From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-qk1-f175.google.com (mail-qk1-f175.google.com [209.85.222.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 18F733B2A4; Thu, 28 Mar 2019 14:44:45 -0400 (EDT) Received: by mail-qk1-f175.google.com with SMTP id k189so12822880qkc.0; Thu, 28 Mar 2019 11:44:45 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Rgyhc58sJsGaMESQ+oef3sdRvNA3mWHDNfBdk1LsBjw=; b=oz65HoLJkJz2p5AXXyMRaWHP6gkz6VzrSfWrlxwy09oMu0QI1IBtuv3iUQuZx1MXr8 nciHfoVBC1q79JAiJQgxXkcVLJV3zY3NQ3FlBZzo5lFsqv7T+3aNxXRn1X/u4mDzgc3F iYVaktmMVkzBn5mVsPYGdKp0CemSPC9A4fAL+4WmZYndDET3vtbKc59igGakqF2Cu4ge ymQo3SS3eq0jwl70XyU6Ath7c4fG0E2dPidgin0P4PZPScOBTr3zZ+a37tKXV3SXGlSg 3SU6FhGdwR1uN6NKtuBaZRcxtSQWJZRwz4zK7LtYyiomYSaqyVrYU1CBy/mMB/ktYP9I HHtw== X-Gm-Message-State: APjAAAWUS7miy6SNIMwiR8w37CpveYl7tmazwddkPggPARLYQnX1xrBD hV+NWclz5TAGIx4mF0lBmyMwOKK2mE+9I2HgkvI= X-Google-Smtp-Source: APXvYqzxK+FeGjUkB0+KuYdigqXBB5loxjex/akMaXNXCCk3RiLadBusXWkmq0oCg1DZuHl9QsA92dSTQDi0Zazc4v4= X-Received: by 2002:a05:620a:108f:: with SMTP id g15mr34444040qkk.61.1553798684514; Thu, 28 Mar 2019 11:44:44 -0700 (PDT) MIME-Version: 1.0 References: <1553796961.229623922@apps.rackspace.com> <1553797924.63225811@apps.rackspace.com> In-Reply-To: <1553797924.63225811@apps.rackspace.com> From: Jim Gettys Date: Thu, 28 Mar 2019 14:44:28 -0400 Message-ID: To: "David P. Reed" Cc: Dave Taht , cerowrt-devel , bloat Content-Type: multipart/alternative; boundary="000000000000a49f1505852bf21f" Subject: Re: [Cerowrt-devel] [Bloat] plenty of huawei in the news today X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Mar 2019 18:44:45 -0000 --000000000000a49f1505852bf21f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable It's worth looking at the UK government oversight report: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/= attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf Not clear that Huawei is worse than other 5g vendors, if our experience with other embedded system vendors is any clue. Certainly I was unimpressed by ALU's software engineering practices when I was at Bell Labs. The ownership structure of Huawei is "interesting", to say the least= . My solution is more radical: all the vendors should be held to much higher standards, including reproducible builds (something that the UK government has been trying to get them to do for years, and failed). - Jim On Thu, Mar 28, 2019 at 2:32 PM David P. Reed wrote: > Look, the existence of security flaws in software isn't news. Real news > would be if there were systems discovered to have no flaws at all... > > > > So what does this article really say? > > > > It says that Britain and the US intelligence officials are now going afte= r > Huawei in a new way, because the idea that Huawei just steals intellectua= l > property no longer flies - they actually have great technology that the > non-Chinese never had. > > > > And there is a massive Trade War currently aimed between Trump and China. > > > > And recently, the UK, including GCHQ, said it was NOT going to stop plans > to deploy Huawei telecom gear, because it saw no particular flaws worth > worrying about if UK operators wanted to use Huawei "5G" gear because it > was better and cheaper. > > > > You can see, of course, that the US diplomatic efforts under Pompeo might > go into high gear to get some kind of supportive public response from > somewhere in the UK, even if the UK government itself wasn't going to > support the US. > > > > Hence, the PR guys figured out how to get a story into the NYTimes and > other papers that appears to contradict the UK decision. > > > > This is how the game is played. > > > > This is how Trade Wars are conducted (we haven't seen them for decades, s= o > we aren't used to them, but we had the big fearmongering about Japan back > in the '80's that was similar, and the Japanese "lead" with its "Fifth > Generation Computing" effort required major tax dollars to protect the US > from becoming a third world country) > > > > Humans don't think. They react emotionally, and tribally. > > > > -----Original Message----- > From: "Dave Taht" > Sent: Thursday, March 28, 2019 2:16pm > To: "David P. Reed" > Cc: "cerowrt-devel" , "bloat" < > bloat@lists.bufferbloat.net> > Subject: Re: [Cerowrt-devel] plenty of huawei in the news today > > Well, it's a widely placed story in every newspaper. > > On Thu, Mar 28, 2019 at 11:16 AM David P. Reed > wrote: > > > > The NYTimes has become a mouthpiece for those who want to see China as > the new evil empire. Recent pieces by David Sanger have hyped the idea th= at > the US has a "5G Gap" and that China (Huawei) will threaten to conquer th= e > world with 5G superiority, so we should be vigilantly opposing Huawei. > > > > > > > > Worth noting that Cisco, ALU, ... are not any better than Huawei appear= s > to be in these matters. But they aren't getting headlines in the NYTimes. > > > > > > > > Remember, Judith Miller wrote NYTimes headlines based on "leaks from > senior intelligence officials" that Saddam Hussein was on the verge of > deploying dirty bombs, nuclear missiles and biowarfare agents. > > > > > > > > Recently, Bloomberg got scammed by "leaks from senior intelligence > officials" that Supermicro (Chinese) had built and sold server motherboar= ds > that had special chips soldered into them that didn't belong there [the > stories were completely debunked by the companies supposedly targeted]. > > > > > > > > Personally, I think the cynical fearmongering here does the legitimate > security engineering community no good at all. It's just more "wag the do= g" > psyops, designed to let all the pseudo-security-experts take over the sto= ry > and get their 15 minutes in the headlines. > > > > > > > > The Qualcomms and Ciscos of the US are happy to get the USG to help > scare countries off of Chinese brandnames. But the open secret is that > Qualcomm and Cisco's systems are designed and made in China, too. There's > no US manufacturing of switches, and precious few entirely American > hardware design centers, either. > > > > > > > > So be a little skeptical. Check the story behind the story. Don't > believe stories based on "intelligence agency" leaks. > > > > > > > > -----Original Message----- > > From: "Dave Taht" > > Sent: Thursday, March 28, 2019 1:55pm > > To: "cerowrt-devel" , "bloat" < > bloat@lists.bufferbloat.net> > > Subject: [Cerowrt-devel] plenty of huawei in the news today > > > > > https://www.nytimes.com/2019/03/28/technology/huawei-security-british-rep= ort.html > > > > -- > > > > Dave T=C3=A4ht > > CTO, TekLibre, LLC > > http://www.teklibre.com > > Tel: 1-831-205-9740 > > _______________________________________________ > > Cerowrt-devel mailing list > > Cerowrt-devel@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > > > -- > > Dave T=C3=A4ht > CTO, TekLibre, LLC > http://www.teklibre.com > Tel: 1-831-205-9740 > _______________________________________________ > Bloat mailing list > Bloat@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/bloat > --000000000000a49f1505852bf21f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Not clear that Huawei is worse th= an other 5g vendors, if our experience with other embedded system vendors i= s any clue.=C2=A0 Certainly I was unimpressed by ALU's software enginee= ring practices when I was at Bell Labs.=C2=A0 The ownership structure of Hu= awei is "interesting", to say the least.

My solution is more radical: all the vendors shou= ld be held to much higher standards, including reproducible builds (somethi= ng that the UK government has been trying to get them to do for years, and = failed).

- Jim


On Thu, Mar 28,= 2019 at 2:32 PM David P. Reed <d= preed@deepplum.com> wrote:

Look, the existence of security= flaws in software isn't news. Real news would be if there were systems= discovered to have no flaws at all...

=C2=A0=

So wha= t does this article really say?=C2=A0

=C2=A0=

It say= s that Britain and the US intelligence officials are now going after Huawei= in a new way, because the idea that Huawei just steals intellectual proper= ty no longer flies - they actually have great technology that the non-Chine= se never had.

=C2=A0=

And th= ere is a massive Trade War currently aimed between Trump and China.

=C2=A0=

And re= cently, the UK, including GCHQ, said it was NOT going to stop plans to depl= oy Huawei telecom gear, because it saw no particular flaws worth worrying a= bout if UK operators wanted to use Huawei "5G" gear because it wa= s better and cheaper.

=C2=A0=

You ca= n see, of course, that the US diplomatic efforts under Pompeo might go into= high gear to get some kind of supportive public response from somewhere in= the UK, even if the UK government itself wasn't going to support the U= S.

=C2=A0=

Hence,= the PR guys figured out how to get a story into the NYTimes and other pape= rs that appears to contradict the UK decision.=C2=A0

=C2=A0=

This i= s how the game is played.

=C2=A0=

This i= s how Trade Wars are conducted (we haven't seen them for decades, so we= aren't used to them, but we had the big fearmongering about Japan back= in the '80's that was similar, and the Japanese "lead" w= ith its "Fifth Generation Computing" effort required major tax do= llars to protect the US from becoming a third world country)

=C2=A0=

Humans= don't think. They react emotionally, and tribally.

=C2=A0=

-----O= riginal Message-----
From: "Dave Taht" <dave.taht@gmail.com>
Sent: = Thursday, March 28, 2019 2:16pm
To: "David P. Reed" <dpreed@deepplum.com&= gt;
Cc: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net<= /a>>, "bloat" <bloat@lists.bufferbloat.net>
Subject: Re: [C= erowrt-devel] plenty of huawei in the news today

Well, = it's a widely placed story in every newspaper.

On Thu, Mar 28, 2= 019 at 11:16 AM David P. Reed <dpreed@deepplum.com> wrote:
>
> The NYTi= mes has become a mouthpiece for those who want to see China as the new evil= empire. Recent pieces by David Sanger have hyped the idea that the US has = a "5G Gap" and that China (Huawei) will threaten to conquer the w= orld with 5G superiority, so we should be vigilantly opposing Huawei.
&g= t;
>
>
> Worth noting that Cisco, ALU, ... are not any be= tter than Huawei appears to be in these matters. But they aren't gettin= g headlines in the NYTimes.
>
>
>
> Remember, Judit= h Miller wrote NYTimes headlines based on "leaks from senior intellige= nce officials" that Saddam Hussein was on the verge of deploying dirty= bombs, nuclear missiles and biowarfare agents.
>
>
>
= > Recently, Bloomberg got scammed by "leaks from senior intelligenc= e officials" that Supermicro (Chinese) had built and sold server mothe= rboards that had special chips soldered into them that didn't belong th= ere [the stories were completely debunked by the companies supposedly targe= ted].
>
>
>
> Personally, I think the cynical fearm= ongering here does the legitimate security engineering community no good at= all. It's just more "wag the dog" psyops, designed to let al= l the pseudo-security-experts take over the story and get their 15 minutes = in the headlines.
>
>
>
> The Qualcomms and Ciscos = of the US are happy to get the USG to help scare countries off of Chinese b= randnames. But the open secret is that Qualcomm and Cisco's systems are= designed and made in China, too. There's no US manufacturing of switch= es, and precious few entirely American hardware design centers, either.
= >
>
>
> So be a little skeptical. Check the story behi= nd the story. Don't believe stories based on "intelligence agency&= quot; leaks.
>
>
>
> -----Original Message-----
= > From: "Dave Taht" <dave.taht@gmail.com>
> Sent: Thursday, Marc= h 28, 2019 1:55pm
> To: "cerowrt-devel" <cerowrt-devel@lis= ts.bufferbloat.net>, "bloat" <bloat@lists.bufferbloat.net>=
> Subject: [Cerowrt-devel] plenty of huawei in the news today
>= ;
> https://www.nytimes.com/2019= /03/28/technology/huawei-security-british-report.html
>
> -= -
>
> Dave T=C3=A4ht
> CTO, TekLibre, LLC
> http://www.teklibre.com<= br>> Tel: 1-831-205-9740
> _______________________________________= ________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.buffe= rbloat.net
> https://lists.bufferbloat.net/listinfo/cerow= rt-devel



--

Dave T=C3=A4ht
CTO, TekLibre, LLC=
http://www.teklib= re.com
Tel: 1-831-205-9740

_______________________________________________
Bloat mailing list
Bloat@list= s.bufferbloat.net
https://lists.bufferbloat.net/listinfo/bloat
--000000000000a49f1505852bf21f--