Quite the opposite - it makes more and more companies to consider open source. RISC-V is all rage now, people turning their eyes to open source EDAs. I hope with the help of SymbiFlow[1], Chisel[2]/FIRRTL[3], and other similar tools the duopoly of Intel (Altera) and Xilinx will come to its end. There is also an interesting initiative[4] to make ASIC design as affordable (in terms of time, knowledge, and money) as possible. And using KiCad[5] for simple projects can help for small businesses.
The issue is not that it reduces interest in open source. In fact the article states there's evidence that open source solutions are getting renewed attention in the Chinese government.
The issue is that the executive order would make it unlawful to share technology with foreign adversaries. So it effectively forces open source projects to hard fork along geopolitical boundaries. For example, if (and these are still if's) Huawei were to be designated a foreign adversary; and, if Huawei were to develop a RISC-V implementation of interest; it would be unlawful for a US person to use that implementation, or otherwise "acquire" said technology from Huawei.
The underlying premise of the executive order, as I understand it, is that technology developed by, or under the influence of, foreign adversaries is potentially tainted. Thus to defend the US national security interest, US persons shall be penalized for using their technology.
Thus the concern is that US-based open source developers and users would be directly at risk by interacting with the very projects you cite, should they fall under the influence of a foreign adversary.
Or to put it more concretely: ARM might be very happy if Huawei were designated a foreign adversary, and Huawei invested heavily in RISC-V. Because then ARM could lobby US lawmakers to rule that RISC-V technology is tainted under the theories contained in the executive order, thus reducing competition from open source alternatives.
A contact at Foxconn just told me yesterday that Apple is genuinely serious about leaving China completely.
Apparently, Mr. Trump summoned Mr. Cook last week, and extended an offer of a tax break and other "relocation packages" on the size "not seen in human history" if Apple moves to USA.
Hearing things like that keeps reminding me that Taiwanese engineering fraternity is one of worlds best intelligence agencies :)
And Apple will milk that agreement long after Trump leaves office, doing whatever makes more sense for the bottom line, even if that means moving to production to Mexico eventually. And, just like all these large companies, will avoid paying corporate taxes to an even greater extent. Trump will claim he restored American manufacturing, and he will have, long enough for him to Tweet about it, and not much longer.
Considering that two U.S. appeals courts have ruled that source code which was classed as a munition was protected by the First Amendment, I'm not too worried just yet.
Of course we have a lot of new judges so who knows.
Bunnie seems to fear this type of IP restriction but with regard to closed source chipset designs and proprietary hardware, which he views as key to continued innovation in China.
I have met Bunnie, and he has a bit of a warped view of the world. I think it caused him to gloss over things like https://www.theregister.co.uk/2019/03/28/hcsec_huawei_oversi... where Huawei did not give a single shit about security in their cellular basestation codebase.
Sure, Huawei will read CVEs and sometimes deal with them, but really basic things like updating OpenSSL libraries seem near impossible for Huawei. Their hardware is thus vulnerable to exploitation by any ill intentioned person wandering by :c
Part of this is the whole stolen codebase problem, where Huawei (as Nortel's Chinese manufacturing partner) took their designs and code, without fully understanding them. They've been able to tack on a lot of neat stuff, but the underlying architecture is still not understood by their engineers.
re: judges -
I'm not a lawyer but the recent Supreme Court decisions seem to be a shot across the bow for administrative rulemaking like the BIS ruling that Bunnie is quoting.
It's conceivable that Huawai could sue the US and win in the Supreme Court and overturn these regulations - on the basis that Congress needs to pass a specific law to bind them, rather than allowing vague laws to be vaguely interpreted by executive agencies as they see fit.
The article takes a while to get to the point made in the title but the way to counteract this seems to be, get the infrastructure for open source out of America before it's too late. In contrast to the ARM example, the US doesn't really have any leverage against a volunteer open source project not within its borders.
Open Source effectively is out of America or any other single jurisdiction: think of all of the people who have up to date copies of virtually every package all around the world. If the U.S. were to say tomorrow, as we used to do with cryptography, that (certain types of) software can't be shared outside of the U.S., the development of said (Open Source) software would likely just be taken over by groups outside the U.S.[1]
I recall that happening in the 90's with a few different types of software due to U.S. software patents and corporate legal departments. VLC hasn't always been the go-to Linux multimedia application, for example.
[1] The infrastructure part is easy, the giving away access/bandwidth for free part is hard.
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
The bulwark defending the bulwark is the population.
Sure it does, if a large chunk of the volunteers are in the US.
The division of the open source world into the “US part” and the “Chinese part” would be a roughly 50% cut in the efficiency of the FOSS ecosystem, and is on the table given the developments he describes.
“through powers granted via the “EAR” (Export Administration Regulation 15 CFR, subchapter C, parts 730-774), along with a sometimes surprisingly broad definition of what qualifies as export-controlled US technology.”
Boom! I told people they might do that back in the crypto discussions. Custom crypto and high-assurance security are still munitions with only a few things re-classified such as mass-market, one-size-fits-all software and use of ciphers in browser (https). This is what they might do to the rest with the leverage if it was ever truly threatening. They’re already doing it to companies over Huawei.
I also speculated they might have done this to get backdoors in products. A combo of offering payment and threats together. We know they do the payments. I don’t know if they do export threats, though.
“some independent security research would have already found and published a paper on this. Given the level of fame and notoriety such a researcher would gain for finding the “smoking gun””
Bunny is being really naive here or maybe doesn’t understand computer espionage. Most subversion must be done in a way that doesn’t look like subversion. The system just has to be remotely exploitable. The best route to that is to intentionally leave in memory safety bugs or a configuration that enables privilege escalation. Hackers find those all the time in all kinds of devices. They say, “Hey, they just made a common mistake.” Maybe it was there on purpose. We won’t know.
“It’s no secret that the US has outsourced most of its electronics supply chain overseas. From the fabrication of silicon chips, to the injection molding of plastic cases, to the assembly of smartphones, it happens overseas, with several essential links going through or influenced by China.”
And this is why what the U.S. government is doing is incredibly stupid. You could substitute other industries in here. It’s a smarter move to minimize one’s dependency on a country before pissing that country off in a way that can prevent them getting what they depend on.
> The best route to that is to intentionally leave in memory safety bugs or a configuration that enables privilege escalation. Hackers find those all the time in all kinds of devices. They say, “Hey, they just made a common mistake.” Maybe it was there on purpose. We won’t know.
By that logic everyone from Apple to Xerox could possibly be enabling computer espionage. You’d never be able to prove a bug wasn’t a deliberate back door.
The weakness of freedom of speech is it also allows freedom of lying. It's the cost of it. I think there could/should be an amendment to constitution that prevents government officials from consciously lying to people
The fact of whether an official "consciously lying to people" is extremely hard to know, because it is a measure of someone's status of mind in the past. The real world is much more complicated than what you could imagine.
A trade war may stimulate Open Source. Each adversary might subsidize the development of Open Source equivalents of the other's key proprietary products and services protected by Intellectual Property.
> If Huawei has truly engaged in a long-term pattern of conduct significantly adverse to national security, surely, some independent security research would have already found and published a paper
Presenting non sequitur as evidence has become par for the course. Let's step back to one day before the heartbleed bug was discovered in ssl libs, when a similar argument could've been made regarding the ssl library's security. Only to be disproven a day later.
Huawei licenses the ARM instruction set and some architecture components. If it’s a mobile processor, at the very least it’s going to license ARM instructions
> I have zero problems with "economic pain" caused by us not doing business with a country that has 1M people in "re-education camps", disappears protesters, and wants to extradite people from Hong Kong.
If these were the reasons for the U.S's actions I would agree with you more. I think only international pressure can help with these issues. The Chinese people themselves can do very little given the realities of their country's surveillance capabilities.
But let's not nobly kid ourselves that these issues have anything to do with the cause or the possible resolution to the trade war.
If you’re confident that free countries produce better tech why do we have to choke them out? Wouldn’t it be a stronger message to let the freedom do the work?
xvilka|6 years ago
[1] https://symbiflow.github.io/
[2] https://github.com/freechipsproject/chisel3
[3] https://github.com/freechipsproject/firrtl
[4] https://theopenroadproject.org/
[5] http://kicad-pcb.org/
bunnie|6 years ago
The issue is that the executive order would make it unlawful to share technology with foreign adversaries. So it effectively forces open source projects to hard fork along geopolitical boundaries. For example, if (and these are still if's) Huawei were to be designated a foreign adversary; and, if Huawei were to develop a RISC-V implementation of interest; it would be unlawful for a US person to use that implementation, or otherwise "acquire" said technology from Huawei.
The underlying premise of the executive order, as I understand it, is that technology developed by, or under the influence of, foreign adversaries is potentially tainted. Thus to defend the US national security interest, US persons shall be penalized for using their technology.
Thus the concern is that US-based open source developers and users would be directly at risk by interacting with the very projects you cite, should they fall under the influence of a foreign adversary.
Or to put it more concretely: ARM might be very happy if Huawei were designated a foreign adversary, and Huawei invested heavily in RISC-V. Because then ARM could lobby US lawmakers to rule that RISC-V technology is tainted under the theories contained in the executive order, thus reducing competition from open source alternatives.
(editted to clean up grammar)
baybal2|6 years ago
Apparently, Mr. Trump summoned Mr. Cook last week, and extended an offer of a tax break and other "relocation packages" on the size "not seen in human history" if Apple moves to USA.
Hearing things like that keeps reminding me that Taiwanese engineering fraternity is one of worlds best intelligence agencies :)
brown9-2|6 years ago
xrd|6 years ago
hungryhobo|6 years ago
DennisP|6 years ago
Of course we have a lot of new judges so who knows.
StudentStuff|6 years ago
I have met Bunnie, and he has a bit of a warped view of the world. I think it caused him to gloss over things like https://www.theregister.co.uk/2019/03/28/hcsec_huawei_oversi... where Huawei did not give a single shit about security in their cellular basestation codebase.
Sure, Huawei will read CVEs and sometimes deal with them, but really basic things like updating OpenSSL libraries seem near impossible for Huawei. Their hardware is thus vulnerable to exploitation by any ill intentioned person wandering by :c
Part of this is the whole stolen codebase problem, where Huawei (as Nortel's Chinese manufacturing partner) took their designs and code, without fully understanding them. They've been able to tack on a lot of neat stuff, but the underlying architecture is still not understood by their engineers.
mc32|6 years ago
someguydave|6 years ago
cyborgx7|6 years ago
blihp|6 years ago
I recall that happening in the 90's with a few different types of software due to U.S. software patents and corporate legal departments. VLC hasn't always been the go-to Linux multimedia application, for example.
[1] The infrastructure part is easy, the giving away access/bandwidth for free part is hard.
ISL|6 years ago
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
The bulwark defending the bulwark is the population.
thefounder|6 years ago
maxander|6 years ago
The division of the open source world into the “US part” and the “Chinese part” would be a roughly 50% cut in the efficiency of the FOSS ecosystem, and is on the table given the developments he describes.
nickpsecurity|6 years ago
Boom! I told people they might do that back in the crypto discussions. Custom crypto and high-assurance security are still munitions with only a few things re-classified such as mass-market, one-size-fits-all software and use of ciphers in browser (https). This is what they might do to the rest with the leverage if it was ever truly threatening. They’re already doing it to companies over Huawei.
I also speculated they might have done this to get backdoors in products. A combo of offering payment and threats together. We know they do the payments. I don’t know if they do export threats, though.
“some independent security research would have already found and published a paper on this. Given the level of fame and notoriety such a researcher would gain for finding the “smoking gun””
Bunny is being really naive here or maybe doesn’t understand computer espionage. Most subversion must be done in a way that doesn’t look like subversion. The system just has to be remotely exploitable. The best route to that is to intentionally leave in memory safety bugs or a configuration that enables privilege escalation. Hackers find those all the time in all kinds of devices. They say, “Hey, they just made a common mistake.” Maybe it was there on purpose. We won’t know.
“It’s no secret that the US has outsourced most of its electronics supply chain overseas. From the fabrication of silicon chips, to the injection molding of plastic cases, to the assembly of smartphones, it happens overseas, with several essential links going through or influenced by China.”
And this is why what the U.S. government is doing is incredibly stupid. You could substitute other industries in here. It’s a smarter move to minimize one’s dependency on a country before pissing that country off in a way that can prevent them getting what they depend on.
mr_toad|6 years ago
By that logic everyone from Apple to Xerox could possibly be enabling computer espionage. You’d never be able to prove a bug wasn’t a deliberate back door.
wbl|6 years ago
unknown|6 years ago
[deleted]
galaxyLogic|6 years ago
educationdata|6 years ago
Take Obama's: 'If you like your health care plan, you'll be able to keep your health care plan' as an example. He repeated this message for many many times: https://www.politifact.com/obama-like-health-care-keep/
How do you objectively decide:
1) Is this statement true?
2) Did he lie about it?
Also, how do you handle "if there is something I should not know, do not tell me"?
RickJWagner|6 years ago
Merrill|6 years ago
NicoJuicy|6 years ago
Eg. Follow human rights, No great firewall and you can use it.
Global trade has done a lot of good for the world, in general, there hasn't been any big war in the last 70 years.
Why: 996
writepub|6 years ago
Presenting non sequitur as evidence has become par for the course. Let's step back to one day before the heartbleed bug was discovered in ssl libs, when a similar argument could've been made regarding the ssl library's security. Only to be disproven a day later.
slim|6 years ago
cududa|6 years ago
mises|6 years ago
analognoise|6 years ago
[deleted]
magpi3|6 years ago
If these were the reasons for the U.S's actions I would agree with you more. I think only international pressure can help with these issues. The Chinese people themselves can do very little given the realities of their country's surveillance capabilities.
But let's not nobly kid ourselves that these issues have anything to do with the cause or the possible resolution to the trade war.
chillacy|6 years ago
ionised|6 years ago
They are not staying in the US because it's 'freer'. Increasing numbers are leaving once they got what they came for.