Report Says China Will Demand Source Code 305
An anonymous reader alerts us to a two-week-old story that hasn't gotten much traction in the press to date. A Japanese newspaper and the AP report that China plans to demand source code from hardware manufacturers, and ban the sale of products from companies that don't comply. China is calling this an "obligatory accreditation system for IT security products." The plan is to go into effect next May, according to sources. "Products expected to be subject to the system are those equipped with secret coding, such as [a] contactless smart card system developed by Sony Corp., digital copiers, and computer servers. The Chinese government said it needs the source code to prevent computer viruses taking advantage of software vulnerabilities and to shut out hackers. However, this explanation is unlikely to satisfy concerns that disclosed information might be handed from the Chinese government to Chinese companies. There also are fears that Chinese intelligence services could exploit such confidential information by making it easier to break codes used in... digital devices."
So they can counterfeit (Score:3, Insightful)
Haha,
Yes, why would chinese business go to the effort of replicating the functionality of western devices when their government can just demand we give the source code to the devices.
Expect to see more Sorny goods if this goes ahead!
Re:So they can counterfeit (Score:5, Interesting)
It just doesn't work like this because those "western devices" are probably already made in Asia.
I was visiting a Chinese factory that made widgets, and member of staff showed me a widget branded by a "famous western company" to impress upon me that the widgets made in their factory were of a high standard. "Here's a sample to take home, but don't tell anyone *wink* *wink*".
Their agreement may not exclude selling the widget in part, or in whole on the domestic market, so the brands are in fact a complete myth. Those fake Sony goods that have been re-badged as a Chinese brand could be close to functionally identical, albeit with a much lower price tag.
Another experience I had, was with a certain widget that had interchangeable parts. The product as a whole would be sold on the domestic market with Chinese branded parts, or swapped out for a brand that would know for export.
It's all bullshit but very interesting to observe, and as an audience you are really overestimating the Chinese government's intervention which is close to none. This is just companies chasing profits with as much regard for ethics as our own companies.
Re:So they can counterfeit (Score:5, Interesting)
They might manufacture the physical widget there but they didn't program the driver or firmware - it came on a master rom or was bundled in a cd already compiled.
Re: (Score:3, Insightful)
I client of mine had to completely stop selling a product. To be competitive he had to make his widgets (hight end sound elements) in China like everybody else. At several occasions during "surprise factory inspections" he found sub-par, out of spec end-products. At some point some items where even with his logo replaced by some unknown Asian brand. Suddenly all sales in Asia and part of Europe came to a near stop. Within months they just change product line altogether.
This is exactly why numerous parents a
Re:So they can counterfeit (Score:5, Interesting)
>>Their agreement may not exclude selling the widget in part, or in whole on the domestic market, so the brands are in fact a complete myth.
It also assumes they hold up their end of an agreement, which is laughable. After Qualcomm got a bunch of Chinese factories up and running with their Q-phone, China Telecom started selling their C-phone, which was an exact duplicate of the Q-phone, made by the same people that Qualcomm had trained in making their phones. They're so dishonest, it's fucking scary that so much of our technical manufacturing is being done over there - we're paying for their postgraduate education, and giving them free blueprints to rip us off with.
Re:So they can counterfeit (Score:5, Insightful)
Brought to you by the two-wrongs-make-a-right department.
One other thing. Extort doesn't normally take a person or people as its direct object.
Re:So they can counterfeit (Score:4, Insightful)
That would be a meaningful response if the West was currently a good global citizen engaging in fair trade and not still engaging in military campaigns with the thinly veiled purpose of usurping economic resources. But as it stands, the west is still fighting in Iraq and Afghanistan for control of petroleum, De Beers is still financing wars in Africa to ensure the continuance of its diamond monopoly, South East Asian nations are still used as a source of cheap de facto slave labour, the IMF is still used as the G8's stick to ensure sovereignty of the third world governments is a purchasable commodity and companies like Bechtel are still pulling this sort of rubbish [foodandwaterwatch.org].
So, sorry, your moral high horse has no legs.
Re:So they can counterfeit (Score:4, Funny)
Afghanistan has oil???
I thought they only were good for terrorists and drugs?
Re: (Score:3, Insightful)
You guys are missing the point: Demanding that the source code be made available for your products is a reasonable thing to do. Just like demanding that the ingredients of your foodstuffs be made available is a reasonable thing to do. It has to do with safety and trust.
The ONLY real reason a company maintains ANY closed source is profitability. Everyone would run open source otherwise, because it costs way too damn much money to maintain close source, from physical protection to legal costs.
I sure as hell don't see people boycotting Coca Cola products because they haven't revealed their secret formula to EVERYONE.
That being said, one CANNOT overlook WHO is asking for the closed source, and determining the REAL reason WHY they need it. Somehow the words "safety" and "tru
Re:So they can counterfeit (Score:5, Funny)
Is William Shatner posting on Slashdot now?
Moron, or just being stupid? (Score:3, Insightful)
geekmux said: "I sure as hell don't see people boycotting Coca Cola products because they haven't revealed their secret formula to EVERYONE"..
I haven't seen one instance of someone cracking Coke's secret formula and using it to break into a system -- nor have I once seen a buffer overflow or backdoor or just stupid program error in Coke's formula cause billion dollar threats to the internet.
It's real different -- code that goes into computers doesn't go through testing like food or drug products -- as corru
Re:So they can counterfeit (Score:4, Interesting)
Well, this is just a more overt instance of such corporate espionage. The Chinese have been VERY active over the past decades in spying, both corporate and military. They are very prolific at espionage, and this is just a new slant on their programs...now that we have given them so much of the hardware knowledge over the years by moving manufacturing over there. This is just a logical next step.
Re: (Score:3, Insightful)
Except that isn't actually true. The main reason why China has spent so much money in the US is so that they can continue to exploit their workers. They keep the wages artificially low with currency value manipulation and refusing to pay their workers accordingly. Which allows their government to continue to exert a larger than appropriate degree of control on the people.
Ultimately that hurts the US as well since our workers can't work for that low of a wage.
The Chinese are VERY dishonest. (Score:5, Informative)
Maybe not. Maybe: "Expect to see a lot of counterfeit products labeled Sony, in the same kind of packaging Sony uses."
Ever since the days of the DOS operating system, when it was only the Taiwanese who supplied computer parts, the Chinese have been extremely dishonest. They would deliver computer parts until a distributor got established. They would get paid when a load was delivered to a ship in Taiwan. But, the would eventually deliver a huge load of junk, stuff that had failed testing but had been saved for that purpose. That would put the U.S. distributor out of business.
At the same time, there would be a Chinese distributor in town that just began doing business, selling the same items.
Now that everyone has paid to build factories and complicated procedures in China, they are very vulnerable to Chinese control.
Here are a few stories, chosen from thousands. The Chinese governments, in Taiwan and mainland China, have always pretended to be interested in stopping counterfeiting:
FBI and Chinese seize $500 million of counterfeit software [iht.com].
Dangerous Fakes: How counterfeit, defective computer components from China are getting into U.S. warplanes and ships [businessweek.com].
YouTube videos about Chinese counterfeiting [google.com]
The World's Greatest Fakes: Chinese Copies Are Making Their Way Back To U.S. [cbsnews.com]
Heparin Find May Point to Chinese Counterfeiting [nytimes.com]
Chinese Product Counterfeiting Causes US Job Layoffs [voanews.com]
Re:The Chinese are VERY dishonest. (Score:5, Insightful)
Wow, just like the west is very serious in cracking down on copyright infringement. An outsider would see the US govt's complete lack of dealing with mass scale copyright infringement as collusion. Leaving it to the copyright holders when theres such widespread infringement? I would say they aren't even pretending to be interested.
I'm in China right now. The majority of the "fakes" are misapplied trademarks. They work nothing like the real item, and often look nothing like a real item from the Brand.
You'd have to be a complete moron to be suckered in.
The other end of the scale is when the factory owner lets the Gruntmaster production line run for an extra hour or so and slaps "Oinkmaster" on the side. I've picked up a few "grey-market" items this way - identical to the branded product.
Re:So they can counterfeit (Score:5, Funny)
Re: (Score:2)
That's nothing new.
In other industry sectors, China had "joint venture requirements" for years, which amounted to the opportunity for a Chinese company to grab the know-how. As an example see http://www.chinacartimes.com/2008/04/18/chinas-automobile-joint-venture-requirement-may-end-in-2010/ [chinacartimes.com]
Any western company that still falls for this deserves to be ripped off. I guess if I was a CEO, I would sell only equipment to China that is somewhat obsolete and does not give away my company's latest technology.
P.S.: unless it uses Open Source anyway (Score:2)
An important exception I forgot...
Re:So they can counterfeit (Score:5, Funny)
Simple solution (Score:5, Insightful)
Re:Simple solution (Score:5, Insightful)
I'm thinking along the same lines in a security context. I have never supported Security Through Obscurity.
If your security depends on your code being hidden, then I don't find it as valuable as a method that is open to scrutiny. Open Source Vs. Closed Source is a heated debate as always, but Open Source has a serious advantage when it comes to security. Trust. If the public at large can scrutinize the code, it is harder to say that anything nefarious is going on. With Closed Source, you HAVE to trust the company.
Sony?
Be fucking serious. The people that brought you a widespread implementation of a root kit to further their own agenda? I am going to have a hard time trusting ANY of their security products.
I don't know why China may want to do this, but there are good arguments to support their position.
Re: (Score:3, Insightful)
2) get product x accredited
3) add nefarious functions to source code, re-compile, surreptitiously update product
4) ???
5) profit!
Re:Simple solution (Score:4, Informative)
With Closed Source, you HAVE to trust the company.
In case of hardware you still have to trust the company. Programming backdoors in Verilog may be trickier, but far from impossible.
Makes you wonder (Score:4, Insightful)
Re:Makes you wonder (Score:4, Funny)
'Sources close to the Chinese government were quick to stress that the timing of this announcement and the recent surprise appointment of US software developer Richard M Stallman as Governer of Sichuan Province are entirely coincidental'.
yeah, right (Score:5, Insightful)
that disclosed information might be handed from the Chinese government to Chinese companies
It might. And then they have a massive re-engineering problem on their hands. It would usually be easier for them to reimplement the functionality than try to start with undocumented, unsupported source code.
Doing security audits on software is a legitimate request by a governmental agency. Of course, they should just request that vendors provide open source software.
Re:yeah, right (Score:5, Insightful)
It would usually be easier for them to reimplement the functionality than try to start with undocumented, unsupported source code.
I'm sure they would demand that the source code be fully commented and documented. I'm sure they would also insist on having the engineers explain anything that may be obtuse. If they can't understand the source code to begin with then it would be no use to them in the first place.
Re: (Score:3)
I'm sure they can also demand the developers write the source on 24K gold tablets but that also won't happen. What large system do you suppose has the money to comply with fully commented and documented. If it's not there now, it won't happen for the Chinese. It wouldn't happen for the US Government, if we had such a requirement. Many businesses don't have the capital to complete such a money loosing proposition.
I'm sure they would also insist on having the engineers explain anything that may be obtuse.
For things like Microsoft's products you may be correct but not many other companies have th
Re: (Score:2, Insightful)
I'm sure DoD has access to for e.g. Windows source code that they may run on their servers.
Actually, I wouldn't have a clue but maybe some here knows if this is the case.
Re: (Score:3, Informative)
Yes, the DoD does. As does any decent sized organisation, government or not. Its just a matter of signing the NDA.
Microsoft granted the Chinese government access to the Windows source in 2003 IIRC.
Re:yeah, right (Score:5, Interesting)
Hell... *I* have access to the source code for Windows. Anyone can have access to some, see their shared source licensing program. There are a number of legal ways to get access to the code for those who are interested.
Re: (Score:3, Interesting)
The big question. (Score:5, Insightful)
Do companies think that the market in China is big enough to justify giving them the source code?
It doesn't really matter what foreign governments think of this. The can scream all they want. If a company thinks the Chinese market is big enough and they want a piece of it. Then they will cough up the code.
Privacy, security and IP rites are second tier considerations when it comes to product sales.
So again. Do companies think that the market in China is big enough to justify giving them the source code?
Re: (Score:2, Insightful)
Do companies think that the market in China is big enough to justify giving them the source code?
If they give away the crown jewels they might be surprised how swiftly China starts supplying itself.
Re:The big question. (Score:4, Insightful)
If you build your hardware in a country notorious for having shadow shifts at factories, and then give away your source code as well, what makes you think there'd be any market left for your products?
Re: (Score:2)
MS gave the Chinese govt access to the Windows source in 2003. It hasn't led to the downfall of MS yet... ... oh wait, I'm getting a PM from someone called twitter... ;)
Re: (Score:3, Interesting)
China is the world's largest importer of raw materials, and the world's largest exporter of finished goods. As they nation (and economy) grows, China needs to ensure that it has good access to those finished goods that i
Don't like it? (Score:3, Insightful)
Don't do business with them if you don't like it. The Chinese concerns are valid, the hyperbole response is lame.
I hope there's zero compliance (Score:4, Insightful)
China is out of control. How can anyone compete if they have cheaper labor and can demand everyone hand over technologies. They can pirate the hardware but reverse engineering the rest is harder. What's next them demanding chip manufacturers hand over chip templates to "make sure they meet China's standards".
Re:I hope there's zero compliance (Score:5, Insightful)
``China is out of control. How can anyone compete if they have cheaper labor and can demand everyone hand over technologies.''
Well, for starters, they can "demand that everyone hand over technologies", too. That's a choice you can make. There is nothing preventing you from competing with China there. If the choice you make causes you to lose, it's not because something is preventing you from competing with China - it's because you competed, but China won.
That leaves the cheaper labor. And, frankly, if China has cheaper labor, that's an advantage they have. So if they win, based on that, it's not because something is preventing you from competing - it's because you competed with China and China won.
So, really, your "How can anyone compete?" is a bit misplaced.
Perhaps a more interesting question would be how to get desireable results, given what China is doing, but that would require you to, first of all, define what results are desireable.
Re: (Score:2)
China is out of control. How can anyone compete if they have cheaper labor and can demand everyone hand over technologies. They can pirate the hardware but reverse engineering the rest is harder. What's next them demanding chip manufacturers hand over chip templates to "make sure they meet China's standards".
Do you think our government should use their chips without making sure they meet U.S. standards? It has never failed to amaze me that any nation would blindly trust software and hardware made in another
Re: (Score:3, Insightful)
Biased view of the world have we? (Score:5, Insightful)
I thought source should be free?
I know American are scared, losing world leader status, economy going down the drain, hockey mom for vp and everything but seriously it's a great move on the Chinese government that you should be applauding. You should be hoping it will be replicated by ALL other governments and that distributing the source becomes an habit for HW manufacturer.
China has its issue (police state, freedom of the press...), but they seem sometime to have the balls to go where no other lobbyist sponsored government in the "free world" would go and when it's a good move at least have the intellectual honesty to recognize it.
Re:Biased view of the world have we? (Score:4, Insightful)
You've committed the common fallacy of supposing that there is some kind of "average" slashdot user, who represents every user, and believes every opinion that has ever been expressed on this message board. Obviously that can't be the case. Anybody like that would have to contradict every one of their own opinions.
On the actual issue, it's not a "good move" because they are probably doing this to control the populace; if they know the source code for the hardware on all consumer electronics, there's no way that people could find some way to communicate with the outside world on "unmonitored" channels, probably on a proprietary hardware network separate from the standard internet.
Keeping that source code out of chinese hands is imperative in empowering the chinese people to determine their own destiny. This isn't a software patents issue.
You should make it "an habit" not to confuse the issues. And stop assuming everybody here is a cookie-cutter version of everyone else.
Re:Biased view of the world have we? (Score:5, Insightful)
You've committed the common fallacy of supposing that there is some kind of "average" slashdot user, who represents every user, and believes every opinion that has ever been expressed on this message board. Obviously that can't be the case. Anybody like that would have to contradict every one of their own opinions. ... ... And stop assuming everybody here is a cookie-cutter version of everyone else.
I mainly agree with the spirit of your post, but I had to say something about this little blurb: There are topics on Slashdot where a majority of the people who post agree. This is also reflected in the moderator pool. It is rather common for these opinions to be enforced via mod-points. For example: If you were to travel back to the year 1999 and post on Slashdot that 'Microsoft kills babies', that post would rocket up to +5. If you were to then post that 'Linux could use a little improvement in this particular area...', that post would disappear into a sea of other -1 posts. The specific attitudes change over the years, but the underlying principle always remains. That's why sometimes you really have to walk on eggshells with certain opinions to avoid your posts disappearing into oblivion. People who happen to be on the majority's side of opinion could make a great speech and get cheered for it. Now, here's the funny bit. Everybody's post comes with its own little score. There are a fair number of active posters who posture themselves to raise that score, appealing to the majority view. These are the guys that come in and say things like "I just want a phone that's just a phone!!!". All these people get talkative on certain topics, whether it be praise or waving of pitchforks. And Slashdot, which is ad-supported btw, caters to these people with stories that are going to interest them.
Slashdot most definitely has a voice, some call it the GroupThink. Some people have taken offense to this, but really, the "but there's one guy that doesn't agree!" argument just doesn't apply. It's not an absolute term, it's just about majority. Generalizations always suck, right? Well, okay, but through the natural path of posting on Slashdot, you have to pick up these generalizations if you want to post your opinion without too much trouble. (I personally blame the moderation system for giving power to those with extreme opinions. I think it illustrates why vigilantism is illegal.)
In any event, Slashdot does have opinions. If you'd like to test that theory, wander into an iPhone thread and say it's the best phone ever. ;)
Re: (Score:2)
There are a fair number of active posters who posture themselves to raise that score, appealing to the majority view.
What if... those posters where actually expressing their very own views and it happened that it was shared by some moderators.
The problem with the moderation is that most people use it as a vote to upmod post that are in sync with their personal opinions or belief system while they should use it to highlight properly constructed post that actively enrich the debate. Can it give fair result in a polarized environment such as this one?
Re: (Score:2)
I'm fairly confident you'll agree that whilst many will be voicing their own (agreeing) views, some will be pandering to the groupthink.
It should also be mentioned that people of a certain mindset do tend to congregate in places with a matching groupthink.
Re: (Score:2)
Re: (Score:2)
Re:Biased view of the world have we? (Score:4, Informative)
I think it is the motives of the Chinese government that most worries people. The Chinese government certainly doesn't have a good reputation when it comes to stealing things (whether it be piracy on the high seas or piracy in it's own country [regardless of the more recent RIAA/MPAA financial alliance]).
I would like to see the Chinese government insist that their own native businesses release source code (to the public; business, governments, etc) to ensure that there are no dubious security concerns. It would be in character of the Chinese government to play the hypocrite here.
Re: (Score:2)
Okay, WTF are you talking about: "piracy on the high seas"? I don't recall the Chinese government issuing letters of marque.
Re: (Score:3, Interesting)
It's been no secret to me. However a simple Google search would have helped you.
While the practice seems in decline now that China continues its march toward ascension to the World Trade Organization, recent years have seen Chinese patrol boats foray deep into international waters in search of "customers." When a suitable vessel is located, it is ordered to heave to and follow the patrol boat back into Chinese territorial waters. Once inside a local Chinese port, the vessel would be impounded for "suspicion of smuggling," with both cargo & crew held for ransom.
http://www.cargolaw.com/presentations_pirates.html [cargolaw.com]
The Petro Ranger, valued at $16 million, was restored to Alan Chan's Petro Ships in Singapore, but the company lost cargo worth $2.3 million to the pirates and the Chinese authorities. Alan Chan blames the Chinese for abetting the piracy.
- http://www.lrb.co.uk/v25/n24/glas01_.html [lrb.co.uk]
etc and so on...
Re: (Score:2)
How exactly does an article published on a Japanese news site about a Japanese company (Sony) relate to American insecurities?
Maybe a better question is how does Japan keeping source code for its devices closed prevent the US from loosing world leader status, help support the economy, or alleviate concerns about a VP candidate?
I'm not so sure (Score:3, Informative)
Comparing RMS to the Chinese government is apples and oranges. Our culture/society is based on the idea that we are free to choose (albeit, sometimes with consequences) many facets of our lives and businesses.
I, personally, believe that open source is a better process from a software development standpoint. That being said, I also respect that companies are free to
Re: (Score:2)
I don't see why you're differentiating between RMS demand that the source be free an the chinese demand to have access. In one case you don't get access to RMS controlled environment (gNewSense is it?) and in the
Re:I'm not so sure (Score:4, Funny)
That's a perfectly sensible thing for them to do. How else would they check it has sufficient toxic additives?
Re: (Score:2)
So you would have no issue if Bush, Blair, Putin or any other government figurehead demanded that companies hand over their source code?
Not only would I have not issue with it, I would think them dolts if they didn't. Computer security has become so vital to a nation's interests that no country should be running any hardware or software without knowing exactly what it does and how it does it.
Re: (Score:2)
The difference is, when RMS wants the source code, it's to give it back to everybody, not to get an adventage against his competition who does not have it.
It's like privacy: there is no incoherence in asking both for privacy of citizens and footage of police arrests. Democracy is not giving privacy to police force during their work, and open source is not giving sources to governments.
Code to the people, privacy to the people, power to the people.
Ummmm (Score:5, Insightful)
If you live in a world where you believe everyone has the same motives, well then I hope when you get burned by that view it is in a way that doesn't hurt you too much. People are perfectly justified in calling in to question the motives of various entities. For example if your family doctor tells you to remove your clothes because he needs to perform a complete medical check, I think it is reasonable to trust him. His motives are most likely pure. However if a random guy in an alley with unkempt hair and a crazy expression asks you to do the same thing, I'd say you should probably question his motives, lest you end up getting hurt.
You are also mistaken that various governments haven't seen the source to commercial products. Microsoft, would be an example. The Windows source code isn't secret. It isn't public, but it isn't secret. Many organizations, including universities, have it.
The reason people find China's proposition scary is because of their track record. For example if you search around on the web you'll find that counterfeit Cisco gear form China is fairly common (often called 'Chisco'). It looks similar to real Cisco gear, but it of inferior production quality, and is of course unsupported. China has a very poor track record with regards to ownership laws and thus it is reasonable to call their motives in to question.
There's also a big difference between believing in open source, and believing in ripping people off. Let's not pretend that it doesn't take a lot of work to write good code. If you want people to be able to do that work as a job, they need to get paid. However if what you support is for company A to spend lots of money writing it, and then company B to just rip it off and give nothing back, well you'll find that doesn't work. Open source works only when everyone contributes. If you have a bunch of people/companies that spend a lot of time and money to make something, only to have it ripped off, well they can't afford to keep doing it.
So the problem isn't with a government wanting to see source code. I think you'll find that the US government verifies the code for anything used in critical systems. The problem is that the Chinese government does not have a good track record on this kind of thing. Thus I (and others) question their motives. I don't believe it is really about openness. I do not question RMS's motives. I believe he really just wanted openness.
Re:Biased view of the world have we? (Score:4, Insightful)
I'm not sure you understand the concept of 'freedom' in the context of open source.
RMS wants source code to be released free for everyone.
The Chinese government (according to the extract provided in the slashdot summary...) wants to be able to inspect the source code for their own purposes (with the possibility implied by the article authors that they might then seek to gain from it).
The former is embracing freedom. The second is not.
I know it's fun to point out hypocrisy in American (or other Western) cultures, but make sure you have your facts straight first.
Re: (Score:2)
Oh no! How long have they had access to the source code to GNU/Linux? This is a SERIOUS ISSUE. If they've been looking at the source to Linux then TERRIBLE THINGS may have already happened!
Maybe someone should quickly go and check that the code is still free? I'm very very worried about this.
On the other hand, perhaps OP is a fucking retard? They want to see the source. Is this not exactly what we have been demanding of our governments? So China does it, and suddenly we are speculating on their motivations,
Re: (Score:2)
OSS movement says: Give the source to everyone (including China).
China says: Give the source to us or you can't sell your product here.
The former is a request for the greater good (from the OSS movements point of view).
The latter is a demand for the good of the Chinese government.
Re:Biased view of the world have we? (Score:4, Informative)
RMS wants source code to be released free for everyone.
The Chinese government (according to the extract provided in the slashdot summary...) wants to be able to inspect the source code for their own purposes (with the possibility implied by the article authors that they might then seek to gain from it).
The former is embracing freedom. The second is not.
I think that is a very important point. I've heard Eben Moglen talk about this. To paraphrase his take on the Free Software is Communism meme: Yes we do share some of the goals of communism, such as no child should be denied an education, but our methods are the polar opposite from that of Communist states. We rely on voluntary sharing to achieve our goals not the power of government, not only is this method successful with information because the costs of duplication are negligible and the positive network effects of sharing are immense, but we also don't believe the ends justify the means. We only want to use means that are moral and just irrespective of our goals.
But I think people are making a mountain out of a molehill here, if you read the article you'll see that China is only demanding the software to hardware crypto devices. All real crypto devices use public algorithms. And this software is already made available to all Western governments, Western ones just get the source by putting the source code requirement into procurement contracts. Since China is not asking for the VHDL for the hardware they have no hope of using this source for reverse engineering the devices, all they can do with it is check for the most obvious of illegal back doors.
Yes, it's wrong for the Chinese government to obtain this information by fiat rather than by the sugar of a procurement contract or a court order _after_ a crime has been committed. But this is not very news worthy, China has an authoritarian government and it has had one for as long as I've been alive. This is how authoritarian governments do things, in an authoritarian state when you refuse a customs search you are forcibly searched, in a liberal democracy they send you and your belongings back to where you came from. This permeates throughout the whole society. Writers here on /. are ascribing all kinds of nefarious motives, but I bet the motive is exactly the same as when their own government looks at this source code. It has nothing to do with reverse engineering these public algorithms and everything to do with looking for back holes. China is just using the same authoritarian methods as other authoritarian states; remember the US, Russia and France still have laws on the books banning the export of strong crypto to their 'enemies', left over from more authoritarian times. The US even has a recent history of serious proposals for much more draconian regulation of crypto, remember the Clipper Chip? Remember how you had to jump through hoops to get Netscape with a paltry 128-bit key support just so that it would take 5 minutes for a criminal to get your credit card from an online transaction instead of you broadcasting your banking information completely in the clear?
The article is also complete garbage. The article ends with some silly babble about how Microsoft has made their money by keeping it's source code a secret. Any large purchaser can get their hands on the source code to Microsoft's released products, the Chinese government has copies of it, so does your government. I've even had a Microsoft evangelist _beg_ me to look at the source to help them with a driver problem.
Re: (Score:2)
agreed but the constitution doesn't say that the president needs any experience - he can even be a mostly absent junior senator who was a community organizer....
Western movie (Score:2)
"Your source code or your life!"
I can see this being effective.
That would be insane to do (Score:4)
I fear an official must have been misunderstood.
This would mean that China is asking any supplier to lay down their IP to sell in China with the following risks:
- claims of other nations that the supplier supports Chinese intelligence in bypassing their product (read: NOBODY will buy)
- duplication of the product (China stealing the IP and making its own, which is something it has been repeatedly accussed of in the past)). It's hard enough to bring out anything these days without some US patent troll trying to get a slice of your life's work so avoiding China would thus appear to be a good move.
- leaking any real or alleged deficiency to the rest of the world (espionage and politics is a seriously filthy mix together).
I think this generations of badmouthing China coming home to roost in combination with the shenanigans of the Bush administration which has evaporated the last smidgen of trust in them doing anything NOT self serving. Whereas the main flaw of the previous administration was an overfondness of interns, they did have good international relationships and thus trade, a degree of trust and a budget surplus. Whoever votes to keep the current clowns in place will be ignoring the fact they they CAUSED the problems, making the US a virtual pariah that nobody trusts, turning a surplus that would have helped everyone when deployed into a ginormous black hole that will take decades to recover from.
I can fully understand China not trusting anything coming from the US because it wouldn't be the first time the US administration sells something with a backdoor. (look for the story about Swiss Crypto AG if you want an earlier example)
The most immediate result of this policy would be that only second rate products would be offered to the Chinese, offers by people that feel so little confident about their product that they will happily give away the crown jewels to get a few bucks. There are better ways.
I suspect someone hasn't been quoted right. I'm sure they meant to say they would require full audits of any company supplying security gear, and that company should be in a trusted nation (if such a beast exists, but that's my theory).
They could combine that with what a large quantity of Arab banks have done over the last few months: eject everything US sourced. I've heard of banks even throwing out Messagelabs because it's American (no kidding). No idea if that led to an upsurge in Linux desktops, though..
The thinking behind the demand is good. Implementation, however, could be better.
a cold day in hell first... (Score:5, Insightful)
And now they demand source code? Well I can assure you that it will *not* happen.
I hear Hungary and eastern Europe are offering particularly cheap factory sites - and this might persuade some firms to relocate.
Honestly you cannot make this stuff up. I suspect they will allow manufacturing in china of export goods with no access to source code (to protect their national growth and wealth), but only "approved" population control devices will be allowed to be sold inside China (to spy on their own citizens) - it's control freakery gone mad. This would allow them the best of both worlds, after all its no secret that China has various special economic zones (and they are huge) to allow export factorys to undercut everywhere else in the world - so they just make export rules different.
We really are a joke to them, I remember the hilarious conversations we used to have about IP in Shenzhen with the local engineers, they have no concept of it at all. Its all fair game if they can work out how we did it. Of course, that never stopped them abusing our own system by buying as many patents as they could and hitting us over the head with them on one side, whilst copying everything we did on the other. And now they will try and demand the source code as well? No matter what safeguards they pretend to employ corruption is a business tactic out there and the information will be just another market to exploit. I remember sitting at a conference table with out local contact (who we found out was also employed by the client) taking both sides of the argument as well as two pay checks, literally forwarding out confidential information to competitors because they paid him to do so. NDAs, contracts and so are meaningless.
Yes I am rather bitter and annoyed about it years later, and I accept that they are probably not all like that and things *might* of improved.
Re: (Score:2, Interesting)
So, you want to take advantage of cheap chinese labour, but don't want to pay the "hidden costs" of using chinese labour?
If you don't like it, manufacture your goods somewhere else.
If you try and change the way the chinese do things, then the costs will be dragged up too and chinese manufacturing will end up costing the same as any other country. Leave china to those who are willing to play by it's rules and accept the costs.
You have to decide wether the cost of corruption and copying of designs etc is outw
Re: (Score:2)
We really are a joke to them, I remember the hilarious conversations we used to have about IP in Shenzhen with the local engineers, they have no concept of it at all. Its all fair game if they can work out how we did it.
You say that like it's a bad thing.
What about China giving out the source? (Score:2)
You know, it's not like Chinese companies haven't been at the top of the list at gpl-violations.org pretty much since energy began condensing into matter.
Don't buy Chinese equipment unless it comes with full source code.
Will this broaden with time? (Score:2)
Don't like it? Don't do business in China... (Score:5, Interesting)
The Chinese government is well within it's rights to make decisions regarding what goes on within it's borders. Infact, the whole purpose of a government is to put the interest of it's own country first above the interest of any foreign power.
In this case, seeing the source code of electronic devices being sold in China is very much in their interest, why should the chinese government trust foreign corporations to supply black box equipment when they have no idea how it works? There are many people who boycott products, at least in certain areas, where they don't have source code... I wouldn't run an internet facing server on anything for which i didn't have the source for many reasons.
If you don't like it, noone is forcing you to sell or manufacture your products in china. If you don't like their rules, go somewhere else... If you want to take advantage of the large customer base in china, as well as the cheap labour costs then you have to play by chinese rules.
Ofcourse, this policy is also beneficial for those companies who already release their source code, since they're already compliant.
Re: (Score:2)
Of course it's in their rights. What idiot would say otherwise?
Countries do, however, have issues bigger than themselves to keep in mind... How onerous rules like this will affect their standing in the WTO for instance, and hence, their entire market for exports.
Stealing from you is very
Re: (Score:2)
This won't cripple china's economy, china is big enough that companies cannot afford to boycott them...
Sure it would cripple a smaller and less significant country, thats why companies can afford to push some countries around, they cant do that to china. Cutting ties with china on the other hand, would significantly hurt other countries, so they will fight tooth and nail to have this law changed, and failing that be forced to go along with it.
Service agreements and warranties very rarely apply to software..
Don't see this as a victory of F/OSS (Score:2)
Because its not. The Chinese Government wants the source code for themselves, not to share it with the public. So don't you dare try and compare this to anything RMS would say. More than likely, the Chinese government is going to use this to spy on its users.
It sorta makes me sick. Makes me really wish the Chinese government would fall.
Re: (Score:2)
Actually, as open source products are compliant by default they actually profit from this new regulation by not having to do anything.
Now that we're China's bitch (Score:2)
...there's not much we can really do about this. Soon, if not already, they can either buy the manufacturers or just make their own stuff.
N.B. This really has nothing to do with Free Software or Open Source Software. They want the source, but aren't planning to release it generally.
Say no to security through obscurity (Score:4, Insightful)
putting thier own back doors in (Score:2)
Sudden outbreak of common sense ! (Score:3, Insightful)
Supply obfuscated source (Score:2)
Easy. You can supply obfuscated source and claim it is the original. Some of the source code I've come across has looked like it was run through an obfuscator anyway.
Only under teh condition that China stop...... (Score:2)
... using melamine and other toxic chemicals in not only their exported foods, but their domestic foods.
If we play this right, this might be our chance... (Score:3, Interesting)
...to finally get much hardware to work with Linux.
I'm sure you know how much gray channels have their source in China. The Russians provide the cracks and the Chinese supply the world with cracked versions, or so I'm told.
So if someone in China leaks all that source... an you can be assured that it will leak... then we can finally understand the interfaces and implement the drivers.
My hope is, that nVidia, AMD/ATi and intel will decide to still sell to that market and give them the source. Then when they notice the leakage, it's already too late, and 1. we have enough information to implement fast graphics card drivers and 2. china will develop knock-offs for their own market, which then strangely find themselves for a fraction of the price, in your local computer store.
Oh, and hopefully, nobody tries to go to war over it, or we might be fscked. But hey. at least we all finally got our 8x dual-chip-card Crossfire setups at home.. in our bunker basements. :D
Re:Cut them off. Draw the line. (Score:5, Interesting)
It's the Prisoner's Dilemma. Unless you want to make it illegal to give source code to the Chinese, there will be some companies who will comply because it is better for their bottom line to do so.
They are doing by legal fiat what the open source community has failed to do through voluntary cooperation, namely, boycotting products that don't provide their source code. Ironically, this autocratic move could be a boon to open source.
Re:Cut them off. Draw the line. (Score:4, Insightful)
What makes you think the source code will be publically available outside the government (and perhaps select "partners" who will help them "understand" the source code?)
Re: (Score:2)
Using free software is probably the easiest/safest way for many companies to comply with this ruling. Everyone wins.
Re: (Score:3, Insightful)
They are doing by legal fiat what the open source community has failed to do through voluntary cooperation, namely, boycotting products that don't provide their source code. Ironically, this autocratic move could be a boon to open source.
Wha wha whaat? The open source community says:
"Hey we're writing tools, everyone should be able to participate so we release the code for free"
Companies say: "We build specialized applications and machines that would ruin us if everybody knew how we do it, under no circumstances will we give away the implementation of X that we've spent millions of R&D on."
So you say the second one will be happy to give it's source code to the Chinese? You must be bleeding from both eyes right now.
The reason why
Re: (Score:2, Insightful)
Sounds like the world is richer by a few trains then...
Why is that so bad?
Re:Open Source or Else (Score:4, Funny)
Re: (Score:3, Funny)
Fixed that for you.
Re: (Score:2)
"Who is going to win", if known for certain, is already "who has won". Especially if rigged.
Re: (Score:2)
Because it shows that company is confident enough in their product that they believe nobody will break it even with access to the source code? The Chinese government already have the source code for GPG, TrueCrypt and OpenSSL. Doesn't stop people using them.
A good crypto system should have one secret and one secret only: the key. The workings of the cryptosystem should not need to be secret. In fact, it'
Re: (Score:2)
The problem is that this software is closed source so nobody gets to see if it has backdoors or security flaws except for the people who have been historically the least trustworthy and most incompetent (governments).
Re: (Score:2)
Do I have the source code for the chinese government's *cough* enhanced versions of those?
And that's exactly what you'll get, once they've, umm, recompiled it. Or do you seriously think that they'll abide by the GPL? Yes, it is a lovely bridge, isn't it...
Re: (Score:2, Insightful)
Bunch of idiots. Boycott chinese products and don't export anything to China.
Uhhhm, good luck shopping for clothes then. Or furniture, or kitchen appliances, or electronics.
Re: (Score:2)
Firms will move to supply the increased demand for those things once the source is cut off. We have unemployment issues over here anyway.
It's not like we don't know how to make that stuff. We just built the factories elsewhere.
Re: (Score:2, Insightful)
Firms will move to supply the increased demand for those things once the source is cut off. We have unemployment issues over here anyway.
Help me real quick, how can you keep building a TV that is sold for 600 bucks including margin when your employees cost dozens of times more than what you are currently paying? Don't you think that before someone says "Great I'll just sell my stuff for ten times the price, people will know it's the right thing" someone else simply co-operates with the Chinese or other country to get cheap-labor done? This has no impact whatsoever on your local employment market. Well, unless you live in India, Pakistan or t
Re: (Score:2)
No. You said "good luck buying" those things, in response to the OP's suggestion of a boycott.
If there was a successful boycott of chinese-made or foreign-made products, the issue would eventually correct itself.
Re:Fuck China (Score:4, Insightful)
You know...we did just that...just a few decades ago. There weren't that many imports in the 70's and even into the early 80's. Not like there is today.
We did it fine 20-30+ years ago with mostly US made products, we just need to move back to it. I for one would pay more $$ for completely US produced and made products. I think it would make for a great marketing campaign...especially with all the toxic products coming out of China (toys, milk...etc).
Re: (Score:2)
Open means anyone can see it, modify it etc. What will happen in this situation is that the number of parties having access to it will double - from 1 to 2.
I'm sure that's exactly what the Chinese government wants it for, yes. And my pet unicorn agrees.