Remix.run Logo
Digital28 2 days ago

Changing from SK to CN is a trade from intentional vulnerability to unintentional vulnerability. I’ve yet to see a secure piece of software come out of China in my 30+ years of coding.

jeroenhd a day ago | parent | next [-]

When a security analysis was done of Chinese parts of the Dutch mobile network, that was pretty much the conclusion: Chinese vendors deliver software and components full of vulnerabilities, but none of them seem to be intentional.

Since then there has been a movement to reduce Chinese vendors in general our if security concerns, as well as to improve the security posture of the mobile networks by doing things like "encrypting connections" and "switching away from telnet".

On the other hand, the Chinese managed to break into the US wiretapping system, so it's not like other networks aren't vulnerable either.

vardump a day ago | parent [-]

> Chinese vendors deliver software and components full of vulnerabilities, but none of them seem to be intentional.

Plausible deniability.

GTP a day ago | parent [-]

If we're talking about cheap products, then it's more likely due to cost savings rather than malice. But yeah, no one can give you defitive proof of this.

FirmwareBurner a day ago | parent | prev | next [-]

>I’ve yet to see a secure piece of software come out of China in my 30+ years of coding.

SW coming out of Korea's domestic industry giants isn't any better. Because they used to treat SW like a cost center or another item on the BoM.

IIRC, the only way to do online banking in Korea years ago, was you needed Internet explorer and some active-X plugin that supported encryption.

Some Korean giants do have good SW, but a lot of it is developed internationally by offices outside of Korea.

Dah00n a day ago | parent | prev | next [-]

Yet in telco it is much easier and faster to get a bug fixed in Chinese equipment. IMO it is more likely you don't work with critical infrastructure than the problem being Chinese equipment.

dragonelite a day ago | parent | prev | next [-]

Better to swallow the poison that doesn't kill you(for now) than to swallow the one that is intended to kill you.

ReptileMan a day ago | parent | prev | next [-]

Supermicro IPMI comes to mind. If it was compromised we would have known by now.

iamtedd a day ago | parent | next [-]

Not only is Supermicro headquartered in USA, but it's operations are in Taiwan, which they would very much like you to acknowledge is not the same as mainland China.

cluckindan 20 hours ago | parent | next [-]

Memory sure is short around here.

https://www.bloomberg.com/features/2021-supermicro/

riffic a day ago | parent | prev [-]

*its

toast0 17 hours ago | parent | prev [-]

There's a lot of vulnerabilities, of course. Supermicro isn't great at releasing updates for old boards either.

https://www.cve.org/CVERecord/SearchResults?query=supermicro

monster_truck a day ago | parent | prev [-]

Brother you cannot be serious with this racist take

bbarnett a day ago | parent | next [-]

Saying that a culture is poor at security dev, such as Chinese business culture, is not even remotely rasist.

There are many ethnicities in China, people of all genetic backgrounds. It is the culture that is the problem, not the race.

For example, there are many ethnically Chinese people who grew up in the West, working in businesses, in countries where there is a culture of security.

Now, you could label it 'culturalist', and maybe it is, but there are definitely inferior and superior cultures. Especially, there are parts of cultures which are quite comparable this way.

AJ007 a day ago | parent | next [-]

There's also another point that security is really fucking expensive. Apple on Google spend billions a year on security, yet their phones are broken in to once they are a couple of years old. Big American software companies have large margins and large budgets. Those Chinese companies are running on fumes (and credit.)

Security and encryption is taken as a given by Western regulators given how many times they pass laws to break encryption. If you look at targeted 0-days, the conclusion would be more along the lines of the very best hardware+software is barely secure.

gruez a day ago | parent | prev [-]

>>Brother you cannot be serious with this racist take

>There are many ethnicities in China, people of all genetic backgrounds. It is the culture that is the problem, not the race.

This just seems like nitpicking to me. Colloquially most people would classify discrimination based on country of origin, or "culture" (whatever that means) as racism, even if it doesn't meet the technical definition. For instance Trump's travel bans have been called by many as "racist", even though it covers a bunch of countries, and even though the countries are majority muslim, it also excludes major muslim countries like Pakistan and Indonesia.

const_cast 19 hours ago | parent | next [-]

It's entirely fair game to criticism or even discriminate based on culture, because culture is composed of actions. If people act in such a way that you do not like, that's a valid reason not to like them.

Now, we do still need to respect cultural differences where it makes sense and consider the historical context behind cultural differences, such as colonialism.

drysine 9 hours ago | parent [-]

Nazis used to measure skull dimensions to discriminate on race. How do you measure "culture" of an individual? Just apply a stereotype based on the country of origin?

exe34 a day ago | parent | prev | next [-]

Just because most people are wrong doesn't mean we should encourage the dilution of words.

gruez a day ago | parent [-]

I might be sympathetic to this argument if the severity actually differed, eg. people calling mean tweets "violence" or something, but that's not what's happening there. I don't see any meaningfully difference between "I'm discriminating against you because you're Chinese" (culture/nationality) and "I'm discriminating you're Han Chinese" (ethnicity). I doubt the average racist actually knows the distinction between the two anyways, and I doubt people are going to be like "oh you're discriminating based on culture instead of ethnicity? I guess that's fine then!".

exe34 a day ago | parent [-]

> I don't see any meaningfully difference between "I'm discriminating against you because you're Chinese" (culture/nationality) and "I'm discriminating you're Han Chinese" (ethnicity).

It's interesting you would write this as if nobody's pointed out actual cultural differences yet.

Dylan16807 a day ago | parent | prev [-]

> This just seems like nitpicking to me. Colloquially most people would classify discrimination based on country of origin, or "culture" (whatever that means) as racism, even if it doesn't meet the technical definition.

Nobody is going to believe you're talking about real things if you let people call your argument "racism" so it's not nitpicking if you can explain why it's not. Also the word "discrimination" is itself a loaded term.

And yes areas having cultures is real. Sometimes it's tied to country, sometimes it's not.

> Trump's travel bans have been called by many as "racist", even though it covers a bunch of countries,

I'm confused? Covering a whole bunch of countries sharing a demographic is much more likely to be a racist move than picking one or two.

> and even though the countries are majority muslim, it also excludes major muslim countries like Pakistan and Indonesia.

That's a good argument against saying "muslim ban" but I'm pretty sure a focus on the middle east makes it more about race.

greenchair a day ago | parent | prev | next [-]

is it racist to wonder why I rarely see a chinese restaurant with inspection score above 80? culture differences are a real thing (if you don't have your head buried in the sand that is).

heraldgeezer 19 hours ago | parent | prev [-]

Zoomers need to leave this site.