Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 14 May 2020 12:14

ZDNet, Linux and Huawei can prove to be quite an explosive mix

ZDNet, Linux and Huawei can prove to be quite an explosive mix Pixabay

When American tech journalists see the words "vulnerability" and "Huawei" in close proximity these days, they tend to get over-excited and, as a result, produce copy that goes quite wonky.

A classic example of this was seen this week when the site, ZDNet, one of the tech powerhouses, reported on a patch submitted to the Linux kernel project by someone who called his submission Huawei Kernel Self Protection.

The patch was found to have some trivial flaws by the maker of the Grsecurity kernel patch, Brad Spengler – a man who loves publicity and knows that picking a hole in a patch put out by someone who was seemingly associated with Huawei would generate interest among the US press.

He was right. But it's a pity that ZDNet did not take some time to check its facts, with its security writer Catalin Cimpanu theorising that this patch had "sparked interest in the Linux community as (sic) could signal Huawei's wish to possibly contribute to the official kernel".

Cimpanu has a history of screwing up when it comes to Linux. Huawei has been a contributor to the Linux kernel for quite a few years now. As one commenter on the US news aggregation site Slashdot pointed out, in 2017, Huawei was 15th in the list for top companies contributing to the Linux kernel, 4.8– 4.13, and third (after Intel and Google) in in the list of companies bringing in the most new developers.

Again, there are numerous people in numerous companies who make contributions to the Linux kernel on their own time; all patches are scrutinised by Linux creator Linus Torvalds, or one of his trusted lieutenants, before they are finally merged.

Hence, the excitement over some flaws in a patch is not really understandable.

Cimpanu had this gem in his story: "The fact that a Huawei employee wrote code that contains security flaws is nothing new. A report by the UK government last year found that Huawei networking equipment was riddled with security flaws that often went years without receiving patches."

Sure. The man didn't get half as excited when Microsoft, a company that will celebrate 50 years in the software business in 2025, released 111 patches for its numerous products on Tuesday US time. That's a lot of screw-ups there but it didn't merit much excitement over at ZDNet.

Flaws in software are like spoiled currants in a bun – they make for bad taste. The open-source software development model ensures that bugs get picked up more often than in proprietary software.

Cimpanu's last paragraph was another gem: "The reaction from the tech community in this particular case also shows the global anti-Huawei sentiment, which has been spurred in recent years by countless of security issues in the company's products, accusations of intellectual property theft, accusations of hiding secret backdoors in its firmware, and the West's fear of having the Chinese government spy on worldwide communications via the ever-popular Huawei equipment."

I grant you that there may be anti-Huawei sentiment in many Western countries, but there were, at last count, more than 200 nations on this planet, and few of them fall into this bracket.

And for Cimpanu's information, it is good to note that as someone who is living in the US, the NSA's ubiquitous spying is a much greater danger to him than any slurping up of data by some Chinese firm which is located thousands of miles away and has zero chance of proving a danger to him.

There's one more thing to mull over: if Huawei really wanted to introduce bugs into the Linux kernel code, is this the way it would go about it? The company has had the nous to become the world's biggest 5G supplier so surely it should be given credit for a little more intelligence, isn't it?

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments