From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qt1-x841.google.com (mail-qt1-x841.google.com [IPv6:2607:f8b0:4864:20::841]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 2E9F73B2A4; Thu, 28 Mar 2019 14:48:01 -0400 (EDT) Received: by mail-qt1-x841.google.com with SMTP id k14so24388736qtb.0; Thu, 28 Mar 2019 11:48:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=MwyMtHiqvdWChe+lK2nDxpMe2R3xDBf5W2/GiIqbROQ=; b=nGRjXfg0V15v2BQO+P/j1+xwuQFruwo8lpHY3aac3TuMQ9GSvmZ2nj0swCuI05vvxb YOnh4jhYe7FQPrOLJ2YmOBmoBYIcI7K2r+jfJRf8ZgtgCyoBcmOHlBfV1KMLbtj59U+l q7A6fcfST9Viwi4f1MlbdqlJwKDg0XxGrK0l6kInfhUYuh+P9qcB6D34JoW1RqsvfK1a oE1tbSXCNQCQLczMMnaZlPsEkoMpMTNAY2xX8u6HSpClDbtcD9EL96Opo+e7roaw4kol O7rXyDw2Im86WqVlzeiGu4mcpPqVaYF1UrSHb8qeEMmhMpRm+ffB0QQJyZgcM34+8mOc 4J5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=MwyMtHiqvdWChe+lK2nDxpMe2R3xDBf5W2/GiIqbROQ=; b=WBfxTHqCL2Zo9qk4g07pv8YqBURhxLt1nev8iK/UjeeUr3BcNrBxNklQzqaIpPi3v5 nC11KtZmL085LLOq7s7hBGjqObjzjZF9aesx7r2sVombkb+JOqQkLz/OqmiWt6VYblRE n5blka6L1xXp2PFhKBh1td5H6dybqxbK7igQeWAtf6jI6+p2/iBj9O0vbWKtyNrEK+Lp ik0K3NCTmJFvOcLt/Oxc3BoBV44005MEyHqcR0Si35vQg+zy+Ft6g6e1cfugnTRDWSah IJ+siRNgrEH12YVMV5dwBQNY65mtgyDXcu5AvgiEuAF2XY4lFu/Ke+QIG1itqTMGhUjE vp4Q== X-Gm-Message-State: APjAAAV455XpQNXWMP87+81nJQqdVlpXN+HafRTR/AfvYH6MJBtafVoE GpAhpBhRZhhJslZaZqsSuyu3wsq5WdOXEsEG66U= X-Google-Smtp-Source: APXvYqwkyp217ha2yqXkvQM8PrkyJG9P44nlFfCkEn0b7Cu7gmRua6MHRY4QU8VmhO84Cp6omoHfmVfooFd9sQb9KmI= X-Received: by 2002:aed:3ee7:: with SMTP id o36mr37954470qtf.355.1553798880594; Thu, 28 Mar 2019 11:48:00 -0700 (PDT) MIME-Version: 1.0 References: <1553796961.229623922@apps.rackspace.com> <1553797924.63225811@apps.rackspace.com> In-Reply-To: From: Dave Taht Date: Thu, 28 Mar 2019 11:47:48 -0700 Message-ID: To: Jim Gettys Cc: "David P. Reed" , cerowrt-devel , bloat Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] [Bloat] plenty of huawei in the news today X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 18:48:01 -0000 I share the reproducable builds thing - but for all vendors, including cisco and openwrt. Trust but verify. On Thu, Mar 28, 2019 at 11:44 AM Jim Gettys wrote: > > It's worth looking at the UK government oversight report: > > https://assets.publishing.service.gov.uk/government/uploads/system/upload= s/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf > > Not clear that Huawei is worse than other 5g vendors, if our experience w= ith other embedded system vendors is any clue. Certainly I was unimpressed= by ALU's software engineering practices when I was at Bell Labs. The owne= rship structure of Huawei is "interesting", to say the least. > > My solution is more radical: all the vendors should be held to much highe= r standards, including reproducible builds (something that the UK governmen= t has been trying to get them to do for years, and failed). > > - Jim > > > On Thu, Mar 28, 2019 at 2:32 PM David P. Reed wrote= : >> >> Look, the existence of security flaws in software isn't news. Real news = would be if there were systems discovered to have no flaws at all... >> >> >> >> So what does this article really say? >> >> >> >> It says that Britain and the US intelligence officials are now going aft= er Huawei in a new way, because the idea that Huawei just steals intellectu= al property no longer flies - they actually have great technology that the = non-Chinese never had. >> >> >> >> And there is a massive Trade War currently aimed between Trump and China= . >> >> >> >> And recently, the UK, including GCHQ, said it was NOT going to stop plan= s to deploy Huawei telecom gear, because it saw no particular flaws worth w= orrying about if UK operators wanted to use Huawei "5G" gear because it was= better and cheaper. >> >> >> >> You can see, of course, that the US diplomatic efforts under Pompeo migh= t go into high gear to get some kind of supportive public response from som= ewhere in the UK, even if the UK government itself wasn't going to support = the US. >> >> >> >> Hence, the PR guys figured out how to get a story into the NYTimes and o= ther papers that appears to contradict the UK decision. >> >> >> >> This is how the game is played. >> >> >> >> This is how Trade Wars are conducted (we haven't seen them for decades, = so we aren't used to them, but we had the big fearmongering about Japan bac= k in the '80's that was similar, and the Japanese "lead" with its "Fifth Ge= neration Computing" effort required major tax dollars to protect the US fro= m becoming a third world country) >> >> >> >> Humans don't think. They react emotionally, and tribally. >> >> >> >> -----Original Message----- >> From: "Dave Taht" >> Sent: Thursday, March 28, 2019 2:16pm >> To: "David P. Reed" >> Cc: "cerowrt-devel" , "bloat" >> Subject: Re: [Cerowrt-devel] plenty of huawei in the news today >> >> Well, it's a widely placed story in every newspaper. >> >> On Thu, Mar 28, 2019 at 11:16 AM David P. Reed wro= te: >> > >> > The NYTimes has become a mouthpiece for those who want to see China as= the new evil empire. Recent pieces by David Sanger have hyped the idea tha= t the US has a "5G Gap" and that China (Huawei) will threaten to conquer th= e world with 5G superiority, so we should be vigilantly opposing Huawei. >> > >> > >> > >> > Worth noting that Cisco, ALU, ... are not any better than Huawei appea= rs to be in these matters. But they aren't getting headlines in the NYTimes= . >> > >> > >> > >> > Remember, Judith Miller wrote NYTimes headlines based on "leaks from s= enior intelligence officials" that Saddam Hussein was on the verge of deplo= ying dirty bombs, nuclear missiles and biowarfare agents. >> > >> > >> > >> > Recently, Bloomberg got scammed by "leaks from senior intelligence off= icials" that Supermicro (Chinese) had built and sold server motherboards th= at had special chips soldered into them that didn't belong there [the stori= es were completely debunked by the companies supposedly targeted]. >> > >> > >> > >> > Personally, I think the cynical fearmongering here does the legitimate= security engineering community no good at all. It's just more "wag the dog= " psyops, designed to let all the pseudo-security-experts take over the sto= ry and get their 15 minutes in the headlines. >> > >> > >> > >> > The Qualcomms and Ciscos of the US are happy to get the USG to help sc= are countries off of Chinese brandnames. But the open secret is that Qualco= mm and Cisco's systems are designed and made in China, too. There's no US m= anufacturing of switches, and precious few entirely American hardware desig= n centers, either. >> > >> > >> > >> > So be a little skeptical. Check the story behind the story. Don't beli= eve stories based on "intelligence agency" leaks. >> > >> > >> > >> > -----Original Message----- >> > From: "Dave Taht" >> > Sent: Thursday, March 28, 2019 1:55pm >> > To: "cerowrt-devel" , "bloat" >> > Subject: [Cerowrt-devel] plenty of huawei in the news today >> > >> > https://www.nytimes.com/2019/03/28/technology/huawei-security-british-= report.html >> > >> > -- >> > >> > Dave T=C3=A4ht >> > CTO, TekLibre, LLC >> > http://www.teklibre.com >> > Tel: 1-831-205-9740 >> > _______________________________________________ >> > Cerowrt-devel mailing list >> > Cerowrt-devel@lists.bufferbloat.net >> > https://lists.bufferbloat.net/listinfo/cerowrt-devel >> >> >> >> -- >> >> Dave T=C3=A4ht >> CTO, TekLibre, LLC >> http://www.teklibre.com >> Tel: 1-831-205-9740 >> >> _______________________________________________ >> Bloat mailing list >> Bloat@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/bloat --=20 Dave T=C3=A4ht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740