back to article Reds in the Routers is routine, not rare

Critics of a recent report by US lawmakers highlighting serious national security concerns with Huawei and ZTE have argued that their internal Communist Party committees, which are slammed in the report, are actually a feature of most foreign firms in China. The House of Representatives Intelligence Committee finally released …

COMMENTS

This topic is closed for new posts.
  1. jake Silver badge

    Some of us build our own routers ...

    ... using off-the-shelf parts and FOSS. It's not exactly rocket science.

    1. Christian Berger

      Re: Some of us build our own routers ...

      Unfortunately that won't work if you have multiple 10 Gigabit links to route.

      1. jake Silver badge

        Re: Some of us build our own routers ...

        The data center downstairs has dual redundant aging "beta-only" OC-96 connections ... it works for me. I maintain a couple of OC-768 connections between $telco and the companies involved. All run on over-the-counter hardware and BSD (Slackware for the human interface).

        I won't get into the major Usenet system I consult for ... That shit would probably make your hair curl.

        ::shrugs::

        1. Destroy All Monsters Silver badge
          Trollface

          Re: Some of us build our own routers ...

          > using off-the-shelf parts

          Sourced from China. Not that I take this latest US moral panic seriously.

          Upcoming: Wahabbis and Salafists in our oil, ZOMG! After this message...

        2. Anonymous Coward
          Anonymous Coward

          Re: Some of us build our own routers ...

          OC-96? that's fairly esoteric. what do they terminate on? And you route OC-768 on over-the-counter hardware?

          I call bullshit.

          1. jake Silver badge

            Re: Some of us build our own routers ...

            "OC-96? that's fairly esoteric."

            See where I typed "aging" and "beta-only"? Guess why.

            "what do they terminate on?"

            That's proprietary. See "beta" (actually, the six of 'em are more properly called pilot-build; they never officially entered Beta). It's a kludge built by Sun/IBM/3M/NET/cisco back in 1987. I have six of the ~40ish nodes built (four in use, two as spares). The fiber is provided to me by $telco because I wrote it into the contract nearly a quarter century ago when I was testing the new kit as an "outside observer" ... When the project was canceled, I purchased the nodes as "scrap" out of NET's MRB. Having friends in low places is handy sometimes.

            "And you route OC-768 on over-the-counter hardware?

            "I call bullshit."

            My counter is probably a lot higher than your counter. Keeps the smell down on my end. My point is that you don't need bespoke boxen, not even for high-end gear. You CAN build it in house, and in most cases (assuming the cognizant engineer has clues), it'll work a lot better FOR THAT COMPANY than generic kit.

            1. peyton?
              Paris Hilton

              Re: Some of us build our own routers ...

              Isn't the point of the hullabaloo about Chinese kit that it's not trustworthy? You don't have to do a lot of searching to find plenty of articles about techs backdooring their corp networks for the day they get fired and want revenge. How does DIY network gear alleviate the common goal of 'trustworthy' gear??

    2. Dare to Think
      IT Angle

      Not only routers, Hardware and Software, too.

      By all means. I've been arguing for years that we have a

      . higher ROI

      . complete security audit trail

      . complete system state and patch governance

      if companies build their hardware and at least the OS themselves. It's so easy to build together a high available, fully supported solution, which, over the course of 2 years with the salary of two system engineers included, costs LESS than the equivalent COTS solution with an expensive support and monitoring contracts, which still requires two system engineers. I've got the numbers, there are eye watering savings possible.

      This can include building the OS (our own Linux based distro), proxy, web and web application server, and database servers, SAN, network routers, PCI-DSS compliancy etc.

      Fair enough, there are limits, such as building an HSM, but overall, I don't understand why companies still today throw money at some established vendor for expensive support contracts with a bit of hardware and software attached.

      But don't take my word for it, look what one of the most successful companies on this planet do, they make sure they keep their wisdom in-house (e.g. Google).

      1. Anonymous Coward
        Anonymous Coward

        Re: Not only routers, Hardware and Software, too.

        "I don't understand why companies still today throw money at some established vendor for expensive support contracts with a bit of hardware and software attached."

        Redundancy - in both senses of the word. Who supports the in-house infrastructure when you get a new job (or get hit by a bus!)?

        1. cortland
          Coat

          Re: Not only routers, Hardware and Software, too.

          --- Redundancy - in both senses of the word. Who supports the in-house infrastructure when you get a new job (or get hit by a bus!)? ---

          That depends. Is your company run by accountants, or by engineers? If the first... no one. If the second, backup staffing and only THEN outside contractors.

          Keep your friends close, and your enemies closer.

          A. Quaker

          Coat, because that's what accountants call REDUNDANT.

        2. cortland
          Coat

          Re: Not only routers, Hardware and Software, too.

          --- Redundancy - in both senses of the word. Who supports the in-house infrastructure when you get a new job (or get hit by a bus!)? ---

          That depends. Is your company run by accountants, or by engineers? If the first... no one. If the second, backup staffing and only THEN outside contractors.

          Keep your friends close, and your enemies closer.

          -- A. Quaker

          Coat, because that's what accountants call REDUNDANT.

  2. El_Fev
    WTF?

    They yanks would be insane...

    To use chinese made equipement in the critical infrasture, Jesus wept quite literally insane!

    1. Anonymous Coward
      Anonymous Coward

      Re: They yanks would be insane...

      Is not most of the world's tech kit made in China now, including Cisco? And the the chips inside them?

      From a national security aspect the yanks have been sold down the line by the majority of US corporations who moved design and manufacture to China due to the lower costs and thus higher profits. Too late to worry about China having knowledge/access now.

      If it matters that much, why not insist on open source designs so it can all be independently verified. Open source != free, as I hope you know.

      1. Anonymous Coward
        Anonymous Coward

        @AC 09:02 - Re: They yanks would be insane...

        It's not the software that is free, it is you.

  3. Anonymous Coward
    Anonymous Coward

    If ever they were found out...

    ... to be spying with the kit, it would surely be the kiss of death to their international business.

    Surely a big commercial disincentive to try it on?

    1. Christian Berger

      Not really

      US equipment is known to have various back doors for decades. It's hard to say whether a particular security problem was intentional or an accident. That hasn't dented Cisco's sales yet.

    2. JohnG

      Re: If ever they were found out...

      Maybe they wouldn't use any manufactured vulnerability for spying but more like a self-destruct mechanism to be used once, in the sort of circumstances when one might soon be using WMD.

      1. Destroy All Monsters Silver badge
        Trollface

        Re: If ever they were found out...

        So the Chinese are crazy prepared, is that it?

  4. Christian Berger

    So how about...

    Making an education offensive. Make it affordable for people to study engineering, then you will have educated people in your own country which could design and build routers.

    1. Destroy All Monsters Silver badge
      Holmes

      Re: So how about...

      > Making an education offensive.

      Why do you want to have offensive education?

      > Make it affordable for people to study engineering.

      I don't think that the price tag of engineering curricula or the current skill set is much of a problem.

      It's just that stuff from <whatever far eastern company> can - at the present time - be had at a better price than if it was produced locally. Which of course is A-OK, because that means you don't need to shell out $$$ for your kit and can invest it in something else.

      It is of course true that this only happens because the US can print up money at will [or else promise tax revenues from the future] for continued infinite imports. This is not A-OK. Take that away and prices might very well balance at some time.

      Btw, an economic system does not allow you to "make it affordable" just like that. That's like demanding that the solution to your differential equation should have a certain shape. It doesn't work like that. Something has to give.

  5. JohnG

    Cisco and China

    "... most of its rivals including US flag-bearer Cisco have at least some part of their supply chain located in the People’s Republic and so should be subject to the same scrutiny by Washington."

    They have a point. I can't remember the last time I unboxed a piece of Cisco equipment that was not labelled "Made in China". It always seems ironic when Cisco make such a fuss about Export Administration Regulations, when downloading software updates for their Chinese manufactured kit.

    1. Anonymous Coward
      Happy

      Re: Cisco and China

      Its fine, they just make the workers wear blindfolds when assembling it all.

      1. Chicken Marengo

        Re: Re: Cisco and China

        >>Its fine, they just make the workers wear blindfolds when assembling it all.

        Judging by the quality of construction for some of the kit, I suspect they make them wear boxing gloves as well.

  6. Big_Ted
    Devil

    I wonder

    if the main complaint for the US is that they are not the ones with the spyware etc on the routers now and so can't spy on their own people as easily as they would like.......

  7. DutchP

    Right...

    "In essence, these Committees provide a shadow source of power and influence directing, even in subtle ways, the direction and movement of economic resources in China."

    And the US have none of those, naturally

  8. Anonymous Coward
    Anonymous Coward

    Obviously having shadowy figures controlling an organisation whose intent is to steer decisions in favour of the well-being of the general population is much worse than having shadowy figures controlling an organisation purely for their own benefit.

    The US sure knows how to ensure a fair and open market/society doesn't it?

  9. Anonymous Coward
    Anonymous Coward

    Rampant Hipocrisy

    Its ok for the US to have backdoors in systems, its ok for the Israeli's intelligence to be all over everything produced in Israel and to have active monitoring in various telco's infrastructure even if its not Israeli kit).

    But when China does it ohhhh nooo.

    Taken rationally and on the basis of the last say 30 years - which countries are most likely to act irrationally on a Global scale. Hint - it aint China.

    Anon - not that that will save me.

    1. Roger Jenkins

      Re: Rampant Hipocrisy

      If it's ok for US to have backdoors in systems and Chinese companies make the systems, why do the Chinese need to install backdoors? They are within the original design that China is making for the yanks. All the Chinese need do is use the backdoors that the yanks require in the Chinese made product.

  10. Anonymous Coward
    Anonymous Coward

    said it before, I'll say it again

    http://cm.bell-labs.com/who/ken/trust.html

    1. Anonymous Coward
      Anonymous Coward

      Re: said it before, I'll say it again

      Just re read it - see this little gem:

      <blockquote>Such blatant code would not go undetected for long. Even the most casual perusal of the source of the C compiler would raise suspicions.</blockquote>

      1. Anonymous Coward
        Anonymous Coward

        Re: said it before, I'll say it again

        and then "...We can now remove the bugs from the source of the compiler and the new binary will reinsert the bugs whenever it is compiled. Of course, the login command will remain bugged with no trace in source anywhere... The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code"

        1. jake Silver badge

          Bottom line. (was: Re: said it before, I'll say it again)

          If you can't follow the one's & zeros of the tool chain, you have no clue as to the security of the system.

  11. Mike Richards

    What a shame he's dead

    'Moreover, big name foreign tech firms such as IBM also have such committees in their China businesses, according to Tea Leaf Nation.'

    I'd love to see the reaction of fascist-loving IBM founder, Thomas J Watson, to the news that the company has communist committees.

  12. Anonymous Coward
    Anonymous Coward

    If we all could be quiet for a few moments

    we could clearly hear Vladimir Ilyich Lenin chuckling in his grave.

  13. Charlie van Becelaere
    Paris Hilton

    Sound and Fury

    There's plenty of it to go round.

    One example -

    http://iheardacouplethings.blogspot.com/2012/10/why-is-anyone-surprised.html

    Enjoy.

    (Paris, just because)

    1. Destroy All Monsters Silver badge
      Holmes

      Re: Sound and Fury

      The Internet is full of 'tards, no surprise here.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022