Category Archives: markets

A Thought on Huawei

Posted on by
Reply

John Hemmings made some interesting and critical points about the “security” (my metaphoric quotes) of Huawei equipment.  In doing so, he cited a study by Finite State, a cyber-security organization that looks deeply into the Internet of Things and resulting vulnerabilities—an IoT of which Huawei is aiming to be a central part (as well as a central part of national communications and defense systems and of governments).  Finite State’s analysis investigated “more than 1.5 million files embedded in 9,936 firmware images supporting 558 different products within [Huawei’s] enterprise networking product lines.”

Hemmings’ points center on these:

  • In virtually all categories we studied, we found Huawei devices to be less secure than comparable devices from other vendors.
  • On average, Huawei devices had 102 known vulnerabilities inside their firmware, primarily due to the use of vulnerable open-source and third-party components.
  • Out of all the firmware images analyzed, 55% had at least one potential backdoor.
  • On dozens of occasions, Huawei engineers disguised known unsafe functions (such as memcpy) as the “safe” version (memcpy_s) by creating wrapper functions with the “safe” name but none of the safety checks.
  • Across 356 firmware images, there are several million calls into unsafe functions. Huawei engineers choose the “safe” option of these functions less than 17% of the time, despite the fact that these functions improve security and have existed for over a decade.
  • Huawei devices had…2-8x more potential 0-day vulnerabilities than the other devices.
  • Vulnerabilities in both the routers and the fixed access network remained beyond 2012 and were also present in Vodafone’s businesses in the U.K., Germany, Spain and Portugal.

Those vulnerabilities? Given how enthusiastically Huawei’s representatives tout the superiority of their equipment, and given that fourth bullet, I suggest that those vulnerabilities also are known to Huawei’s men and put there deliberately.

And that last bullet: Vodafone had identified those “vulnerabilities” to Huawei in 2011 and received assurances from Huawei that they’d be removed.  Those security holes remained far past 2012.  And still remain as far as I can tell.

This is why Huawei has no legitimate place in any organization outside of the People’s Republic of China, nor should it have access to any technology of any nation or business outside of the PRC.

But Huawei’s CEO, Ren Zhengfei, and CFO, Meng Wanzhou, and men of the PRC’s government, like President Xi Jinping, deny all of this. And Ren is an honorable man; So are they all, all honorable men.

A Continued Power Grab

Posted on by
Reply

The People’s Republic of China objects to the sale of defensive weapons to the Republic of China.

China will sanction US firms that participate in arms sales to Taiwan [The Wall Street Journal‘s conflation of the island with the nation that sits on the island], after Washington approved sales of $2.2 billion in tanks, missiles and related military hardware, Beijing said.

The PRC’s Foreign Ministry has justified the threat with this:

the arms sales “harmed China’s sovereignty and national security”

Of course, it does no harm to the PRC’ sovereignty to sell weapons to a sovereign nation.  Of course it does no harm to the PRC’s national security to sell defensive weapons to a sovereign nation that’s so much smaller than the PRC.

All the sale does is increase a sovereign nation’s ability to defend itself against the aggression, the threats of invasion, which the PRC has so repeatedly leveled against that sovereign nation.  If the PRC has no such aggressive intent, it has nothing to fear from the sale.

The PRC’s moves would be nonsensical, did they not amount to such a cynical and naked and continued grab for power.

A Thought on Tariffs

Posted on by
Reply

The tariffs as used by President Donald Trump are viewed by many as having no impact on our overall trade deficit, and much is made of Trump’s disdain for trade deficits.

Thirty months into the Trump Presidency, the US economy continues to import more than it exports. This isn’t a problem, since the trade deficit is of no great consequence as an economic measure.  But in President Trump’s telling this is a clear and present danger….

Suppose something else, though.

Mr Trump has imposed 25% tariffs on $200 billion of Chinese goods, and he’s threatened a duty on another $300 billion. This has narrowed the US-China bilateral goods trade gap in recent months, but the total US trade deficit reached a record high in 2018. … Producers are leaving China, but not for America.
While Chinese goods exports to the US fell 12.3% year-over-year from January through May, Vietnam saw a 36.4% increase, according to US Census data. Taiwan had a nearly 22.5% year-over-year increase in the same five months, more than triple the increase from 2017-18. South Korean exports to the US increased 12.4% over the period.

Recall one of Trump’s other reasons for disdaining the trade deficit: the People’s Republic of China declines to play by international trade rules, and it steals or extorts other nations’ (ours in particular as one of the, if not the, leader in) technology and intellectual property, along with merely proprietary materials.

If the PRC doesn’t want to play by the same rules as the rest of us, it doesn’t need to trade with the rest of us.

Thus: if the tariffs aren’t realizing their first secondary purpose, moving production back to the US, they are gaining their primary purpose: moving production, and associated export, out of the PRC.

That’s not all bad.

Starbucks Fail

Posted on by
Reply

A Starbucks in Tempe, AZ, had one of its baristas ask five police officers who were having a pre-shift coffee either go sit somewhere else or leave altogether because one customer felt “threatened” over their being where the customer could see them.

In the hoo-raw ensuing, Starbucks spokesman Reggie Borges said

We have a deep respect for the Tempe Police and their service to the community.

That’s plainly not true. If Starbucks really cared, if it had any actual respect for the police—much less a shred of self-respect—it would have had a better-trained crew of baristas who wouldn’t knee-jerk insult cops over a snowflake’s made-up beef.

A day after the story broke, Rossann Williams, Executive Vice President and President, US Retail for Starbucks said this:

On behalf of Starbucks, I want to sincerely apologize to you all for the experience that six of your officers had in our store on July 4. When those officers entered the store and a customer raised a concern over their presence, they should have been welcomed and treated with dignity and the utmost respect by our partners (employees). Instead they were made to feel unwelcome and disrespected, which is completely unacceptable.

These are empty words, whether sincerely offered or just marketing damage control. What’s necessary is actual, visible changed behavior over a sustained period of time.

It’s also sad that no one else spoke up and told this barista to seat the cops with him.

Aside from the simple courtesy of such a gesture, it might also be the case that other patrons wouldn’t feel safe without the cops around. Especially with someone possessed of so little respect for law and order so close by.

Is Renault a Useful Business Partner?

Posted on by
Reply

When Fiat-Chrysler offered a merger deal with Renault, Renault’s subordinated partner, Nissan, expressed reluctance unless its subordination to Renault could be revised upward at least somewhat so that it could have a greater voice in the resultant combined company.

Note, though, that the French government is a major shareholder of Renault, and the government has a virtually controlling number of seats on the Renault board: Nissan was—and is, given subsequent events—subordinate to the French government as much as it is to its nominal business…senior partner.

The French government interfered with the offer, and it dithered and stalled, and finally Fiat-Chrysler lost patience and withdrew its offer.

Any possibility of the offer being revived (Nissan’s reluctance was not a block) has been dashed, though, by the French government’s effective refusal to discuss Nissan’s future role.

President Emmanuel Macron urged the French car maker to focus on generating cost savings with its partner Nissan Motor Co, rather than reshaping their 20-year alliance.

As he arrived in Japan for the G-20 discussions—conveniently local to Nissan—Macron flat refused to discuss the matter.

Mr Macron told reporters in Tokyo, where he is on an official state visit ahead of the G-20 summit, that discussing the shareholdings was “off topic.”
“We need to focus less on politics, less on finance, and more on industry,” he said.

That’s the flimsiest of excuses.  Its implication that Macron is unable to do two things in the same time frame is an insult to our intelligence.

Is Renault a useful business partner?  It may well be from a business perspective.  The heads of Fiat-Chrysler certainly thought it could be, and the heads of Nissan plainly were willing to consider the matter seriously.

However, from a political perspective, as long as the French government is involved with Renault in any way other than as a customer, Renault has no possibility of being anyone’s useful business partner.  The government-run company just isn’t worth the trouble.