It's official: UK telcos legally obligated to remove Huawei kit The UK government has issued formal legal notices to teleco operators instructing them to remove Huawei technology from the country's 5G networks by the end of 2027, though some interim deadlines appear to have been tweaked after operators claimed they needed more time. This latest move follows the government's decision in …
I think 'normalcy' has to be the absolute worst that I have come across. If anyone actually uses it to my face, I think I will actually hit them!
I have no time whatsoever for the invention of new words where there is already a perfectly adequate word that does the same job.
>I'll go all-in on behaviours. Momentarily.
The best one I heard of this was on a US to Heathrow flight on which the captain announced, "We will be landing momentarily".
This icing on the cake was largely US passengers bursting into applause as though landing at all was a novelty.
I think maybe they need to look up what an oxymoron is and tone down their coffee intake.
Or you could use Bullshit generator and play them at their own game.
Unirregardless of whether irregardless is a word, the worstness of a word is difficult to quantify, depending as it does on the variationisms of language uttered by the speakist at the time. I.e. the most englishnessist of the English proseologists may scream at misuseisms of a word whereas GWBush, whilst willfully demonstrating more opportunisticisms, would probably be actively encourageist in the use of multiple other derivations.
Right: verb is "oblige", and as with many latinate verbs, is regular making the past tense "obliged", from which the noun "obligation" and adjective "obligatory" was derived. Unfortunately, it's not uncommon to see yanks derive verbs from the nouns. But this is precisely why these words feel wrong and even ignorant (well, sometimes it really is), even when we accept that all languages change over time and nothing is worse than trying to hold on to the form or meaning of the countless loan words in our languages. I believe there's even a magazine devoted to that.
"obligate" (to put under legal obligation) is also listed in the Oxford Dictionary, so it could be argued that "obligated" follows the rules; it isn't a word I'd focus on to highlight American corruptions of English.
However, I'd like to put forward the theory that many American spellings were introduced as a result of an ink shortage caused by their war of independence. The impact was lessened by leaving letters out of words (e.g. "color" instead of "colour", "aluminum" instead of aluminium" or "program" instead of "programme") or changing to letters requiring less ink (e.g. "tire" instead of "tyre").
> That doesn't mean the backdoors weren't there.
There is a legal requirement in most countries that large communication systems must be able to support legal interception (usually as an optional feature). Mayhaps the Huawei kit does not provide enough tap points for mass surveillance, which would be ironic on so many levels.
There's a difference between authorised and controlled backdoors and things hiding in the code with the same function but not controlled by the operator.
Now, can anyone point me at Cisco gear that has had the same level of evaluation? No?
Yeah, thought so. Predictable. Crypto AG, anyone? It's why we have a standing order that nothing travels on a wire unencrypted - no hard shell, soft centre for us.
This is about political risk not technical risk. When China was passive and left Huawei to get on with it, backdoors didn't matter so much. Now that China is cranking up its cyberwar and legally requiring backdoors, they do matter. Had Trump won his second term, the Five Eyes might well have had an identity crisis and Cisco joined Huawei on the Great British Naughty List.
I don't think that the software is anything as much of a risk as becoming dependent upon the supply chain. If all the networks roll out kit from the same supplier then, for whatever reason, all the networks are at risk if there is a problem with supply. Spying is easier done per device rather at the network level, but the networks are sensitive to disruption. But, as was demonstrated last week in Germany, causing network disruption is as easy as cutting a few cables. Or, as happened a couple of decades ago in Manchester (and possibly elswhere, this is just one incident I happen to know about), having some scrotes drop wheely bins on fire down access chutes. Good job the back lines were in the same access chutes…
"Crypto AG, anyone? It's why we have a standing order that nothing travels on a wire unencrypted "
So, you have a policy of encrypting everything because a crypto vendor sold kit that had been nobbled to make it easier for the cyphertext to be decrypted. That's nice. But how can you know if your crypto vendor isn't doing that too?
Nope. By using AMD chipsets instead of Intel we waste fewer cycles keeping firmware backdoors shut, which are now spent on software encryption that we can replace in a second because they're open source.
That's not to say they don't have their own problems at times (OpenSSL springs to mind), but at least there's a degree of independence in their evaluation. There is some debate about looking for open source HSMs but I have no idea how far they have gotten yet. Maybe we design our own or sponsor whatever project looks most promising.
Lookup "Greek watergate" where the authorised and controlled taps where not installed nor licensed but hacked and used to spy all of the entire Greek government including the military. All software that could possibly be used to report back that anything was happening were modified to show everything was normal.
A backdoor is a backdoor, and sometimes the operator is not in control of what they think they are when everything is software controlled and lies.
Correct. To verify just one set of firmware against supplied source code would be very time consuming, but possible, but you would need build info, complier settings etc. Updates a few a year for several different pieces of kit would be very difficult, if not impossible in terms of manpower. Iirc, Nokia also built 5G kit, so not just stuck with US built, and probably others as well. Well documented theft of IP, firmware and complete designs means some players are not playing by the rules and we should not be dealing with them...
some players are not playing by the rules and we should not be dealing with them
Ironically, the whole IP theft thing doesn't fly in this specific 5G case as it does not add up logically. What on Earth would the Chinese steal if they were years AHEAD with 5G as Huawei was universally acknowledged to be? It's almost as if the US wanted Huawei code to be inspected to it could be "borrowed" via their friends, i.e. doing exactly that what the then Trump government specialised in: projection of their crimes on others.
I'm not a fan of either, but I do absolutely hate being lied to and there was *way* too much BS flying around against hard facts. I need gear that does the job, not something that is rammed down my throat because it's politically supported because that kills innovation. And it has.
I mean GCHQ and MMB weren't able to find WMDs in Iraq either
That's because there weren't any, there was no credible evidence whatsoever. That's why WMD expert David Kelly "committed suicide", he refused to support that blatant lie they needed as an excuse to invade Iraq.
That invasion was a US ploy for an entirely different reason: the US was responsible for installing Saddam in the first place, but had not counted on him discovering that selling oil for Euros was far more profitable then dollars, and they could not afford that idea to spread in the Middle East. Hence the whole, well, marketing campaign eagerly supported by Tony Blair, it was a punitive action.
Worse, I see this whole game restarting in the nuclear industry with China, and it's going to get ugly. Again.
The Yanks didn't install Saddam. Like Syria, Iraq used almost entirely Soviet kit. In fact, the Yanks had be cosying up to Saddam in an attempt to weaken the Iranians. Then along came "the war on terror" and the Prince of Darkness' (Negroponte) paper "Rebuilding America's Defences" with the crank idea that buy invading Iraq, the Americans would be able to put more pressure on the main funders of international terrorism: Saudia Arabia.
Fast forward twenty years, and while the Yanks finally seem to have given up on that particular game, they haven't given up on the theory.
In many ways the most damning thing about GCHQ's analysis of Huawei kit over the years was the piss-poor standard of software coding and software process management. The cynic would argue they don't need to insert back door when many windows are hopelessly insecure!
But the flip side of that is it does not prove that other vendors are any better than Huawei in terms of security, as they have not has the same scrutiny. Given the number of high-profile CVE disclosures for big names like Cisco and Fortinet, we can form our own depressing conclusions...
Very true. I don't recall the NCSC releasing reports on Cisco or Juniper kit and there are plenty of CVE entries filling up the database there.
It seems that most of the bigger vendors prefer security by obscurity. It's a sad state of affairs but the kit most of us rely upon to police our networks could very well be full of holes having never been given the kind of scrutiny that has been afforded to Huawei kit,
IMO, the claims that Huawei are well ahead in technology are bullshit. It's PR lobbying for protectionism from companies that can't compete on price.
Huawei is however well ahead in the technologies that support the authoritarian and all-pervasive surveillance policies of XI Jingping's Chinese Communist Party.
>the claims that Huawei are well ahead in technology are bullshit.
I think they had about 60% of the patents needed to implement this technology. These would go into a pool for the standards, obviously, but it indicates they had a bit of a head start in shipping 5G kit, especially for base stations. (At the time Hwuawei became the Bad Guy it was reckoned they were at least two years ahead in shipping product.)
As we all know, legislators are far cheaper to buy than development engineers.
This weeks CISA Vulnerability Bulletin has 16 seperate vulnerabilities in Cisco software and firmware, out of all the network vendors I frequenty see Cisco in CISA Bulletins, Juniper less so, no idea about Huawei as I haven't seen any items reported by CISA on them for a while, they may have even stopped reporting on them due to the US sanction regimes in place.
Doing what Washington tells them still won't bag them that 'slam dunk' US trade agreement we apparently should have had some time ago.
I don't trust GCHQ spooks or Truss's half-baked regime any more than Huawei or Xi. None of the above have our best interests at heart. Only their own.
Maybe we can have one of those referendum things: Should the state be obligated to remove Truss from government and have less than 35% imbeciles in the cabinet before Sterling dips below the Dollar, with full removal of imbeciles before an IMF bailout. Yes or No?
It could be 'non-binding', so of course it would be binding.
"I don't trust GCHQ spooks or Truss's half-baked regime any more than Huawei or Xi. None of the above have our best interests at heart. Only their own."
This is undoubtedly true. However only one of those regimes puts its opponents in re-education camps or puts a bullet through their head, cheerfully enabled by Huawei products and services.
Dizzy Lizzy is nowhere near that level of competence. She couldn't even sort out our cheese trade. And that is a disgrace.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
