Keeping important technologies under British (and Western in general) control

@terminal

I find the whole national industry thing a bit puzzling, but it is on a par with "sovereign Internet" or "National Intranet".

Didn't the Russians make their railways a different guage to prevent ease of foreign invasion? Similar theory here I suppose.

Problem is we also have to make sure we have the stream of people coming into STEM subejcts to make it work....
 
don’t start me on this. It is one of my favourite hobby horses.

I apologise mate.

I am the same on Modern Languages in schools and Uni.

Being a late arrival to STEM I am quite enjoying myself. My son made a line for a Raspberry Pi I have mounted in a touchscreen (and a BFO antenna) and running Kali Linux rubbing his hands. We had a chat about how we "only experiment on networks we own".

He wants to learn another lanuage, and a Russian keyboard for his laptop! High hopes for him!
 
(...) Didn't the Russians make their railways a different guage to prevent ease of foreign invasion? (...)
I suspect that's a "just so" story.

The more reasonable explanation is that the first commercial (as opposed to experimental) railway built in Russian between Moscow and St. Petersburg and used what we now call "Russian broad gauge". The Russians brought in an American railway engineer to design the railway and manage the project for them. The gauge used was one of the most widely used American gauges, used extensively across the southern US. It is quite likely that the American engineer picked a gauge that he was familiar with. Subsequent Russian railways were built to be compatible with the existing one.

The Americans later converted their broad gauge railways to "standard gauge" so that trains could run all over the US without transferring cargoes.

So, "Russian broad gauge" is really "American broad gauge".
 
The realistic solution would be one based on open source software and commodity hardware.
Any guesses the name of the major telecoms company involved in 5G who already make their source code open?

Begins with an H...
 
Any guesses the name of the major telecoms company involved in 5G who already make their source code open?

Begins with an H...

Was that the one that the tech assessment said couldn't work out if it was a security threat as the code was so badly done?

The report said that its finding referred to basic engineering competence and cybersecurity hygiene – not flaws deliberately introduced. "NCSC does not believe that the defects identified are a result of Chinese state interference," the report said.

 
Was that the one that the tech assessment said couldn't work out if it was a security threat as the code was so badly done?
@terminal addressed the issue of legacy code and 'kit software', I seem to recall. Huawei's code flaws were revealed precisely because they're subjected to an atypical level of scrutiny.

Oddly, the response to 'no sign of state or state-sponsored chicanery' seems to be, 'damn, that's some good state or state-sponsored chicanery, if nobody can spot it!' Strange the way appreciations can be situated, isn't it?
 
Any guesses the name of the major telecoms company involved in 5G who already make their source code open?

Begins with an H...
Huawei's communications systems source code is available for inspection by governments, but that isn't the same as "open source'. The latter, also known as "Free Software" (with the "free as in freedom", there's a very long story about the names) has to do with the sort of copyright license applied. I'll give a brief and rather narrow history behind the concept, as it's quite educational.

Many years ago AT&T, a now defunct American telecommunications company (the name survives, but it's not really the same company, the original having been dismantled by the competition authorities) had a very extensive R&D operation. One of the things they developed was an operating system called "UNIX".

Because AT&T were a regulated monopoly, they were not able to commercialise this operating system in the normal manner and so licensed it to academic institutions on very lenient terms. It was also licensed to various private companies, but that's a whole other story which I'll avoid or we'll be here all night.

The academics thought that the concepts behind UNIX were a vast improvement behind anything else available then. It was also novel in that it was a portable operating system. That is, it could be made to run on hardware from multiple vendors at a time when each vendor tended to have their own proprietary and wildly incompatible OS.

Because the academics had the source code they made improvements and share those freely around among each other. Pretty much the entire modern computing, internet, smart phone, etc., etc. environment we see today is descended from that.

The academics found AT&T's restrictions chafing, so a number of them set out to duplicate UNIX in an independent manner to create an operating system that was free of AT&T's copyrights.

Some of them realised that the key to what they wanted to achieve was the right sort of copyright license on their new source code. What they wanted to do was to use copyright law to perform a sort of judo on the system, to create what some refer to as "copyleft". They would have their software and nobody would be able to take it away from them. This resulted in two broad categories of licenses, BSD and GPL. The latter has stronger provisions with respect to keeping the source code open in derivatives.

I'll interject a point that in these sorts of projects the author normally retains the copyright to the code he contributes. In a large project there are potentially dozens or even hundreds of copyright holders of various bits of source code all mixed together. This needs to be kept in mind when evaluating the implications.

I'll explain GPL in very brief broad terms, as it's what I think would be more applicable here. Essentially, a recipient of GPL software has the legal right to receive the full source code upon request. The user also (with version 3) receives the right to the use of any patents which may apply to the software. The recipient is also free to redistribute the software to whomever he wishes, and to use it in any way he sees fit. Anyone not able to fulfil these obligations automatically loses his license to distribute the software.

This sounds simple, but the implications are massive. Let's apply that to telecommunications software. 5G by the way derives a lot of its functionality from software.

Let's suppose you buy a piece of kit from company 'X' that is run by code which is under a GPL license. You then write to X and ask for a copy of the source code for the software that runs it. Let's also assume that all the software is under a GPLv3 license and that the copyrights are held by multiple contributors. X must give you a copy. In this age they would likely cut out the overhead by just posting the source code on the Internet when they started releasing the new kit, but one way or another you have a legal right to get it.

Now let's suppose that 'X' was a bad actor and said "sod off, I've got some secrets in there I don't want you to see". X have just lost their licence to distribute the software whose copyrights are held by the other contributors. X cannot sell their product without being a software pirate. They are essentially out of business unless they can bring themselves back into compliance with copyright law, and copyright law is very similar the world over.

This is the principle that Linux operates on, and it's a very successful operating system, being used in everything from Internet servers to phones to Mars helicopters.

Have a look at who are the top contributors to Linux (the following is from a recent article). You may recognise a certain name near the top.

linux-5-10-employers-stats.png


Guess Who Contributed the Most to Linux Kernel 5.10 Development? It’s Huawei (and Intel)

Let's define what a communications software development system would look like. The key points are:
  • All development takes place completely in the open.
  • Anyone from anywhere in the world who is able to make a useful contribution is free to participate.
  • All contributors retain the copyrights to their contributions.
  • Everyone has a right to download and use the software without cost and without restriction on location, politics, or field of endeavour.
  • The source code is licensed under terms (e.g. GPLv3) which are focused on protecting the users, not the interests of potential monopolists.

Now let's say you are in charge of the telecommunications systems for a country which is very sensitive about its security. You have the hardware reviewed for security and approve certain models. You then have a telecommunications engineering company that is owned and operated within your country supply the software, using the source code from common repository which everyone in the world uses. Development has taken place in the open, so it will have been pretty difficult for anyone to sneak a back door into the system.

Your security and national sovereignty are protected. Your national champion won't be able to become the global 5G monopolist, but that probably wasn't a realistic hope anyway so you haven't really lost anything.

The companies and countries who won't like this idea are the few who want to "own 5G" because they would like to act as a rentier and derive a long term stream of income from everything that has anything to do with 5G the world over. Certain countries also like to be able to push the "sanctions" button to attack their enemies at will.

Everyone else on the other hand ends up ahead under this proposal.

It wouldn't be simple, and it wouldn't happen overnight, but I haven't seen any other proposal that actually deals with the underlying issues. If the UK want to do something genuine about it, then it should get behind the concept and help promote it.
 
Was that the one that the tech assessment said couldn't work out if it was a security threat as the code was so badly done?



If you are serious about that, then perhaps the UK should start with banning anything from Microsoft or Adobe before they start worrying about Huawei?
 
If you are serious about that, then perhaps the UK should start with banning anything from Microsoft or Adobe before they start worrying about Huawei?
I once heard it said that the choice with tech was who you wanted to be vulnerable to?
 
I once heard it said that the choice with tech was who you wanted to be vulnerable to?
Anyone and everyone so far as Microsoft and Adobe are concerned.

We can probably add SolarWinds to the list as well, considering that they are a security company who protected security with the password "solarwinds123". I mean nobody would guess that one, would they? It would take such awesome hacking skills to crack that password.
 

Yokel

LE
I have mentioned the issue of skills being lost from the workforce, so this story from MTDMFG maybe be of interest, and shows the potential of Augmented Reality as a training aid:

New ‘Augmented Reality’ deal to help steel industry protect vital skills and move towards net zero

In addition to optimising processes and introducing new efficiency improvements, Augmented Reality will also be used to capture some of the traditional skills in the sector that could be lost if the knowledge of older workers is not retained before they retire.
 

Latest Threads

Top