From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp112.iad3a.emailsrvr.com (smtp112.iad3a.emailsrvr.com [173.203.187.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 2B67D3B29E for ; Thu, 16 May 2019 17:39:29 -0400 (EDT) Received: from smtp15.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp15.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id E07985106; Thu, 16 May 2019 17:39:28 -0400 (EDT) X-SMTPDoctor-Processed: csmtpprox beta Received: from smtp15.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp15.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id D7E524FDD; Thu, 16 May 2019 17:39:28 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=g001.emailsrvr.com; s=20190322-9u7zjiwi; t=1558042768; bh=ZrWkXxa3e+I68Y7CG49S6/e44TLFgxjxgCLEsZROTVI=; h=Date:Subject:From:To:From; b=lBm7OwxPbVfy2eFWCJfeVa3dYnQrdj4S/32itv+yapnjMkzQeKnrXduDdumNcosh2 cL9+ZTpt1J3PyaV/bzsofUwP7pr3bNsXcwcpHnTvbcBvxWlEx+07VboJUaKiQqsLkB RSkpxzGQOtcaaRovoAK1VeFHtXX8eg6pvpoUhPF4= Received: from app36.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by smtp15.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 959575106; Thu, 16 May 2019 17:39:28 -0400 (EDT) X-Sender-Id: dpreed@deepplum.com Received: from app36.wa-webapps.iad3a (relay-webapps.rsapps.net [172.27.255.140]) by 0.0.0.0:25 (trex/5.7.12); Thu, 16 May 2019 17:39:28 -0400 Received: from deepplum.com (localhost.localdomain [127.0.0.1]) by app36.wa-webapps.iad3a (Postfix) with ESMTP id 736C360316; Thu, 16 May 2019 17:39:28 -0400 (EDT) Received: by apps.rackspace.com (Authenticated sender: dpreed@deepplum.com, from: dpreed@deepplum.com) with HTTP; Thu, 16 May 2019 17:39:28 -0400 (EDT) X-Auth-ID: dpreed@deepplum.com Date: Thu, 16 May 2019 17:39:28 -0400 (EDT) From: "David P. Reed" To: "Dave Taht" Cc: "bloat" , "cerowrt-devel" , "Make-Wifi-fast" MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_20190516173928000000_11778" Importance: Normal X-Priority: 3 (Normal) X-Type: html In-Reply-To: References: <1558015926.108614198@apps.rackspace.com> Message-ID: <1558042768.46856988@apps.rackspace.com> X-Mailer: webmail/16.4.4-RC Subject: Re: [Cerowrt-devel] Huawei banned by US gov... X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 May 2019 21:39:29 -0000 ------=_20190516173928000000_11778 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =0AThanks for the song share. It's timely. I've been recommending this to a= ll my Democrat friends. [ https://youtu.be/bLqKXrlD1TU ]( https://youtu.be/= bLqKXrlD1TU ) [ https://youtu.be/GqNxne97ubc ]( https://youtu.be/GqNxne97ub= c ) (the two song versions together) (The Republicans are too far gone to b= other). I think you had to be there, though. They mostly don't get the poin= t. The song describes the Democratic Party leading us into the Big Muddy ba= ck then, and now they think that party gave us civil rights and progress, a= nd saved us from disaster. It didn't, it wasn't the sargeant. We did, by be= ing the sergeant ourselves, recognizing the Parties were both part of the p= roblem.=0A =0ABy the way, can I see the letters to the editor? Did they get= published?=0A =0A =0AOn Thursday, May 16, 2019 10:44am, "Dave Taht" said:=0A=0A=0A=0A> One thing I've been trying to do (again)= is more outreach outside our=0A> direct circles, on various subjects, in v= arious ways. Up until=0A> recently I was pretty happy with the overall prog= ress of the fq_codel=0A> deployment, and it was things like this not buffer= bloat-related that=0A> were getting me down the most.=0A> =0A> Jim, esr, an= d I wrote letters to the editor on this subject of the=0A> washington post,= guardian and the economist, recently. This is an=0A> ancient technique, bu= t so long as we're persistent about having a (or=0A> multiple) letters like= that, at a low level of effort, perhaps that is=0A> one "new" way to "get = through". We need to keep trying various=0A> avenues. The rules, though, of= letters to the editor is that they have=0A> to be unique, and well, give e= ach one a week or three, then try=0A> another pub, I figure is unique enoug= h. After a while, perhaps an open=0A> letter. I have no idea... but we have= to try! More of us, have to try.=0A> If someone(s) from here can merely ge= t something on some subject they=0A> care about into their local newspaper,= it's a plus.=0A> =0A> I've had quite a lot of solace in playing a ton of r= ock and roll of=0A> late, notably an updated version of "working class hero= " that I should=0A> sit down and record. Playing the guitar is just about t= he only way I=0A> feel even halfway connected to anything of late. "It gpls= me"=0A> recently got the most hits of any song I've ever posted.=0A> =0A> = Buying a press release a we did before on the fcc fight, did work, but=0A> = it was expensive, and never crossed over into the business press.=0A> Tryin= g to create an environment when something suddenly becomes=0A> "obvious" to= a lot of people, requires a supersaturated solution. For=0A> all I know th= e world (I certainly am) is at its breaking point=0A> regarding all the sec= urity (and bufferbloat!) problems in the=0A> computing world and ready to a= ccept something new instead of business=0A> as usual.=0A> =0A> Recently I h= ad one of the weirder things happen in a while. For about=0A> a month, I've= been using in various public and private conversations=0A> an analogy "abo= ut me being a scared and scarred survivor of a poetry=0A> slam between vogo= ns and bokononists", and realizing how few had read=0A> Vonnegut's "cat's c= radle" to understand what I meant, fully.=0A> Yesterday, or the day before,= slashdot had a whole bunch of people=0A> refer to that book and I felt a b= it less mis-understood. Co-incidence?=0A> no idea....=0A> =0A> One of the t= hings that cheers me up is that book was published in the=0A> early 60s and= civilization survived, after, admittedly, getting neck=0A> deep in the big= muddy.=0A> So anyway, here's that song, that has a fascinating history:=0A= > =0A> https://www.youtube.com/watch?v=3DuXnJVkEX8O4=0A> =0A> and to me app= lies to a lot of folk, currently in power. Perhaps the=0A> times are a chan= gin, too.=0A> =0A> On Thu, May 16, 2019 at 4:12 PM David P. Reed wrote:=0A> >=0A> > In my personal view, the lack of any evidenc= e that Huawei has any more=0A> government-controlled or classified compartm= ented Top Secret offensive Cyberwar=0A> exploits than Cisco, Qualcomm, Broa= dcom, Mellanox, F5, NSO group, etc. is quite a=0A> strong indication that t= here's no relevant "there" there.=0A> >=0A> >=0A> >=0A> > Given the debunki= ng of both the Supermicro and Huawei fraudulent claims (made=0A> by high le= vel "government sources" in the intelligence community), this entire=0A> th= ing looks to me like an attempt to use a fake National Emergency to achieve= =0A> Trade War goals desired by companies close to the US Government agenci= es (esp. now=0A> that the Secretary of Defense is a recent Boeing CEO who p= rofits directly from=0A> such imaginary threats).=0A> >=0A> >=0A> >=0A> > N= ow, I think that this "open up the sources" answer is a really good part of= =0A> a solution. The other parts are having resiliency built in to our syst= ems. The=0A> Internet is full of resiliency today. A balkanized and "sort o= f air-gapped" US=0A> transport network infrastructure is far more fragile a= nd subject to both random=0A> failure and targeted disruption.=0A> >=0A> >= =0A> >=0A> > But who is asking me? Fear is being stoked.=0A> =0A> Answers o= utside the box need to be presented to the purveyors of power=0A> and publi= c manipulation... and the public.=0A> =0A> >=0A> >=0A> >=0A> >=0A> > On Thu= rsday, May 16, 2019 5:58am, "Dave Taht" =0A> said:=0A>= >=0A> > > And we labor on...=0A> > >=0A> > >=0A> https://tech.slashdot.org= /story/19/05/15/2136242/trump-signs-executive-order-barring-us-companies-fr= om-using-huawei-gear=0A> > >=0A> > > To me, the only long term way to even = start to get out of this=0A> > > nightmare (as we cannot trust anyone else'= s gear either, and we have=0A> > > other reminders of corruption like the v= olkswagon scandal) is to=0A> > > mandate the release of source code, with r= eproducible builds[1], for=0A> > > just about everything connected to the i= nternet or used in safety=0A> > > critical applications, like cars. Even th= at's not good enough, but it=0A> > > would be a start. Even back when we to= ok on the FCC on this issue, (=0A> > > http://www.taht.net/~d/fcc_saner_sof= tware_practices.pdf ) I never=0A> > > imagined it would get this bad.=0A> >= >=0A> > > 'round here we did produce one really trustable router in the ce= rowrt=0A> > > project, which was 100% open source top to bottom, which serv= es as an=0A> > > existence proof - and certainly any piece of gear reflashe= d with=0A> > > openwrt is vastly better and more secure than what we get fr= om the=0A> > > manufacturer - but even then, I always worried that my build= =0A> > > infrastructure for cerowrt was or could be compromised and took as= =0A> > > many steps as I could to make sure it wasn't - cross checking buil= ds,=0A> > > attacking it with various attack tools, etc.=0A> > >=0A> > > Fr= iends don't let friends run factory firmware, we used to say. Being=0A> > >= able to build from sources yourself is a huge improvement in potential=0A>= > > trustability - (but even then the famous paper on reflections on=0A> >= > trusting trust applies). And so far, neither the open source or=0A> > > = reproducable builds concepts have entered the public debate.=0A> > >=0A> > = > Every piece of hardware nowadays is rife with binary blobs and there=0A> = > > are all sorts of insecurities in all the core cpus and co-processors=0A= > > > designed today.=0A> > >=0A> > > And it isn't of course, just security= in huawei's case - intel just=0A> > > exited the business - they are way a= head of the US firms in general in=0A> > > so many areas.=0A> > >=0A> > > I= have no idea where networked computing can go anymore, particularly=0A> > = > in the light of the latest MDS vulns revealed over the past few days (=0A= > > > https://lwn.net/Articles/788522/ ). I long ago turned off=0A> > > hyp= erthreading on everything I cared about, moved my most critical=0A> > > res= ources out of the cloud, but I doubt others can do that. I know=0A> > > peo= ple that run a vm inside a vm. I keep hoping someone will invest=0A> > > so= mething major into the mill computing's cpu architecture - which=0A> > > do= es no speculation and has some really robust memory and stack=0A> > > smash= ing protection features (=0A> > > http://millcomputing.com/wiki/Protection = ), and certainly there's hope=0A> > > that risc-v chips could be built with= a higher layer of trust than any=0A> > > arm or intel cpu today (but needs= substancial investment into open=0A> > > on-chip peripherals)=0A> > >=0A> = > > This really isn't a bloat list thing, but the slashdot discussion is=0A= > > > toxic. Is there a mailing list where these sorts of issues can be=0A>= > > rationally discussed?=0A> > >=0A> > > Maybe if intel just released all= their 5G IP into the public domain?=0A> > >=0A> > > /me goes back to bed= =0A> > >=0A> > > [1] https://en.wikipedia.org/wiki/Reproducible_builds=0A> = > >=0A> > > --=0A> > >=0A> > > Dave T=C3=A4ht=0A> > > CTO, TekLibre, LLC=0A= > > > http://www.teklibre.com=0A> > > Tel: 1-831-205-9740=0A> > > _________= ______________________________________=0A> > > Cerowrt-devel mailing list= =0A> > > Cerowrt-devel@lists.bufferbloat.net=0A> > > https://lists.bufferbl= oat.net/listinfo/cerowrt-devel=0A> > >=0A> =0A> =0A> =0A> --=0A> =0A> Dave = T=C3=A4ht=0A> CTO, TekLibre, LLC=0A> http://www.teklibre.com=0A> Tel: 1-831= -205-9740=0A> ------=_20190516173928000000_11778 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

Thanks for the song sh= are. It's timely. I've been recommending this to all my Democrat friends.&n= bsp;https://youtu.be/bLqKXrlD1TU https://youtu.be/GqNxne97u= bc (the two song versions together) (The Republicans are too far gone t= o bother). I think you had to be there, though. They mostly don't get the p= oint. The song describes the Democratic Party leading us into the Big Muddy= back then, and now they think that party gave us civil rights and progress= , and saved us from disaster. It didn't, it wasn't the sargeant. We did, by= being the sergeant ourselves, recognizing the Parties were both part of th= e problem.

=0A

 

=0A

By = the way, can I see the letters to the editor? Did they get published?

= =0A

 

=0A

 

=0A

On Thursday, May 16, 2019 10:44am, "Dave Taht" <dave.ta= ht@gmail.com> said:

=0A
= =0A

> One thing I've been trying to do (again) is mo= re outreach outside our
> direct circles, on various subjects, in v= arious ways. Up until
> recently I was pretty happy with the overal= l progress of the fq_codel
> deployment, and it was things like thi= s not bufferbloat-related that
> were getting me down the most.
>
> Jim, esr, and I wrote letters to the editor on this subje= ct of the
> washington post, guardian and the economist, recently. = This is an
> ancient technique, but so long as we're persistent abo= ut having a (or
> multiple) letters like that, at a low level of ef= fort, perhaps that is
> one "new" way to "get through". We need to = keep trying various
> avenues. The rules, though, of letters to the= editor is that they have
> to be unique, and well, give each one a= week or three, then try
> another pub, I figure is unique enough. = After a while, perhaps an open
> letter. I have no idea... but we h= ave to try! More of us, have to try.
> If someone(s) from here can = merely get something on some subject they
> care about into their l= ocal newspaper, it's a plus.
>
> I've had quite a lot of s= olace in playing a ton of rock and roll of
> late, notably an updat= ed version of "working class hero" that I should
> sit down and rec= ord. Playing the guitar is just about the only way I
> feel even ha= lfway connected to anything of late. "It gpls me"
> recently got th= e most hits of any song I've ever posted.
>
> Buying a pre= ss release a we did before on the fcc fight, did work, but
> it was= expensive, and never crossed over into the business press.
> Tryin= g to create an environment when something suddenly becomes
> "obvio= us" to a lot of people, requires a supersaturated solution. For
> a= ll I know the world (I certainly am) is at its breaking point
> reg= arding all the security (and bufferbloat!) problems in the
> comput= ing world and ready to accept something new instead of business
> a= s usual.
>
> Recently I had one of the weirder things happ= en in a while. For about
> a month, I've been using in various publ= ic and private conversations
> an analogy "about me being a scared = and scarred survivor of a poetry
> slam between vogons and bokononi= sts", and realizing how few had read
> Vonnegut's "cat's cradle" to= understand what I meant, fully.
> Yesterday, or the day before, sl= ashdot had a whole bunch of people
> refer to that book and I felt = a bit less mis-understood. Co-incidence?
> no idea....
> > One of the things that cheers me up is that book was published in = the
> early 60s and civilization survived, after, admittedly, getti= ng neck
> deep in the big muddy.
> So anyway, here's that s= ong, that has a fascinating history:
>
> https://www.youtu= be.com/watch?v=3DuXnJVkEX8O4
>
> and to me applies to a lo= t of folk, currently in power. Perhaps the
> times are a changin, t= oo.
>
> On Thu, May 16, 2019 at 4:12 PM David P. Reed <= dpreed@deepplum.com> wrote:
> >
> > In my personal= view, the lack of any evidence that Huawei has any more
> governme= nt-controlled or classified compartmented Top Secret offensive Cyberwar
> exploits than Cisco, Qualcomm, Broadcom, Mellanox, F5, NSO group, et= c. is quite a
> strong indication that there's no relevant "there" = there.
> >
> >
> >
> > Given th= e debunking of both the Supermicro and Huawei fraudulent claims (made
= > by high level "government sources" in the intelligence community), thi= s entire
> thing looks to me like an attempt to use a fake National= Emergency to achieve
> Trade War goals desired by companies close = to the US Government agencies (esp. now
> that the Secretary of Def= ense is a recent Boeing CEO who profits directly from
> such imagin= ary threats).
> >
> >
> >
> > N= ow, I think that this "open up the sources" answer is a really good part of=
> a solution. The other parts are having resiliency built in to ou= r systems. The
> Internet is full of resiliency today. A balkanized= and "sort of air-gapped" US
> transport network infrastructure is = far more fragile and subject to both random
> failure and targeted = disruption.
> >
> >
> >
> > But= who is asking me? Fear is being stoked.
>
> Answers outsi= de the box need to be presented to the purveyors of power
> and pub= lic manipulation... and the public.
>
> >
> >= ;
> >
> >
> > On Thursday, May 16, 2019 5:= 58am, "Dave Taht" <dave.taht@gmail.com>
> said:
> >= ;
> > > And we labor on...
> > >
> >= >
> https://tech.slashdot.org/story/19/05/15/2136242/trump-sign= s-executive-order-barring-us-companies-from-using-huawei-gear
> >= ; >
> > > To me, the only long term way to even start to g= et out of this
> > > nightmare (as we cannot trust anyone els= e's gear either, and we have
> > > other reminders of corrupt= ion like the volkswagon scandal) is to
> > > mandate the rele= ase of source code, with reproducible builds[1], for
> > > ju= st about everything connected to the internet or used in safety
> &= gt; > critical applications, like cars. Even that's not good enough, but= it
> > > would be a start. Even back when we took on the FCC= on this issue, (
> > > http://www.taht.net/~d/fcc_saner_soft= ware_practices.pdf ) I never
> > > imagined it would get this= bad.
> > >
> > > 'round here we did produce on= e really trustable router in the cerowrt
> > > project, which= was 100% open source top to bottom, which serves as an
> > >= existence proof - and certainly any piece of gear reflashed with
>= > > openwrt is vastly better and more secure than what we get from t= he
> > > manufacturer - but even then, I always worried that = my build
> > > infrastructure for cerowrt was or could be com= promised and took as
> > > many steps as I could to make sure= it wasn't - cross checking builds,
> > > attacking it with v= arious attack tools, etc.
> > >
> > > Friends d= on't let friends run factory firmware, we used to say. Being
> >= > able to build from sources yourself is a huge improvement in potentia= l
> > > trustability - (but even then the famous paper on ref= lections on
> > > trusting trust applies). And so far, neithe= r the open source or
> > > reproducable builds concepts have = entered the public debate.
> > >
> > > Every pi= ece of hardware nowadays is rife with binary blobs and there
> >= > are all sorts of insecurities in all the core cpus and co-processors<= br />> > > designed today.
> > >
> > >= And it isn't of course, just security in huawei's case - intel just
&= gt; > > exited the business - they are way ahead of the US firms in g= eneral in
> > > so many areas.
> > >
> = > > I have no idea where networked computing can go anymore, particul= arly
> > > in the light of the latest MDS vulns revealed over= the past few days (
> > > https://lwn.net/Articles/788522/ )= . I long ago turned off
> > > hyperthreading on everything I = cared about, moved my most critical
> > > resources out of th= e cloud, but I doubt others can do that. I know
> > > people = that run a vm inside a vm. I keep hoping someone will invest
> >= > something major into the mill computing's cpu architecture - which> > > does no speculation and has some really robust memory and= stack
> > > smashing protection features (
> > &g= t; http://millcomputing.com/wiki/Protection ), and certainly there's hope> > > that risc-v chips could be built with a higher layer of = trust than any
> > > arm or intel cpu today (but needs substa= ncial investment into open
> > > on-chip peripherals)
&g= t; > >
> > > This really isn't a bloat list thing, but = the slashdot discussion is
> > > toxic. Is there a mailing li= st where these sorts of issues can be
> > > rationally discus= sed?
> > >
> > > Maybe if intel just released a= ll their 5G IP into the public domain?
> > >
> > &= gt; /me goes back to bed
> > >
> > > [1] https:= //en.wikipedia.org/wiki/Reproducible_builds
> > >
> &= gt; > --
> > >
> > > Dave T=C3=A4ht
>= ; > > CTO, TekLibre, LLC
> > > http://www.teklibre.com<= br />> > > Tel: 1-831-205-9740
> > > _______________= ________________________________
> > > Cerowrt-devel mailing = list
> > > Cerowrt-devel@lists.bufferbloat.net
> >= > https://lists.bufferbloat.net/listinfo/cerowrt-devel
> > &= gt;
>
>
>
> --
>
> Dave= T=C3=A4ht
> CTO, TekLibre, LLC
> http://www.teklibre.com> Tel: 1-831-205-9740
>

=0A
 ------=_20190516173928000000_11778--