Slashdot Mirror
Lenovo Banned by U.S. State Department
chrplace writes "The BBC is reporting that the Chinese-made Lenovo PCs are not allowed inside secure US networks." From the article: "Assistant Secretary of State Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed. His comments came after Rep Frank Wolf expressed national security concerns. The company Lenovo insisted such concerns were unwarranted and said the computers posed no security risk."
While Levono insists that their computers pose no security risk, we need to remember that they do run the Windows OS which is a significant hole:-) On a more serious note, this is obviously a purely political step - but why? No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone independently confirms this and demonstrates how a backdoor exists. Is a mere accusation enough to get a company dumped from secure contracts, if so I have dirt on Halliburton, KBR, CACI and a host of companies who are defrauding government agencies. Isolationism doesn't score political points the way it used to, and these are the same people that will happily defend moving jobs off shore. Who are they trying to appeal to here? There can't be that many blindly stupis people in the country ( 29%, or so, it seems)...
I have nothing to hide. So, why are you spying on me?
From TFA: This is just plain stupid. Apparently, Representative Wolf's former crusades against meth and medical marijuana no longer have the punch needed, especially in an election year, so he stirs up some ridiculous FUD about Lenovo laptops.
Never mind that the State Department would probably be wiping the default software load on these laptops in favor of its own custom software load (frankly, if they don't, they're idiots). Never mind that the State Department itself (as well as any other networks these systems will be connecting to) should be adequately protected by firewalls to prevent any unauthorized phoning-home by these systems (again, idiots if they don't). Never mind that someone at least halfway competent should be able to analyze packets exiting these systems to determine conclusively, one way or another, if they are trying to compromise security (again...well, you get the idea).
Trouble is, none of these measures will provide Rep. Wolf with the political ammo required in a year divisible by 2. By denouncing the Lenovo laptops as a 'security risk', he insures that his constituents (at least the less-technically minded of them) perceive him as 'fighting for America'.
____
~ |rip/\/\aster /\/\onkey
Why would anyone buy from electronics from the Chinese?!?
-=/\- Jizzbug -/\=-
It's not like the PCs weren't made in China when the division was owned by IBM.
This is old news to anyone who works in Defense.
...
In fact, if you want to use hardware/software in a classified area, it has to be from a United States based company and passed through a rigorous investigation as to whether or not it is safe to use. Even things like Java or C++ libraries have to undergo this for the simple fact of the matter that the US government is over-cautious.
Do you blame them? Can you strip down a Laptop and really ensure that there's nothing like a keystroke logger or a very very low-level chipset process running on a side processor or microcontroller that captures choice information and automatically sends it out the NIC to a Chinese agency?
You have to remember that there are conspiracy theorists out there that are paid and unpaid. The paid ones are simply better at controlling their imagination to realistic limits and are hired by governments to think & fear.
Now, do you remember when certain Chinese conspiracy theorists decided that China's government suspected Windows SP2 of foul play? This is more of the same kind of thinking
My work here is dung.
After the interview, Secretary of State Richard Griffin proceded to log on with his blank-password account on his spyware infested Windows PC...
A beautiful piece of art: i love my thinkpad even though i know macs are better
Remember, the PC division was sold, lock, stock, and smoking employees, to Lenovo. The people responsible for the design of the systems are still the same people who designed them for IBM. Most of them are here in the US. And you can be certain that SOMEONE would bitch if Lenovo was slapping spychips onto the system in defiance of the design parameters of the designers.
Sorry, but this is just brain-dead protection with a thick layer of xenophobic scaremongering.
Chas - The one, the only.
THANK GOD!!!
I heard they make their motherboards out of enriched uranium.
Does this mean that they WON'T be outsourcing their network management to India?
Proprietry software is banned from our network for similar (more valid) reasons.
Exactly when have computer components been made in America. Most, in fact, are not. thinkpads were made in China before, the only difference now is that they are not supervised by a US company.
Somebody should show this guy the label on the pen he uses, on his reading glasses, on most of the small electronics he owns. Odds are they aren't made in America either. Does that mean his cellphone is a threat to national security!? This kind of ignorance really makes no sense whatsoever.
Go ahead and call me unreliable; reliable is just a synonym for predictable.
It started to sing the Internationale so I took it back to store.
I suppose next they're going to ban chinese take-out as well.
Chinese food may lead to Maoism. Protect yourself and your family with Freedom fries and toast!!! The American thing to do.
I eat Karma for breakfast, lunch, and dinner. That's why I don't have any.
That's too bad because speaking from my experience, you'd see a Thinkpad in the desert with a "Classified" sticker on it working happily under an inch of dust. Although I hear now that the Navy/Marine Corps has switched entirely to a Dell solution.
This guy is way out there
By buying Dells ... assembled from components made in Taiwan. ::rollseyes::
I wonder if it's actually possible to construct a PC at this point without using at least one component that originated in China, given that everyone is now shifting manufacturing there.
- Roach
All other computer equipment manufactured in China must be removed too, by this reasoning.
This includes keyboards, mice, USB hubs, and other PC equipment.
Thank GOD the Blackberries are manufactured in Mexico!
He who knows best knows how little he knows. - Thomas Jefferson
I would really like to see what "evidence" they put up as to how a computer can pose a security risk at all. As far as I know other than software hacks the only real harware threat would be a physical block inside the computer as a key logger which would need to be retrived afterwards (although we know how people like to lose clasified laptops/usb pen drives). I'm convinced that to check random PCs for either of these would take almost no effort They could do a byte for byte comparison against what it was meant to be and look for a little box on the keyboard wire. A random sample of about 500 should do it
What is more pressing I think is; why would IBM want to do this anyway? Why is an American/English/French/whatever computer more trustworthy than an American one with some ownership from the chinese?
*''I can't believe it's not a hyperlink.''
[NSA Agent 2] AUUUUGH!
Chas - The one, the only.
THANK GOD!!!
...you can install traffic monitors on a network and I'm pretty sure any weird traffic going out wouldn't be too hard to pick up on. I've done this for more benign purposes, such as discreetly determining whether someone was using office computers to do P2P after noticing a bandwidth problem. So I don't think it would be that hard to do.
picpix image polls. create - share - vote. fun!
does this go for other electronics made in china? it's ironic for this govt to be wary of spying. if word gets out that we shouldn't trust electronics from china, walmart is in for a bumpy ride.
"No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone independently confirms this and demonstrates how a backdoor exists."
....) wouldn't do the same on their hardware?
Why would you think this has not already happened? Add to that the fact the the government buys these things in bulk and even IF a sample posessed no backdoor, how hard would it be to put a backdoor in 1 out of 1000 and hope it gets by?
Paranoid? I think not, you haven't had night shift cleaning crews hired by the chinese into your business have you? It happens.
If Windows has US government demanded backdoors as so many Slahdotters insist, why would ANYONE think the Chinese (or the Russians or the French or the Germans or the English or the Japanese or the Koreans
slashdot troll = you make a compelling argument I do not like the implications of.
I haven't seen such a dramatic knee jerk reaction since I saw a marionette being controlled by a sufferer of Parkinson's Disease.
There's definitely a lot of politics and money in play here. Practically speaking, it would be difficult to impossible to exclude products made by any country that may be a present or future enemy of the US from use in govt agencies. And ironically the US govt has aided and abetted the rise of Chinese economic and political power that now they suddenly fear. If they really cared so much, they should have said something before IBM sold its PC division to Lenovo. So given that everyone spies on everyone else, the real trick is not to stop the spying, but to make sure that your enemy (and sometimes your friends) only get inaccurate or junk info.
For the current matter, I would guess that some domestic PC maker is trying to take advantage of the situation, *cough*Dell*cough*HP*cough, pardon me!
To the making of books there is no end, so let's get started
It's worse than that. Do you realise that the Chinese security forces monitor all international calls out of China. Evil or what?
Don't put off until tomorrow what you can leave until the day after.
While I may not agree with it the US government has a point.
t m
Does anyone remember the US Jet that was sold to the Chinese President? More then 20 bugging devices found in it. Some of them built into the jets framework itself (so they weren't casually put there).
http://news.bbc.co.uk/2/hi/asia-pacific/1771238.s
Although there is so much Chinese tech in the US these days even just avoiding the chinese company isn't going to avoid China.
How is this any different than the 1940's bugs bunny cartoons with: "take that, slant eyes!"
My work here is dung.
"A little box on the keyboard wire"? I'm sorry, but do you imagine Chinese intelligence to be run by 14-year-old pranksters that get their spy supplies at ThinkGeek?
It's time to de-Lenovo-ize and re-IBM-ize.
Would you like Freedom Fries with that?
When nothing local will suffice then going foreign is a fine choice. Of course even hardware from a US company is usually manufactured in China anyway, but that's another issue...
Developers: We can use your help.
It is not the software they are worried about. They are worried about a hardware compromise. Now that a Chinese company can control what happens within the computer they can "do" a lot.
The representative is not crying wolf. If you speak with anyone in the intelligence business China has a very aggressive spying program and they will stop at nothing. (I know because I have heard this first hand from the people who do counter-intelligence.) Put it this way, if the Chinese government could put spying ability into Leveno laptops they would.
Quality Hosting e3 Servers
I have one of these Lenovos and I'm not too worried.
But with all the latest NSA spying crap we are hearing about, I'm not so sure I can trust US manufacturers, who could leave a nice little backdoor for their NSA friends. If they will illegally spy on our phone calls, why not illegally spy on our PCs?
Somehow the latter scenario seems a more valid conspiracy theory than Rep. Wolf's concerns.
...of the time I spent working in a Secret-level Navy building. When NMCI (the Navy-Marine Corps Intranet, a "service" for which you taxpayers dropped over $8B to Ross Perot's EDS company) came in to give us new computers, I lauged at the huge stack of boxes, many of which said "Made in China." It was even funnier when each new computer came with a microphone that the EDS folks gladly hooked up for us. Yeah, that's a good idea.
I know it'd never happen in a million years, but wouldn't it be absolutely hilarious if the Chinese company was so upset by the American politics involved that they decided to stop doing business with us?
Slashdot Burying Stories About Slashdot Media Owned
It seems rather shortsighted to single out Lenovo. It would make a lot more sense for government computers to pass some sort of actual security audit, rather than simply singling out a single manufacturer. Most IBMs were probably manufactured in China anyway, even before the sale to Lenovo.
A large percentage of consumer eletronics are produced in China - if we're truly worried about the Chinese government spying on us through consumer electronics, why only care about a single brand?
That was a rhetorical question, of course. Obviously the answer is: "political grandstanding in an election year"
Still, this thing isn't totally without merit. After all, do we really want our government using computers manufactured by a company owned in part by the Chinese government? The American government has sabotaged other countries with software Trojan horses before. While I certainly don't believe that Lenovo Thinkpads have anything malicious lurking in the firmware, it's not totally impossible or anything.
OtakuBooty.com: Smart, funny, sexy nerds.
As you point out, there's really not an obvious political benefit here. Maybe there's some under the table deal where a lobbyist from Dell is getting them to do this. But overall I can see at being a valid security concern. The US government has a long history of using our technical reach to subvert other governments. I remember during the first Gulf War a story that printers the Iraqis bought were installed with a trojan such that when the war began a number of their AA batteries were rendered useless.
So why would the Chinese be any different?
As for Halliburton, etc, yeah they may be defrauding the government, but that's par for the course in government contracting. They don't care about how much things cost, they just care about making sure their secrets stay secret. I mean can you imagine what would happen if the government was spying on american phone conversations and e-mail and knowledge of that got out? Oh.... nevermind.
This sig has been temporarily disconnected or is no longer in service
Isn't Michael Dell a big Republican contributor? Is it likely that banning Lenovo will improve Dell's ability to win government contracts that are required to go to competitive bid?
I don't believe in Windows backdoors any more that I believe that the Lenovo people are able to pull this off without anyone detecting it. Remember, Lenovo assembles these in this country and in Mexico, and the company has moved its headquarters here, and hired American executives, etc. If they got caught doing this HEADS WOULD ROLL. These people would all be guilty of spying or treason, so it wouldn't be quietly hidden away, they would face arrest, possible execution. These aren't products from a company where the Chinese government has direct control of operations, and design, specification and manufacture is worldwide.
I have nothing to hide. So, why are you spying on me?
You're missing the point. It's not about preventing security-breaching hardware getting into secure locations, it's about having a US-based company to blame if it does happen. A US-based company that manufactures its products in China can still be held responsible in a US court, a Chinese company can't. And the Bush government really likes to have people to blame when things go wrong.
Oh no... it's the future.
I don't trust them.
The article claims that the Chinese government owns a 28% stake in the company. At the end of the article a Lenovo spokesman says that the "government is only a minority stakeholder"
Well call me naive, but look at the power our government has over influencing companies where they own 0%. ie.. the whole NSA call monitoring thing, DOJ over MS, etc... Not to mention we have a much 'nicer' government then Chinas.
So I would hardly classify a government that owns 28% of a company a "minority stakeholder". Can you imagine the board meeting where the Lenovo CEO tell the "minority" stakeholder no.
DK
Whenever I see the US authorities overreacting to perceived external threats, I always believe it is because they, themselves, are the world's worst offenders. It is possible, but I think unlikely, that China is trying to subvert computer hardware and software as part of their spying activities. It is proven that the US does so, and likely that they do so on a massive scale.
[1] Yes, I understand we're talking duh gubbamint here... Even if they hire a consultant, it'd be some TSA-level quality MCSE who doesn't know which end of a soldering iron not to grab.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
I was going to write a long(-ish) reply, but decided against it - after all - it can be summed up easier: surely there are much weaker security issues than who made a laptop -- such as the user for example. Others have commented about windows. I say they should worry about education of their users rather than who made it.
And surely the US can't talk back at people for spying on others considering recent news.
, , , , , karma elon
Hey, when it really comes down to it, the problem is that we're racist and paranoid. But then again, shouldn't all the trade deficitists out there be rejoicing that the Chinese have lost such a big customer? Hmmm . . . it's weird how people only think about things in the way that is convenient at the moment, not recognizing the inherent conflicts between the things they say at one time and the things they say at another.
I just bought an HP laptop that was FedEx'ed directly from Kunshun China to my door.
In other news, Lenovo is NOT concerned - it's just a matter of time before US State Department employees' jobs are outsourced to China...where chinese workers will use Lenovo computers to perform their daily tasks.
While US government can't contract the work out to a chinese company directly I am 100% sure they will have no problems giving the contract to IBM who will ship the work to where the work is cheaper (China, India, Brazil, etc)
Since it is partially goverment owned now, they should get no business from American govt.
China can continue to play their half-assed communism, capitalism at other governments' expense.
-- You see, there would be these conclusions that you could jump to
Why spy on someone you already bought? To make sure he stays bought?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
It puts pressure no the Chinese, pure and simple.
It must be sending secrets to the Commies!!!!
Supplies!
Not to mention the US Embassy in Moscow built during the cold war.
This is why there is legitimate concern about this sort of thing. It actually happens. It would make a great spying tool as well. Just add some keylogging logic as well as some storage (perhaps store it on unused sectors of the HDD) to the southbridge as well as a hook into the onboard NIC. When an attacker gets a machine on the network (these machines wouldn't be connected to the internet) somehow, they send out a specially formatted broadcast message (probably in the form of an apparently corrupt Ethernet frame) that causes all of the affected machines to dump the contents of their keylogs to the machine that sent the broadcast. It'd take just seconds and it'd be almost impossible to catch. It would work even if you don't have full access to the network and you wouldn't have to leave a machine conspicuously on the network for a long time. It could even be a PDA or some custom box that can be plugged and unplugged within seconds.
What do I think about the feasability of this attack? Personally, I don't think it's likely that it's in use at the moment. Most laptops just use off of the shelf components. AFAIK, Lenovo doesn't actually manufacture the southbridge themselves, they use existing chips from other companies (like Intel). Adding another chip to the laptop (especially a lot of laptops) would be too risky since eventually some repair monkey is going to notice it, especially if the chip you add fails and causes problems with the laptop. There are still guys out there who know what chips do by their serial number and what they should look like. They'll also know if you have some mislabeled chip that shouldn't be there (Why is there an external UART chip on this laptop? It's a built in feature of the southbridge. Why is it wired to the keyboard lines on the Southbridge?) Thus, such a change would have to be installed strategically, which is difficult when selling in quantities of a thousand to the government.
I read the internet for the articles.
So many COMMIES on Slashdot - whodathunk?
Oh, right, slashdot is a hangout for cuba-loving commies. Viva commies !!!
Let's be reasonable here.
The US government, in theory, should do what is beneficial to the US citizens. They're, after all, their employers, their reason to exist. Without them, they're as superfluous as the RIAA to music.
So, the government should need no reason to reach for US manufactored goods and prefering them over foreign ones. For the simple sake of national commerce. Security aside, the US government is a non profit thing. Their "profit" is the well being of the US. And that isn't buying the cheapest products, the best deal for the US is their government buying at US companies.
Just stand up and proclaim that you won't buy the Chinese laptops and instead buy (insert something that at least partly could be possible manufactured at least at SOME areas within the US). Not because China is evil, not because you don't trust them, simply 'cause the US government should first and foremost aid (and thus buy from) US based enterprises.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Perhaps Dell lobbied in favour of the sale of IBM's Personal Computing Division?
It is very possible that any agency in the PRC has access to any advanced technology manufactured in their borders. The way the old scam worked was that if you were having a microchip manufactured in China and the goverment/military decided they were interested in it.
You either give up the design or you have "labor problems" as a pre-cursor to nationalizing your facilities and your design and kicking you out of the country.
If they wanted to the party/PLA could have any number of devices integrated into a design with or without complicity from the re-seller. These could be hardware devices that may not be detectable unless samples of arriving product are reviewed at random.
Considering the fact that all PCs have Chinese manufactured componants and most are enitrely manufactured in the PRC and that the plutocracy that runs the US has let the multinations write it's foreign policy that is not going to happen anytime soon.
So many COMMIES on Slashdot - whodathunk?
Oh, right, slashdot is a hangout for cuba-loving commies. Viva commies !!!
I am communist from country of birth. Was not my choice to be commie. I am so what? You hate me because I am not fat american, or idiot american like Bush?
> No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone
> independently confirms this and demonstrates how a backdoor exists.
I think you mean posers who think they have tech knowledge. People who actually know something realize that governments can do some pretty extreme shit to each other in the spying game. The US gov certainly spys hard and isn't so arrogant as to believe that they have some sort of monopoly on the skills so they assume their opposite numbers in potentially hostile potentially rogue states like China are also capable of some clever spy tricks. A notion that is almost certainly justified. Especially since all new Thinkpads have a fucking TCPA chip. Can you trust a chinese fabbed uber security module for critical national security purposes? It will be bad enough when the MPAA and Microsoft 0wnz all our asses with TCPA but to have Chinese Intelligence agencies backdooring the NSA with one is just an unacceptable risk.
It is just the way the game of international relations is played by the adults.
Of course since you can't actually find a laptop made in the USA with 100% domestic designs and all the chips fabbed in the USA I really would hate to be the head spook in charge of picking a laptop for secure work. I'd never sleep.
Democrat delenda est
No, but I do imagine them buying their supplies at RadioShack.
Is your terror cell living in terror? Is your safe-house not so safe? If so, read the New York Times, the jihad journal.
Dell PCs are made in China, IBM PCs were made in China, many Macs are made in China. And Lenovo PCs available in US are made in Mexico.
Would you buy Lenova or a Dell?
There is a spark in every single flame bait point.
Despite our official stance to the contrary, Taiwan (the Republic of China) is not part of the People's Republic of China. We don't officially recognize their government, but we're more than happy to provide them with weapons technology and supplies to ensure that the mainland doesn't try and take Taiwan by force.
The Taiwanese don't need to steal our military technologies -- we're quite happy to sell them pretty much anything they need.
"Nothing exists except atoms and empty space; everything else is opinion." - Democritus
Im glad someone is using their brains.
A Chinese company, and a Chinese company that operates in the United States certainly can be held responsible in a US court. Not so long ago a French company was condemned by a US court in California, so, why not a Chinese ?
It's about time Jay Leno was kicked out of the US. Monica Lewinsky/Bill Clinton jokes every night just don't cut it in 2006.
If the government builds a massive infrastructure based on these devices and then the foreign owned company for whatever reason decides to stop selling them to the US, the US would be without hardware tech support. In wartime, another foreign country could bomb the shit out of Lenovo and indirectly harm the US. Not a good thing. Granted, the US could always find another hardware vendor, but there still would need to be time for testing and whatnot. This obviously should be less important on user desktop systems and more important on mission critical apps, but the rules in the defence department's controlled networks don't really make a distinction...
Are you Japanese ?
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
Shall we call this dead code or FUD?
There is a spark in every single flame bait point.
I guess it's time to rethink that mantra.
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-U
You know I meant on.
Now all you have to do is set up the machines so that they cannot be compromised by harmless ufo loonies^D^D^D^D sinister terrorist genius hackers.
Don't put off until tomorrow what you can leave until the day after.
Hardware and software backdoors are a reality. Look at the tiawanese Router maker that put a backdoor password in all the netgear routers. Consider that britain finally wised up and wont buy closed source software on their defense avionics. Consider the fact that slot machines get ripped off every year by programmrs putting in backdoors.
Sure it's more difficult to imagine how commondity hardware would be rigged but it's not implausible if the target warrants it. There's been some pretty big efforts staged for security interests. For example, the NSA's recent efforts and the British enigma cracking computers.
The total capitalization of Lenovo is a teeny teeny teeny fraction of the value of being able to have a backdoor to secret us government negotiating positions. teeny. it's would not only be truly worth the risk of exposure and loss of bussniess, it would be a dereliction of duty for the chinese not to try to rig the machines.
Some drink at the fountain of knowledge. Others just gargle.
Pet-loving commies. Only the love them to death...and love them after death, on the ninner table!
So they should spend more money than they need to, buy from less efficient producers, and reduce the productivity of the US?
I take it you're a communist? Since you want the government to be bigger - higher taxes and higher expenditure, want the government to subsidise less efficient producers so they don't need to become more productive, and if that reduces the productivity and overall income/wealth of the country then it's worth it.
On a serious note, what pressure ? The trade relations between US and China are symbiotic at this point of time. Neither can afford to put pressure on each other.
I am neither Chinese nor American, but one thing I realize is that, both China and America are super powers in their own rights, but then this is not 1980s, there are other super powers emerging, might I suggest EU ?
In the modern days of globalization, no 2 super powers can lock horns, it's not beneficial to either of them.
for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
Do you know how many computers are on classified networks? Neither do I. But I can tell you that it is not a huge number. Most government stuff is unclassified. The Department of Labor, Deptartment of Education, Social Security Administration, etc. all do not really deal in clasified data. Let's estimate that 15% of all government computers are clasified. That still leaves a LOT of room for competition.
"-1 Troll" is the apparently the same as "-1 I disagree with you."
"You disagree with everything I just said, but I will defend to the death my right to say it"
The more common quote "I may disagree with everything you just said, but I will defend to the death your right to say it" makes a very poignant statement on the idea freedom of speech, what it means, and the price some people have paid to ensure it.
Your quote brings up the image of a selfish, obnoxious ass who will argue to the bitter end...Even when blatantly wrong. Is there a joke or sarcasm I'm missing here?
When this issue first came up, I looked into whether or not you can buy a "made in USA" laptop (or at least not "made in China"). It can be done, but it's very hard. It's certainly hard to do so if you wish to buy a "major brand" laptop.
This is pretty ridiculous... We think it's ok to use Diebold voting machines with no voter verifiable paper trail, and we're afraid to use Chinese laptops?
Agreed, with reservations.
I'd much rather see my tax dollars ending up in a company inside the US than being funneled to a foreign economy somewhere.
That said, I'm not sure how you can really avoid this anymore. If you can buy a computer which is both assembled and has a majority of its parts made in this country, I'd really like to know where to get one (and how many thousands of dollars it costs). Except for food, pretty much anything that gets bought, either by a private citizen or the government, is going to increase our current-account deficit.
I admit to not being an economist, so when I get told by people knowledgeable in these things that "free trade helps our economy more than it hurts it," I have to basically shrug and agree. Maybe it's more advantageous to have completely free trade than to engage in protectionism. It sure doesn't seem like this intuitively; in fact it really seems like we're dying the death of a thousand cuts as we slowly outsource everything, and are on a path that seems suspiciously unsustainable. If this is not the case, if a complete "service economy," where everybody is getting paid for doing something and then turning around and spending their paycheck to buy imported goods, is infinitely sustainable, than that argument sure isn't being sold to the American public very well, because there are a lot of people more unhappy than I with the current direction. (And I'm not talking about politics / disliking the President here, we're talking about things bigger than any one administration.)
But at the very least, I think the government has a responsibility not to take money out of my paycheck and spend it on foreign goods and foreign corporations, as long as there are domestic producers offering the same or equivalent services, at any price. Or perhaps, unless the foreign corporation is willing to sell it at a price lower than the U.S. corporations price, after the taxes that the U.S. corporation returns, and its U.S. employees return, and its other contributions to the economy return. Or perhaps we could invite foreign corporations who want to be on equal footing with U.S. contractors to start paying taxes here, equivalent to what they'd pay as a domestic organization.
On a slight tangent: I feel the same way with the Iraq reconstruction efforts. I found it slightly comical when the European governments were protesting about the number of U.S. reconstruction contracts going to U.S. companies. Can you say, "no shit, Sherlock?" Unless they're needed for some particular skill that simply isn't obtainable from a U.S. contractor, there better not be any European companies on the taxpayer payroll over there. Opinions on the war, WMDs, and "Iraqi Freedom" aside, I think we can all agree that it was never sold to the public as a welfare program for foreign contracting corporations. If a particular set of skills is needed at a particular time and place, and a foreign company is the only one in a position to provide that, by all means hire them. But the second a U.S. company is in a position to take over, that better be where the tax money is going. I'm not a big fan of Halliburton, but I'd rather they be the recipient of my tax dollars than Siemens, ABB, or Mitsubishi Estate. Unless someone can come up with a very convincing argument on why spending tax dollars there brings back more benefit to the U.S. taxpayer than keeping it domestic.
We can discuss free markets all we want, but when it becomes an issue of how to spend tax revenue -- that's money essentially taken at gunpoint from citizens and domestic corporations -- I think that the standard has to be a lot higher than what we allow people to spend their money on when its their own decision.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I really suggest you go read the DOD's 'orange book' on secure systems, it explains the issue very well. While this book is old, and some things in it are outdated, the ideas and methods it suggests are still quite relevant.
I don't believe in Windows backdoors any more that I believe that the Lenovo people are able to pull this off without anyone detecting it.
Agreed, for now, MS would most likely not be able to hide such things. But what about when Treacherous Computing comes around?
I don't know about you, but Microsoft having their own hardware encrypted little processing enclaves, communicating over an encrypted channel with Microsoft, on most of the computers in the world gives me the shivers in a bad way.
Computer itself posing security risk? They actually think people are stupid :) The only security risk there is a preinstalled copy of Windows from their own US company, lol.
All those political decisions are crap.
Pixel image editor - http://www.kanzelsberger.com
Perhaps not as much as you think. Once you make one manufacture ineligible for selling you one kind of system, it becomes pretty easy to invalidate them for all. There are real, valid reasons (and some invalid) for uniformity across an organization.
I used up all my sick days, so I'm calling in dead.
Does anyone really think that these PCs are "domestic?" They may not be made in mainland China, but they are certainly not made in the United states either.
If you want to be reasonable you should take an introductory course in economics. Just because you are buying from the US does not mean you are automatically doing the best thing for the US economy.
The concept is called relative advantage. Due to the situations being what they are, The US has been a leader in science and education for a while now, and China has lots of cheap labor. So the computer was first made by a handful of scientists in America, it was expensive as hell and there were very few of them. As the scientists better understood the computer and were able to commoditize its production it became cheaper and more accessible. Computers have now gotten to the point where they are pretty much a commodity, and manufacturing them at the cheapest cost is important inorder to meet the demand.
So China has the relative advantage of manufacturing, while Americans are still the leader in business and software. If you really want to do something good for the US stand up and proclaim that you want better education systems! If we are going to lose status in the world economy it wont be because we are buying foreign products, it will be because we got fat and lazy.
Just google Comparative Advantage if you want to know more about it.
"how can they call it a MINE if everything here is THEIRS?!?!" -Straight Jacket
Whatever the reasons, it's very satisfying to see a corporate entity exploiting cheap labor and losing out because of it (indirectly or not)
Specialization is for insects. -Heinlein
Who says the American execs know? I mean, it's good cover, you open plants in the US and Mexico, hire a bunch of American execs, and put in a covert signalling mechanism in the form of, oh say a power management feature on the motherboards that slightly varies the rate at which ethernet packets are sent based on things the computer is doing. That scheme took me all of five seconds to dream up, I'm sure China could come up with better.
I'm guessing this is just paranoia and xenaphobia on the part of our government, but it's not quite as far-fetched as you make it out to be.
- None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
It is easy to embed interesting code inside of special chips.
And the USA should know. We have done it a number of times to many other countries. In fact, if the gov really wanted to make certain that it could not happen to us, they would not buy from a spcific company but from many companies esp. the white labels. As it is, when you buy all your systems from just one company, it is far easier to get inside the chips that make up these, then doing it to everybody.
I prefer the "u" in honour as it seems to be missing these days.
Dude Howie Long is so gonna kick your ass now.
You are all a bunch of idots.
Maybe not?
So all of a sudden our government is concerned about backdoors and such?
GIGOwiz
Problem is, that the number has increased. It was most likely small, but now, with W. classifying everything that they can, means that many more computers are needed.
I prefer the "u" in honour as it seems to be missing these days.
"Chinese-made Lenovo PCs are not allowed inside secure US networks."
Protectionism? Why?
It is common for the US to require products for the Defense Department to come from US companies. Italy's Baretta had to create a US subsidiary to get the Model 92 pistol accepted. Belgium's Fabrique Nationale had to create a US subsidiary to get a M16 rifle contract.
Besides the morally valid argument that US taxpayer's money should be spent in a way that provides maximum benefit to US citizens whenever practical, there is also the argument that disruption of supplies is more difficult when dealing with US firms. Consider that in the 1980s there were some nationalist Japanese that argued that Japan could use it's manufacturing clout to pressure the United States. They literally used as an example stopping shipments of key products to the Defense Department. While it's not a very likely scenario it *is* the Defense Department's job to worry about unlikely scenarios.
The US State Department says the 16,000 computers it bought from a Chinese firm with links to the Beijing government will not be used for classified work.
Twinstiq, game news
All the machines do not have to be modified...and I would think that a hardware modification would be easier to install, more durable, and less likely to be detected... Why is this unreasonable?
China should then cancel Boeing aircraft purchases because the US may plant bugs to spy. The whole word should stop using Windows OS because there are backdoors built in so the US can access foreign governments PCs. The list can go on...
Our government is retarded.
In the early 1950s, Communism was the root password for the Constitution. When I was a kid, we looked back on McCarthyism and congratulated ourselves that America was beyond such benighted, unreasoning, fear. Today, Terrorism is that password.
It's almost ironic that national paranoia has come full circle to focus on the "Red Menace" again.
Not only would it be stupid for the company from a business standpoint, but it would be easily detected. First, most organizations are going to wipe the disk anywwy and do a ghost install so software should not be an issue. As far as hardware, everybody who deals with PCs knows what one looks like inside. Most techs could probably look at the mobo and tell you what every componet and chip-set part was for. If some strange component was included, it would immediately be recognized as something that was not right.
Only the True American Computer Equipmnt Thingie can be used by the government, like those from Diebold.
how long until
Perhaps political pressure is a better term. I am not talking about downward pressure on a demand curve or anything like that.
Economically, there are a few major factors at play. For me, these would mostly be the drastically lower standard of living (and therefor cost of labor) in China combined with some pretty stiff import laws and high tariffs. The US wants to put pressure on China's government to alleviate the latter.
Personally, I can not fathom the stupidity of allowing a country to export to you what they will not import from you.
"Not because China is evil, not because you don't trust them, simply 'cause the US government should first and foremost aid (and thus buy from) US based enterprises."
That's just another form of economic protectionism, like tariffs.
The US government should purchase whatever goods offer the best benefit/cost ratio. I'd rather the government do its job more efficiently than have it artificially prop up an uncompetitive industry. Those dollars could be better spent elsewhere.
Or look at it this way: Do we (the people) gain more benefit from cost-effective government, or from subsidization (via our taxes) of specific industries that can't compete in the private sector?
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
Add to that the fact the the government buys these things in bulk and even IF a sample posessed no backdoor, how hard would it be to put a backdoor in 1 out of 1000 and hope it gets by?
That is FUD pure and simple. Unless I'm clueless, backdoors are software not hardware, and Levino makes hardware. The government buys software that is known to have the ability of backdoors in them by doing things like installing software or browsing the internet, why are they caring about a certain brand of hardware?
Also, isn't almost all computers and electronics made in China today? What is unique about Levino besides they are an offshoot of an American designed piece of hardware (that odds are was fabed in China for years)?
Our government officials are probably just worried that China would try the same tricks that we were using against them.
Bugged 767s
More classified data requires more desktop and laptop computers? (Hint: Lenovo does not make storage arrays.) I thought people were pissed at him for declassifying data anyway...
Now, all that's left is to ban all computers which are manufactured in China... so they should just go ahead and ban computers in general from the State department.
"Things are more moderner than before- bigger, and yet smaller- it's computers-- San Dimas High School football RULES!"
Maybe Lenovo can license back IBM's initials. It seems that when IBM had their laptops manufactured in Japan by Lenovo it wasn't a security problem, but remove the magical three letter logo and now it is?
Maybe all Lenovo and IBM laptops should be disallowed. Of course, that would hurt an American business and the US government wouldn't want to do that. It's much easier to pick on the foreign ones.
Unlike other computer manufacturers that use Chinese labor to produce computers, the Chinese government owns 28% of Lenovo. I would assume it's the government ownership, not the manufacturing location, that is driving this move.
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
what is more important to the Chinese government?
1. the measly billion or so the get out of Lenovo as an investor (measly is relative here, it is a major world government)
2. the ability to place computers in governments all over the world, and the potential to spy.
put yourself in the shoes of someone who does espionage work before you answer this question.
I am not saying that the right answer is to unilaterly block all Lenovo PC sales, that is just a typical knee JERK politician reaction. What I am saying is that it should be questioned, and the PC's should all be tested prior to operation in sensitive government installations. This reaction is only punitive against Lenovo.
As a site question: is it possible for a NIC manufacturer to embed a low level (ie.. before the OS) keylogger that could send data to a remote location?
DK
So, we have a choice between computers manufactured by an American company in China, or computers manufactured by a Chinese company in China.
Given that the actual production houses in China cannot be majority owned by foreigns, I'd say it doesn't make a single bit of difference.
I'd love to buy "American" made products, but when it comes to electronics thats totally hopeless. From the top to the bottom end, _ALL_ of it is manufactured either in China directly, or Taiwan; and although Taiwan is a democracy and a responsible U.S. ally I suspect it would take about 5 minutes for the PRC to conduct clandestine commercial activties in the RoC.
I have no problem with foreign products. I'd love to purchase Japanese manufactured computers (and I'm a huge supporter of Japanese cars, many of whom which ARE produced on the island). But nearly all electronics manufacturing is done in China, sadly.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
Trying to stop computer/car analogies on Slashdot is like trying to drive at 60MPH an IBM Blue Gene into a parked 1978 Dodge Charger. In other words it doesn't make much sense to try and is not likely to happen.
Just my two cents.
Mac OS X and Windows XP working side by side to fight back the night.
I'd personally like to see the Federal Government utilizing American products and American services. The Federal Government, at the very least, should be required to "Buy American." This is a good idea not just from a security standpoint, but from a political and economic one. One can make the argument that a private party should be able to buy their products and services from anywhere in the world, but it's insane that a government of the people of the United States would not purchase what they need from their own people.
"Experts in spying, meet the experts in backdoors and burocratic red tape"
Their motto can be, "Corrupt electronics for the New World Order."
Who need the pesky voters anyway?
thinkpads were made in China before, the only difference now is that they are not supervised by a US company.
Well, actually Lenovo Thinkpads are still made in the very same North American factories as IBM Thinkpads were, though I'm sure some components were made in Taiwan or China. Also, Lenovo is now headquartered in the US and has substantial US ownership. Lenovo is not strictly a US companiy, nor is it a Chinese company, though the Chinese government does own nearly 30 percent. Lenovo is a multinational company, like most big companies today. The issue is that a sizeable chunk is owned by a communist government.
Somebody should show this guy the label on the pen he uses, on his reading glasses, on most of the small electronics he owns.
It is pretty easy to determine if a pen or glasses are "safe for classified use", and I bet a lot of small consumer electronics are not approved for classified use too. In any case, this Lenovo descision is 100 percent consistent with how the government and military have handled devices approved for classified use. Here is another notable example:
The "Jeep" was the mainstay of the military for personnel transportation since WWII. Though it was based on a design by Willys-Overland, during the war the identical model was also built by Ford and Bantam (the Ford models were the only ones that had any visible difference at all--all the bolts were embossed with the letter "F", but all the parts on all the Jeeps were interchangeable). After the war Ford and Bantam stopped making Jeeps, and Willys-Overland became the Military's sole supplier of Jeeps and also started to sell it to civillians ("CJ" for "Civillian Jeep"). As time passed, Willy's Overland changed ownership and merged with other companies like Nash and became part of American Motors Corporation (AMC) in the 1960s.
By the 1970s the Jeep was looking long-in-the-tooth and the US military was looking for a beefier replacement. In order to meet contractual obligations AMC set up a new division called "AM General" (because they wanted an independant entity from Jeep that did not sell to civilians) to develop and build what we know as the Hummer. However, in 1978 controlling interest in AMC was sold to Renault which was at the time wholly owned by the French government (Renault was a "Regie Nationale"). As a result about a third of AM General was also owned by the French government. The military promtly "declassified" the Hummer but since there was no alternative readily available AMC was pushed to completely divest AM General to a "real American" ownership (or at least not foreign-government-owned). If AMC did not divest itself of AM General its deal with Renault would've been in jeopardy.
This very closely parallels what happened with Lenovo--its ownership chaged to include some ownership by a foreign government and the milliaty "declassified" it as a supplier as a result. What is different is that alternatives were readily available so rather than blocking IBM's deal or forcing Lenovo to change its ownership they did the easiest thing and bought Dells.
Does that mean his cellphone is a threat to national security!?
Bingo! There isn't a commercially available cellphone approved for classified use by the US military (or the Canadian military IIRC). Besides the fact that most are probably made in China it is probably altogether too easy to tap into conversations on such phones for the military's liking (even today's digital phones, but the old analogue ones were trivially easy to tap).
On a side note, I have an interesting anecdote. I was driving back home from the US across the border into Canada a few months after 9/11. As I approached I got a call so I was talking on the cellphone when the US customs agent/marshal approached my car and very abruptly told me to end the conversation and turn off my cellphone...because it was a security risk. I wasn't even finished saying bye when he said "turn it off NOW sir!"--it agitated him quite a
Is it just me, or has anybody else noticed that this story hit just after Dell announced less than expected profits and their stock tumbled? If Lenovo is out, maybe more people will buy a good old Amercian laptop (even if it, too, is made in China).
Hidden program on a chip that was activated remotely to bring down networks?
"That is FUD pure and simple. Unless I'm clueless, backdoors are software not hardware"
Your clueless.
Backdoors can be placed in firmware in a chip or hard coded into a chip. With millions of transistors in even the smallest chips, how hard would it be for them to put in a couple, in the bus path, or the network communications path, or any number of other places that kick back and listen for X. when X happens, open a link on an unsuspecting port encrypted and give full access to the box, or log keys and wait for something to happen or some set time and dump the data somewhere.
there are many many many ways this can be done and hidden, and anyone with even a slight technical background could point this out.
Why do clueless people bother to voice their uninformed opionions on something? The standard liberal montra. Scream louder than anyone else and the crap you are spewing becomes true?
Just three more hours seapeople and you can finally take me away from this crappy God Damned planet full of hippies
backdoors are software not hardware
The lines between "software" and "hardware" are blurry... especially when the word you should have used is "program"?
Programs can easily be implemented in hardware.
--Phillip
Can you say BIRTH TAX
But we do put bugs in computer systems that we sell to foreign governments. During the cold war the Soviets and Chinese had to beg, borrow and steal US computer equipment. You better believe that most of what they could get their hands on had spy equipment or flaws onboard. Stolen US software directly caused the largest non-nuclear explosion ever seen from space.
9 17,00.htm
http://news.zdnet.co.uk/software/0,39020381,39147
All ideas^H^H^H^H^Hprocesses in this post are Patent Pending. (as well as the process of patenting all postings)
brilliant post.
We use lunar-power cells to run our Elbonian Monolithic Laptops. They're muck-proof!
Busy aligning my non-linear thoughts.
Is this really any different than China wanting to use a homegrown OS (Red Flag Linux) instead of Windows, because Windows is made by a 'foreign' company, and as such can't be fully trusted?
Where do you get a US computer? I have worked on secure networks and I have yet to see a US computer on them. As for rigors testing of applications, that is a bad joke. Take for instance the Anti-Virus software used on these systems, the code is produced by people who do not have security clearances and would be ineligible for them (for nationality if no other reason), yet the software is trusted implicitly with no real testing or access to the code base on which they operate.
And Vinge knows computing and the internet. He was here before you were, no matter how low your slashdot id is.
"But all your emitter and collector are belong to me!"
I don't think there would be a backdoor, per say, but more like an minor security flaw which is difficult to detect and has serious consequences. I could see such a thing being implemented in a very subtle fashion.
WhiteWolf666 an exBush supporter. All you new-school,compassionate,save the children Republicans can rot in hell
>Richard Griffin said the department would also alter its procurement process to ensure US information security was guaranteed.
That's not as absurd as it sounds. It's possible to (almost) ensure that information security is "guaranteed" and it's possible to accomplist this in the procurement process.
One approach is to order the computers customized by having concrete poured around them and having them shipped to Fort Knox.
The State Department could also try ordering the PCs without AC plugs or battery compartments, but that would be less guaranteed.
So I guess my first reaction, that he was inttentionaly spouting nonsense phrases in the hope of misleading people, may have been too harsh.
Seeing how badly Halliburton seems to handle everything, and how much money they've wasted on Boston's Big Dig without even getting the job right, I'd say the American tax payer would be well served by choosing ANYONE other than Halliburton.
To widen my response to your entire diatribe, the reason why we should favor free trade and frown on protectionism is because the goal is to get the best product for the best price, not to line the pockets of a fellow citizen just because they are a fellow citizen. The precise reason WHY Halliburton is so bad is because its in a market where it rarely has to compete against anyone else, foreign or domestic. Competition breeds quality, international competition breeds the best quality.
Aside from all that, it is or it should be pretty demoralizing to a human's spirit to know that the only reason you have a job is so you won't starve to death, not because you are doing something worthwhile that is valued by others. If I am not making something people want or performing a service that people want, then aside from keeping me alive the paycheck wouldn't be very welcome. There's a pretty high suicide rate in Japan right now because the government gives people "make-work" jobs that are jobs with no purpose really. Building roads and bridges that don't need to be built...etc. After a while the worker figures out his job has no purpose and gets depressed.
Mac OS X and Windows XP working side by side to fight back the night.
Backdoors can be anywhere and they could just as easily be placed in hardware. In fact, they'd be much harder to detect in hardware since "opening up" a chip is a heck of a lot harder than disassembling executable code that is fully visible. Chips have a bunch of input pins and output pins--what goes on inside may as well be "maigc" unless you have a lot of time and money available to try to reverse engineer the IC.
Also, isn't almost all computers and electronics made in China today? What is unique about Levino besides they are an offshoot of an American designed piece of hardware (that odds are was fabed in China for years)?
This is just speculation, but it's not unreasonable to imagine that a given backdoor could only work in a given configuration involving multiple ICs with backdoors--in fact, unless the backdoor is in the processor itself, any given backdoor in an IC would probably have to operate in conjunction with backdoors on other ICs on the motherboard. For a backdoor to be useful, it's either going to send a memory dump back "home" (which is doubtful because it'd be big enough that it'd be easily detected) or it's going to have to be able to "spy" on the CPU. If the backdoor isn't in the CPU, it's going to take multiple ICs with backdoors to build a picture of what the CPU is doing based on its interaction with other ICs on the motherboard. So while many ICs may come from China, any potential backdoored ICs are probably only going to be able to do their job when used in conjunction with other ICs with similar backdoors and used on a motherboard that connects those ICs in a way that is conducive to the functioning of the backdoor.
Is this far-fetched? Maybe a little, but not much. Do NOT underestimate the value (perceived and real) that countries place on knowing thing about their military and economic competitors. If a company China had a stake in was known to have a contract for 16,000 computers at the U.S. State Department, it would be naive to believe that China wouldn't try to make the most of that as possible from an intelligence standpoint.
And, as I've already said, it's not unreasonable to think that the U.S. Federal Government should have a "Buy American" policy on products and services.
All other computer equipment manufactured in China must be removed too, by this reasoning.
..by a Canadian company ;) This is not an issue becasue RIM is not a Crown Corporation, not because it is not Chinese. If RIM was a Crown Corporation (government) then I'm sure use of blackberries by US government or military agents wouls also be restricted, or a special agreement would've had to be established.
As I read this you're modded 5/insightful...Moderators on crack again...
This reasoning means nothing of the sort. The distinguishing factor is that Lenovo is PARTLY OWNED BY THE CHINESE GOVERNMENT. Apple makes computers in China, as does Dell. However, in those cases there is NO owenership by ANY foreign governments, China or otherwise. This is important because since a foreign government can control the latter companies to disrupt supply of sensitive goods (cutting them off, or sabotaging them).
This is standard Military policy: sensitive equipment of ANY kind cannot be supplied by ANY company that is partly or wholly owned by a foreign GOVERNMENT, and even private foreign ownership is restricted somewhat. As I mentioned in another post AMC had to sell AM General when Renault bought part of AMC because Renault was owned by the French GOVERNMENT, because the military wouldn't stand for relying on its supply of Hummers being influenced by the government of a foreign company.
This includes keyboards, mice, USB hubs, and other PC equipment.
Well although many are made in China, they are not made by companies owned by the Chinese government. If it really matters, a sizeable amount of this stuff is made in Taiwan (NOT recognised as part of Communist China) and other asian countries.
Thank GOD the Blackberries are manufactured in Mexico!
Totally ignore China's human rights record, increasing business dealings with them. But Oh? a computer by a Chinese company? we can't allow that in our system. I mean, no other computer component in the world is EVER made in China, EVER. I mean, what would the state department think if Dell's components were mostly-if-not-all Chinese-made. I bet they'd march right up to Michael Dell and accuse him of treason.
The issue here is that when IBM was making the same machines, in the same factories in China, this was no issue. Companies like Apple and Dell also manufacture their computers in the same factories in China, and don't run into the same problem.
No, I want the US government to spend the US taxpayer's money as much in the US as possible.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Actually all that's left now is
1. the new MC CArthy to fire up the trains and start shipping american citizens off to the detention camps for gasing,
2. use eminent domain to take their property and homes.
3. Profit!
Governments buying from companies of their own country is hardly communism, and it's hardly a rare occurence. You think they buy many non-domestic cars for use by police and the like? How about almost everything in the US military? Do you think AirForce 1 will ever be and airbus? And these are areas with arguably bigger gaps in performance and price than computers.
Look at the laptop issue from a political point of view while keeping economic practicality in mind. It's almost always a good political decision to buy from your own country over a foreign one. And since the prices and performance of Lenovo are on par with their American counterparts they'd hardly be subsidizing inefficiency.
Because they have a convincing political reason for and no convincing economic argument against, I'm kind of surprised the US government hadn't already ruled out foreign computer companies.
So let me get this straight: Lenovo is bad, but companies like Amdocs are OK?
Doesn't that reek of double standards and all?
For those who don't get it: http://www.whatreallyhappened.com/spyring.html
Yes. Yes there is.
Ah, and now for the flood of comments from airmchair quarterback /. intelligence analysts.
Any software Microsoft, or anyone who manages to hack them or bribe them, chooses can be automatically downloaded and executed without the actual owners of the computers being able to do anything about it, or even being able to detect that it is being done.
There doesn't need to be any extra back door. Treacherous(Trusted) Computing itself is the back door. With it installed Microsoft can literally do whatever they wish with your computers software. Whether or not they will abuse it is besides the point. The potential alone is completely unacceptable.
All comments I've seen fail to address the following:
1. Securing Gov't contracts is a dirty business. If you don't have the resources, (people, money) to do the dirty work, then you are out. IBM has these things and they know better to keep them.
2. I'd be very interested to hear some feedback on Lenovo's service levels versus IBM's. Based on my knowledge of Chinese tech industry, I predict there was a great deal less satisfaction. Along the way this fine specimen of a politician gets to make a little hay on their misfortune and inexperience. That's predictable and accepted human behavior.
This has nothing to do with protectionism. It's about a once-venerated public agency brand (thinkpad) failing spectacularly.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
No, it's not unreasonable. But this isn't a Buy American policy, it's a Don't Buy Chinese policy.
And there's no way China could place any sort of backdoors on computers in a government network without getting caught eventually. If that happened China's entire electronics sector would take it up the ass as nobody would trust their products anymore. Would that be worth the perceived and real value placed on any data they might get? Probably not. China isn't stupid.
Going off on a tangent, I'd like to ban "Trusted Computing" from my own house. After all, like you said, it's easy to embed interesting code inside of special chips.
For some reason, I trust my own current computers than the "Trusted Computing" computers coming up. I wonder why that is?
I call on the government to it's citizen's situations being paralell to their here, and ban these abominations. Afterall, we could be spied on with these special chips, much like the US Government fears from China. I'm fully sure the US government will sympathize.
Not really; They are pissed at him for treason (outing an active undercover agent), lieing(the coverups on the fact that it with the suggestion that he declassified the data; of course that was AFTER he said that he would throw the full force of the law at those responsible), and cowardice(finally, trying to allow others to take the fall as well as suggesting that he declassified it).
It is obvious that he is the same person that he was in the 70's and 80's.
I prefer the "u" in honour as it seems to be missing these days.
If you stripped your PC down to bare bones, how many of the components were made in China. And for my purposes I'm including Taiwan in there because the ROC seems to be catering to demands of the PRC lately.
You'd find components made all over the world, including China. My Dell laptop clearly says it was made in Malaysia, but who made the PCB, or the components on the main board?
This is just political bluster. If China wanted to bust our chops they'd just cut off the electronics manufacturing exports to the U.S. Watch what happens then.
What's the big deal? So they got spooked by Chinese PCs - fair enough. When you are in defense, you play the "worst-case-scenario" game. No American companies were hurt, no civil rights were harmed - I don't see the problem. So we got a look inside the Defense Department's paranoia, but it's a harmless paranoia and implies no harmful side effects, corollaries, slippery slopes, or other cliches. This article should be tagged as "hype". This should be something people tag all articles that are oversold by the Slashdot headline.
Did you ever notice that *nix doesn't even cover Linux?
For the current matter, I would guess that some domestic PC maker is trying to take advantage of the situation, *cough*Dell*cough*HP*cough, pardon me!
If they had any sense they would be scared to death.
They have over-saturated the US market and now this entire, giant foreign market could (SHOULD!) be closed off as China treats us in kind.
China has many many times the potential of the US market, even IF the entire US market were to go out en mass today and all buy new PCS, and China has, in the past, refused to submit to our pompus posturing.
Actually, there are many computers on "classified" networks... maybe a quarter of all computers, if not more. The Defense Department even has their own secure "internet" cleared for Top Secret (SIPRNET)information. I'm in the Navy, and the ratio at my command seesm to be at least 1 in 3 PCs are classified secret or above, and we're not even involved with warships on a daily basis. Now, not every computer "classified" is classifed "Secret" or "Confidential"... There's also sensitive data involved... addresses, pay records, medical records, social security data bases, etc... Things that, while not vital to national defense, you don't want out in the general public. That being said, I'm tending to be skeptical over the legitimacy of this concern. I lost all respect for the our military's grasp of cyber-threats when they banned Furbies for being recording devices...
They should be damn careful if they buy Boeing aircraft for the official use of the Chinese government. There would be a very good chance such aircraft would get some extra features, courtesy of American intelligence agencies. None of this is new. Ask the Trojans about that nice statue of a horse given to them by the Greeks.
Mea navis aericumbens anguillis abundat
True, but it's a good first step. I also wouldn't buy anything for sensitive use from the Iranians or North Koreans right now, either. China is no different. China is not our friend and we are not their friends. Both sides put up with each other because we need each other. Given the opportunity, either side would pound the other with a rock--be that rock militarily or econimically.
And there's no way China could place any sort of backdoors on computers in a government network without getting caught eventually. If that happened China's entire electronics sector would take it up the ass as nobody would trust their products anymore. Would that be worth the perceived and real value placed on any data they might get? Probably not. China isn't stupid.
The world is addicted to cheap Chinese electronics. Dell, HP, etc. aren't going to stop using Chinese ICs and have the prices of their computers double. And most DFUs would rather have a cheap computer and think, "Well, sure, the Chinese want to spy on the U.S. Government, but they're not going to be interested in little 'ol me. Now give me that $400 computer please."
So, yes, I think they very well may make that gamble.
That said, I don't put much faith in this particular accusation. As far as I know, classified computers are not even connected to a public network--not even behind a firewall--so there'd be no way for the computers to "phone home." Still, it is not at all unreasonable for a government agency that handles sensitive, classified data to not trust that data to a computer by a company that is over 1/4th owned by an enemy. And, again, China IS our enemy. We might not be shooting at each other, but we are economic, political, and military enemies. China is the greatest threat to the U.S. right now. They're not building up their military by leaps and bounds just to parade it down the street on May Day, and they don't need that much firepower to take Taiwan. So keep a suspicious eye on them.
how hard would it be for them to put in a couple, in the bus path, or the network communications path, or any number of other places that kick back and listen for X. when X happens, open a link on an unsuspecting port encrypted and give full access to the box, or log keys and wait for something to happen or some set time and dump the data somewhere.
The first scenario is not a matter of "a few transistors"; to give "full access to the box," you need to be able to communicate with the box at an operating system level. The question you're really asking is, "How hard would it be to put the equivalent of VNC in hardware and have it transparently work with the OS on a laptop," and the answer is "very." The second scenario is more plausible, but exactly where is the "somewhere" the data is being dumped to? The laptop may not be on a network all the time, and most corporate networks are running firewalls these days, despite what the cynics will tell you. (I haven't been able to open a non-standard port out at any company I've worked at in the last four years, and when I've opened a standard SSH connection to my home machine I've gotten questioned more than once.) Do you propose that at midnight the computer is going to automatically FedEx a flash card to China?
Go talk to a company that actually deals with classified technologies and export controls sometime. Business computers manufactured by a company that has a home office in China are not very high on the list of things they worry about. And you are aware that many laptops sold by non-Chinese companies are made in China anyway, right? If it were truly so easy to be hiding nefarious things on motherboards, they could be just as easily "bugged" by a subcontractor. The fact that we're worried about Lenovo and not about Dell shows this is more about making a political point than making the State Department safer.
Why do clueless people bother to voice their uninformed opionions on something? The standard liberal montra.
If only more Americans gave the careful, deliberate consideration to important matters that Rush Limbaugh and Bill O'Reilly do.
What does this tell you about US-made Windows software?
Don't look now, but Microsoft has r00ted your Windows box! Microsoft supplies the OSalrady do this. Trusted Computing doesn't enable them to do anything they can't do today. Trusted Computing allows someone else to perhaps put an undetectable rootkit on your machine, such as Lenovo (all recent Thinkpads have TPM chips) but Microsoft already controls the kernel.
Socialism: a lie told by totalitarians and believed by fools.
Why is this rated +4 interesting? It's quite plainly wrong.
I agree with many of the above posters. If the US government decides to buy American-manufactured computers, economic resources are drawn into that manufacture from other sectors of the economy. Now, why were the resources originally in other sectors? Because the marginal productivity there is greater. In other words, by buying American, the government would be reducing the output of the US economy.
Elaborating somewhat on that point (though this obviously isn't implied in parent), yes there are newer strategy trade policy theories, which suggest that such actions could be beneficial under specific circumstances. However, from a rent-shifting perspective, this case doesn't make sense, because the profits that can be appropriated are small in the PC manufacturing sector. It's a commodity. As to other arguments, the informational requirements for determining policy that would have a positive net benefit to the economy are too great, and this intervention would be too simplistic. It's like performing acupuncture with a fork, to use a popular metaphor.
from sucking on the US taxpayer teat and kick all of their lobby groups out of the country, or better yet, jail the fuckers for the gross amounts of spying and theft they've done.
And don't forget the big ugly red book that won't fit on any shelves! ooh, how about the devil book? dragon book?
Come on Cereal Killer, why won't you let me be l33t?
OOh, is lord nikon invited to this party as well? or Razor and Blade?
Nobody can look at an IC chip and read the traces inside.
Man, you really need that seminar!
The risk isn't just from the initial install, it's also from the maintenance of the systems How do you handle maintaining the system if your supplier is chinese? "Hi, this is Gyorg with the state department. We have a system that is acting up. We won't send back the hard drive because it has sensitive government information on it, but can you take a look at the rest of the hardware? Thank you." What is your assurance that the hardware coming back isn't bugged? And heaven forbid you have to do any maintenance while the equipment is deployed.
I do security
Am I the only one that remembers when the CIA put defective chips into a pipeline system -- and blew it up on purpose?
Jeez, you guys act like this is "just a product" and it's wayyyy more than that, when your national security infrastructure is being manufactured outside the US. There is nothing to prevent the Chinese from supplying the same thing to us and I am quite sure they have the technical competency to pull it off.
So the remedy is simple: don't buy Lenovo.
On a more serious note, this is obviously a purely political step - but why?
Because the U.S. is in the grip of a fairly major bout of xenophobia just now. This is something that overtakes all human groups every once in a while, where suddenly anyone who is remotely outside the mainstream is automatically suspect and "other".
This kind of thinking can be seen all over the current immigration reform in the U.S., as well as border security generally. It creates massive distortions in thinking--for example, President Bush's proposal for a "tamperproof" ID for foreigners working in the U.S. only makes sense if you somehow mentally categorize outsiders in such a way that they are inherently different from Americans. Otherwise the obvious work-around of foreigners using fake American IDs is, well, obvious. Without this kind of unconscious mental distortion it is clear that foreigners are indistinguishable from Americans.
We see the same kind of thinking amongst the people who say that various illegal and unconstitutional measures will only be used against "terrorists", as if that was an unabiguously distinct, knowable category of person. By reconceptualizing terrorists as inherently "other" they are able to perform this nasty mental trickery of reassuring themselves that only bad people will be affected by the draconian powers being granted spies and miliary officials, despite the glaring epistemological problems with such beliefs.
In such a social climate, xenophobia has a lot of political value, and gestures of solidarity with the group (flag waving, declarations of patriotic feeling, signs posted on businesses declaring they hire only documented legal workers) are highly valued. Those things by themselves are relatively benign, but the flip-side is the tendency to demonize anyone outside of the group.
Personally, I would think that no closed-source application should ever be used in a secure network environment. That includes the OS, obviously. There's just too much stuff that a closed-source application could be doing that isn't good, even if there was no malicious intent.
Blasphemy is a human right. Blasphemophobia kills.
One reason the US government is so paraoid about hardware backdoor is the number of times we've done this to other countries! Line printers (line-at-a-time impact printers) sold to Iraq in the 80s had radio transponders secretly embedded, so that they could be located at some distance. As such printers are only used in large data centers, we had a targets list of a significant portion of the Iraqi communications infrastructure, which we bombed at the start of Gulf War I.
Xerox machines sold to the USSR during the cold war often had cameras embedded, and service technicians would take great risk in retreiving the data (I think it was actual film) when servicing the machines, but we had pictures of everything copied.
These are just 2 very simple examples that have been made public, who knows what sort of stuff we've done that's clever enough that we still keep it secret. If the Chinese got busted the consequences wouldn't be much worse than where we already are today. The CHinese government could, after all, argue that they're not crossing the line any more than the US government has repeatedly done.
Socialism: a lie told by totalitarians and believed by fools.
Did you ever have a kid in class when you were in elementary school who always complained that everyone was stealing his pencils? I bet that if you'd looked in his desk, you'd find stacks and stacks of stolen pencils.
Perhaps the reason the State Department is concerned about sabotaged computers from overseas is because they are doing it.
My MacBook Pro came from Shanghai. Is it because Lenovo is a Chinese company? Well, ship them without an OS. That'll solve it.
Yeah, but the Chinese market is still pretty closed off, so there is potential, but it has a long way to go yet. Right now a company that releases a product in China has a very good chance of competing against that same product at a much lower price point in a few months after a chinese company copies it. Cars being the most obvious example right now. Just search for chinese car copies on google for more examples.
Q.
Are you guys nuts? Electronic espionage is old. Printers with beacons. Phone switches with shutdown interfaces. Tap points on undersea communications cables. Carnivore. Not to mention controlled encryption algorithms. To pretend Lenovo is not controlled by the Chinese spy agencies is to believe the Senator knows less than you do about what is happening. Very doubtful. You're talking about a government who when confronted with the fact 90% of the software in use by the Chinese government was stolen refused to pay Microsoft and others. $6B trade deficit because we buy from them and they steal from American companies. The Chinese government's answer was that they'd stop using stolen software. Yet they are still a favored nation!
TimJowers
Expect Freedom.
If that happened we'd never know what they were up to! Holy crap, say it ain't so!
Friends don't help friends install M$ junk.
I'm not sure that many of you all remember this, but a while back the US actually sold China a Boeing 767 with at LEAST 27 different spying devices on board. Both China and the US were mostly quiet about this though, which kept things under wrap. The BBC has articles here and here.
Looks like America has every right to be paranoid, if it expects China to treat it as it has been treated.
We are the all singing, all dancing crap of the world....
TECHNICALLY, you did type "XBoxen"... :-)
i thought that was the conservative mantra.
Regardless, I agree with your basic premise. Stupid people should shut up. The problem is that they're too stupid to know they're stupid.
Trusted Computing doesn't enable them to do anything they can't do today.
As you yourself say below: Treacherous Computing enables them to make it UNDETECTABLE. .
Trusted Computing allows someone else to perhaps put an undetectable rootkit on your machine,
Indeed.
These computers DO pose a security risk and this is nothing new. The issue is not trojan software or keyloggers installed. What the state department does not want is to have to speak with someone in China for support. If you need to go to China for support then someone in china might know your network topology and what kinds of other security features are or are not in place. This also has nothing to do with it being from China and everything to do with it not being American. If the computers were made in France and you needed to call France for support they would not allow it.
Remember that when they want security they dont just want security on a random 500 computers. Usually if they do any type of check it is to ALL the computers on a network. These systems are too critical to even let 1 key logger slip by.
unzip; strip; touch; finger; mount; fsck; more; yes; unmount; sleep
I'd just like to point out that the company is named Lenovo, not Levino.
and it's been an issue for a very long time. Some light reading http://www.pnl.gov/isrc/foci.stm and http://www.dss.mil/isec/focifaqs.htm
They are pissed at him for treason (outing an active undercover agent),
Perhaps you're talking about Bush outing a different undercover agent, it's hard to keep up these days, but Valerie Plame was never a covert operative. She had "emabassy cover", which these days is officially overt. No CIA agent who's seen been in an embassy or appeared with an agent with embassy cover can ever do covert ops - that's been the official rule for decades now.
You can look at the list of employees of an embassy and tell who's CIA and who's State by their credentials. Everyone seen entering a US embassy is automatically assumed to be a spy and treated as such (at least, that's how the Russians have worked for decades). In any case, Valerie was never an "undercover agent", as "embassy cover" means exactly the opposite.
Socialism: a lie told by totalitarians and believed by fools.
Ah, but you forget, trade is a zero sum game.
Oh wait, no it's not, both parties always benefit from free trade. Otherwise, by definition, it would not happen.
Nerd rage is the funniest rage.
Yes, but what about the software embedded in those familiar chips? What about the BIOS? There's lots of nasty stuff that could be hidden at that level, and would be hard to detect. Certainly, visual inspection is not going to be enough...
Great men are almost always bad men--Lord Acton's Corollary
Slashdot really has gone down hill. I can't believe that noone has yet to give the real reason why this is done. It isn't because someone has accussed Lenovo of doing anything illegal. The simple reason why the government can/should/will do this is that the Chinese government owns a very sizable chunk of Lenovo (I heard around 30%.) This is indeed very scary because Lenovo will always act in the interest of one of their largest stock holder, especially a stockholder that wants to spy on the US government and one that will subsidize Lenovo's efforts to gain marketshare. The solution is simple, once the Chinese government frees Lenovo, the US will free Lenovo to do business everywhere.
Any credibility you may have gotten with your comment was blown totally out of the water when you mentioned Bill O'Reilly and Rush Limbaugh....geeze...
As you yourself say below: Treacherous Computing enables them to make it UNDETECTABLE. .
No more so than it already is. The kernel is closed source. It does whatever it does. The OS phones home to "comfirm you're legal", and we just take Microsoft's word on what's in that encrypted communication. Trusted Computing adds nothing here.
In any case, all Trusted Computing means is that whoever own the master key owns the computer. If I own the master key, I like this arrangement. If someone else does, on a general purpose computer, I'll simply shop elsewhere. If someone else does on a DVD player or whatever, I don't really care.
Socialism: a lie told by totalitarians and believed by fools.
Often, discussions about outsourcing turn to the possiblity of "outsourcing" top management, and why not? How long will other countries be willing to do all the work and let the US skim off all the profit by maintaining just the top layer of management? Why put the Nike swoosh on the shoes at all, some percentage of consumers must be smart enough to buy the same shoes for $15 without all the expensive US bullcrap on them. And that's what Lenovo is, a Chinese brand.
But this is my prediction: when the powerful people start getting outsourced, then you will see some real protectionism. And here it is.
Don't forget how they sabotaged a rocket to blow-up on the launch pad about 10 years ago in order to successfully recover Top Secret satellite technology that they never should have been allowed this close to in the first place.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
If it's easier for citizens to get a security clearance than foreign nationals, why would anyone think the same should not apply to computers? When you have a multitude of domestic companies to buy from, why choose a Chinese company?
A Government Is a Body of People, Usually Notably Ungoverned
*looks under mouse*
"Made in China"
*looks under PDA*
"Made in China"
*looks under keyboard*
"Made in China"
*looks in cell phone*
"Made in China"
I suggest you have a look at Microsofts patent for a Digital rights management operating system.
Among other horrifying bits:
To protect the rights-managed data resident in memory, the digital rights management operating system refuses to load an untrusted program into memory while the trusted application is executing or removes the data from memory before loading the untrusted program. If the untrusted program executes at the operating system level, such as a debugger, the digital rights management operating system renounces a trusted identity created for it by the computer processor when the computer was booted.
"No one with any technical savvy is going to believe that these systems pose a greater security risk, unless someone independently confirms this and demonstrates how a backdoor exists."
In my experience the State Department assiduously eschews people who have any technical savvy in favor of people who can use big words. I can't remember too many instances when the technical merit of a product played much of a role in their decision process. After all, they just LOVE Microsoft. Probably one of their most slavish customers.
Powerful people don't remain powerful by making themselves easily replaceable. Sure, an Indian could fill the position. But that person doesn't have the personal networks from years of kickbacks, backroom deals, favors and reputation. The only reason someone would be replaced like this would be for political reasons.
Someone hates these cans.
Yes, but that market is rising, and as it does so it will pull up everything including the prices they pay for local products.
I know this isn't an issue now, but how we treat them now will be remembered in ten years when they are making their policies. Right now we are teaching them how to behave, in a way (Or more accurately, how badly they may be allowed to behave).
So how are we going to feel when they start to act as we do now:
--When they use their control over our vast debt to, say, influence choice of rulers or busines directions as we often do with other countries that owe us money or want our aid?
--If they tell us that they consider Cigarets a dangerous import and start spraying our tobacco fields like we spray central & south american drug fields?
--If they feel we are dangerous (I think we are currently the most dangerous force in the history of the world, asteroids and volcanos included!) and tell us that we must destroy all our WMDs or face UN sanctions that will cause mass starvation across the US (In the case of Oil sanctions, for instance)?
--What if they send "Communist Missionaries" across america the way we send "Christian Missionaries" to other countries. Is this acceptable? What if their missionaries convince your children to become communist, I'm sure that's no more offensive than one of our christian missionaries convincing children of other religions to switch to christianity.
Americans are so wrapped up in themselves that they can't ever begin to concieve how people outside must percieve us, and most of us seem to think that it's absolutely fine to treat other countries in a way that, if we were treated the same would be horrified (and angered to war which most americans seem to be very anxious to throw out--thinking we are completely safe behind our wall of "Nukes" and not even having to deal with a draft!). We may learn better soon.
On the other-hand, such a high profile action might concern those whose careers depend on sales of laptops. Therefore, would this be a good time to look for a price break on Lenovo laptops? Perhaps, temporarily (till Christmas) anyhow.
Perhaps the brand is blackballed not because it incoporates back doors for ChiComs, but because it omits the back doors for the Feds.
Remember, the RIAA is a bunch of jerks, but don't confuse dick-headedness with superfluous-ness. They promote music with all that money, create tours and organize them, they pay bands, pay for producers when the bands suck at writing songs, get them on the air, create the music video, etc. They are certainly very predatory, but don't think they just sit there and do nothing. Most of the bands we listen to (unless you are a hardcore independent fan) would get zero exposure without the recording industry. The RIAA needs to be regulated, not abolished. The money is there, and it won't ever just go away.
But the Chinese 0wn the State Department already. What's the big fuss?
http://www.house.gov/tanner/press108-101.htm
But it's not about filling top positions in American companies with foreigners. That won't happen. The way top brass gets "outsourced" is when their company is crushed by foreign competition, run by people who are powerful in their own circles. Like what happened to IBMs PC business.
I guess I can see the argument. It is best in times of war to be dependant on things no one else can take control of. It is however a blade that cuts both ways.
;)
What effect would it have on the U.S. economy if ASIA were to be as paranoid about their government tech as this good senator.
The first smart thing they would do would be to dump MS Windows from all their machines. Just in case the NSA knows something the rest of us don't
Not that I'm a big believer in such things, but when you are talking about people like the CIA spooks paranoia about security doesn't begin to describe reality.
Bottom line is, if you are working in the type of environment where
you can't have cell pones on because the shadow from your monitor superimposed on the signal might be carried far enough to be reconstructed by the enemy. You are much better off not buying things made by anyone but yourself.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
For the current matter, I would guess that some domestic PC maker is trying to take advantage of the situation, *cough*Dell*cough*HP*cough, pardon me!
The ironic part here is, those aren't really "domestic" PC's either. A Dell is just as Chinese as a Lenovo on the inside.
There are no American PC manufacturers. There were all put out of business or had to move overseas to compete on margins with those machines. All outsourced labor and tech with the past three administrations' approval, for the good of the U.S. economy.
Looks like we're reaching that point were we realize that being a country that doesn't make anything anymore is actually a bad thing. Especially if we're going to piss off/be paranoid of the international community on a regular basis.
Just like every Compal Dell/HPaq/Gateway that's made in Taiwan. God knows if something goes wrong with them the Fed's only option is to learn to decipher a Taiwanese accent. Jesus H Christ an Mary Magdelyn are you fucking joking me.
Looking back on Toshiba and similar cases during the (last) Cold War, the result would be that Lenovo would end up on the shit list for a year or so, then back to business as usual. In the meantime, the damage would have been done, a certain amount of intel collected.
The State Department, as a bureaucracy, didn't decide to send the family jewels to China. It was the political appointees and their business cronies who sent our manufacturing sector overseas, and the Taiwanese who moved it to the PRC. Right now, Lenovo has a certain number of Americans in the management chain, and a final assembly (put the motherboard and lcd in the case) plant in Mexico. All of that can change in short order.
So, what the bureaucracy was left with is either risk reduction now, or retribution later.
Luke, help me take this mask off
Your response to my post was well thought out, and put. I believe I understand a lot more about the situation now. Not saying that I am any less frustrated, but that instead my frustrations are now better understood.
Go ahead and call me unreliable; reliable is just a synonym for predictable.
If you're worried about Chinese-manufactured PCs being slipped into US defense networks, you better ban 'em all. What manufacturer is it that has no Chinese manufacturing plants?
That's not a minor security flaw...
After all, I am strangely colored.
Should every Lenovo laptop be inspected before use in government offices, just in case some enterprising intelligence officer in the PLA is really that stupid?
Why stop with Lenovo?
They should also demand compilable source code for the OS and all applications, so they can make sure there's no trojan horses there (much easier, really, than a hardware hack), and recompile them with the compiler of their choice to avoid a Thompson Trojan...
And... you know... that's probably not a bad idea.
No more so than it already is. The kernel is closed source. It does whatever it does.
An awful lot more than it already does... I'm afraid. Right now you can observe the kernel (or other code) running. With Trusted Computing, it all occurs behind walls of hardware enforced encryption -- the instructions are not decoded until they are actually executed... same goes for the data. You can't put a debugger on it, and you can disassemble it.
In fact the only way that won't happen is if a cold (nuclear threatening) war breaks the flow of current world events.
Nothing like a Cold War to make the poor screwed guy with all the nukes look strong and might once again and to distrac attention from the real facts
Why couldn't someone in a position to do that at say, Dell, be bribed?
-- The act of censorship is always worse than whatever is being censored. Always.
Amusing you attribute the proof-by-volume method of argument to liberals. While they now excel at this method of debate, it was Rush Limbaugh and Fox News that perfected this technique.
Both sides employ it so much now that people think politics without yelling is boring. What a sad state of affairs we are in.
Self-referential Sigs are cool on /. these days...
54
Yes, you want the US government to spend more money buying things from less efficient US producers, meaning of course their expenditure is larger, meaning of course taxes must be higher. And there's no incentive for the companies they buy from to become more productive since the government is effectively subsidising them anyway. And of course both the US and China end up worse off due to missing out on the economic benefits of trade.
Alternatively they could buy the goods at the price the market sets, spending less money, needing to bring in less revenue in taxes, leaving more money in the pockets of American tax payers, and not reduce the productivity of American industry due to subsidising their ineffiecencies.
Your way just means the government is taking the amount of money that the American products cost over the imports from the pockets of tax payers and giving it to inefficient US companies. Corporate welfare at its finest.
There are perfectly valid security reasons for not being dependant on foreign sources for some products, and not using foriegn products in some sensitive areas if they can't be audited properly first. Of course Israel and Germany are just as likely to spy on the US as China.
The hell? Your post, as a whole, makes no sense.
There's one thing you did get right though: computer based espionage is pretty easy. Given how easy it is, there's no way to categorize computer makers as "trusted" or "untrusted" - because all the "enemy agent" needs to do is have 10 minutes alone with a computer to flash the BIOS. That could be a QA engineer at Dell. Hell, that could be the UPS guy.
-- The act of censorship is always worse than whatever is being censored. Always.
Debugging the kernel is interesting though. The only practical way to do so is use use the debugger provided by Microsoft. It tells you what it tells you. I trust it, but existing rootkits certainly cause debuggers to lie about the contents of memory and so on, and Microsoft certainly could have done the same. Heck, the kernel can lie to a debugger about *anything*.
Socialism: a lie told by totalitarians and believed by fools.
You mean "because the BBC is in the grip of anti-American hysteria and wants to portray the US as xenophobic, because they've never had to deal with any kind of racial problems themselves surprisingly racist."
I can't answer as to whether or not the grandfather poster is a communist, however your post makes no sense. It is not the aim of communists to reduce the productivity and wealth of the country.
If you had any objective evidence that the government buying locally would hurt the local economy then it would be persuasive to a communist just as easily as it would to a non-communist.
However, all things being equal, whatever the government buys from a local company it will recover a significant fraction of that cost in the form of income tax. So if there are 2 products, 1 made locally selling for $11, and one made overseas selling for $9. If the government would collect $3 on the profits made for the local product (in the form of income taxes) and merely $1 on the profits for the overseas one, then we can see that the locally produced product actually cost $1 less (for the government) than the foreign made one.
If you consider the amount of money the government saves on reduced wellfare costs (like it or not, we have a wellfare state), then buying locally can even same more money, since whatever the government buys from overseas results in lost jobs locally, which the government must then partially offset by supplying wellfare benefits, which cost money.
The government reaps benefits directly AND indirectly from all local economic activity. Some foreign made product would need to be astronomically cheaper to justify the state not buying locally.
Remember: The STATE must provide wellfare. It also has a responsibility to REDISTRIBUTE wealth. It can do this indirectly by making sure it buys all its products from local firms and companies which also insist on shopping in the local economy. In fact, I would like to see the state consider trying to make purchases from smaller local firms, rather than always giving contracts to the huge multinationals.
If you had your way, and removed all wellfare responsibilities from the state, then your argument might be more persuasive. But as it stands, the government is responsible for more than merely saving money.
Unlike a firm which must compete, the government locally has a captive market. It has responsibilities to the local market which go far beyond what private firms have, but it also has powers which go beyond what private firms have. Pretending the government is nothing more than another corporation is fallacious and leads you to crazy notions such as the commonly held one that governments have a duty not to provide services if someone can make a profit off that same service.
No one has a right to their *own* opinion. They have a right to the TRUTH.
It's not impossible, but it's much harder, because there are numerous people involved in development who also have to be involved, or they will see the spurious code and wonder WTF it's there for. If it's a part of the product spec and the code comes from China already compiled and ready to load into firmware, then it's far harder to detect. Of course, if I were the federal government, I would demand all source code to everything; they have the power to make life hell for the companies if they don't want to play.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
actually I posted one of the original postings about the Lenovo takeover when it first happened. It's not so much the Company, but some of the technology that is incorporated. It has a LoJack type device, that when activated sends out a tracking beakon over the internet. Since this is the case, there are significant concerns with what else will/can it send.
Also, from a political standpoint is this the right move. China manufactures most of everything for us now. It's only a matter of time that if they want to give us something to worry about they will. Pulling this tab is not going to help us. The question now is, "Will global economy truly succeed?" If we start putting these types of constraints on products we may have much more to worry about than the idea of a beakon.
All and all the beakon has not passed the common criteria as did the PIX firewall's from Cisco. So there is no telling what the next constraint will be.
Look, there's any number of devices with firmware in them in parts of the machine in a position to compromise network security. There's also drivers, which can have backdoors. So, let's see, it could be in the BIOS (power management) or in the NIC driver or perhaps they'd just do something to the host adapter firmware so that when certain types of data was read from the disk it would do something with the network... Claiming that it's impossible is pure bullshit given that there's even firmware updates for some laptops to make them phone home any time they have an internet connection. Given that the feds got either an F or a D- on practically every area of their computer security, would they even notice a laptop phoning home? Probably not until long after the damage was done...
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I'm reasonably familiar with all this. Again, all this is doing is giving the owner of the master key the same power the kernel has today.
TPM owner is to everything as kernel is to userland.
This allows the TPM aster key owner to pervent someone from doing kernel hacking. However, if you're running the MS kernel they've already won. The TPM chip just allows the *real* owner of the computer (whoever has the master key to the TPM chip) to control what runs in kernel mode. In other words, Microsoft could force you to run the Microsoft kernel.
All the TPM chip *really* does is allow the real owner of the computer to be different from the physical possessor of the computer. It's not a big deal as long as you're aware of it. Many businesses already don't allow their employees to install software on their desktop boxes, for example - Trusted Computing will just mean the company can also stop the employee from booting off a Knoppix CD and removing that restriction.
It's just a tool. It's not, by itself, a problem.
Socialism: a lie told by totalitarians and believed by fools.
Looks like America has every right to be paranoid, if it expects China to treat it as it has been treated.
What kind of a pansy ass statement is that? Are you implying that we should stop gathering intel on other countries so that they leave us alone? Are you madd?
An individual chip? No. A sample chip? Sure, you just pop the head off the package, and stick it in a SEM, and you can read the traces. I would be very surprised if there isn't an automated process by which a computer-driven SEM can actually read the circuitry and produce a file that can run in a simulator. Difficult? Yes. Time-consuming, even when automated? Certainly. Impossible? I sincerely doubt it.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
They should be making them in the U.S. manufacturing industry!
Also known as Taiwan.
Running Microsoft software... which is a security risk?
Yeah, no sense to /dotters with no knowledge of the past. I'm trying to find the reference articles to educate these naive folks. Basically about 15 years ago a Scandanavian telco discovered switches being sold by American companies had backdoors to shut down the phone systems. Corporate world working for military. Also, it is fairly common knowledge printers sold by US companies to Iraq and others contained transmitters. "Export printers". I found an article reference on the Black Art of Electronic Warfare but cannot find articles on these yet. Too much noise on Google.
/dotters seem to realize. Finally, Carnivore is SW based so does not lend itself to the argument the espionage/military support would be in BIOS or chipset but does clearly show what goverments are willing to do in order to maintain complete control over communications.
/dotters seem to believe Lenovo is innocent considering so many past instances of US companies being complicit with this exact sort of activity. Of course it is probably political as with Texas in office one would not be surprised to see DELL become the sole source; but the reality of electronic warfare and complicit companies is documented. Judging from history I believe the Chinese have no qualms about stealing trade secrets, military secrets, and even software from the USA.
I also worked with an engineer who'd worked on an undersea cable system where they had to revise the design so submarines could tap in every ten miles or so. Do you recall teh case a few years ago where US spies determined the Spanish government had unfairly awarded a business contract to a Spanish company and not the the company who technically should have won? Business and military are intertwined more than
I'm very frustrated so many
BTW, adding in rootkits is not necessarily the only ill which could be done. Consider transmission frequencies helpful in guiding missiles to data centers. Consider a command to have the system reboot into netboot. Consider ability to saveout or remotely read TLB or cache. With such large caches, this could be serious.
TimJowers
Enjoy Freedom
Expect Freedom.
If you had any objective evidence that the government buying locally would hurt the local economy then it would be persuasive to a communist just as easily as it would to a non-communist.
It's a subsidy which has an adverse affect on trade. There are about 43 million arguments for why trade is a good thing for both parties.
Sounds good enough for US. Microsoft and Diebold would agree.
"Enjoy what you're doing! If it becomes drudgery, you're doing it wrong!" - Jim Butterfield
Don't forget the case of the Boeing 767 aircraft which was ordered by the Chinese government a few years ago. Once the aircrafts were delivered, the Chinese found dozens of spying bugs in those airplanes. I feel pretty embarassed for my government if they really think the Chinese are so stupid that they won't check for things like that.
"These aren't products from a company where the Chinese government has direct control of operations"
Just because they hired U.S. execs doesn't mean that they are in the know.
This sort of thing wouldn't be very difficult. Chineese gov't works with Lenovo and a domestic chip maker to produce an ethernet card that looks exactly like the ones currently being used. The chineese managers simply tell any curious exec's that they've found a cheaper, superior, chinese manufacturer. The guys working the production lines don't even notice.
These are actual State Dept. Regulations as found in the Foreign Affairs Handbook regarding the purchase of ANYTHING that enters a Classified Access Area (CAA). Give it a quick read. It could shed some light on the present situation.
An organization as large as the State Department is likely to have their own in-house support that can diagnose and repair problems with the hardware without having to speak to Lenovo support. If anything, they would only need to order parts and be done with it.
BTW, Lenovo's support is located in Atlanta, Georgia.
My Sysadmin Blog
All the TPM chip *really* does is allow the real owner of the computer to be different from the physical possessor of the computer. It's not a big deal as long as you're aware of it.
Until the proprietary-entertainment industry manages to social-engineer the TPM master keys out of its customers. "If you don't let us con you, you don't get our movies."
Heck, the kernel can lie to a debugger about *anything*.
And virtualized hardware can lie to the kernel.
Software backdoors? Or Hardware backdoors? If the IT department does their job properly, I find it hard to believe that software backdoors would survive being introduced into the environment, especially in a sensative environment like the State Department.
I could find a hardware backdoor believable, but that would require physical access to the system and knowing which computers had the backdoors installed. Unless there was an agent inside the DOS's IT staff, the only way that a bugged computer would get to the right people would be through random chance.
My Sysadmin Blog
IBM wasn't crushed by competition in the PC market. They simply changed their revenue model. They would have sold the division/brand to Dell if the money had been right. Lenovo is now in the position that the US Government won't do business with them for security reasons. Many longtime IBM customers won't buy from them because they are backed by a communist government. IBM's only concern is the five year branding contract. Lenovo could fail to maintain or build a customer base and go under due to market pressure. They'd still be accountable to the contract. And after it expires, IBM could take it to someone else. And what would the Chinese have then?
But yes, that's not to say America has a monopoly on success. Conceivably, instances like Daimler-Chrysler could happen in other industries.
Someone hates these cans.
Did you hear that from fox news? Cos that's not what I have been reading.
evil is as evil does
The Ratfynk
e...
Now, I think China has perfect justification to renege on gates and mshaft.
TOUCHE!
These power-mongering cretins on office think they are sooooo smart.
Really, cutting off Lenovo like that means that if China wants to continue seeing that company exist and try to profit, they'll have to just channel those potential sales to their own military infrastructure. Maybe they can "synergize" their own country JUST by feeding off Lenovo, selling at low prices, and then hoping for the best.
Everyone, scan this article for the comments on Russia and Iraq about the copiers and line printers.
Really, why should China honor an agreement with Mr. Backdoor when the US is accusing China or a Chinese company of being a threat. I can see trade wars... degradation to conflict...
Maybe China can up the ante by talking with South Corea to infuse more food and oil aid to North Corea and the three speed up reunification of the two Coreas so that more regional trade flows through Corea like it did hundreds of years ago. Then, China could begin to dispense with dependence upon the USA. Of course, Japan will have to be appeased, but that shouldn't be TOOO difficult if they want to be part of the regional computer and electronics trade...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
BINGO!!!!
Now, it would be very interesting if IBM took a 50% stake in Lenovo and caused a hankering in Progr.. ummm, Congress and got the computers flowing again (assuming the ban is in effect at this time...)
The disinformation and misinformation aspect is probably the best way to go, short of all out trade wars. Pissing off China will be very painful. They are growing, and if they can cause some or many of the stronger Asian countries to coalesce around THEM instead of suckling on the US tit, then it will be PAYBACK, US! Stop trying to RULE the WORLD. WORK WITH IT, goddammit!
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Personally, I would think that no closed-source application should ever be used in a secure network environment. That includes the OS, obviously. There's just too much stuff that a closed-source application could be doing that isn't good, even if there was no malicious intent.
Sure, but as Bruce Schneier says, open source does not mean "fewer bugs", necessarily. It does mean the potential of wider expert peer review.
An interesting question I have is whether the non-OSI "shared source" licenses would be sufficient to meet the needs of an organization's security? Open source values the number of eyeballs, but the eyeballs evaluating security challenges needs to be expert eyeballs, thus de-emphasizing the need for a freer license....
-Stu
It's more than that: This is about the US trying to discredit a major or important Chinese PC manufacturer. It's an attempt to erode or undermine China's forays into selling to more governments. It's to deflect attention away from the US's own activities in this espionage area.
At least, that's what **IIII*** think...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Keep in mind that the State Dept. is not allowing the use of Lenovo equipment for Classified work.
One thing to remember is that classified work only happens in environments with an air gap between the system and the unclass internet/POTS.
So there's no amount of phone-homing that the equipment could do to steal any state secrets quietly. At best it could randomly corrupt data or otherwise interrupt operations. Of course, if that started happening, malicious or not the agency using the equipment would move on to a more reliable vendor, naturally.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It's a subsidy which has an adverse affect on trade.
Your argument would be persuasive, if it was based on fact. Subsidies are neither good nor bad for trade, it all depends on what is being subsidized and under what circumstance. Your argument sounds like a neoliberal talking point used to justify denying the right of underdeveloped nations from fostering their own economies at the expense of America.
There are about 43 million arguments for why trade is a good thing for both parties.
I'm sure the Mafia uses many of those same arguments when they come knocking on your door offering to sell you protection services to offset the cost of insuring that they don't burn down your house.
No one has a right to their *own* opinion. They have a right to the TRUTH.
Classified PCs have to stay in classified-approved facilities, disconnected from public networks like the Internet. Often such facilities are RF-shielded and checked for rogue transmitters.
What exactly will the embedded code do, in that case?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
So the homing beacon is definitely NOT the issue. It's a political power play and a hat-tip towards the buy-American crowd. (Never mind that nearly all electronics are currently manufactured in the far east anyway)
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
It's so sad to see your post marked as "flamebait" when it's easily the most insightful piece of writing I've seen on Slashdot in a long, long time. But people don't like it when their (and their culture's) gross hypocrisy is pointed out, and you, sir, hit the nail on the head... hard. Sadly, mere words--no matter how insightful--won't make a whit of difference to a people who are obviously enraptured with and blinded by their own egos.
I'd give you a +1 insightful if I hadn't squandered my mod points last night.
The only practical way to do so is use use the debugger provided by Microsoft.
No, it's not. The rest of your message just builds on this fallacy.
Subsidies are neither good nor bad for trade
By definition a subsidy acts as a barrier to trade, is artificially decreases the costs of one party making their less efficient production able to compete with other more efficient parties. This of course reduces trade - the foreign producers can't compete with the subsidised local producers and so production allocation in the country with the subsidy is made less optimal (resources are used to produce things when they could be used to produce other things more efficiently). There is no difference between a subsidy and a tariff from the perspective of the foreign producer (except of course a subsidy is worse as it can lead to the subsidised party exporting at an artificially low cost, but that's irrelevant to the topic at hand).
Your argument sounds like a neoliberal talking point used to justify denying the right of underdeveloped nations from fostering their own economies at the expense of America.
How observant of you, I'm arguing that American Government should buy foreign products which is obviously in order to prevent other nations from developing their economies. Oh wait, it's the exact opposite. Yes I would also apply the argument in the other direction, the other country should import US products when they are cheaper - their economy will benefit from doing so.
Trade is beneficial because absolute and comparative advantage show that it increases the overall production and is beneficial to both parties. Any economics text will explain it, I'm sure wikipedia does to if you're lazy. I'm certainly to lazy to do the math in a slashdot comment text box. More modern economists would just say "opportunity cost", but I'm not an economist.
The threat is more than just espionage.
How about a hardware device on the motherboard that listens for a signal and reacts to it by disabling/damaging the entire computer. Continuously broadcast this signal and a segment of a nation's communications industry becomes temporarily crippled. This scenario can be designed to be OS-independent. Bonus points if it isn't limited to one brand.
Any military would love to control the "off" switch to an adversary's communications.
I doubt that such a project exists, but there's a potential for it. In any case, one should not assume that espionage is the only security concern.
Don't feel embarrassed...the folks playing these intel/counter-intel games certainly aren't.
this is standard operating procedure...same thing happens between nations when they purchase or build buildings in other countries (offices, embassies, etc)...all kinds of bugs all over the place.
some fairly easy to find, some not so easy, and some very difficult to detect.
the idea, of course, is that if 500 bugs are planted and 480 are discovered, the remaining 20 are probably good to go. the targets feel pretty secure (falsely) that they've covered their bases and enforced some level of security.
also, of course, this situation gets surreal quickly as both sides realize that some bugs are possibly detected but left in place as as a means to disseminate targeted disinformation.
I don't believe in Windows backdoors any more that I believe that the Lenovo people are able to pull this off without anyone detecting it.
If they seriously belief anyone could pull this off - use internal computers to send sensitive data unnoticed to an enemy outside - they should fire their network administrators and hire someone with a clue.
I'd wager that the average Slashdotter, if given an hour, could come up with at least five viable ways to do exactly that. Here's one: a keylogger that squirts compressed logs out on port 80 to an "acceptable" site - say, making carefully-constructed shopping cart additions and removals on a bogus Yahoo store. Now take someone who, unlike me, is a TCP/IP guru, and you get some really interesting possibilities.
If you mod me down, I shall become more powerful than you can possibly imagine.
In other words, Pune, India
We're all born with nothing.
If you die in debt, you're ahead.
They don't need to hit every computer, so they can attack much later in the production process. Anyone who has access to the motherboard after firmware is installed can update it with the "cracked" firmware. That includes anyone who has access to the assembled computers before they get packaged for shipping.
-- The act of censorship is always worse than whatever is being censored. Always.
Given all that, I still don't think there's any reason to trust computers from Lenovo any less than computers from Dell. Simply put, after Lenovo acquired IBM's PC business they're too obvious a player. Getting them to put backdoors in their computers would be too blatant a play too soon. It'd be like if the United States had McDonalds put rat poision in their burgers at their China locations.
-- The act of censorship is always worse than whatever is being censored. Always.
How it works:
You buy the laptops by using a fake company. For small quantities, go to Walmart with some cash.
You take the laptop into the SCIF (secure compartmentalized information facility), which is an area of the building with walls that are metal, soundproofed, and doubled. In other words, it's a Faraday cage. (Tempest crap is more expensive than a metal room)
There is no net connection that passes through the wall of the SCIF.
Before the laptop leaves the SCIF, at least two people witness it passing through the shredder. Yep, the laptop leaves the SCIF as fine powder. Alternately, it can leave as ashes or molten slag.
For some strange reason, the Chinese actually bought a Boeing for their leader. WTF were they thinking? Well, I guess it makes sense when the alternatives come from France and Russia.
So, predictably, soon afterward the Chinese were complaining about the numerous bugs planted in the plane.
I'd worry about more serious stuff in the flight control software.
Your first example is bogus. Look it up.
The second example is almost right. It was some copiers supplied to the Soviet Embassy that contained secret cameras, and the techs were in no danger at all.
The latest Slashdot meme.
Nicely written comment.
From wikipedia and the CIA: indicated Plame had been a "non-official cover operative" (NOC). He explained: "...that meant she agreed to operate overseas without the protection of a diplomatic passport. If caught in that status she would have been executed." [5] Later, he wrote that "The law actually requires that a covered person 'served' overseas in the last five years. Served does not mean lived. i.e she was a covert operative.
And directly from the CIA: But within the C.I.A., the exposure of Ms. Plame is now considered an even greater instance of treachery. Ms. Plame, a specialist in non-conventional weapons who worked overseas, had "nonofficial cover," and was what in C.I.A. parlance is called a NOC, the most difficult kind of false identity for the agency to create. While most undercover agency officers disguise their real profession by pretending to be American embassy diplomats or other United States government employees, Ms. Plame passed herself off as a private energy expert. Intelligence experts said that NOCs have especially dangerous jobs.
So, there will be many who claim that what w && associates did is just, moral, and legal, but when the CIA comes out against it, then you have to question it. More so, since you know that if a dem had done this, it is obvious that you and others would be calling for them to be sent to gitmo or executed.
I prefer the "u" in honour as it seems to be missing these days.
Um, it's pretty hard to sniff an SSL connection.
There are any number of ways to send the information that are not easy to catch. Sure, if it is on a secure network, it's a little bit harder, but not as hard as you might think. One lapse in physical security can be leveraged to huge degree.
The Chinese have demonstrated a strong desire to penetrate our classified networks, and they are very patient and taking the long view in their attacks.
Aside from the Chinese in particular, a comprehensive security policy definitely needs to take all elements of the IT process into account.
I see a lot of people crying "hysteria" and "protectionism" here, but if you are trying to set up a truely secure network, one important piece is to have a trusted source for your hardware.
A house divided against itself cannot stand.
On a more serious note, this is obviously a purely political step - but why?
... bloody hell! "Indiana Jones and the temple of Doom" for the fiftieth bloody time this week!
Racism. Pure, simple, unadulterated racism.
Call it bigotry or nationalism if you want - they're the same thing at heart. People from anywhere other than my home town are sub-human baby-eating morons who need to be subjugated utterly. Cut the balls off the men, abort all the pregnant women, and line them up to get a dose of proper seed. It's what we're evolved to do (because that's what the people we're descended from did) ; the people who got culled from the population didn't leave descendants, by definition. Not nice, but true.
Tonight's film at 11 is
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
You don't believe in Windows backdoors... this is the same company that embedded a flight simulator in Word or Excel (been a while don't remember which one). I believe it was Word 97 and you can probably still find internet references to it.
Windows is like decaf - it tastes like the real thing, but it won't get you through the day.
Aren't these the computers with Verizon Satilite internet? I am not saying that I believe this senator 100%, but come on, to outright say 'thats not possible' is insane. remember upto a point hardware can == software a chip is a chip, the software you load on it (firmware) makes that chip do something. If you think they are going to sift thru every bit of firmware on a motherboard, muchless find it all Then hats off to them, because that is going to be one IMPRESSIVE feat. Secondly, who said anything about leaking tcp/ip packets. or even udp packets. Wouldn't that just be i dont know OBVIOUS! If your going to spy on a national government- that is the LAST protocol that I would use.
Yes, the published story about the Xerox camera-copiers mentioned the Soviet embassy in Washington - http://www.parascope.com/articles/0197/xerox.htm has a rehash of the PopSci article - but the Stover article noted that "Judging by the number of parts ordered from Xerox, Zoppoth [Xerox engineer who broke the story] believes that spy cameras may have been installed in photocopiers all over the world, to keep an eye on U.S. allies as well as enemies."
It helps to have a link with the suggestion someone go read something.
Can anyone tell me how to set my sig on Slashdot?
While it sounds like that is good leverage, the problem is U.S. companies in China would face being accused of treason (as a reaction) and their staffs similarly executed. And then, possibly (particularly if the joint acts of retribution became public), a true world war would start. Not a good outcome for the U.S. (George Bush wants a war with Iran, not China). So, it really does not serve as the preventative to spying you think it does. Plus, spies are inherently accepting of the outcome (i.e., death) if they get caught. You do not become a spy if you are not.
The original poster referred to "the liberal montra" [sic] as, apparently, spouting off uninformed opinions, as if there are no conservatives who ever spout off uninformed opinions.
They don't have sarcasm on your planet, do they?
Take a look at your sig: "I have nothing to hide. So, why are you spying on me?" You're asking questions, that's why!
Indeed. sorry, didn't have a link, I obtained an official copy a few years ago in paper form. Anyway, anyone involved in computer security in the US military (and outside it as well for that matter) at least should know about those books.
This is probably closer to the truth than you think (but for different reasons).
Microsoft is having all of these companies build in 'trusted->treacherous computing' hooks into machines.. The thing about trusted computing is that it's designed so that someone else will trust your computer to do what they want it to do. If lenovo controls the central core of these boxes, then they can add their own 'trusted' computing hooks, and now you have a machine that is seriously hooped (but only when someone who has the secred key is nearby.
Yes, fur would fly if they were caught doing this, but that doesn't really matter to the big honchos in China... When the fur flys, it's gonna be the fur of some American-born patsy who probably didn't even know what was don to the design of those boxes way back in China, while the people who really did the nasty work sit back in china and watch the whole mess with a big smile on their faces.
Now, you could fine the company into oblivion, if they did something wrong, but by then the damage is areaady done.
Now, as for the executive denial -- You're gonna get the same answer whether or not they're doing something nasty. If they're innocent, they'll tel you the truth ("no"). if guilty, they'll lie through their teeth ('no').
Free Software: Like love, it grows best when given away.
If ever a post deserved +6 it's this one.
It is not unreasonable to think that Chinese companies (even those out of HK like Lenovo) will do Beijing's bidding. However, wouldn't it be really easy to discovery anything in the computers that allows tracking back? Or is the fear not so much that there's a software bug, but rather that there is a listening bug? If I knew more about the technical side I would be much better able to determine whether this is politically motivated or not. It certainly does seem to be.
www.chinalawblog.com
What you dismiss so readily has been done over and over again.
I have researched it, and it is possible.
You have no clue what you are talking about. There are valid, plausible scenarios that argue strongly against sourcing Chinese manufactured hardware for constructing U.S. Government secure networks.
Give me a strong argument why this is absolutely -not- possible (other than your limited imagination), and I'll concede your point.
Last Word! Say something (besides "is not!") or admit defeat. I proclaim LAST WORD!!!! HA HA!!!!!!!!!!!!!!
A house divided against itself cannot stand.
Secondly, who said anything about leaking tcp/ip packets. or even udp packets. Wouldn't that just be i dont know OBVIOUS! If your going to spy on a national government- that is the LAST protocol that I would use.
Using Lenovo would also be too OBVIOUS, because they OWN the brand. Better to insert MAGIC INGREDIENT X into PC's that are MANUFACTURED for US brands in the PRC (me looks at back of this computer - 'Assembled in CHINA' - I am DOOMED !).
And how come they ban Lenovo, which is just another hardware manufacturer, but not Microsoft Windows or Office, products that are known to be riddled with bugs and security problems?
Beauty is in the beholder of the eye.
There will always be unrestristed hobby machines you can build yourself (because of the way ownership of the key works)
Unless neither ISP in your area permits you to connect to the Internet using an "unrestricted hobby machine". Even if this doesn't happen, what happens when the parts to build an "unrestricted hobby machine" cost several times more than a prefabricated restricted non-hobby machine? (We're already seeing this to an extent: compare the price of the Mac mini computer to the projected price of the Wii game console.)
by "efficiency" I take you it are not referring externalizing the costs of manufacturing? Because by any other measure, American manufacturing processes are amongst the most efficient in the world in terms of manpower required, resources consumed, and damage to the environment. But by your calculus of efficiency, 1 company that gets 16 hours of work from its workers, 7 days a week, by threatening them with rape and beating or starvation, hiring them during childhood and burning them out by 25 years of age is more "efficient" than the company which makes the stupid mistake of allowing workers to go to the bathroom, go home after a mere 8 hours, and live long and relatively satisfying lives?
Yes... subsidization may "artificially" reduce the cost to company of needing to treat its labour force in a HUMANE fashion. But trade at the expense of HUMANITY is not beneficial to either PARTY. That is at least when you are talking about what foreign trade policies a NATION should adopt. Because in deciding trade policy the only parties are the NATIONS themselves, not the corporations. The NATIONS are the representatives of the PEOPLE and only have moral rights derived from HUMAN RIGHTS of the citizens. When you argue that increased trade is good for a NATION, you are talking about the human beings in that nation. However, you do not and can not make the claim that increased trade is always good for the people of both trading nations, because this is quite obviously NOT TRUE.
When you say that subsidies is bad for the CORPORATION and therefore should be prohibited you are attacking a straw man. Because no one with authority to prohibit or allow subsidies derives authority from the CORPORATIONS. They derive authority from the PEOPLE. And the PEOPLE are often helped by subsidy.
no one interested in the public good really cares what is good or bad for THE CORPORATION. We are only interested in what is good for real human beings. And trade is not always beneficial to both "parties", when you are referring to the parties as being the constituents of a nation.
In fact... trade can be and in modern times often IS detrimental to both "PARTIES".
Trade between China and the US, is not only increasing human rights abuses in China, but it is increasing human rights abuses in the US. The people of both nations lose, as multinational corporations trance along their merry way externalizing the true costs of manufacturing and business to the poor oppressed people of BOTH parties, while a miniscule number of business executives and corrupt government officials perform a song and dance about how trade is good for BOTH parties.
Again... the PARTIES are ALL THE PEOPLE living in those communities between which some capital is to be traded. Not merely the owners of that capital.
When corporations presume to take no responsibility whatsoever for moral concerns above making profit, they forfeit any moral claim whatsoever to PRIVATE property. corporations are merely tools, and morally are not PARTY to trade, but are the implements of trade.
Corporations are not wronged in the least when subsidies are granted, any more than your virtual memory is WRONGED when you install more RAM in your computer. Yes... the RAM will decrease the trade of data between your motherboard and your hard drive. But it will improve your user experience with the computer. Likewise subsidies can increase the user experience of living on the earth.. that is to say.. the experience of the only entities capable of having one. THE PEOPLE.
Corporations feel no pain.
We pass laws forbiding child molestation without much regard to the feelings of pedophiles. Why do we attribute so much more moral weight to the feelings of legally ficticious "persons" called corporations?
I'm arguing that American Government should buy foreign products which is obviously in order to prevent other nations from developing their economies. Oh wait, it's the exact opposite.
No.. it isn't the exact opposite
No one has a right to their *own* opinion. They have a right to the TRUTH.
by "efficiency" I take you it are not referring externalizing the costs of manufacturing? Because by any other measure, American manufacturing processes are amongst the most efficient in the world in terms of manpower required, resources consumed, and damage to the environment. But by your calculus of efficiency, 1 company that gets 16 hours of work from its workers, 7 days a week, by threatening them with rape and beating or starvation, hiring them during childhood and burning them out by 25 years of age is more "efficient" than the company which makes the stupid mistake of allowing workers to go to the bathroom, go home after a mere 8 hours, and live long and relatively satisfying lives?
Yes countries who treat their workers badly and don't bother with environmental controls will be more efficient in some things. Just like England was when it went through its industrial revolution. At some point the people don't put up with it any more.
Also efficiency can be relative. The US may be more efficient than another country at producing A, but more efficient at producing B by a higher margin - in which case trading B for A is beneifical to the US.
Yes... subsidization may "artificially" reduce the cost to company of needing to treat its labour force in a HUMANE fashion. But trade at the expense of HUMANITY is not beneficial to either PARTY. That is at least when you are talking about what foreign trade policies a NATION should adopt. Because in deciding trade policy the only parties are the NATIONS themselves, not the corporations. The NATIONS are the representatives of the PEOPLE and only have moral rights derived from HUMAN RIGHTS of the citizens. When you argue that increased trade is good for a NATION, you are talking about the human beings in that nation. However, you do not and can not make the claim that increased trade is always good for the people of both trading nations, because this is quite obviously NOT TRUE.
Subsidies have nothing to do with treating the labour force humanely. Europe does not subsidise their farmers for humanitarian reasons - they subsidise them for political reasons. Increased trade is better for the economies of the trading nation, which results in lots of benefits to the people of the nation - of course some people would prefer less wealth in order to keep traditions and so on.
When you say that subsidies is bad for the CORPORATION and therefore should be prohibited you are attacking a straw man. Because no one with authority to prohibit or allow subsidies derives authority from the CORPORATIONS. They derive authority from the PEOPLE. And the PEOPLE are often helped by subsidy.
no one interested in the public good really cares what is good or bad for THE CORPORATION. We are only interested in what is good for real human beings. And trade is not always beneficial to both "parties", when you are referring to the parties as being the constituents of a nation.
I didn't mention corporations - so who has contructed the straw man here?
In fact... trade can be and in modern times often IS detrimental to both "PARTIES".
Trade between China and the US, is not only increasing human rights abuses in China, but it is increasing human rights abuses in the US. The people of both nations lose, as multinational corporations trance along their merry way externalizing the true costs of manufacturing and business to the poor oppressed people of BOTH parties, while a miniscule number of business executives and corrupt government officials perform a song and dance about how trade is good for BOTH parties.
I don't think trade between China and the US causes increasing human rights abuses in China. Those abuses would happen if there was no trade. I also can't see any evidence for trade leading to human rights abuses in the US. Trade has nothing to do with multinational corporations - multinationals can of course engage in international trade, but so can individuals and small businesses.
Corporations a
Your proposition that a discussion of trade and subsidy (and their effect) can meaningfully take place while pretending that the we are talking about something other than corporations is astounding.
When you talk about "benefits" of trade, you are talking about the recipient of those benefits.
Who are the ones holding those "benefits"? Who are the ones performing the trade?
Corporations now own more wealth in the world than all individuals combined, and the ratio continues to skew in favor of corporations. So what are we talking about here?
If that major stakeholder is the corporation, then how can you sincerely say "I didn't mention corporations ".
When wages and spending power have been decreasing in America for the past 30 years.... The environment is getting unhealthier, and we are more and more constantly bombarded by a stream of continuous corporate advertising in place of natural environments... how can you say that American's have been the beneficiaries of increased trade?
The corporations are the benefactors.. and it was the corporations who you were talking about even if you refuse to admit it.
If subsidy truly hurt the subsidizing nation in the long run.. there would be absolutely no reason to prohibit them in various free trade agreements. No one nation would ever do something willingly simply to hurt itself. Even the argument that what hurts 1 partner hurts the other, falls flat on its face. If I am trading with you, and you do something stupid to weaken yourself, all that you do to me, is provide me with an opportunity to buy you out completely and then conduct trade with myself on whatever basis I choose.
In fact this is what american multi-nationals do. They buy out the "foreign" businesses, and now are largely conducting trade with themselves. between their own subsidiaries.
Voters may for the most part be stupid (although scientific evidence is that large groups of people are uncanily accurate in the aggregate to compute correct answer.. such as guessing the number of beans in a jar), but local business interests and owners who are in fact the power behind local governments are NOT. If subsidy was really bad for the local people there is no reason to put that in a contract with a foreign nation.
Subsidies tend to benefit the local people in ways that foreign controlled (american) corporations can not exploit. Thus they are evil.
Another fact is that by removing subsidy then the only means of artificially manipulating markets is by military intervention (or its threat).
Being the worlds military superpower, the US naturally has a self interest in convincing the world that something is wrong with subsidy. On the other hand, the official stand of the US foreign policy is to intervene militarily to protect even a purely economic interest.
Why do you think Canada doesn't have a large military? Canadians do not even perceive a remote need to have a large military. We have so completely internalized the notion that America would never allow a foreign power to sieze canada.
Because it is absolutely true.
The US government is discretely subsidizing the cost of the oil you consume by providing military protection ( as well as unstated threats of military occupation) to Canada in exchange for access to Canadian oil. This is exactly the same thing going on in Saudi Arabia.
If the US government didn't subsidize oil prices at the barrel of a gun, then you would get to see laissez-faire capitalism at work. America would become the client state, owned and operated by foreign oil interests.
If the price of oil went too high, your largest employers (the big 3 automakers) would suffer serious difficulties and need to lay off huge numbers of workers.. leading to all sorts of local suffering.
Lets also not forget who the American government is buying obscene numbers of weapons from (answer: from american business).
The Interstate highway system itself was simply a vast makework
No one has a right to their *own* opinion. They have a right to the TRUTH.