night he would setup his table in the main plaza and sell the latest pirated DVD movies for less than a $1, including all the screeners that had not been released in the States yet. There where hundreds if not thousands (e.g. 8-10 at the base of my apartment building alone) of these guys just around the one University I was at.
Re: (Score:2)
Maybe Green Dam contains copied without authorization -- I don't know.
But referring to copied code as "piracy" or "stolen" is propaganda, just as bad as the Chinese government's propaganda. The term "intellectual property" makes the article a vague and confused as the term itself -- http://www.gnu.org/philosophy/not-ipr.html [gnu.org].
Whenever someone uses that term, you can't tell what in the world he might be talking about (unless you are an expert and can figure it out from other knowledge).
Didn't they capitulate on this already? (Score:3, Interesting)
When the Chinese government announced that shipping a CD [news.com.au] with the Green Dam software constituted compliance with the July 1st directive, that told me the government was implicitly agreeing that the software wouldn't be compulsory. I suspect we have to thank the PC manufacturers for this turn of events. It's a lot easier to throw a disk into the box. Parents might install Green Dam out of concern for their kids' browsing, but I can't imagine anyone who might be politically relevant would do so, especially if it's not illegal to operate a computer without it.
On the subject of infringement, what happens if it is demonstrable that Green Dam contains code stolen from Solid Oak? Can an American manufacturer, say Dell, continue to ship this product in China knowing that it infringes on the product of another American firm? Obviously Dell couldn't be sued in China, but could it be sued in the US?
Play fair? (Score:2)
Since nobody's mentioned it.. (Score:2)
What would the legal ramifications be for US-based computer manufacturers selling computers with stolen code included?
Re: (Score:2)
Actually, you're the second (someone else asked the exact same question 36 minutes before you did). But although IANAL, I can say that there's probably a substantial amount of legal liability there. The only question is if it's worth suing over. Solid Oak probably can't afford the legal muscle to do something like this.
Assuming that a legal challenge can be brought, the next question is whether the computer manufacturer can mount a defense. It's not clear how much shielding a US-based manufacturer gets
Let's default on the national debt. (Score:2)
So how about we have CyberSitter push an update to all PCs with an Chinese IP address that encrypts all the data and disables the computer. We'll send China the decryption keys if they forgive their share of the U.S. taxpayer's national debt (less than England and Japan on last count, but still significant). Either we get our money back for free or the Chinese people oust their undemocratic government for stupidity.
Wait, wait, that won't work. If we go around ousting governments for stupidity, we'll have an
Re: (Score:1)
Wait, wait, that won't work. If we go around ousting governments for stupidity, we'll have anarchy here in the U.S. too.
Its ok, we'll forgive you since you democratically choose you idiots
OT: scientology.org banner ad on this story? (Score:1)
ok sorry for the somewhat off topic reply, but I just had to ask about this one; when syndicated through Google Reader this story had a Scientology.org Flash ad embedded within it - are they really advertising on /. now?? :)
I'm pretty sure it's not Google doing it, since not all feeds have this kind of embedded ad.. (i.e. it's within the post itself, right below the "Read more of this story at Slashdot." link)