From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp80.iad3a.emailsrvr.com (smtp80.iad3a.emailsrvr.com [173.203.187.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 1FC793B2A4 for ; Thu, 28 Mar 2019 18:23:41 -0400 (EDT) Received: from smtp19.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp19.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id D34F64359; Thu, 28 Mar 2019 18:23:40 -0400 (EDT) X-SMTPDoctor-Processed: csmtpprox beta Received: from smtp19.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp19.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id CA8AB5084; Thu, 28 Mar 2019 18:23:40 -0400 (EDT) Received: from app5.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp19.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 98B984359; Thu, 28 Mar 2019 18:23:40 -0400 (EDT) X-Sender-Id: dpreed@deepplum.com Received: from app5.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Thu, 28 Mar 2019 18:23:40 -0400 Received: from deepplum.com (localhost.localdomain [127.0.0.1]) by app5.wa-webapps.iad3a (Postfix) with ESMTP id 8164160045; Thu, 28 Mar 2019 18:23:40 -0400 (EDT) Received: by apps.rackspace.com (Authenticated sender: dpreed@deepplum.com, from: dpreed@deepplum.com) with HTTP; Thu, 28 Mar 2019 18:23:40 -0400 (EDT) X-Auth-ID: dpreed@deepplum.com Date: Thu, 28 Mar 2019 18:23:40 -0400 (EDT) From: "David P. Reed" To: "Jim Gettys" Cc: "Dave Taht" , "cerowrt-devel" , "bloat" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_20190328182340000000_90319" Importance: Normal X-Priority: 3 (Normal) X-Type: html In-Reply-To: References: <1553796961.229623922@apps.rackspace.com> <1553797924.63225811@apps.rackspace.com> Message-ID: <1553811820.527325950@apps.rackspace.com> X-Mailer: webmail/16.2.2-RC Subject: Re: [Bloat] [Cerowrt-devel] plenty of huawei in the news today X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 22:23:41 -0000 ------=_20190328182340000000_90319 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =0AYes, yes, yes, yes!=0A =0ADefense in depth is also good. We long ago lea= rned that you don't design any large scale system without a lot of attentio= n avoiding single-point catastrophes. One really major example is to achie= ve content protection with end-to-end security and authentication based on = solid key distribution systems. Then "APT" in the switching gear and routin= g masquerading to send traffic to a MITM can't succeed. Doesn't matter what= vendor you buy from!=0AAnother defense in depth approach for telecommunica= tions is decentralized and redundant routing, rather than centralized stati= c routing. Then the system components can route-around-damage.=0A =0AAnd t= his doesn't depend on the Nationality of the designers, manufacturers, etc.= At least for any system that has lots of components assembled by the opera= tor, as telecom does.=0A =0AThe whole idea is nonsense that in today's worl= d "National Allegiance" is the core frame for thinking about systems reliab= ility and security. I don't think anyone in the world should trust companie= s infiltrated by NSA (Cisco) or GCHQ (BT) or companies who build infrastruc= ture for governments (Google for US DoD and China, Amazon for vast swaths o= f USG) fully.=0A =0AThat's not because these companies or governments are "= Russian" or "Chinese" or "American". They aren't. They have power within an= d power over, but they don't answer to us humans. They answer to themselves= or their "owners".=0A =0AJust don't trust them. You can buy their stuff a= nd use it because it is pretty darn functional, but don't put your life ent= irely in their hands, even if they have similar facial features to you.=0A = =0A-----Original Message-----=0AFrom: "Jim Gettys" =0AS= ent: Thursday, March 28, 2019 2:44pm=0ATo: "David P. Reed" =0ACc: "Dave Taht" , "cerowrt-devel" , "bloat" =0ASubject:= Re: [Bloat] [Cerowrt-devel] plenty of huawei in the news today=0A=0A=0A=0A= =0A=0AIt's worth looking at the UK government oversight report:=0A[ https:/= /assets.publishing.service.gov.uk/government/uploads/system/uploads/attachm= ent_data/file/790270/HCSEC_OversightBoardReport-2019.pdf ]( https://assets.= publishing.service.gov.uk/government/uploads/system/uploads/attachment_data= /file/790270/HCSEC_OversightBoardReport-2019.pdf )=0ANot clear that Huawei = is worse than other 5g vendors, if our experience with other embedded syste= m vendors is any clue. Certainly I was unimpressed by ALU's software engin= eering practices when I was at Bell Labs. The ownership structure of Huawe= i is "interesting", to say the least.=0AMy solution is more radical: all th= e vendors should be held to much higher standards, including reproducible b= uilds (something that the UK government has been trying to get them to do f= or years, and failed).=0A- Jim=0A=0A=0AOn Thu, Mar 28, 2019 at 2:32 PM Davi= d P. Reed <[ dpreed@deepplum.com ]( mailto:dpreed@deepplum.com )> wrote:=0A= Look, the existence of security flaws in software isn't news. Real news wou= ld be if there were systems discovered to have no flaws at all...=0A =0ASo = what does this article really say? =0A =0AIt says that Britain and the US i= ntelligence officials are now going after Huawei in a new way, because the = idea that Huawei just steals intellectual property no longer flies - they a= ctually have great technology that the non-Chinese never had.=0A =0AAnd the= re is a massive Trade War currently aimed between Trump and China.=0A =0AAn= d recently, the UK, including GCHQ, said it was NOT going to stop plans to = deploy Huawei telecom gear, because it saw no particular flaws worth worryi= ng about if UK operators wanted to use Huawei "5G" gear because it was bett= er and cheaper.=0A =0AYou can see, of course, that the US diplomatic effort= s under Pompeo might go into high gear to get some kind of supportive publi= c response from somewhere in the UK, even if the UK government itself wasn'= t going to support the US.=0A =0AHence, the PR guys figured out how to get = a story into the NYTimes and other papers that appears to contradict the UK= decision. =0A =0AThis is how the game is played.=0A =0AThis is how Trade W= ars are conducted (we haven't seen them for decades, so we aren't used to t= hem, but we had the big fearmongering about Japan back in the '80's that wa= s similar, and the Japanese "lead" with its "Fifth Generation Computing" ef= fort required major tax dollars to protect the US from becoming a third wor= ld country)=0A =0AHumans don't think. They react emotionally, and tribally.= =0A =0A-----Original Message-----=0AFrom: "Dave Taht" <[ dave.taht@gmail.co= m ]( mailto:dave.taht@gmail.com )>=0ASent: Thursday, March 28, 2019 2:16pm= =0ATo: "David P. Reed" <[ dpreed@deepplum.com ]( mailto:dpreed@deepplum.com= )>=0ACc: "cerowrt-devel" <[ cerowrt-devel@lists.bufferbloat.net ]( mailto:= cerowrt-devel@lists.bufferbloat.net )>, "bloat" <[ bloat@lists.bufferbloat.= net ]( mailto:bloat@lists.bufferbloat.net )>=0ASubject: Re: [Cerowrt-devel]= plenty of huawei in the news today=0A=0A=0A=0AWell, it's a widely placed s= tory in every newspaper.=0A=0AOn Thu, Mar 28, 2019 at 11:16 AM David P. Ree= d <[ dpreed@deepplum.com ]( mailto:dpreed@deepplum.com )> wrote:=0A>=0A> Th= e NYTimes has become a mouthpiece for those who want to see China as the ne= w evil empire. Recent pieces by David Sanger have hyped the idea that the U= S has a "5G Gap" and that China (Huawei) will threaten to conquer the world= with 5G superiority, so we should be vigilantly opposing Huawei.=0A>=0A>= =0A>=0A> Worth noting that Cisco, ALU, ... are not any better than Huawei a= ppears to be in these matters. But they aren't getting headlines in the NYT= imes.=0A>=0A>=0A>=0A> Remember, Judith Miller wrote NYTimes headlines based= on "leaks from senior intelligence officials" that Saddam Hussein was on t= he verge of deploying dirty bombs, nuclear missiles and biowarfare agents.= =0A>=0A>=0A>=0A> Recently, Bloomberg got scammed by "leaks from senior inte= lligence officials" that Supermicro (Chinese) had built and sold server mot= herboards that had special chips soldered into them that didn't belong ther= e [the stories were completely debunked by the companies supposedly targete= d].=0A>=0A>=0A>=0A> Personally, I think the cynical fearmongering here does= the legitimate security engineering community no good at all. It's just mo= re "wag the dog" psyops, designed to let all the pseudo-security-experts ta= ke over the story and get their 15 minutes in the headlines.=0A>=0A>=0A>=0A= > The Qualcomms and Ciscos of the US are happy to get the USG to help scare= countries off of Chinese brandnames. But the open secret is that Qualcomm = and Cisco's systems are designed and made in China, too. There's no US manu= facturing of switches, and precious few entirely American hardware design c= enters, either.=0A>=0A>=0A>=0A> So be a little skeptical. Check the story b= ehind the story. Don't believe stories based on "intelligence agency" leaks= .=0A>=0A>=0A>=0A> -----Original Message-----=0A> From: "Dave Taht" <[ dave.= taht@gmail.com ]( mailto:dave.taht@gmail.com )>=0A> Sent: Thursday, March 2= 8, 2019 1:55pm=0A> To: "cerowrt-devel" <[ cerowrt-devel@lists.bufferbloat.n= et ]( mailto:cerowrt-devel@lists.bufferbloat.net )>, "bloat" <[ bloat@lists= .bufferbloat.net ]( mailto:bloat@lists.bufferbloat.net )>=0A> Subject: [Cer= owrt-devel] plenty of huawei in the news today=0A>=0A> [ https://www.nytime= s.com/2019/03/28/technology/huawei-security-british-report.html ]( https://= www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html )= =0A>=0A> --=0A>=0A> Dave T=C3=A4ht=0A> CTO, TekLibre, LLC=0A> [ http://www.= teklibre.com ]( http://www.teklibre.com )=0A> Tel: 1-831-205-9740=0A> _____= __________________________________________=0A> Cerowrt-devel mailing list= =0A> [ Cerowrt-devel@lists.bufferbloat.net ]( mailto:Cerowrt-devel@lists.bu= fferbloat.net )=0A> [ https://lists.bufferbloat.net/listinfo/cerowrt-devel = ]( https://lists.bufferbloat.net/listinfo/cerowrt-devel )=0A=0A=0A=0A-- =0A= =0ADave T=C3=A4ht=0ACTO, TekLibre, LLC=0A[ http://www.teklibre.com ]( http:= //www.teklibre.com )=0ATel: 1-831-205-9740_________________________________= ______________=0A Bloat mailing list=0A[ Bloat@lists.bufferbloat.net ]( mai= lto:Bloat@lists.bufferbloat.net )=0A[ https://lists.bufferbloat.net/listinf= o/bloat ]( https://lists.bufferbloat.net/listinfo/bloat ) ------=_20190328182340000000_90319 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Yes, yes, yes, yes!=0A

 

=0A

Defense in depth= is also good. We long ago learned that you don't design any large scale sy= stem without a lot of attention avoiding single-point catastrophes.  O= ne really major example is to achieve content protection with end-to-end se= curity and authentication based on solid key distribution systems. Then "AP= T" in the switching gear and routing masquerading to send traffic to a MITM= can't succeed. Doesn't matter what vendor you buy from!

=0A

Another defense in depth approach for telecommunications is decent= ralized and redundant routing, rather than centralized static routing. = ; Then the system components can route-around-damage.

=0A

 

=0A

And this doesn't depend on the Nati= onality of the designers, manufacturers, etc. At least for any system that = has lots of components assembled by the operator, as telecom does.

=0A 

=0A

The whole idea is nons= ense that in today's world "National Allegiance" is the core frame for thin= king about systems reliability and security. I don't think anyone in the wo= rld should trust companies infiltrated by NSA (Cisco) or GCHQ (BT) or compa= nies who build infrastructure for governments (Google for US DoD and China,= Amazon for vast swaths of USG) fully.

=0A

 =0A

That's not because these companies or governments = are "Russian" or "Chinese" or "American". They aren't. They have power with= in and power over, but they don't answer to us humans. They answer to thems= elves or their "owners".

=0A

 

=0A

Just don't trust them.  You can buy their stuff and use i= t because it is pretty darn functional, but don't put your life entirely in= their hands, even if they have similar facial features to you.

=0A

 

=0A

-----Original Message----= -
From: "Jim Gettys" <jg@freedesktop.org>
Sent: Thursday, M= arch 28, 2019 2:44pm
To: "David P. Reed" <dpreed@deepplum.com>Cc: "Dave Taht" <dave.taht@gmail.com>, "cerowrt-devel" <cerowr= t-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net&= gt;
Subject: Re: [Bloat] [Cerowrt-devel] plenty of huawei in the news = today

=0A
=0A
=0A=0A=
Not clear that Hua= wei is worse than other 5g vendors, if our experience with other embedded s= ystem vendors is any clue.  Certainly I was unimpressed by ALU's softw= are engineering practices when I was at Bell Labs.  The ownership stru= cture of Huawei is "interesting", to say the least.
=0A
My solution is more radical: all = the vendors should be held to much higher standards, including reproducible= builds (something that the UK government has been trying to get them to do= for years, and failed).
=0A
- Jim
=0A
=0A
=0A
= =0A
On Thu, Mar 28, 2019 at 2:32 PM Da= vid P. Reed <dpreed@deepplum.com<= /a>> wrote:
=0A
=0ALook, the existence of security flaws in software isn't = news. Real news would be if there were systems discovered to have no flaws = at all...

=0A

 

=0A

So w= hat does this article really say? 

=0A

 =0A

It says that Britain and the US intelligence offi= cials are now going after Huawei in a new way, because the idea that Huawei= just steals intellectual property no longer flies - they actually have gre= at technology that the non-Chinese never had.

=0A

&n= bsp;

=0A

And there is a massive Trade War currently = aimed between Trump and China.

=0A

 

=0A

And recently, the UK, including GCHQ, said it was NOT goin= g to stop plans to deploy Huawei telecom gear, because it saw no particular= flaws worth worrying about if UK operators wanted to use Huawei "5G" gear = because it was better and cheaper.

=0A

 

=0A=

You can see, of course, that the US diplomatic efforts= under Pompeo might go into high gear to get some kind of supportive public= response from somewhere in the UK, even if the UK government itself wasn't= going to support the US.

=0A

 

=0A

Hence, the PR guys figured out how to get a story into the NYT= imes and other papers that appears to contradict the UK decision. 

= =0A

 

=0A

This is how the g= ame is played.

=0A

 

=0A

This is how Trade Wars are conducted (we haven't seen them for decades, so= we aren't used to them, but we had the big fearmongering about Japan back = in the '80's that was similar, and the Japanese "lead" with its "Fifth Gene= ration Computing" effort required major tax dollars to protect the US from = becoming a third world country)

=0A

 

=0A

Humans don't think. They react emotionally, and tribally.=

=0A

 

=0A

-----Original= Message-----
From: "Dave Taht" <dave.taht@gmail.com>
Sent: Thursday, Mar= ch 28, 2019 2:16pm
To: "David P. Reed" <dpreed@deepplum.com>
Cc: "cerowrt= -devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.buff= erbloat.net>
Subject: Re: [Cerowrt-devel] plenty of huawei in t= he news today

=0A
=0A

Well, it's a widely placed story i= n every newspaper.

On Thu, Mar 28, 2019 at 11:16 AM David P. Ree= d <dpreed@deepp= lum.com> wrote:
>
> The NYTimes has become a mouthpi= ece for those who want to see China as the new evil empire. Recent pieces b= y David Sanger have hyped the idea that the US has a "5G Gap" and that Chin= a (Huawei) will threaten to conquer the world with 5G superiority, so we sh= ould be vigilantly opposing Huawei.
>
>
>
>= Worth noting that Cisco, ALU, ... are not any better than Huawei appears t= o be in these matters. But they aren't getting headlines in the NYTimes.>
>
>
> Remember, Judith Miller wrote NYTimes= headlines based on "leaks from senior intelligence officials" that Saddam = Hussein was on the verge of deploying dirty bombs, nuclear missiles and bio= warfare agents.
>
>
>
> Recently, Bloomberg= got scammed by "leaks from senior intelligence officials" that Supermicro = (Chinese) had built and sold server motherboards that had special chips sol= dered into them that didn't belong there [the stories were completely debun= ked by the companies supposedly targeted].
>
>
>> Personally, I think the cynical fearmongering here does the legitim= ate security engineering community no good at all. It's just more "wag the = dog" psyops, designed to let all the pseudo-security-experts take over the = story and get their 15 minutes in the headlines.
>
>
&= gt;
> The Qualcomms and Ciscos of the US are happy to get the USG t= o help scare countries off of Chinese brandnames. But the open secret is th= at Qualcomm and Cisco's systems are designed and made in China, too. There'= s no US manufacturing of switches, and precious few entirely American hardw= are design centers, either.
>
>
>
> So be a= little skeptical. Check the story behind the story. Don't believe stories = based on "intelligence agency" leaks.
>
>
>
&g= t; -----Original Message-----
> From: "Dave Taht" <dave.taht@gmail.com>
> Sent: Thursday, March 28, 2019 1:55pm
> To: "cerowrt-devel" = <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.ne= t>
> Subject: [Cerowrt-devel] plenty of huawei in the news t= oday
>
> https://www.n= ytimes.com/2019/03/28/technology/huawei-security-british-report.html>
> --
>
> Dave T=C3=A4ht
> CTO, TekL= ibre, LLC
> h= ttp://www.teklibre.com
> Tel: 1-831-205-9740
> ________= _______________________________________
> Cerowrt-devel mailing lis= t
> Cerowrt-devel@lists.bufferbloat.net
> https= ://lists.bufferbloat.net/listinfo/cerowrt-devel



= --

Dave T=C3=A4ht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel:= 1-831-205-9740

=0A
=0A____________________________________________= ___
Bloat mailing list
Bloat@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bloat
=0A
= =0A
=0A ------=_20190328182340000000_90319--