Fog Creek Software
g
Discussion Board

What's China got to do with it?

Will PR put a real dent on the open source movement?

In this article from InfoWorld

http://www.infoworld.com/article/03/11/11/HNmsassault_1.html

The article quotes Ballmer as having said something that makes no sense what so ever:

"He also questioned the notion that the open source's community approach to fixing problems was superior to Microsoft's. "Why should code submitted randomly by some hacker in China and distributed by some open source project, why is that, by definition, better?"

Lucent, IBM, Microsoft and AT&T all have research firms in the far east doing good work. Why is a chinese in suit getting paid to code any different from one who codes for fun?

Li-fan Chen
Tuesday, November 11, 2003

Ballmer asks why is that better. You take issue with that. Now the ball is in your court to show why you think that 'Chinese hackers' provide 'better' solutions. If you think their solutions are merely comparable, or inferior, or variable, or anything other than consistently 'better', then you have no debate with him - you agree with him. So please show if you think Chinese hackers are 'better' than Polish or Lithuanian or Korean hackers.

Tired of the Race Card
Tuesday, November 11, 2003

I don't even think this is worth discussing. So Ballmer made a broad, spun-up statement. Big deal. It's not going to make any difference.

I use various pieces of open source software because they do what I want. Nothing Ballmer says will change my mind.

Fleeno
Tuesday, November 11, 2003

The issue is that Ballmer said "some hacker in China" vs. "some hacker in his mom's basement."  I doubt it will create that much bad PR, but it did sound very 1950s late-middle-aged-white-man, which is kind of out of fashion right now.

wormser
Tuesday, November 11, 2003

Ballmer's comments make heaps of sense. The open source crowd has always pushed the line that, because the source is available, suggested fixes will be better than those provided by *professional* software developers working on products.

Along with this has been a strong theme that professional developers, such as those at Microsoft and other top companies, are somehow not very good. It's time this load of crap was knocked on the head. No-one thinks the neighbourhood first-aider is better than the hospital resident.

By the way, very few open source contributors are IBM staffers, and that wasn't part of the open source myth anyway.

JM
Tuesday, November 11, 2003

He may have blown it by trying to be politically correct (old version of "political") without being PC (new version).

Like it or not, China is in competition with the US. Call it a "sub-zero war" (not even as warm as the Cold War). We're two of the big kids on the block and human nature dictates that we eye each other warily.

So - if China wanted to harm the US, logic dictates they'd try to do it economically and low-key.

As linux becomes more and more popular, it becomes a bigger target. And it's open source. So a Chinese hacker could work at getting logic bombs, trojan horses, you name it into the code. There are 30 million lines of code in Linux - you gonna check every one every time?

That's the *danger*, and the weakness Ballmer is attacking. He used "Chinese hacker" because ostensibly China has enmity with the US. He simply didn't continue to spell it out explicitly for political reasons. (i.e. 1950's "You can talk about evil communists, but you can't say we're at war with the Soviet Union").

FWIW, I think it should be a valid concern for the Linux community. I think it can be addressed, but it's not currently on their radar.

Interesting that while everyone was concerned about Microsoft putting back doors in Windows, they were blithely installing OS's and patches written by people they'd never heard of. ;-)

Philo

Philo
Tuesday, November 11, 2003

I still don't know if it is appropriate to mention "chinese hacker" so flippantly. When I think of "chinese hacker" I think of my friends from college who all happen to be from Pasadena. 

wormser
Tuesday, November 11, 2003

Incidentally, I guess the point is that it's not about Chinese as members of the chinese race, but rather Chinese as residents of the country of China, if that makes sense.

Philo

Philo
Tuesday, November 11, 2003

Heh heh. Good troll there on China.

Yeah.... as if.

China is a Peaceful Nation
Tuesday, November 11, 2003

Interesting that while everyone was concerned about Microsoft putting back doors in Windows, they were blithely installing OS's and patches written by people they'd never heard of. ;-)

Good point

Mike
Tuesday, November 11, 2003

Well shit, if contribtions to Linux are such a problem to you, go install BSD or something.  They're open source AND paranoid.

The "some random programmer will write code for Linux that will magically be used by everyone and destroy the world" claim is ridiculous too, because it shows a complete lack of understanding about how open source development projects are structured.

Alex
Tuesday, November 11, 2003

Alex,

thanks for covering for me. I'm hoping they won't find the backdoor I snuck in there several revisions ago.

Inside Your Network
Tuesday, November 11, 2003

"america is no better or worse than any other"

"Gee, Mr. Peabody, is that as far as the Way-Back Machine will go?"

Grumpy Old-Timer
Tuesday, November 11, 2003

Well, never mind, now... sigh.

Grumpy Old-Timer
Tuesday, November 11, 2003

Why are they quoting that no-talent ass-clown Steve Balmer?

talented ass-clown
Tuesday, November 11, 2003

"Why should code submitted randomly by some hacker in China and distributed by some open source project, why is that, by definition, better?”

It scares me that I might come off looking like I am defending the always awkward Ballmer, but I believe the focus should be on the “randomly by some hacker” bit and not the “China” bit. Barring government type subversion, I think the point is that anybody with ill intentions and the chops to do something of this technical nature can contribute to source code, or so they suggest. I would guess Ballmer probably didn’t mean to single out China in particular.

“Why is a [person] in suit getting paid to code any different from one who codes for fun?”

Because when one pays for a task to get done, there usually are clear expectations on what the outcome should be, and as you point out, Lucent, IBM, MS and AT&T all are paying people to do work and not relying on open source and the charity of people’s time for the product being produced.

m
Tuesday, November 11, 2003

Isn't the chinese gov't one of the few entities with licensed copies of the Windows source code?

mb
Tuesday, November 11, 2003

"There are 30 million lines of code in Linux - you gonna check every one every time?"

Of course, Microsoft solves this problem for its users by not letting them check any of the code.

Jim Rankin
Tuesday, November 11, 2003

"The open source crowd has always pushed the line that, because the source is available, suggested fixes will be better than those provided by *professional* software developers working on products."

Look, go read Cathedral and the Bazaar and get back to us.  At least then you'll be arguing against the arguments that open source advocates actually make.

Jim Rankin
Tuesday, November 11, 2003

I work on a few open source projects and this issue of secret mackdoors is a well kept one, but is definitely an issue we deal with on the larger projects. Usually it is not in the source code distribution, but in the pre-built package distribution with installer that the 99% of the masses use. I have seen cases in open source projects I work on where an individual will join the community and 'contribute' an installer that they host outside the main distribution site. The installer, making use of the  on the good name and reputation of the project, does install the package as promised, but also installs backdoors. Essentially, we are seening a common pattern where legitimate open source projects are hijacked as carriers for trojans. Anyone making use of open-source software should stick with 'name-brand' projects from known developers and ONLY use the official distribution and compile it from scratch themselves.

anon
Tuesday, November 11, 2003

thats the biggest load of rubbish Ive ever heard anon.  Make up complete bs often do you?

<g> go on then...give us an example...if its been discovered there _will_ be discussions on it, so post a link to those discussions.....<G> or is it all a big coverup?  every oss developer on the big projects is working directly _against_ their own beliefs and hiding evidence of backdoors...

FullNameRequired
Tuesday, November 11, 2003

I have no intention of destroying the reputation of the projects I contribute to by naming them. It is a matter best dealt with internally within the community. The main thing is to never use prebuilt installers that aren't from the main development site.

As far as your use of bad language, how do we know you're not one of them? There's big money nowadays in backdoors and a lot of people are involved in it. if you think trojans are a myth, you are living in a fantasy world my friend.

anon
Tuesday, November 11, 2003

"I have no intention of destroying the reputation of the projects I contribute to by naming them. "

you prefer instead to destroy the reputation of the OS community in general?

" It is a matter best dealt with internally within the community"

:) so you _are_ going with the 'its all a big coverup' line then?

"The main thing is to never use prebuilt installers that aren't from the main development site."

uh-huh...so how exactly would telling us _which_ prebuilt installers, not from the main development site, to avoid destroy the reputation of the main development site?
<g> seems to me that if there was the slightest truth in your statements that every person who knew would be screaming loudly "dont use the prebuilt installer for project xxx that you can download from site yyy"
but of course there is _not_ the slightest truth in any of your statements, is there?

"how do we know you're not one of them?"

indeed..how do you know?  <g> I can see you spend a lot of time worrying about 'Them' spying on you...


" There's big money nowadays in backdoors and a lot of people are involved in it."

<g> so its a _government_ conspiracy then?  or maybe the chinese are doing it to try and conquer the..umm...internet...*cough* but anyway, its all a big coverup, right?

"if you think trojans are a myth, you are living in a fantasy world my friend."

trojans a myth?  nope, I believe in trojans.

<g> Im having rather more trouble believing in you however....


youd think all these trojans would be more likely to target windows though..you know...the operating system that everyone actually _uses_

FullNameRequired
Tuesday, November 11, 2003

Ballmer has never been one to let the truth get in the way of a good phrase or even a badly considered one.

However, the point of Open Source , regardless of licence, is not that some anonymous member of the Han (or Hun or whatever), can contribute a fix but that the thousands upon thousands of pairs of eyes can first discover the problem and test the fix.

And if that makes Open Source people smug (which it tends to), it also has to be said that only major works get the thousand eyes treatment, most get the writer, a few mates and a non-english speaking enthusiast from  Patagonia.

Simon Lucy
Wednesday, November 12, 2003

> Of course, Microsoft solves this problem for its users by not letting them check any of the code.

No. Real developers solve this by providing a binary that can't be modified. (I'm aware of the exceptions, but the effort and expertise is about 1000 times that of modifying source and recompiling.)

Modifications to source could even occur INSIDE the end-user organisation.

.
Wednesday, November 12, 2003

This is mere rhetoric.
Philo spoke about the cold war.
IMHO, "Hacker in China" is supposed to evoke (more or less subliminally) "commie". ("Hacker in North Korea" would be less subtle).

GP (upper p)
Wednesday, November 12, 2003

>"No-one thinks the neighbourhood first-aider is better than the hospital resident."

But open source programmers aren't the equivalent of the "neighborhood first aider".  They are usually professional programmers, who have a regular job they are paid to do.  It would be more analogous to lawyers who do pro bono cases or doctors who do travel to do free surgery.

T. Norman
Wednesday, November 12, 2003

There was a case only last week where someone added a backdoor to the Linux kernel. It was found out as the result of a routine check, but it does happen.

If the Chinese were serious about wrecking software they would inflitrate Redmond.

Stephen Jones
Saturday, November 15, 2003

*  Recent Topics

*  Fog Creek Home