A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Huawei gear - can the threat be avoided by software escrow?



 
 
Thread Tools Display Modes
  #1  
Old April 2nd 19, 07:59 AM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 325
Default Huawei gear - can the threat be avoided by software escrow?

The author has marked this message not to be archived. This post will be deleted on April 9, 2019.

Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors, and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?

It would be slightly aggressive to do this, but China is not exactly
your friend...

Obviously if - as GCHQ suggests - the problem with Huawei is really
crap software with back doors everywhere, then you can't do much about
it. The Chinese never could write decent software, and formal QA is
off the horizon for them.
  #2  
Old April 2nd 19, 08:33 AM posted to uk.telecom.broadband
Bob Henson[_2_]
external usenet poster
 
Posts: 25
Default Huawei gear - can the threat be avoided by software escrow?

Peter wrote:

Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors, and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?

It would be slightly aggressive to do this, but China is not exactly
your friend...

Obviously if - as GCHQ suggests - the problem with Huawei is really
crap software with back doors everywhere, then you can't do much about
it. The Chinese never could write decent software, and formal QA is
off the horizon for them.


It's a nice idea - I wonder what really does happen. Presumably GCHQ and
the rest of the security services do quite a lot of checking - at least in
security sensitive areas. I'd love to know if they give the authors the
benefit of the doubt and report the errors to them, or if we do the same as
the Chinese and most of the rest of the world would do - which is is to
nick the code, make it safe for us and use it and/or insert our own
backdoors and release it back into the wild.

--
Bob
Tetbury, Gloucestershire, England

Facebook - a place where people spend all day telling you that they have
nothing to say.
  #3  
Old April 2nd 19, 10:37 AM posted to uk.telecom.broadband
Invalid
external usenet poster
 
Posts: 145
Default Huawei gear - can the threat be avoided by software escrow?

In message , Bob Henson
writes
Peter wrote:

Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors, and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?

It would be slightly aggressive to do this, but China is not exactly
your friend...

Obviously if - as GCHQ suggests - the problem with Huawei is really
crap software with back doors everywhere, then you can't do much about
it. The Chinese never could write decent software, and formal QA is
off the horizon for them.


It's a nice idea - I wonder what really does happen. Presumably GCHQ and
the rest of the security services do quite a lot of checking - at least in
security sensitive areas. I'd love to know if they give the authors the
benefit of the doubt and report the errors to them, or if we do the same as
the Chinese and most of the rest of the world would do - which is is to
nick the code, make it safe for us and use it and/or insert our own
backdoors and release it back into the wild.

I must confess I find all the wailing about Huawei backdoors a little
hypocritical given what Edward Snowden told us about the NSA/GCHQ
surveillance programs - which no doubt are still in place.

Is it just me being cynical, or is all this hassle of Huawei (noting
that it comes in the main from the countries involved in the Five Eyes
intelligence alliance) because

a) they are concerned that if Huawei technology is used, they will not
have leverage over the equipment supplier to include their own back
doors.

b) they (or the America First US at least) are trying to protect US
suppliers of equipment from a competitor who is developing better
products.

It may be that the products are crap, but would feel more comfortable if
I could hear about similar reports on the US suppliers equipment!!


--
Invalid
  #4  
Old April 2nd 19, 11:17 AM posted to uk.telecom.broadband
tim...
external usenet poster
 
Posts: 73
Default Huawei gear - can the threat be avoided by software escrow?



"Peter" wrote in message
...
Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors,


because it's tens of million of line of code.

Not impossible but very expensive to check

and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?


That's tough to achieve too

Even within the same company you get compiles on different machine producing
different binary files due to minor differences in setup

Resolving them is a real bitch!

(and you usually don't bother during development phase as they rarely
produce algorithmic differences, and the Golden compilation that passed all
your testing is the one that is shipped)

tim


  #5  
Old April 2nd 19, 11:19 AM posted to uk.telecom.broadband
tim...
external usenet poster
 
Posts: 73
Default Huawei gear - can the threat be avoided by software escrow?



"Invalid" wrote in message
...
In message , Bob Henson
writes
Peter wrote:

Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors, and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?

It would be slightly aggressive to do this, but China is not exactly
your friend...

Obviously if - as GCHQ suggests - the problem with Huawei is really
crap software with back doors everywhere, then you can't do much about
it. The Chinese never could write decent software, and formal QA is
off the horizon for them.


It's a nice idea - I wonder what really does happen. Presumably GCHQ and
the rest of the security services do quite a lot of checking - at least in
security sensitive areas. I'd love to know if they give the authors the
benefit of the doubt and report the errors to them, or if we do the same
as
the Chinese and most of the rest of the world would do - which is is to
nick the code, make it safe for us and use it and/or insert our own
backdoors and release it back into the wild.

I must confess I find all the wailing about Huawei backdoors a little
hypocritical given what Edward Snowden told us about the NSA/GCHQ
surveillance programs - which no doubt are still in place.

Is it just me being cynical, or is all this hassle of Huawei (noting that
it comes in the main from the countries involved in the Five Eyes
intelligence alliance) because

a) they are concerned that if Huawei technology is used, they will not
have leverage over the equipment supplier to include their own back doors.

b) they (or the America First US at least) are trying to protect US
suppliers of equipment from a competitor who is developing better
products.


the last thing that they are doing is doing it better

cheaper perhaps

tim



  #6  
Old April 2nd 19, 03:06 PM posted to uk.telecom.broadband
Invalid
external usenet poster
 
Posts: 145
Default Huawei gear - can the threat be avoided by software escrow?

In message , tim...
writes


"Invalid" wrote in message
...
In message , Bob Henson
writes
Peter wrote:

Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors, and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?

It would be slightly aggressive to do this, but China is not exactly
your friend...

Obviously if - as GCHQ suggests - the problem with Huawei is really
crap software with back doors everywhere, then you can't do much about
it. The Chinese never could write decent software, and formal QA is
off the horizon for them.

It's a nice idea - I wonder what really does happen. Presumably GCHQ and
the rest of the security services do quite a lot of checking - at least in
security sensitive areas. I'd love to know if they give the authors the
benefit of the doubt and report the errors to them, or if we do the
same as
the Chinese and most of the rest of the world would do - which is is to
nick the code, make it safe for us and use it and/or insert our own
backdoors and release it back into the wild.

I must confess I find all the wailing about Huawei backdoors a little
hypocritical given what Edward Snowden told us about the NSA/GCHQ
surveillance programs - which no doubt are still in place.

Is it just me being cynical, or is all this hassle of Huawei (noting
that it comes in the main from the countries involved in the Five
Eyes intelligence alliance) because

a) they are concerned that if Huawei technology is used, they will
not have leverage over the equipment supplier to include their own
back doors.

b) they (or the America First US at least) are trying to protect US
suppliers of equipment from a competitor who is developing better
products.


the last thing that they are doing is doing it better

cheaper perhaps

tim


Who says the competition is any better in terms of quality?

Remember Eriksson's software update that took out O2 completely last
December. A real sign of good quality control?

I would like to hear what the testers have to say about the competition
before I judge to that extent.
--
Invalid
  #7  
Old April 2nd 19, 05:53 PM posted to uk.telecom.broadband
Chris
external usenet poster
 
Posts: 558
Default Huawei gear - can the threat be avoided by software escrow?

tim... wrote:


"Peter" wrote in message
...
Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors,


because it's tens of million of line of code.


That sounds a lot. Do you know that or is it a guess?

Not impossible but very expensive to check


Plus they'd need to check every update and every patch for every different
device.

  #8  
Old April 2nd 19, 06:03 PM posted to uk.telecom.broadband
Chris
external usenet poster
 
Posts: 558
Default Huawei gear - can the threat be avoided by software escrow?

Invalid wrote:
In message , Bob Henson
writes
Peter wrote:

Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors, and then have a
system where you can verify that the executable in the box is byte for
byte same as what the escrow version compiles to?

It would be slightly aggressive to do this, but China is not exactly
your friend...

Obviously if - as GCHQ suggests - the problem with Huawei is really
crap software with back doors everywhere, then you can't do much about
it. The Chinese never could write decent software, and formal QA is
off the horizon for them.


It's a nice idea - I wonder what really does happen. Presumably GCHQ and
the rest of the security services do quite a lot of checking - at least in
security sensitive areas. I'd love to know if they give the authors the
benefit of the doubt and report the errors to them, or if we do the same as
the Chinese and most of the rest of the world would do - which is is to
nick the code, make it safe for us and use it and/or insert our own
backdoors and release it back into the wild.

I must confess I find all the wailing about Huawei backdoors a little
hypocritical given what Edward Snowden told us about the NSA/GCHQ
surveillance programs - which no doubt are still in place.


That's exactly why they're worried. If they're doing it they know China,
Russia, etc are also doing it.

Is it just me being cynical, or is all this hassle of Huawei (noting
that it comes in the main from the countries involved in the Five Eyes
intelligence alliance) because

a) they are concerned that if Huawei technology is used, they will not
have leverage over the equipment supplier to include their own back
doors.

b) they (or the America First US at least) are trying to protect US
suppliers of equipment from a competitor who is developing better
products.


It is probably a combination of all the above. China *is* an authoritarian
regime with little regard for international rules or decorum. Allowing them
access to our nation's telecoms infrastructure is probably unwise. However,
if we can wield some commercial influence then that's always useful

It may be that the products are crap, but would feel more comfortable if
I could hear about similar reports on the US suppliers equipment!!





  #9  
Old April 2nd 19, 07:43 PM posted to uk.telecom.broadband
tim...
external usenet poster
 
Posts: 73
Default Huawei gear - can the threat be avoided by software escrow?



"Chris" wrote in message
...
tim... wrote:


"Peter" wrote in message
...
Why is it not possible to get the source code to a trusted party which
can look at it and check for deliberate back doors,


because it's tens of million of line of code.


That sounds a lot. Do you know that or is it a guess?


I know that it's the size of the competitors code


tim



  #10  
Old April 2nd 19, 09:14 PM posted to uk.telecom.broadband
Peter
external usenet poster
 
Posts: 325
Default Huawei gear - can the threat be avoided by software escrow?

The author has marked this message not to be archived. This post will be deleted on April 9, 2019.


Chris wrote

I must confess I find all the wailing about Huawei backdoors a little
hypocritical given what Edward Snowden told us about the NSA/GCHQ
surveillance programs - which no doubt are still in place.


That's exactly why they're worried. If they're doing it they know China,
Russia, etc are also doing it.


There is a crucial difference: the NSA/GCHQ is not going to wage
conomic warfare against their own countries. They will just quietly
spy on people of interest, and that is OK - that is what we pay them
for out of our taxes

China may confine itself to espionage, or they might not...
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SMS gateway software, SMS gateway, SMS software, SMS server, SMPP software, WAP Push John uk.telecom.voip (UK VOIP) 0 August 29th 07 06:14 AM
The wi fi/cellular/emf threat Lenny uk.telecom.broadband (UK broadband) 1 July 21st 07 07:21 PM
plus net threat letter Beck uk.telecom.broadband (UK broadband) 36 February 1st 06 04:23 PM
AOL can ICS with USRobotics Gear? Siggy Rhetts uk.telecom.broadband (UK broadband) 1 February 5th 04 10:02 PM
Net gear 814 & new 834 Merlin uk.telecom.broadband (UK broadband) 9 September 24th 03 09:12 PM


All times are GMT +1. The time now is 07:08 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.