Ihmhi writes "China's mandatory 'Green Dam Youth Escort' web filter software apparently has a series of severe flaws. In addition to not working on Linux or MacOS, traffic between the software and its servers is unencrypted."
I'm sure it only gets better after that.
First, it's incompatible with all of those Windows-only worms, now it won't run invasive government-mandated spyware. At this rate, it will never be the year of the Linux desktop.
Do not write any code that could intentionally be used to DDOS your ass. But seriously, this is great. It's going to be one hell of a show when it gets cracked.
Besides, this doesn't look like you could only intentionally DDoS them, it can even happen that you may unintentionally do it. Maybe with the "help" of a trojan that just happens to infect your computer... you know those sneaky malware writers and their schemes, and sorry that I got infected, it must've been that I went to the wrong sites, but good comrades, you know where I've been and thus you know where I got it from. Strangely, I only visited good Chinese sites...
So does that mean that selling computers with Linux or OSX installed is illegal? Or will they get away with "installing" the software on those computers even though it can not function?
Considering that the Chinese government has put a lot of time/effort into mandating Red Flag Linux for internet cafes, I would say that they "install" it and it doesn't function.
Wouldn't it be funny if this sparked a "MacOS to Windows hardware" hack that worked, spread like "kitten killer video [slashdot.org]" and then seeped back into the West and shut up the whiners (not to be confused with the Winers).
Then, Chinese could buy a compliant windows machine, hack it to MacOS, and the DamWare wouldn't know. Or will they require that all machines stay on all the time, such that silence is a violation?
after all the slating given to china over censorship, it would be interesting to be able to browse from behind such a filter and see how much it would affect the surfing of a typical westoner
But filtering in China is done at a level independent of the computer. This adds another layer of "protection" and enforcement but isn't really the full filtering of the internet. Think of this like a porn blocker that blocks a few sites compared to the "Golden Shield" which blocks all references to anti-communist or different forms of communist ideals.
That's true, but, it should give at least a taste of the experience a typical Chinese person encounters when he or she tries to browse the web. For that reason alone, it might be useful to try out (in a virtual machine, of course).
No, not a good thing. You see in the authoritarian/communist society which is China, the government owns or has major influence in everything. So even with OSS projects that have a commercial vendor (like Red Hat) the government could convince the company to poison the source repos and the binary repos with modified versions. So in the end you have an authoritarian Linux system that even pirated Windows would be looked at by dissenters as "more free" because it doesn't run into the poisoning of OSS.
First of all, I don't think that China could convince Red Hat, or any other commercial vendor to poison their own products to add things like this in. If anything, they would modify the files themselves, and then have their firewall/cache systems return their modified versions instead of the real version. Even if they were able to do that, there are dozens, if not hundreds of Linux distros out there. They cannot convince all, or even most of them to make these changes, so there will still be plenty of wa
First of all, I don't think that China could convince Red Hat, or any other commercial vendor to poison their own products to add things like this in
Well, not Red Hat but what about Red Flag which is widely used in China and is mandated in some places for internet cafes. If they can convince the OEMs, convincing Chinese OS makers would be the next logical step, Linux is open and Red Flag already has a large userbase in China.
Even if they were able to do that, there are dozens, if not hundreds of Linux distros out there. They cannot convince all, or even most of them to make these changes, so there will still be plenty of ways that Chinese people can get a hold of "un-tainted" Linux distributions.
Censorship can never convince 100% of the population, but if you can get 95% and the 5% either are ordinary people who are scared to protest, high-ranking people who if they tell they loose their money, or unaccepted "radicals"
The "mandatory" software these computers will be shipped with is no different than a VChip inside of all modern American TVs; it's a feature people may use, but are allowed to uninstall at their sole discretion. Besides, this stuff runs on Windows, it's just one more straw on the pile of ways to hijack an unprotected computer. We also choose a tool that doesn't run on Linux because we're sick of typing 'sudo apt-get install wine' everytime we install a new Linux distro. This assures minimal typing for all Chinese Linux users.
TVs, in general, cannot be hijacked (BoTVnet?) The mentioned security concerns are reasons to push for improvements to the software, not as an excuse to defame a government for trying to give parents more tools to protect their children. Again, if you do not wish to use this software, please feel free to uninstall it -- it's only there for those who want to use it.
not as an excuse to defame a government for trying to give parents more tools to protect their children.
"protect" them from what? From the evils of porn? This isn't 1995 here people, and its pretty hard to not know your going to a porn site today especially if you use a search engine to find sites. If your kid is searching for porn then obviously they aren't as "innocent" as you think they are. And whenever their censorship is under the guise of "protecting" the people from such evil ideas as human rights and alternate ideologies, it gets quite suspicious whenever they try to mandate more controls.
Again, if you do not wish to use this software, please feel free to uninstall it -- it's only there for those who want to use it.
Thats nice, but why install it in the first place? There are loads of internet "protection" filters out there, mandating the installation of one, especially from a government that constantly abuses its citizens should be cause of concern or alarm. Don't you think?
Salami technique and boiling the frog ain't new for governments. For now it's "only humanitary" or "only to catch terrorists/pedophiles/boogieman_of_the_month", but when it's in place and we have "wide acceptance for it", why not use it for more? Or, in this case, make it mandatory since "so many thought it's a great thing" (read: didn't know about it and/or don't care enough to stink up a storm).
"We found a series of software flaws," explained Isaac Mao, a blogger and social entrepreneur in China
... when contacted later for further comment, it was discovered that Mao had been assigned to 18 years of reeducation through labour in the coal-mining provinces.
No, we've assured his skills will remain in good use. If you wish to speak on him, please PM him on the US Shattered Hand Realm for WoW, where he has been assigned 18 years of reeducation through labor in the WoW-gold mining servers.
Lately it's like all the countries of the world are engaged in an Olympic competition to see who can screw themselves up the most through acts of extreme stupidity and greed. What the fuck is wrong with people?
Lately it's like all the countries of the world are engaged in an Olympic competition to see who can screw themselves up the most through acts of extreme stupidity and greed. What the fuck is wrong with people?
I don't know what you just said except "Olympics", and we all know what we do at the Olympics, right? Support your country to be number one, no matter WHAT the event!
"We have buttiduously canvbutted the industry [today.com], buttessed what is available and buttembled the finest selection of contractors chosen in a completely open manner for this buttignment. Butterting free speech is one thing, but a triparbreaste committee considers that that does not justify mere pbuttive breastillation at the expense of others. The filters will buttociatively clbuttify all communications and filter then, I can butture you, rebuttemble them with surpbutting exacbreastude in any quanbreasty. Consbreastuents can be rebuttured that a mulbreastude of industry compebreastors will butture quality and keep our clbuttrooms safe. Green Dam will not embarbutt us!"
From the article:
"One blogger posted a screenshot of the software purportedly blocking an attempt to visit a porn site using Microsoft's Internet Explorer.
But, he said, there was no problem accessing the site using the Firefox web browser. "
That could essentially be a good thing. If you're using IE on Windows to browse the web, you need all the protection you could possibly get. After all, you explicitly showed that you have no idea about security or any concern about it...
Ok, so it's a pretty ham-handed first attempt.
My question is: with all the US computer companies outsourcing to China, will my US PC or Apple eventually be affected?
Perhaps we should stop buying US PCs made in China.
"As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master."
After spending a number of years living/working in China, I've come to the conclusion that the government just doesn't care if this new "feature" works or not. The goal isn't to really censor here, but to let people know that "the man" is watching. In China, that is enough to keep the vast majority of people in line. There are still tens (perhaps hundreds) of millions of people that have vivid memories of the Cultural Revolution. They know all too well what happens to the squeaky wheel and tailor their activities accordingly. Sad, but that's the way it is.
It seems that China sent all of their super coders to participate in the NSA challenge, and they left the apprentices back at home writing the domestic software.
I don't want to sound like a troll, but considering all the oppressive crap we see coming out of China, it seems pretty petty to whine that their mandatory web filter software does not have a Linux version (or Mac)...Now if you want to talk about why China is so Microsoft-friendly, that one thing, but when someone installs a mandatory net nanny on a cheaply assembled PC and connects to a watered down approximation of the internet, where one thing internet users do best, "bitch about stuff", could possibly g
Step 1: Install Virtual PC, or other VM Software Step 2: Install the Mandatory Software INSIDE the VM Step 3: Leave the VM running in the background and never touch it
Do you think any government would require some kind of software to be distributed with every new computer if there wasn't a backdoor to monitor citizens?
Ya know, snooping on your citizens ain't just for Commies anymore.
Being "secure" would not make the whole thing any better, it would still be a huge blow against freedom of speech (despite the lack thereof in China anyway) and the freedom of the net. But it raises another concern that our govermnemts might take into account before pulling a similar crapstunt (I'm fairly sure they have something like this planned already. Freedom of speech ain't just a threat to governments in China...).
Whenever you mandate some software to be installed, especially if this software is to o
Linux people always complaining (Score:5, Funny)
FFS, just run it in Wine!
Re:Linux people always complaining (Score:5, Funny)
In this case, not running in Linux or Mac is a feature, not a bug!
Parent
Linux is not ready for the desktop (Score:5, Funny)
Parent
Security 101 (Score:5, Insightful)
Do not write any code that could intentionally be used to DDOS your ass.
But seriously, this is great. It's going to be one hell of a show when it gets cracked.
Re: (Score:2)
When? As soon as, please.
Besides, this doesn't look like you could only intentionally DDoS them, it can even happen that you may unintentionally do it. Maybe with the "help" of a trojan that just happens to infect your computer... you know those sneaky malware writers and their schemes, and sorry that I got infected, it must've been that I went to the wrong sites, but good comrades, you know where I've been and thus you know where I got it from. Strangely, I only visited good Chinese sites...
This software is legally mandated. (Score:5, Interesting)
So does that mean that selling computers with Linux or OSX installed is illegal? Or will they get away with "installing" the software on those computers even though it can not function?
Re: (Score:3, Interesting)
Re:This software is legally mandated. (Score:5, Informative)
Think of it as an AOL Free Trial CD. You remember, the free coaster they shipped.
Parent
Re: (Score:2)
I miss the days of the AOL floppy. Those were at least useful as more than coasters.
Re: (Score:2)
Then, Chinese could buy a compliant windows machine, hack it to MacOS, and the DamWare wouldn't know. Or will they require that all machines stay on all the time, such that silence is a violation?
Is the software available to download anywhere? (Score:4, Interesting)
Re:Is the software available to download anywhere? (Score:5, Insightful)
Wouldn't it be more fun to disassemble the software, find the gaping flaws, and simultaneously take 300 million computer off the net?
Epic lulz would have to be redefined from then on.
Parent
Re:Is the software available to download anywhere? (Score:5, Insightful)
Wouldn't it be more fun to disassemble the software, find the gaping flaws, and simultaneously take 300 million computer off the net?
Wouldn't it be more fun to use the gaping flaws to build a botnet, DDoS various targets and blame it on China?
Parent
Re: (Score:3, Informative)
Re: (Score:2)
That's true, but, it should give at least a taste of the experience a typical Chinese person encounters when he or she tries to browse the web. For that reason alone, it might be useful to try out (in a virtual machine, of course).
So this is a good thing (Score:2)
Re:So this is a good thing (Score:4, Interesting)
Parent
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
First of all, I don't think that China could convince Red Hat, or any other commercial vendor to poison their own products to add things like this in
Well, not Red Hat but what about Red Flag which is widely used in China and is mandated in some places for internet cafes. If they can convince the OEMs, convincing Chinese OS makers would be the next logical step, Linux is open and Red Flag already has a large userbase in China.
Even if they were able to do that, there are dozens, if not hundreds of Linux distros out there. They cannot convince all, or even most of them to make these changes, so there will still be plenty of ways that Chinese people can get a hold of "un-tainted" Linux distributions.
Censorship can never convince 100% of the population, but if you can get 95% and the 5% either are ordinary people who are scared to protest, high-ranking people who if they tell they loose their money, or unaccepted "radicals"
Re: (Score:2)
Use a source based distro (Gentoo, e.g.), keep up to date with reports of tampering and un-tamper your version.
When you have the source, you are in control of your software. Whether you execute that control is up to you, though.
It's chinese stuff (Score:5, Funny)
What are you calling a "flaw"? (Score:4, Insightful)
I hardly consider the lack of Mac or Linux versions a "flaw". In fact, I consider that one of the few positive aspects of the software.
Your friendly Chinese government official here. (Score:5, Informative)
Re: (Score:2)
Re: (Score:2, Informative)
Re:Your friendly Chinese government official here. (Score:5, Interesting)
not as an excuse to defame a government for trying to give parents more tools to protect their children.
"protect" them from what? From the evils of porn? This isn't 1995 here people, and its pretty hard to not know your going to a porn site today especially if you use a search engine to find sites. If your kid is searching for porn then obviously they aren't as "innocent" as you think they are. And whenever their censorship is under the guise of "protecting" the people from such evil ideas as human rights and alternate ideologies, it gets quite suspicious whenever they try to mandate more controls.
Again, if you do not wish to use this software, please feel free to uninstall it -- it's only there for those who want to use it.
Thats nice, but why install it in the first place? There are loads of internet "protection" filters out there, mandating the installation of one, especially from a government that constantly abuses its citizens should be cause of concern or alarm. Don't you think?
Parent
Re: (Score:3, Insightful)
it's only there for those who want to use it.
for now.
Salami technique and boiling the frog ain't new for governments. For now it's "only humanitary" or "only to catch terrorists/pedophiles/boogieman_of_the_month", but when it's in place and we have "wide acceptance for it", why not use it for more? Or, in this case, make it mandatory since "so many thought it's a great thing" (read: didn't know about it and/or don't care enough to stink up a storm).
Re: (Score:2)
Bad move ... (Score:5, Funny)
"We found a series of software flaws," explained Isaac Mao, a blogger and social entrepreneur in China
... when contacted later for further comment, it was discovered that Mao had been assigned to 18 years of reeducation through labour in the coal-mining provinces.
Re:Bad move ... (Score:5, Funny)
Parent
Re: (Score:2)
i first read that as "Green Day Youth Escort" (Score:2)
and i thought yeah i know they have a new album but this is ridiculous
International competition for stupidest government (Score:2)
Lately it's like all the countries of the world are engaged in an Olympic competition to see who can screw themselves up the most through acts of extreme stupidity and greed. What the fuck is wrong with people?
Re:International competition for stupidest governm (Score:5, Funny)
I don't know what you just said except "Olympics", and we all know what we do at the Olympics, right? Support your country to be number one, no matter WHAT the event!
U-S-A! U-S-A!~
Parent
When you buttume ... (Score:5, Funny)
Re: (Score:2)
Well played, but I think you may have swiped the idea from here [thedailywtf.com].
Only Windows, only IE (Score:5, Interesting)
Re: (Score:2)
That could essentially be a good thing. If you're using IE on Windows to browse the web, you need all the protection you could possibly get. After all, you explicitly showed that you have no idea about security or any concern about it...
american warrantless (Score:2)
are US computers built in China safe? (Score:2, Interesting)
U.N. Declaration of Rights (Score:3, Interesting)
"As the Americans learned so painfully in Earth's final century, free flow of information is the only safeguard against tyranny. The once-chained people whose leaders at last lose their grip on information flow will soon burst with freedom and vitality, but the free nation gradually constricting its grip on public discourse has begun its rapid slide into despotism. Beware of he who would deny you access to information, for in his heart he dreams himself your master."
Pravin Lal, Alpha Centauri
It's not supposed to work (Score:5, Informative)
After spending a number of years living/working in China, I've come to the conclusion that the government just doesn't care if this new "feature" works or not. The goal isn't to really censor here, but to let people know that "the man" is watching. In China, that is enough to keep the vast majority of people in line. There are still tens (perhaps hundreds) of millions of people that have vivid memories of the Cultural Revolution. They know all too well what happens to the squeaky wheel and tailor their activities accordingly. Sad, but that's the way it is.
Spyware Puts Computers At Risk (Score:3, Funny)
Spyware Puts Computers At Risk
I nominate this for the most awesome headline ever.
Probably easier ways to do it... (Score:2)
...but is the Chinese government just creating their own personal, huge botnet to use in DDOS attacks in the CYBERWARS OF THE FUTURE?
I have no problem with Big Brother... (Score:3, Funny)
...it's the lack of encryption that really bothers me. After all, that could let some unknown party watch what I'm doing online!
Calling Super China Coders (Score:2)
No Linux? (Score:2)
Easy to Beat (Score:3, Informative)
Step 1: Install Virtual PC, or other VM Software
Step 2: Install the Mandatory Software INSIDE the VM
Step 3: Leave the VM running in the background and never touch it
Re: (Score:2)
Do you think any government would require some kind of software to be distributed with every new computer if there wasn't a backdoor to monitor citizens?
Ya know, snooping on your citizens ain't just for Commies anymore.
Re: (Score:3, Insightful)
Being "secure" would not make the whole thing any better, it would still be a huge blow against freedom of speech (despite the lack thereof in China anyway) and the freedom of the net. But it raises another concern that our govermnemts might take into account before pulling a similar crapstunt (I'm fairly sure they have something like this planned already. Freedom of speech ain't just a threat to governments in China...).
Whenever you mandate some software to be installed, especially if this software is to o