*****,2817,2348705,00.asp
===========================================================
The "Green Dam" filtering software that the Chinese government is reportedly requiring for all PCs sold there contains pirated code, a U.S. software manufacturer claimed Friday.
Solid Oak Software, the developer of CyberSitter, claims that the look and feel of the GUI used by Green Dam mimics the ** of CyberSitter. But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.
Green Dam is a piece of filtering software that will reportedly be required for all PCs sold inside China. The software is already available in China, although the restrictions go into place on July 1, according to The New York Times.
According to a study by the University of Michigan, the Green Dam software works to identify images, text, and URLs and compares them to a filter, which blocks the offending work. The researchers took the publicly available software and reverse-engineered it, using standard methods. Inside, the study's author, assistant professor of electrical engineering J. Alex Halderman, found evidence that the software uses blacklists compiled by CyberSitter, dating back to 2006. An encrypted news bulletin, which dates back to 2004, was also accidentally included, Halderman wrote.
"We've been talking with them since the report came out yesterday," Halderman said in an interview.
To Halderman, the Green Dam software presents two fundamental problems: one, that the software contains vulnerabilities that would allow others to spy on the activities of those who use it; and second, that it might contain code stolen from another manufacturer. The Chinese developer of the Green Dam software appears to have accidentally created the vulnerabilities, Halderman said, rather than being a deliberate attempt to allow government agencies to monitor its citizens online.
"If we apply reasoning to this, we would conclude that the government wants a backdoor it could access, and others could not," Halderman said.
Version 3.17 of the Green Dam software appears to contain both the references to the blacklists as well as the allegedly stolen code. But the software is also being frequently updated, and the most recent patch, applied Thursday, appears to eliminate many of the blacklist references to Solid Oak, Halderman said.
"I think the bottom line is that the Chinese government is trying to roll out the software without doing their due diligence," Halderman said. "Clearly, there needs to be more time to evaluate the software both in terms of legality and in terms of security before it is rolled out on a widespread basis."
That was small consolation to Solid Oak's Milburn, who said that he had received an anonymous email sent to a broadcast address at the site Friday morning alerting the company that Green Dam was using Solid Oak code. He dismissed it, thinking it was a hoax. But another employee researched it and found that the allegation was indeed true, and that both URLs and other Solid Oak code, including DLL files, were part of Green Dam. After doing a bit of research he found the U. of Michigan paper and contacted Halderman.
"From the stuff they've posted, I'm 100 percent certain they're using our proprietary code," Milburn said, who said he wasn't certain how much of the code was reverse-engineered or simply stolen.
"We're still trying to do the detective work here," Milburn said.
At press time, Solid Oak had determined that the filtering engine or parts of it on lower level had been decompiled, using certain proprietary methods. Solid Oak doesn't ship a Chinese-language version of CyberSitter. But, Milburn said, "the words a user sees on the screen are almost identical to ours."
According to Milburn, the company spent Friday trying to determine what its options were, and what avenues it could pursue to try and prevent its code from being misused.
According to The New York Times, PC OEMs were blindsided by the Green Dam requirement, and have tried to figure out how they could add the software to their production lines just six weeks before the mandate was scheduled to take place. Dell, Hewlett-Packard, and other OEMs would be required to add the software to their PC distributions.
But would they if it contributed to software piracy? "To my mind, [shipping Green Dam] would make the PC manufacturers an accessory after the fact to software piracy," Milburn said. "I would think that the PC manufacturers wouldn't want to do that if I were in their position."
"We haven't had any opportunity to explore our options," Milburn said. "At the very minimum, I believe we would pursue some sort of injunction."
Theoretically, this could place PC OEMs wishing to do business in China with a nearly impossible choice: face the threat of an injunction or suits within the United States, risk angering the Chinese government by removing the Green Dam software, or halt PC sales into China altogether. Representatives at Hewlett-Packard and Dell were unable to be reached for comment by press time.
This isn't the first time Solid Oak's code has been stolen, Milburn said. In the late 1990s, hackers reverse-engineered CyberSitter, which prevents underage children from accessing pornography or other adult content, to allow users to access such content.
The hackers, as well as other detractors, have previously accused Solid Oak and CyberSitter of censoring the Internet. "That's why we don't want to be associated with it," Milburn said of Green Dam.
Moreover, potentially millions of Chinese PC users could hit Solid Oak's servers for updates, causing them huge fees for the additional bandwidth costs the company would be charged for.
One obvious solution to the problem would be to block access to China, a move that would also cut off a number of American schools in China, including missionary schools, that use the software as a legitimate means of preventing children from accessing the adult content. Some organizations with satellite offices in Singapore, Korea, or other South Asian countries might also be affected.
"They're using it legitimately, and we don't want to turn off the entire continent," Milburn said.

英文灌水？

非也，看个大概就行了

说的绿坝！！！

绿坝？是用来蓄水的吧？

欺负咱文盲!?

大概明白了
还跑到人家服务器上升级，太低级了
这么有娱乐价值的东西不让报，没劲

我就是不要脸了，你能怎么着？

本文原帖来自LZ。翻译来自骨骼，谢绝跨省追捕。
“绿色大坝”过滤软件，中国**正在要求所有销售的PC有载盗版代码，美国软件制造商声称星期五。
固体橡树软件开发商CyberSitter的，索赔的外观和感觉的GUI使用的绿色大坝模仿**的CyberSitter 。但更糟糕，首席执行官布莱恩米尔本说，这样一个事实，即绿色坝代码使用的DLL的CyberSitter确定名称，甚至使回调固体Oak公司的服务器进行更新。
绿色大坝是一块过滤软件，据说是要求所有在中国销售的PC 。该软件已在中国，虽然限制进入的地方在7月1日，据纽约时报。
根据一项研究，密歇根大学，软件绿色坝工程，以确定图片，文字和网址，并比较它们的过滤器，以阻止违规工作。研究人员采取了公开提供的软件和逆向工程它，使用标准的方法。在内部，该研究报告的作者，助理教授电气工程J. Alex Halderman研讨，发现有证据表明，软件使用黑名单由CyberSitter ，可追溯到2006年。一个加密的新闻简报，可以追溯到2004年，还包括意外， Halderman研讨写道。
“我们已经与他们交谈，因为该报告出来昨天， ” Halderman研讨在接受采访时说。
为了Halderman研讨，绿坝软件提出两个基本问题：第一，该软件有漏洞，使他人的间谍活动的人谁使用它;和第二，它可能包含代码被盗从另一个制造商。我国开发的绿色坝软件似乎无意中造成的脆弱性， Halderman于说，而不是故意让**机构来监测其公民线上。
“如果我们对这一申请的理由，我们会得出这样的结论：**希望一个后门它可以访问，和其他人不能， ” Halderman研讨说。
版本3.17绿色大坝软件似乎包含提及黑名单以及涉嫌被盗代码。但是，该软件也被经常更新，以及最新的修补程序，适用于星期四，似乎消除许多黑名单提到固体橡树， Halderman研讨说。
“我认为最重要的是，我国**正试图推出该软件的同时，不尽责， ” Halderman研讨说。 “很明显，需要有更多的时间来评估软件两方面的合法性和安全，然后才推出了一个广泛的基础。 ”
这是小的安慰，以固体Oak公司的米尔本，谁说，他收到了匿名电子邮件发送到广播地址在现场星期五上午提请公司绿色大坝是使用固体橡树代码。他否认它，认为这是个骗局。但是，另一名雇员的研究，发现它的指控确实是真的，这两个网址和其他固体橡树代码，包括DLL文件，一部分绿色大坝。之后做了一些研究，他发现美国密歇根州文件和接触Halderman研讨。
“从他们已张贴的东西，我百分之百肯定，他们使用的是我们专有的代码， ”米尔本说，谁说，他不能肯定有多少代码是逆向工程或干脆被盗。
“我们仍在试图做的侦查工作在这里， ”米尔本说。
截至记者发稿时，固体橡树已确定的过滤引擎或部分在较低的水平已经反编译，使用某些专有方法。固体橡树不推出中文版的CyberSitter 。不过，米尔本说， “话用户看到屏幕上的是跟我们几乎一样。 ”
据尔博恩，该公司花了星期五试图确定它的选择，什么途径可以继续尝试，并防止其被滥用的代码。
据纽约时报， PC OEM厂商都blindsided的绿色大坝的要求，并试图找出它们如何能够购买该软件的生产线仅6个星期前的任务是定于。戴尔，惠普和其他原始设备制造商将需要购买该软件的个人电脑分布。
但他们如果它有助于软件盗版？ “在我看来， [航运绿色大坝]将使个人电脑制造商事后从犯软件盗版， ”米尔本说。他说： “我认为，个人电脑制造商不希望这样做，如果我是他们的立场。 ”
“我们还没有得到任何机会，探索我们的选择， ”米尔本说。 “至少，我相信我们将继续某种形式的强制令。 ”
从理论上说，这可能发生的个人电脑OEM ，希望在中国做生意的几乎是不可能的选择：面对的威胁，强制令或诉讼在美国，风险激怒了中国**消除大坝的绿色软件，或停止PC销售到中国完全。代表在惠普和戴尔无法对此发表评论截至记者发稿时。
这已经不是第一次固体橡树的代码已被盗窃，米尔本说。在90年代末，黑客逆向工程CyberSitter ，防止未成年儿童进入色情或其他成人内容，使用户能够获得这样的内容。
黑客，以及其他批评者，曾指责固体橡树和CyberSitter的审查互联网。 “这就是为什么我们不希望与它有关， ”米尔本说，绿色大坝。
此外，潜在的数以百万计的中国PC用户将达到固体Oak公司的服务器进行更新，使他们庞大的费用，额外的带宽成本，公司将收取的费用。
一个明显的解决问题的办法是阻止访问中国，此举也将切断了一些美国的学校在中国，包括教会学校，使用该软件作为一种合法的手段防止儿童进入成人内容。有些组织的卫星办事处在新加坡，韩国，还是南亚其他国家也可能受到影响。
“他们是合法地使用它，我们不想关闭整个非洲大陆， ”米尔本说。

“But more damning, chief executive Brian Milburn said, was the fact that the Green Dam code uses DLLs identified with the CyberSitter name, and even makes calls back to Solid Oak's servers for updates.”
这个太雷人了，抄袭别人的代码，还到别人的服务器上升级。
如果属实，要被打知识产权官司。。。。。。