[Cerowrt-devel] [Bloat] plenty of huawei in the news today

Jim Gettys jg at freedesktop.org
Thu Mar 28 14:44:28 EDT 2019


It's worth looking at the UK government oversight report:

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf

Not clear that Huawei is worse than other 5g vendors, if our experience
with other embedded system vendors is any clue.  Certainly I was
unimpressed by ALU's software engineering practices when I was at Bell
Labs.  The ownership structure of Huawei is "interesting", to say the least.

My solution is more radical: all the vendors should be held to much higher
standards, including reproducible builds (something that the UK government
has been trying to get them to do for years, and failed).

- Jim


On Thu, Mar 28, 2019 at 2:32 PM David P. Reed <dpreed at deepplum.com> wrote:

> Look, the existence of security flaws in software isn't news. Real news
> would be if there were systems discovered to have no flaws at all...
>
>
>
> So what does this article really say?
>
>
>
> It says that Britain and the US intelligence officials are now going after
> Huawei in a new way, because the idea that Huawei just steals intellectual
> property no longer flies - they actually have great technology that the
> non-Chinese never had.
>
>
>
> And there is a massive Trade War currently aimed between Trump and China.
>
>
>
> And recently, the UK, including GCHQ, said it was NOT going to stop plans
> to deploy Huawei telecom gear, because it saw no particular flaws worth
> worrying about if UK operators wanted to use Huawei "5G" gear because it
> was better and cheaper.
>
>
>
> You can see, of course, that the US diplomatic efforts under Pompeo might
> go into high gear to get some kind of supportive public response from
> somewhere in the UK, even if the UK government itself wasn't going to
> support the US.
>
>
>
> Hence, the PR guys figured out how to get a story into the NYTimes and
> other papers that appears to contradict the UK decision.
>
>
>
> This is how the game is played.
>
>
>
> This is how Trade Wars are conducted (we haven't seen them for decades, so
> we aren't used to them, but we had the big fearmongering about Japan back
> in the '80's that was similar, and the Japanese "lead" with its "Fifth
> Generation Computing" effort required major tax dollars to protect the US
> from becoming a third world country)
>
>
>
> Humans don't think. They react emotionally, and tribally.
>
>
>
> -----Original Message-----
> From: "Dave Taht" <dave.taht at gmail.com>
> Sent: Thursday, March 28, 2019 2:16pm
> To: "David P. Reed" <dpreed at deepplum.com>
> Cc: "cerowrt-devel" <cerowrt-devel at lists.bufferbloat.net>, "bloat" <
> bloat at lists.bufferbloat.net>
> Subject: Re: [Cerowrt-devel] plenty of huawei in the news today
>
> Well, it's a widely placed story in every newspaper.
>
> On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <dpreed at deepplum.com>
> wrote:
> >
> > The NYTimes has become a mouthpiece for those who want to see China as
> the new evil empire. Recent pieces by David Sanger have hyped the idea that
> the US has a "5G Gap" and that China (Huawei) will threaten to conquer the
> world with 5G superiority, so we should be vigilantly opposing Huawei.
> >
> >
> >
> > Worth noting that Cisco, ALU, ... are not any better than Huawei appears
> to be in these matters. But they aren't getting headlines in the NYTimes.
> >
> >
> >
> > Remember, Judith Miller wrote NYTimes headlines based on "leaks from
> senior intelligence officials" that Saddam Hussein was on the verge of
> deploying dirty bombs, nuclear missiles and biowarfare agents.
> >
> >
> >
> > Recently, Bloomberg got scammed by "leaks from senior intelligence
> officials" that Supermicro (Chinese) had built and sold server motherboards
> that had special chips soldered into them that didn't belong there [the
> stories were completely debunked by the companies supposedly targeted].
> >
> >
> >
> > Personally, I think the cynical fearmongering here does the legitimate
> security engineering community no good at all. It's just more "wag the dog"
> psyops, designed to let all the pseudo-security-experts take over the story
> and get their 15 minutes in the headlines.
> >
> >
> >
> > The Qualcomms and Ciscos of the US are happy to get the USG to help
> scare countries off of Chinese brandnames. But the open secret is that
> Qualcomm and Cisco's systems are designed and made in China, too. There's
> no US manufacturing of switches, and precious few entirely American
> hardware design centers, either.
> >
> >
> >
> > So be a little skeptical. Check the story behind the story. Don't
> believe stories based on "intelligence agency" leaks.
> >
> >
> >
> > -----Original Message-----
> > From: "Dave Taht" <dave.taht at gmail.com>
> > Sent: Thursday, March 28, 2019 1:55pm
> > To: "cerowrt-devel" <cerowrt-devel at lists.bufferbloat.net>, "bloat" <
> bloat at lists.bufferbloat.net>
> > Subject: [Cerowrt-devel] plenty of huawei in the news today
> >
> >
> https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html
> >
> > --
> >
> > Dave Täht
> > CTO, TekLibre, LLC
> > http://www.teklibre.com
> > Tel: 1-831-205-9740
> > _______________________________________________
> > Cerowrt-devel mailing list
> > Cerowrt-devel at lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
>
>
> --
>
> Dave Täht
> CTO, TekLibre, LLC
> http://www.teklibre.com
> Tel: 1-831-205-9740
> _______________________________________________
> Bloat mailing list
> Bloat at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/bloat
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20190328/fd345f62/attachment.html>


More information about the Cerowrt-devel mailing list