[Bloat] [Cerowrt-devel] plenty of huawei in the news today
Dave Taht
dave.taht at gmail.com
Thu Mar 28 14:47:48 EDT 2019
I share the reproducable builds thing - but for all vendors, including
cisco and openwrt.
Trust but verify.
On Thu, Mar 28, 2019 at 11:44 AM Jim Gettys <jg at freedesktop.org> wrote:
>
> It's worth looking at the UK government oversight report:
>
> https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf
>
> Not clear that Huawei is worse than other 5g vendors, if our experience with other embedded system vendors is any clue. Certainly I was unimpressed by ALU's software engineering practices when I was at Bell Labs. The ownership structure of Huawei is "interesting", to say the least.
>
> My solution is more radical: all the vendors should be held to much higher standards, including reproducible builds (something that the UK government has been trying to get them to do for years, and failed).
>
> - Jim
>
>
> On Thu, Mar 28, 2019 at 2:32 PM David P. Reed <dpreed at deepplum.com> wrote:
>>
>> Look, the existence of security flaws in software isn't news. Real news would be if there were systems discovered to have no flaws at all...
>>
>>
>>
>> So what does this article really say?
>>
>>
>>
>> It says that Britain and the US intelligence officials are now going after Huawei in a new way, because the idea that Huawei just steals intellectual property no longer flies - they actually have great technology that the non-Chinese never had.
>>
>>
>>
>> And there is a massive Trade War currently aimed between Trump and China.
>>
>>
>>
>> And recently, the UK, including GCHQ, said it was NOT going to stop plans to deploy Huawei telecom gear, because it saw no particular flaws worth worrying about if UK operators wanted to use Huawei "5G" gear because it was better and cheaper.
>>
>>
>>
>> You can see, of course, that the US diplomatic efforts under Pompeo might go into high gear to get some kind of supportive public response from somewhere in the UK, even if the UK government itself wasn't going to support the US.
>>
>>
>>
>> Hence, the PR guys figured out how to get a story into the NYTimes and other papers that appears to contradict the UK decision.
>>
>>
>>
>> This is how the game is played.
>>
>>
>>
>> This is how Trade Wars are conducted (we haven't seen them for decades, so we aren't used to them, but we had the big fearmongering about Japan back in the '80's that was similar, and the Japanese "lead" with its "Fifth Generation Computing" effort required major tax dollars to protect the US from becoming a third world country)
>>
>>
>>
>> Humans don't think. They react emotionally, and tribally.
>>
>>
>>
>> -----Original Message-----
>> From: "Dave Taht" <dave.taht at gmail.com>
>> Sent: Thursday, March 28, 2019 2:16pm
>> To: "David P. Reed" <dpreed at deepplum.com>
>> Cc: "cerowrt-devel" <cerowrt-devel at lists.bufferbloat.net>, "bloat" <bloat at lists.bufferbloat.net>
>> Subject: Re: [Cerowrt-devel] plenty of huawei in the news today
>>
>> Well, it's a widely placed story in every newspaper.
>>
>> On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <dpreed at deepplum.com> wrote:
>> >
>> > The NYTimes has become a mouthpiece for those who want to see China as the new evil empire. Recent pieces by David Sanger have hyped the idea that the US has a "5G Gap" and that China (Huawei) will threaten to conquer the world with 5G superiority, so we should be vigilantly opposing Huawei.
>> >
>> >
>> >
>> > Worth noting that Cisco, ALU, ... are not any better than Huawei appears to be in these matters. But they aren't getting headlines in the NYTimes.
>> >
>> >
>> >
>> > Remember, Judith Miller wrote NYTimes headlines based on "leaks from senior intelligence officials" that Saddam Hussein was on the verge of deploying dirty bombs, nuclear missiles and biowarfare agents.
>> >
>> >
>> >
>> > Recently, Bloomberg got scammed by "leaks from senior intelligence officials" that Supermicro (Chinese) had built and sold server motherboards that had special chips soldered into them that didn't belong there [the stories were completely debunked by the companies supposedly targeted].
>> >
>> >
>> >
>> > Personally, I think the cynical fearmongering here does the legitimate security engineering community no good at all. It's just more "wag the dog" psyops, designed to let all the pseudo-security-experts take over the story and get their 15 minutes in the headlines.
>> >
>> >
>> >
>> > The Qualcomms and Ciscos of the US are happy to get the USG to help scare countries off of Chinese brandnames. But the open secret is that Qualcomm and Cisco's systems are designed and made in China, too. There's no US manufacturing of switches, and precious few entirely American hardware design centers, either.
>> >
>> >
>> >
>> > So be a little skeptical. Check the story behind the story. Don't believe stories based on "intelligence agency" leaks.
>> >
>> >
>> >
>> > -----Original Message-----
>> > From: "Dave Taht" <dave.taht at gmail.com>
>> > Sent: Thursday, March 28, 2019 1:55pm
>> > To: "cerowrt-devel" <cerowrt-devel at lists.bufferbloat.net>, "bloat" <bloat at lists.bufferbloat.net>
>> > Subject: [Cerowrt-devel] plenty of huawei in the news today
>> >
>> > https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html
>> >
>> > --
>> >
>> > Dave Täht
>> > CTO, TekLibre, LLC
>> > http://www.teklibre.com
>> > Tel: 1-831-205-9740
>> > _______________________________________________
>> > Cerowrt-devel mailing list
>> > Cerowrt-devel at lists.bufferbloat.net
>> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>>
>>
>>
>> --
>>
>> Dave Täht
>> CTO, TekLibre, LLC
>> http://www.teklibre.com
>> Tel: 1-831-205-9740
>>
>> _______________________________________________
>> Bloat mailing list
>> Bloat at lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/bloat
--
Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740
More information about the Bloat
mailing list