From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 41F7D3CB35; Thu, 16 May 2019 05:58:40 -0400 (EDT) Received: by mail-io1-xd2f.google.com with SMTP id g84so2111783ioa.1; Thu, 16 May 2019 02:58:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=Br2o4VW33o18Cc+l89X/uKJIgR7qOnO+5pdRovet8MY=; b=cIGn6ddnpyVGlqvgXJ37/WgZx6qwi9jpWuraeBIOFCjjYyZT8ip2YQGVMvdKZy7BNC sb2vNiLKL7+4tEtiIfQs5P6oBaLdJlrBmeSG/fXZNOLgFyCt7/qvqKwPe8tNyEjZBisL MEynKgDbFBk4P1jzmfJepT7+3fm64fs5+gD+vVpwtRXNSRRU98QeSBlyrFZcxM8IkRr4 tH1QQLPqowb69KMCoupVMF29/0DcY8pOpfeZvCG5AzV89vAwt0T/WvzvDw+UQFz6If7I V76JW2xBYcT9Iint9avKPsmLNbHEUF493HZ+PnCPUPBnA0GmAnaf7qw0CqAVFcHuvs4w 7o6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-transfer-encoding; bh=Br2o4VW33o18Cc+l89X/uKJIgR7qOnO+5pdRovet8MY=; b=kE85jwslxAaYCIqmKWk3V9brG5Uc20K2yGGUG+56z6Nn9q6daVCT9BzKz8GWsT5Nwr L7CydsHuPYfOKzowuG6VSMC9NL7zl0iQ1a1pUluWEp6/8GyNZrKvJUPLa+lJvMYqc/cy v8vjWO+wgjA3ng+BhXBi8dlhQUu5hK1n0ep4jm5NkgNDtXiDFVbM7U48e3CrZg8nVYLd YHgEuWsKdwP4gTOU7moESapnEFp9QIy3DQf1oo8mC9hF121JraznT1RMmpuWFdCShCeT KT38CewPTDCrNsE+KmAmlAI0DmyoWZsn85t5G9ThS8Tkw1s9L4wspUkzwbwOwV0gZzhh jH5Q== X-Gm-Message-State: APjAAAVzGWA2wOH/n6edSe5cumJUt7nLdrx+rKVNTJi9t2BSGXdpSPgM VnBMn8HxgPDLDco1I4/jQ4qBw4m86TEw4Do+KFJdbyqxBUC+3g== X-Google-Smtp-Source: APXvYqwSztVefNtgN8YpxconAPMTL1UYgwDMQo0pYKDV7W5WbDCM3n8N5lNal8ZbvMDHORk2A4AQEfRUaP/m4dj49Nc= X-Received: by 2002:a6b:6d06:: with SMTP id a6mr4711644iod.11.1558000719444; Thu, 16 May 2019 02:58:39 -0700 (PDT) MIME-Version: 1.0 From: Dave Taht Date: Thu, 16 May 2019 11:58:28 +0200 Message-ID: To: bloat , cerowrt-devel , Make-Wifi-fast Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: [Cerowrt-devel] Huawei banned by US gov... X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 May 2019 09:58:40 -0000 And we labor on... https://tech.slashdot.org/story/19/05/15/2136242/trump-signs-executive-orde= r-barring-us-companies-from-using-huawei-gear To me, the only long term way to even start to get out of this nightmare (as we cannot trust anyone else's gear either, and we have other reminders of corruption like the volkswagon scandal) is to mandate the release of source code, with reproducible builds[1], for just about everything connected to the internet or used in safety critical applications, like cars. Even that's not good enough, but it would be a start. Even back when we took on the FCC on this issue, ( http://www.taht.net/~d/fcc_saner_software_practices.pdf ) I never imagined it would get this bad. 'round here we did produce one really trustable router in the cerowrt project, which was 100% open source top to bottom, which serves as an existence proof - and certainly any piece of gear reflashed with openwrt is vastly better and more secure than what we get from the manufacturer - but even then, I always worried that my build infrastructure for cerowrt was or could be compromised and took as many steps as I could to make sure it wasn't - cross checking builds, attacking it with various attack tools, etc. Friends don't let friends run factory firmware, we used to say. Being able to build from sources yourself is a huge improvement in potential trustability - (but even then the famous paper on reflections on trusting trust applies). And so far, neither the open source or reproducable builds concepts have entered the public debate. Every piece of hardware nowadays is rife with binary blobs and there are all sorts of insecurities in all the core cpus and co-processors designed today. And it isn't of course, just security in huawei's case - intel just exited the business - they are way ahead of the US firms in general in so many areas. I have no idea where networked computing can go anymore, particularly in the light of the latest MDS vulns revealed over the past few days ( https://lwn.net/Articles/788522/ ). I long ago turned off hyperthreading on everything I cared about, moved my most critical resources out of the cloud, but I doubt others can do that. I know people that run a vm inside a vm. I keep hoping someone will invest something major into the mill computing's cpu architecture - which does no speculation and has some really robust memory and stack smashing protection features ( http://millcomputing.com/wiki/Protection ), and certainly there's hope that risc-v chips could be built with a higher layer of trust than any arm or intel cpu today (but needs substancial investment into open on-chip peripherals) This really isn't a bloat list thing, but the slashdot discussion is toxic. Is there a mailing list where these sorts of issues can be rationally discussed? Maybe if intel just released all their 5G IP into the public domain? /me goes back to bed [1] https://en.wikipedia.org/wiki/Reproducible_builds --=20 Dave T=C3=A4ht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740