I share the reproducable builds thing - but for all vendors, including cisco and openwrt.
Trust but verify. On Thu, Mar 28, 2019 at 11:44 AM Jim Gettys <j...@freedesktop.org> wrote: > > It's worth looking at the UK government oversight report: > > https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf > > Not clear that Huawei is worse than other 5g vendors, if our experience with > other embedded system vendors is any clue. Certainly I was unimpressed by > ALU's software engineering practices when I was at Bell Labs. The ownership > structure of Huawei is "interesting", to say the least. > > My solution is more radical: all the vendors should be held to much higher > standards, including reproducible builds (something that the UK government > has been trying to get them to do for years, and failed). > > - Jim > > > On Thu, Mar 28, 2019 at 2:32 PM David P. Reed <dpr...@deepplum.com> wrote: >> >> Look, the existence of security flaws in software isn't news. Real news >> would be if there were systems discovered to have no flaws at all... >> >> >> >> So what does this article really say? >> >> >> >> It says that Britain and the US intelligence officials are now going after >> Huawei in a new way, because the idea that Huawei just steals intellectual >> property no longer flies - they actually have great technology that the >> non-Chinese never had. >> >> >> >> And there is a massive Trade War currently aimed between Trump and China. >> >> >> >> And recently, the UK, including GCHQ, said it was NOT going to stop plans to >> deploy Huawei telecom gear, because it saw no particular flaws worth >> worrying about if UK operators wanted to use Huawei "5G" gear because it was >> better and cheaper. >> >> >> >> You can see, of course, that the US diplomatic efforts under Pompeo might go >> into high gear to get some kind of supportive public response from somewhere >> in the UK, even if the UK government itself wasn't going to support the US. >> >> >> >> Hence, the PR guys figured out how to get a story into the NYTimes and other >> papers that appears to contradict the UK decision. >> >> >> >> This is how the game is played. >> >> >> >> This is how Trade Wars are conducted (we haven't seen them for decades, so >> we aren't used to them, but we had the big fearmongering about Japan back in >> the '80's that was similar, and the Japanese "lead" with its "Fifth >> Generation Computing" effort required major tax dollars to protect the US >> from becoming a third world country) >> >> >> >> Humans don't think. They react emotionally, and tribally. >> >> >> >> -----Original Message----- >> From: "Dave Taht" <dave.t...@gmail.com> >> Sent: Thursday, March 28, 2019 2:16pm >> To: "David P. Reed" <dpr...@deepplum.com> >> Cc: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" >> <bl...@lists.bufferbloat.net> >> Subject: Re: [Cerowrt-devel] plenty of huawei in the news today >> >> Well, it's a widely placed story in every newspaper. >> >> On Thu, Mar 28, 2019 at 11:16 AM David P. Reed <dpr...@deepplum.com> wrote: >> > >> > The NYTimes has become a mouthpiece for those who want to see China as the >> > new evil empire. Recent pieces by David Sanger have hyped the idea that >> > the US has a "5G Gap" and that China (Huawei) will threaten to conquer the >> > world with 5G superiority, so we should be vigilantly opposing Huawei. >> > >> > >> > >> > Worth noting that Cisco, ALU, ... are not any better than Huawei appears >> > to be in these matters. But they aren't getting headlines in the NYTimes. >> > >> > >> > >> > Remember, Judith Miller wrote NYTimes headlines based on "leaks from >> > senior intelligence officials" that Saddam Hussein was on the verge of >> > deploying dirty bombs, nuclear missiles and biowarfare agents. >> > >> > >> > >> > Recently, Bloomberg got scammed by "leaks from senior intelligence >> > officials" that Supermicro (Chinese) had built and sold server >> > motherboards that had special chips soldered into them that didn't belong >> > there [the stories were completely debunked by the companies supposedly >> > targeted]. >> > >> > >> > >> > Personally, I think the cynical fearmongering here does the legitimate >> > security engineering community no good at all. It's just more "wag the >> > dog" psyops, designed to let all the pseudo-security-experts take over the >> > story and get their 15 minutes in the headlines. >> > >> > >> > >> > The Qualcomms and Ciscos of the US are happy to get the USG to help scare >> > countries off of Chinese brandnames. But the open secret is that Qualcomm >> > and Cisco's systems are designed and made in China, too. There's no US >> > manufacturing of switches, and precious few entirely American hardware >> > design centers, either. >> > >> > >> > >> > So be a little skeptical. Check the story behind the story. Don't believe >> > stories based on "intelligence agency" leaks. >> > >> > >> > >> > -----Original Message----- >> > From: "Dave Taht" <dave.t...@gmail.com> >> > Sent: Thursday, March 28, 2019 1:55pm >> > To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>, "bloat" >> > <bl...@lists.bufferbloat.net> >> > Subject: [Cerowrt-devel] plenty of huawei in the news today >> > >> > https://www.nytimes.com/2019/03/28/technology/huawei-security-british-report.html >> > >> > -- >> > >> > Dave Täht >> > CTO, TekLibre, LLC >> > http://www.teklibre.com >> > Tel: 1-831-205-9740 >> > _______________________________________________ >> > Cerowrt-devel mailing list >> > Cerowrt-devel@lists.bufferbloat.net >> > https://lists.bufferbloat.net/listinfo/cerowrt-devel >> >> >> >> -- >> >> Dave Täht >> CTO, TekLibre, LLC >> http://www.teklibre.com >> Tel: 1-831-205-9740 >> >> _______________________________________________ >> Bloat mailing list >> bl...@lists.bufferbloat.net >> https://lists.bufferbloat.net/listinfo/bloat -- Dave Täht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740 _______________________________________________ Cerowrt-devel mailing list Cerowrt-devel@lists.bufferbloat.net https://lists.bufferbloat.net/listinfo/cerowrt-devel
