[Cerowrt-devel] plenty of huawei in the news today

[Cerowrt-devel] plenty of huawei in the news today

[Dave Taht]

https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html

-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Cerowrt-devel] plenty of huawei in the news today

[David P. Reed]

[-- Attachment #1: Type: text/plain, Size: 2269 bytes --]


The NYTimes has become a mouthpiece for those who want to see China as the new evil empire. Recent pieces by David Sanger have hyped the idea that the US has a "5G Gap" and that China (Huawei) will threaten to conquer the world with 5G superiority, so we should be vigilantly opposing Huawei.
 
Worth noting that Cisco, ALU, ... are not any better than Huawei appears to be in these matters. But they aren't getting headlines in the NYTimes.
 
Remember, Judith Miller wrote NYTimes headlines based on "leaks from senior intelligence officials" that Saddam Hussein was on the verge of deploying dirty bombs, nuclear missiles and biowarfare agents.
 
Recently, Bloomberg got scammed by "leaks from senior intelligence officials" that Supermicro (Chinese) had built and sold server motherboards that had special chips soldered into them that didn't belong there [the stories were completely debunked by the companies supposedly targeted].
 
Personally, I think the cynical fearmongering here does the legitimate security engineering community no good at all. It's just more "wag the dog" psyops, designed to let all the pseudo-security-experts take over the story and get their 15 minutes in the headlines.
 
The Qualcomms and Ciscos of the US are happy to get the USG to help scare countries off of Chinese brandnames. But the open secret is that Qualcomm and Cisco's systems are designed and made in China, too. There's no US manufacturing of switches, and precious few entirely American hardware design centers, either.
 
So be a little skeptical. Check the story behind the story. Don't believe stories based on "intelligence agency" leaks.
 
-----Original Message-----
From: "Dave Taht" <dave.taht@gmail.com>
Sent: Thursday, March 28, 2019 1:55pm
To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
Subject: [Cerowrt-devel] plenty of huawei in the news today



https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html

-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel

[-- Attachment #2: Type: text/html, Size: 4030 bytes --]

Re: [Cerowrt-devel] plenty of huawei in the news today

[Dave Taht]

Well, it's a widely placed story in every newspaper.

On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <dpreed@deepplum.com> wrote:
>
> The NYTimes has become a mouthpiece for those who want to see China as the new evil empire. Recent pieces by David Sanger have hyped the idea that the US has a "5G Gap" and that China (Huawei) will threaten to conquer the world with 5G superiority, so we should be vigilantly opposing Huawei.
>
>
>
> Worth noting that Cisco, ALU, ... are not any better than Huawei appears to be in these matters. But they aren't getting headlines in the NYTimes.
>
>
>
> Remember, Judith Miller wrote NYTimes headlines based on "leaks from senior intelligence officials" that Saddam Hussein was on the verge of deploying dirty bombs, nuclear missiles and biowarfare agents.
>
>
>
> Recently, Bloomberg got scammed by "leaks from senior intelligence officials" that Supermicro (Chinese) had built and sold server motherboards that had special chips soldered into them that didn't belong there [the stories were completely debunked by the companies supposedly targeted].
>
>
>
> Personally, I think the cynical fearmongering here does the legitimate security engineering community no good at all. It's just more "wag the dog" psyops, designed to let all the pseudo-security-experts take over the story and get their 15 minutes in the headlines.
>
>
>
> The Qualcomms and Ciscos of the US are happy to get the USG to help scare countries off of Chinese brandnames. But the open secret is that Qualcomm and Cisco's systems are designed and made in China, too. There's no US manufacturing of switches, and precious few entirely American hardware design centers, either.
>
>
>
> So be a little skeptical. Check the story behind the story. Don't believe stories based on "intelligence agency" leaks.
>
>
>
> -----Original Message-----
> From: "Dave Taht" <dave.taht@gmail.com>
> Sent: Thursday, March 28, 2019 1:55pm
> To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
> Subject: [Cerowrt-devel] plenty of huawei in the news today
>
> https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html
>
> --
>
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-831-205-9740
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Cerowrt-devel] plenty of huawei in the news today

[David P. Reed]

[-- Attachment #1: Type: text/plain, Size: 4462 bytes --]


Look, the existence of security flaws in software isn't news. Real news would be if there were systems discovered to have no flaws at all...
 
So what does this article really say? 
 
It says that Britain and the US intelligence officials are now going after Huawei in a new way, because the idea that Huawei just steals intellectual property no longer flies - they actually have great technology that the non-Chinese never had.
 
And there is a massive Trade War currently aimed between Trump and China.
 
And recently, the UK, including GCHQ, said it was NOT going to stop plans to deploy Huawei telecom gear, because it saw no particular flaws worth worrying about if UK operators wanted to use Huawei "5G" gear because it was better and cheaper.
 
You can see, of course, that the US diplomatic efforts under Pompeo might go into high gear to get some kind of supportive public response from somewhere in the UK, even if the UK government itself wasn't going to support the US.
 
Hence, the PR guys figured out how to get a story into the NYTimes and other papers that appears to contradict the UK decision. 
 
This is how the game is played.
 
This is how Trade Wars are conducted (we haven't seen them for decades, so we aren't used to them, but we had the big fearmongering about Japan back in the '80's that was similar, and the Japanese "lead" with its "Fifth Generation Computing" effort required major tax dollars to protect the US from becoming a third world country)
 
Humans don't think. They react emotionally, and tribally.
 
-----Original Message-----
From: "Dave Taht" <dave.taht@gmail.com>
Sent: Thursday, March 28, 2019 2:16pm
To: "David P. Reed" <dpreed@deepplum.com>
Cc: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] plenty of huawei in the news today



Well, it's a widely placed story in every newspaper.

On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <dpreed@deepplum.com> wrote:
>
> The NYTimes has become a mouthpiece for those who want to see China as the new evil empire. Recent pieces by David Sanger have hyped the idea that the US has a "5G Gap" and that China (Huawei) will threaten to conquer the world with 5G superiority, so we should be vigilantly opposing Huawei.
>
>
>
> Worth noting that Cisco, ALU, ... are not any better than Huawei appears to be in these matters. But they aren't getting headlines in the NYTimes.
>
>
>
> Remember, Judith Miller wrote NYTimes headlines based on "leaks from senior intelligence officials" that Saddam Hussein was on the verge of deploying dirty bombs, nuclear missiles and biowarfare agents.
>
>
>
> Recently, Bloomberg got scammed by "leaks from senior intelligence officials" that Supermicro (Chinese) had built and sold server motherboards that had special chips soldered into them that didn't belong there [the stories were completely debunked by the companies supposedly targeted].
>
>
>
> Personally, I think the cynical fearmongering here does the legitimate security engineering community no good at all. It's just more "wag the dog" psyops, designed to let all the pseudo-security-experts take over the story and get their 15 minutes in the headlines.
>
>
>
> The Qualcomms and Ciscos of the US are happy to get the USG to help scare countries off of Chinese brandnames. But the open secret is that Qualcomm and Cisco's systems are designed and made in China, too. There's no US manufacturing of switches, and precious few entirely American hardware design centers, either.
>
>
>
> So be a little skeptical. Check the story behind the story. Don't believe stories based on "intelligence agency" leaks.
>
>
>
> -----Original Message-----
> From: "Dave Taht" <dave.taht@gmail.com>
> Sent: Thursday, March 28, 2019 1:55pm
> To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
> Subject: [Cerowrt-devel] plenty of huawei in the news today
>
> https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html
>
> --
>
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-831-205-9740
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel



-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

[-- Attachment #2: Type: text/html, Size: 7199 bytes --]

Re: [Cerowrt-devel] plenty of huawei in the news today

[Dave Taht]

I'd like to take the time to read this.

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf

but I'm putting on a concert at 9.


On Thu, Mar 28, 2019 at 11:32 AM David P. Reed <dpreed@deepplum.com> wrote:
>
> Look, the existence of security flaws in software isn't news. Real news would be if there were systems discovered to have no flaws at all...
>
>
>
> So what does this article really say?
>
>
>
> It says that Britain and the US intelligence officials are now going after Huawei in a new way, because the idea that Huawei just steals intellectual property no longer flies - they actually have great technology that the non-Chinese never had.
>
>
>
> And there is a massive Trade War currently aimed between Trump and China.
>
>
>
> And recently, the UK, including GCHQ, said it was NOT going to stop plans to deploy Huawei telecom gear, because it saw no particular flaws worth worrying about if UK operators wanted to use Huawei "5G" gear because it was better and cheaper.
>
>
>
> You can see, of course, that the US diplomatic efforts under Pompeo might go into high gear to get some kind of supportive public response from somewhere in the UK, even if the UK government itself wasn't going to support the US.
>
>
>
> Hence, the PR guys figured out how to get a story into the NYTimes and other papers that appears to contradict the UK decision.
>
>
>
> This is how the game is played.
>
>
>
> This is how Trade Wars are conducted (we haven't seen them for decades, so we aren't used to them, but we had the big fearmongering about Japan back in the '80's that was similar, and the Japanese "lead" with its "Fifth Generation Computing" effort required major tax dollars to protect the US from becoming a third world country)
>
>
>
> Humans don't think. They react emotionally, and tribally.
>
>
>
> -----Original Message-----
> From: "Dave Taht" <dave.taht@gmail.com>
> Sent: Thursday, March 28, 2019 2:16pm
> To: "David P. Reed" <dpreed@deepplum.com>
> Cc: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
> Subject: Re: [Cerowrt-devel] plenty of huawei in the news today
>
> Well, it's a widely placed story in every newspaper.
>
> On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <dpreed@deepplum.com> wrote:
> >
> > The NYTimes has become a mouthpiece for those who want to see China as the new evil empire. Recent pieces by David Sanger have hyped the idea that the US has a "5G Gap" and that China (Huawei) will threaten to conquer the world with 5G superiority, so we should be vigilantly opposing Huawei.
> >
> >
> >
> > Worth noting that Cisco, ALU, ... are not any better than Huawei appears to be in these matters. But they aren't getting headlines in the NYTimes.
> >
> >
> >
> > Remember, Judith Miller wrote NYTimes headlines based on "leaks from senior intelligence officials" that Saddam Hussein was on the verge of deploying dirty bombs, nuclear missiles and biowarfare agents.
> >
> >
> >
> > Recently, Bloomberg got scammed by "leaks from senior intelligence officials" that Supermicro (Chinese) had built and sold server motherboards that had special chips soldered into them that didn't belong there [the stories were completely debunked by the companies supposedly targeted].
> >
> >
> >
> > Personally, I think the cynical fearmongering here does the legitimate security engineering community no good at all. It's just more "wag the dog" psyops, designed to let all the pseudo-security-experts take over the story and get their 15 minutes in the headlines.
> >
> >
> >
> > The Qualcomms and Ciscos of the US are happy to get the USG to help scare countries off of Chinese brandnames. But the open secret is that Qualcomm and Cisco's systems are designed and made in China, too. There's no US manufacturing of switches, and precious few entirely American hardware design centers, either.
> >
> >
> >
> > So be a little skeptical. Check the story behind the story. Don't believe stories based on "intelligence agency" leaks.
> >
> >
> >
> > -----Original Message-----
> > From: "Dave Taht" <dave.taht@gmail.com>
> > Sent: Thursday, March 28, 2019 1:55pm
> > To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
> > Subject: [Cerowrt-devel] plenty of huawei in the news today
> >
> > https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html
> >
> > --
> >
> > Dave Täht
> > CTO, TekLibre, LLC
> > http://www.teklibre.com
> > Tel: 1-831-205-9740
> > _______________________________________________
> > Cerowrt-devel mailing list
> > Cerowrt-devel@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
>
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-831-205-9740



-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Cerowrt-devel] [Bloat] plenty of huawei in the news today

[Jim Gettys]

[-- Attachment #1: Type: text/plain, Size: 5722 bytes --]

It's worth looking at the UK government oversight report:

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf

Not clear that Huawei is worse than other 5g vendors, if our experience
with other embedded system vendors is any clue.  Certainly I was
unimpressed by ALU's software engineering practices when I was at Bell
Labs.  The ownership structure of Huawei is "interesting", to say the least.

My solution is more radical: all the vendors should be held to much higher
standards, including reproducible builds (something that the UK government
has been trying to get them to do for years, and failed).

- Jim


On Thu, Mar 28, 2019 at 2:32 PM David P. Reed <dpreed@deepplum.com> wrote:

> Look, the existence of security flaws in software isn't news. Real news
> would be if there were systems discovered to have no flaws at all...
>
>
>
> So what does this article really say?
>
>
>
> It says that Britain and the US intelligence officials are now going after
> Huawei in a new way, because the idea that Huawei just steals intellectual
> property no longer flies - they actually have great technology that the
> non-Chinese never had.
>
>
>
> And there is a massive Trade War currently aimed between Trump and China.
>
>
>
> And recently, the UK, including GCHQ, said it was NOT going to stop plans
> to deploy Huawei telecom gear, because it saw no particular flaws worth
> worrying about if UK operators wanted to use Huawei "5G" gear because it
> was better and cheaper.
>
>
>
> You can see, of course, that the US diplomatic efforts under Pompeo might
> go into high gear to get some kind of supportive public response from
> somewhere in the UK, even if the UK government itself wasn't going to
> support the US.
>
>
>
> Hence, the PR guys figured out how to get a story into the NYTimes and
> other papers that appears to contradict the UK decision.
>
>
>
> This is how the game is played.
>
>
>
> This is how Trade Wars are conducted (we haven't seen them for decades, so
> we aren't used to them, but we had the big fearmongering about Japan back
> in the '80's that was similar, and the Japanese "lead" with its "Fifth
> Generation Computing" effort required major tax dollars to protect the US
> from becoming a third world country)
>
>
>
> Humans don't think. They react emotionally, and tribally.
>
>
>
> -----Original Message-----
> From: "Dave Taht" <dave.taht@gmail.com>
> Sent: Thursday, March 28, 2019 2:16pm
> To: "David P. Reed" <dpreed@deepplum.com>
> Cc: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <
> bloat@lists.bufferbloat.net>
> Subject: Re: [Cerowrt-devel] plenty of huawei in the news today
>
> Well, it's a widely placed story in every newspaper.
>
> On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <dpreed@deepplum.com>
> wrote:
> >
> > The NYTimes has become a mouthpiece for those who want to see China as
> the new evil empire. Recent pieces by David Sanger have hyped the idea that
> the US has a "5G Gap" and that China (Huawei) will threaten to conquer the
> world with 5G superiority, so we should be vigilantly opposing Huawei.
> >
> >
> >
> > Worth noting that Cisco, ALU, ... are not any better than Huawei appears
> to be in these matters. But they aren't getting headlines in the NYTimes.
> >
> >
> >
> > Remember, Judith Miller wrote NYTimes headlines based on "leaks from
> senior intelligence officials" that Saddam Hussein was on the verge of
> deploying dirty bombs, nuclear missiles and biowarfare agents.
> >
> >
> >
> > Recently, Bloomberg got scammed by "leaks from senior intelligence
> officials" that Supermicro (Chinese) had built and sold server motherboards
> that had special chips soldered into them that didn't belong there [the
> stories were completely debunked by the companies supposedly targeted].
> >
> >
> >
> > Personally, I think the cynical fearmongering here does the legitimate
> security engineering community no good at all. It's just more "wag the dog"
> psyops, designed to let all the pseudo-security-experts take over the story
> and get their 15 minutes in the headlines.
> >
> >
> >
> > The Qualcomms and Ciscos of the US are happy to get the USG to help
> scare countries off of Chinese brandnames. But the open secret is that
> Qualcomm and Cisco's systems are designed and made in China, too. There's
> no US manufacturing of switches, and precious few entirely American
> hardware design centers, either.
> >
> >
> >
> > So be a little skeptical. Check the story behind the story. Don't
> believe stories based on "intelligence agency" leaks.
> >
> >
> >
> > -----Original Message-----
> > From: "Dave Taht" <dave.taht@gmail.com>
> > Sent: Thursday, March 28, 2019 1:55pm
> > To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <
> bloat@lists.bufferbloat.net>
> > Subject: [Cerowrt-devel] plenty of huawei in the news today
> >
> >
> https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html
> >
> > --
> >
> > Dave Täht
> > CTO, TekLibre, LLC
> > http://www.teklibre.com
> > Tel: 1-831-205-9740
> > _______________________________________________
> > Cerowrt-devel mailing list
> > Cerowrt-devel@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
>
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-831-205-9740
> _______________________________________________
> Bloat mailing list
> Bloat@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bloat
>

[-- Attachment #2: Type: text/html, Size: 9709 bytes --]

Re: [Cerowrt-devel] [Bloat] plenty of huawei in the news today

[Dave Taht]

I share the reproducable builds thing - but for all vendors, including
cisco and openwrt.

Trust but verify.

On Thu, Mar 28, 2019 at 11:44 AM Jim Gettys <jg@freedesktop.org> wrote:
>
> It's worth looking at the UK government oversight report:
>
> https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf
>
> Not clear that Huawei is worse than other 5g vendors, if our experience with other embedded system vendors is any clue.  Certainly I was unimpressed by ALU's software engineering practices when I was at Bell Labs.  The ownership structure of Huawei is "interesting", to say the least.
>
> My solution is more radical: all the vendors should be held to much higher standards, including reproducible builds (something that the UK government has been trying to get them to do for years, and failed).
>
> - Jim
>
>
> On Thu, Mar 28, 2019 at 2:32 PM David P. Reed <dpreed@deepplum.com> wrote:
>>
>> Look, the existence of security flaws in software isn't news. Real news would be if there were systems discovered to have no flaws at all...
>>
>>
>>
>> So what does this article really say?
>>
>>
>>
>> It says that Britain and the US intelligence officials are now going after Huawei in a new way, because the idea that Huawei just steals intellectual property no longer flies - they actually have great technology that the non-Chinese never had.
>>
>>
>>
>> And there is a massive Trade War currently aimed between Trump and China.
>>
>>
>>
>> And recently, the UK, including GCHQ, said it was NOT going to stop plans to deploy Huawei telecom gear, because it saw no particular flaws worth worrying about if UK operators wanted to use Huawei "5G" gear because it was better and cheaper.
>>
>>
>>
>> You can see, of course, that the US diplomatic efforts under Pompeo might go into high gear to get some kind of supportive public response from somewhere in the UK, even if the UK government itself wasn't going to support the US.
>>
>>
>>
>> Hence, the PR guys figured out how to get a story into the NYTimes and other papers that appears to contradict the UK decision.
>>
>>
>>
>> This is how the game is played.
>>
>>
>>
>> This is how Trade Wars are conducted (we haven't seen them for decades, so we aren't used to them, but we had the big fearmongering about Japan back in the '80's that was similar, and the Japanese "lead" with its "Fifth Generation Computing" effort required major tax dollars to protect the US from becoming a third world country)
>>
>>
>>
>> Humans don't think. They react emotionally, and tribally.
>>
>>
>>
>> -----Original Message-----
>> From: "Dave Taht" <dave.taht@gmail.com>
>> Sent: Thursday, March 28, 2019 2:16pm
>> To: "David P. Reed" <dpreed@deepplum.com>
>> Cc: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
>> Subject: Re: [Cerowrt-devel] plenty of huawei in the news today
>>
>> Well, it's a widely placed story in every newspaper.
>>
>> On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <dpreed@deepplum.com> wrote:
>> >
>> > The NYTimes has become a mouthpiece for those who want to see China as the new evil empire. Recent pieces by David Sanger have hyped the idea that the US has a "5G Gap" and that China (Huawei) will threaten to conquer the world with 5G superiority, so we should be vigilantly opposing Huawei.
>> >
>> >
>> >
>> > Worth noting that Cisco, ALU, ... are not any better than Huawei appears to be in these matters. But they aren't getting headlines in the NYTimes.
>> >
>> >
>> >
>> > Remember, Judith Miller wrote NYTimes headlines based on "leaks from senior intelligence officials" that Saddam Hussein was on the verge of deploying dirty bombs, nuclear missiles and biowarfare agents.
>> >
>> >
>> >
>> > Recently, Bloomberg got scammed by "leaks from senior intelligence officials" that Supermicro (Chinese) had built and sold server motherboards that had special chips soldered into them that didn't belong there [the stories were completely debunked by the companies supposedly targeted].
>> >
>> >
>> >
>> > Personally, I think the cynical fearmongering here does the legitimate security engineering community no good at all. It's just more "wag the dog" psyops, designed to let all the pseudo-security-experts take over the story and get their 15 minutes in the headlines.
>> >
>> >
>> >
>> > The Qualcomms and Ciscos of the US are happy to get the USG to help scare countries off of Chinese brandnames. But the open secret is that Qualcomm and Cisco's systems are designed and made in China, too. There's no US manufacturing of switches, and precious few entirely American hardware design centers, either.
>> >
>> >
>> >
>> > So be a little skeptical. Check the story behind the story. Don't believe stories based on "intelligence agency" leaks.
>> >
>> >
>> >
>> > -----Original Message-----
>> > From: "Dave Taht" <dave.taht@gmail.com>
>> > Sent: Thursday, March 28, 2019 1:55pm
>> > To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
>> > Subject: [Cerowrt-devel] plenty of huawei in the news today
>> >
>> > https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html
>> >
>> > --
>> >
>> > Dave Täht
>> > CTO, TekLibre, LLC
>> > http://www.teklibre.com
>> > Tel: 1-831-205-9740
>> > _______________________________________________
>> > Cerowrt-devel mailing list
>> > Cerowrt-devel@lists.bufferbloat.net
>> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>> --
>>
>> Dave Täht
>> CTO, TekLibre, LLC
>> http://www.teklibre.com
>> Tel: 1-831-205-9740
>>
>> _______________________________________________
>> Bloat mailing list
>> Bloat@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/bloat



-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740

Re: [Cerowrt-devel] [Bloat] plenty of huawei in the news today

[Valdis Klētnieks]

On Thu, 28 Mar 2019 14:44:28 -0400, Jim Gettys said:

> My solution is more radical: all the vendors should be held to much higher
> standards, including reproducible builds (something that the UK government
> has been trying to get them to do for years, and failed).

All too often, even getting the *claimed* configuration that was built is far
too difficult. For example, if I ssh to my Lede router, getting it to cough up the
contents of the .config used to build it is a challenge - /proc/config.gz doesn't
hold the userspace part of the config.

Re: [Cerowrt-devel] [Bloat] plenty of huawei in the news today

[David P. Reed]

[-- Attachment #1: Type: text/plain, Size: 8245 bytes --]


Yes, yes, yes, yes!
 
Defense in depth is also good. We long ago learned that you don't design any large scale system without a lot of attention avoiding single-point catastrophes.  One really major example is to achieve content protection with end-to-end security and authentication based on solid key distribution systems. Then "APT" in the switching gear and routing masquerading to send traffic to a MITM can't succeed. Doesn't matter what vendor you buy from!
Another defense in depth approach for telecommunications is decentralized and redundant routing, rather than centralized static routing.  Then the system components can route-around-damage.
 
And this doesn't depend on the Nationality of the designers, manufacturers, etc. At least for any system that has lots of components assembled by the operator, as telecom does.
 
The whole idea is nonsense that in today's world "National Allegiance" is the core frame for thinking about systems reliability and security. I don't think anyone in the world should trust companies infiltrated by NSA (Cisco) or GCHQ (BT) or companies who build infrastructure for governments (Google for US DoD and China, Amazon for vast swaths of USG) fully.
 
That's not because these companies or governments are "Russian" or "Chinese" or "American". They aren't. They have power within and power over, but they don't answer to us humans. They answer to themselves or their "owners".
 
Just don't trust them.  You can buy their stuff and use it because it is pretty darn functional, but don't put your life entirely in their hands, even if they have similar facial features to you.
 
-----Original Message-----
From: "Jim Gettys" <jg@freedesktop.org>
Sent: Thursday, March 28, 2019 2:44pm
To: "David P. Reed" <dpreed@deepplum.com>
Cc: "Dave Taht" <dave.taht@gmail.com>, "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>
Subject: Re: [Bloat] [Cerowrt-devel] plenty of huawei in the news today





It's worth looking at the UK government oversight report:
[ https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf ]( https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf )
Not clear that Huawei is worse than other 5g vendors, if our experience with other embedded system vendors is any clue.  Certainly I was unimpressed by ALU's software engineering practices when I was at Bell Labs.  The ownership structure of Huawei is "interesting", to say the least.
My solution is more radical: all the vendors should be held to much higher standards, including reproducible builds (something that the UK government has been trying to get them to do for years, and failed).
- Jim


On Thu, Mar 28, 2019 at 2:32 PM David P. Reed <[ dpreed@deepplum.com ]( mailto:dpreed@deepplum.com )> wrote:
Look, the existence of security flaws in software isn't news. Real news would be if there were systems discovered to have no flaws at all...
 
So what does this article really say? 
 
It says that Britain and the US intelligence officials are now going after Huawei in a new way, because the idea that Huawei just steals intellectual property no longer flies - they actually have great technology that the non-Chinese never had.
 
And there is a massive Trade War currently aimed between Trump and China.
 
And recently, the UK, including GCHQ, said it was NOT going to stop plans to deploy Huawei telecom gear, because it saw no particular flaws worth worrying about if UK operators wanted to use Huawei "5G" gear because it was better and cheaper.
 
You can see, of course, that the US diplomatic efforts under Pompeo might go into high gear to get some kind of supportive public response from somewhere in the UK, even if the UK government itself wasn't going to support the US.
 
Hence, the PR guys figured out how to get a story into the NYTimes and other papers that appears to contradict the UK decision. 
 
This is how the game is played.
 
This is how Trade Wars are conducted (we haven't seen them for decades, so we aren't used to them, but we had the big fearmongering about Japan back in the '80's that was similar, and the Japanese "lead" with its "Fifth Generation Computing" effort required major tax dollars to protect the US from becoming a third world country)
 
Humans don't think. They react emotionally, and tribally.
 
-----Original Message-----
From: "Dave Taht" <[ dave.taht@gmail.com ]( mailto:dave.taht@gmail.com )>
Sent: Thursday, March 28, 2019 2:16pm
To: "David P. Reed" <[ dpreed@deepplum.com ]( mailto:dpreed@deepplum.com )>
Cc: "cerowrt-devel" <[ cerowrt-devel@lists.bufferbloat.net ]( mailto:cerowrt-devel@lists.bufferbloat.net )>, "bloat" <[ bloat@lists.bufferbloat.net ]( mailto:bloat@lists.bufferbloat.net )>
Subject: Re: [Cerowrt-devel] plenty of huawei in the news today



Well, it's a widely placed story in every newspaper.

On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <[ dpreed@deepplum.com ]( mailto:dpreed@deepplum.com )> wrote:
>
> The NYTimes has become a mouthpiece for those who want to see China as the new evil empire. Recent pieces by David Sanger have hyped the idea that the US has a "5G Gap" and that China (Huawei) will threaten to conquer the world with 5G superiority, so we should be vigilantly opposing Huawei.
>
>
>
> Worth noting that Cisco, ALU, ... are not any better than Huawei appears to be in these matters. But they aren't getting headlines in the NYTimes.
>
>
>
> Remember, Judith Miller wrote NYTimes headlines based on "leaks from senior intelligence officials" that Saddam Hussein was on the verge of deploying dirty bombs, nuclear missiles and biowarfare agents.
>
>
>
> Recently, Bloomberg got scammed by "leaks from senior intelligence officials" that Supermicro (Chinese) had built and sold server motherboards that had special chips soldered into them that didn't belong there [the stories were completely debunked by the companies supposedly targeted].
>
>
>
> Personally, I think the cynical fearmongering here does the legitimate security engineering community no good at all. It's just more "wag the dog" psyops, designed to let all the pseudo-security-experts take over the story and get their 15 minutes in the headlines.
>
>
>
> The Qualcomms and Ciscos of the US are happy to get the USG to help scare countries off of Chinese brandnames. But the open secret is that Qualcomm and Cisco's systems are designed and made in China, too. There's no US manufacturing of switches, and precious few entirely American hardware design centers, either.
>
>
>
> So be a little skeptical. Check the story behind the story. Don't believe stories based on "intelligence agency" leaks.
>
>
>
> -----Original Message-----
> From: "Dave Taht" <[ dave.taht@gmail.com ]( mailto:dave.taht@gmail.com )>
> Sent: Thursday, March 28, 2019 1:55pm
> To: "cerowrt-devel" <[ cerowrt-devel@lists.bufferbloat.net ]( mailto:cerowrt-devel@lists.bufferbloat.net )>, "bloat" <[ bloat@lists.bufferbloat.net ]( mailto:bloat@lists.bufferbloat.net )>
> Subject: [Cerowrt-devel] plenty of huawei in the news today
>
> [ https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html ]( https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html )
>
> --
>
> Dave Täht
> CTO, TekLibre, LLC
> [ http://www.teklibre.com ]( http://www.teklibre.com )
> Tel: 1-831-205-9740
> _______________________________________________
> Cerowrt-devel mailing list
> [ Cerowrt-devel@lists.bufferbloat.net ]( mailto:Cerowrt-devel@lists.bufferbloat.net )
> [ https://lists.bufferbloat.net/listinfo/cerowrt-devel ]( https://lists.bufferbloat.net/listinfo/cerowrt-devel )



-- 

Dave Täht
CTO, TekLibre, LLC
[ http://www.teklibre.com ]( http://www.teklibre.com )
Tel: 1-831-205-9740_______________________________________________
 Bloat mailing list
[ Bloat@lists.bufferbloat.net ]( mailto:Bloat@lists.bufferbloat.net )
[ https://lists.bufferbloat.net/listinfo/bloat ]( https://lists.bufferbloat.net/listinfo/bloat )

[-- Attachment #2: Type: text/html, Size: 13498 bytes --]