
Open Source Could Be a Casualty of the Trade War - UkiahSmith
https://www.bunniestudios.com/blog/?p=5590
======
xvilka
Quite the opposite - it makes more and more companies to consider open source.
RISC-V is all rage now, people turning their eyes to open source EDAs. I hope
with the help of SymbiFlow[1], Chisel[2]/FIRRTL[3], and other similar tools
the duopoly of Intel (Altera) and Xilinx will come to its end. There is also
an interesting initiative[4] to make ASIC design as affordable (in terms of
time, knowledge, and money) as possible. And using KiCad[5] for simple
projects can help for small businesses.

[1] [https://symbiflow.github.io/](https://symbiflow.github.io/)

[2]
[https://github.com/freechipsproject/chisel3](https://github.com/freechipsproject/chisel3)

[3]
[https://github.com/freechipsproject/firrtl](https://github.com/freechipsproject/firrtl)

[4] [https://theopenroadproject.org/](https://theopenroadproject.org/)

[5] [http://kicad-pcb.org/](http://kicad-pcb.org/)

~~~
bunnie
The issue is not that it reduces interest in open source. In fact the article
states there's evidence that open source solutions are getting renewed
attention in the Chinese government.

The issue is that the executive order would make it unlawful to share
technology with foreign adversaries. So it effectively forces open source
projects to hard fork along geopolitical boundaries. For example, if (and
these are still if's) Huawei were to be designated a foreign adversary; and,
if Huawei were to develop a RISC-V implementation of interest; it would be
unlawful for a US person to use that implementation, or otherwise "acquire"
said technology from Huawei.

The underlying premise of the executive order, as I understand it, is that
technology developed by, or under the influence of, foreign adversaries is
potentially tainted. Thus to defend the US national security interest, US
persons shall be penalized for using their technology.

Thus the concern is that US-based open source developers and users would be
directly at risk by interacting with the very projects you cite, should they
fall under the influence of a foreign adversary.

Or to put it more concretely: ARM might be very happy if Huawei were
designated a foreign adversary, and Huawei invested heavily in RISC-V. Because
then ARM could lobby US lawmakers to rule that RISC-V technology is tainted
under the theories contained in the executive order, thus reducing competition
from open source alternatives.

(editted to clean up grammar)

~~~
xvilka
Thanks for the answer, it makes the problem clear.

------
baybal2
A contact at Foxconn just told me yesterday that Apple is genuinely serious
about leaving China completely.

Apparently, Mr. Trump summoned Mr. Cook last week, and extended an offer of a
tax break and other "relocation packages" on the size "not seen in human
history" if Apple moves to USA.

Hearing things like that keeps reminding me that Taiwanese engineering
fraternity is one of worlds best intelligence agencies :)

~~~
xrd
And Apple will milk that agreement long after Trump leaves office, doing
whatever makes more sense for the bottom line, even if that means moving to
production to Mexico eventually. And, just like all these large companies,
will avoid paying corporate taxes to an even greater extent. Trump will claim
he restored American manufacturing, and he will have, long enough for him to
Tweet about it, and not much longer.

~~~
spacemanmatt
Every company considering a deal with Trump should consider that America has
walked away from shitty deals before. Sometimes it just takes a little while.

~~~
unionpivo
\s It just has to last long enough for executives to cash in their bonuses.

~~~
Drdrdrq
I know that was sarcasm, but I don't think it applies to Apple. Their managers
seem to be employed long-term and they seem to be loyal.

------
DennisP
Considering that two U.S. appeals courts have ruled that source code which was
_classed as a munition_ was protected by the First Amendment, I'm not too
worried just yet.

Of course we have a lot of new judges so who knows.

~~~
StudentStuff
Bunnie seems to fear this type of IP restriction but with regard to closed
source chipset designs and proprietary hardware, which he views as key to
continued innovation in China.

I have met Bunnie, and he has a bit of a warped view of the world. I think it
caused him to gloss over things like
[https://www.theregister.co.uk/2019/03/28/hcsec_huawei_oversi...](https://www.theregister.co.uk/2019/03/28/hcsec_huawei_oversight_board_savaging_annual_report/)
where Huawei did not give a single shit about security in their cellular
basestation codebase.

Sure, Huawei will read CVEs and sometimes deal with them, but really basic
things like updating OpenSSL libraries seem near impossible for Huawei. Their
hardware is thus vulnerable to exploitation by any ill intentioned person
wandering by :c

Part of this is the whole stolen codebase problem, where Huawei (as Nortel's
Chinese manufacturing partner) took their designs and code, without fully
understanding them. They've been able to tack on a lot of neat stuff, but the
underlying architecture is still not understood by their engineers.

~~~
the_pwner224
And so is so much other US-produced or maintained hardware. Do we now ban
outdated corporate websites which can be hacked and used to launch attacks on
other servers?

The Huawei ban is very clearly a political anti-China move, not one based on
technical reasons.

~~~
i_am_nomad
Do you not understand the part about Huawei’s rampant, Chinese-style IP theft
directly contributing to the poor security of its products?

~~~
DiogenesKynikos
I haven't ever seen any evidence of "rampant" IP theft by Huawei. Every time,
it's the same one Cisco case that got settled 15 years ago, unsubstantiated
claims about Nortel two decades ago, and T-Mobile's "Tappy" robot. This for a
massive company with over $100 billion in revenue a year. If there were
actually something to the characterization, you'd think there'd be more
evidence. It's a bit like defining Google solely on the basis of Oracle's case
and Apple's earlier claims of Android being an iOS clone.

~~~
i_am_nomad
Try taking this position with, say, Samsung.

~~~
DiogenesKynikos
I'm not sure I follow.

Samsung was embroiled in a very bitter IP dispute with Apple, in which it was
found to have violated Apple's patents, essentially copying the design of the
iPhone, and ordered to pay over a half a billion dollars.

Yet American companies aren't banned from doing business with Samsung, nor
should they be.

------
cyborgx7
The article takes a while to get to the point made in the title but the way to
counteract this seems to be, get the infrastructure for open source out of
America before it's too late. In contrast to the ARM example, the US doesn't
really have any leverage against a volunteer open source project not within
its borders.

~~~
ISL
Fortunately, there is a bulwark:

Congress shall make no law respecting an establishment of religion, or
prohibiting the free exercise thereof; or abridging the freedom of speech, or
of the press; or the right of the people peaceably to assemble, and to
petition the Government for a redress of grievances.

The bulwark defending the bulwark is the population.

~~~
bilbo0s
Good luck explaining your commits to that munitions grade crypto used by
terror cells in the mideast region as "Free Speech".

Hope that works out for you. :-(

(I'd wager there'll be a few more Snowden types asking for asylum outside the
US before this is all over.)

~~~
downrightmike
Already holds up: "The claimed principle was simple: export of munitions—guns,
bombs, planes, and software—was (and remains) restricted; but the export of
books is protected by the First Amendment. The question was never tested in
court with respect to PGP. In cases addressing other encryption software,
however, two federal appeals courts have established the rule that
cryptographic software source code is speech protected by the First Amendment
(the Ninth Circuit Court of Appeals in the Bernstein case and the Sixth
Circuit Court of Appeals in the Junger case). "
[https://en.wikipedia.org/wiki/Pretty_Good_Privacy](https://en.wikipedia.org/wiki/Pretty_Good_Privacy)

~~~
pessimizer
How it worked out last time is no guarantee of how it will work out this time.

~~~
ralph84
I like the odds in the US better than anywhere else. No other country has a
better track record of protecting freedom of speech.

------
nickpsecurity
“through powers granted via the “EAR” (Export Administration Regulation 15
CFR, subchapter C, parts 730-774), along with a sometimes surprisingly broad
definition of what qualifies as export-controlled US technology.”

Boom! I told people they might do that back in the crypto discussions. Custom
crypto and high-assurance security are still munitions with only a few things
re-classified such as mass-market, one-size-fits-all software and use of
ciphers in browser (https). This is what they might do to the rest with the
leverage if it was ever truly threatening. They’re already doing it to
companies over Huawei.

I also speculated they might have done this to get backdoors in products. A
combo of offering payment and threats together. We know they do the payments.
I don’t know if they do export threats, though.

“some independent security research would have already found and published a
paper on this. Given the level of fame and notoriety such a researcher would
gain for finding the “smoking gun””

Bunny is being really naive here or maybe doesn’t understand computer
espionage. Most subversion must be done in a way that doesn’t look like
subversion. The system just has to be remotely exploitable. The best route to
that is to intentionally leave in memory safety bugs or a configuration that
enables privilege escalation. Hackers find those all the time in all kinds of
devices. They say, “Hey, they just made a common mistake.” Maybe it was there
on purpose. We won’t know.

“It’s no secret that the US has outsourced most of its electronics supply
chain overseas. From the fabrication of silicon chips, to the injection
molding of plastic cases, to the assembly of smartphones, it happens overseas,
with several essential links going through or influenced by China.”

And this is why what the U.S. government is doing is incredibly stupid. You
could substitute other industries in here. It’s a smarter move to minimize
one’s dependency on a country before pissing that country off in a way that
can prevent them getting what they depend on.

~~~
mr_toad
> The best route to that is to intentionally leave in memory safety bugs or a
> configuration that enables privilege escalation. Hackers find those all the
> time in all kinds of devices. They say, “Hey, they just made a common
> mistake.” Maybe it was there on purpose. We won’t know.

By that logic everyone from Apple to Xerox could possibly be enabling computer
espionage. You’d never be able to prove a bug wasn’t a deliberate back door.

~~~
antepodius
Well, you can't. Whether it was a mistake or sabotage only changes the
timescale for exploitation of the bug.

------
galaxyLogic
The weakness of freedom of speech is it also allows freedom of lying. It's the
cost of it. I think there could/should be an amendment to constitution that
prevents government officials from consciously lying to people

~~~
educationdata
The fact of whether an official "consciously lying to people" is extremely
hard to know, because it is a measure of someone's status of mind in the past.
The real world is much more complicated than what you could imagine.

Take Obama's: 'If you like your health care plan, you'll be able to keep your
health care plan' as an example. He repeated this message for many many times:
[https://www.politifact.com/obama-like-health-care-
keep/](https://www.politifact.com/obama-like-health-care-keep/)

How do you objectively decide:

1) Is this statement true?

2) Did he lie about it?

Also, how do you handle "if there is something I should not know, do not tell
me"?

~~~
galaxyLogic
Good points. Clearly there are gray areas. But sometimes it would be possible
to prove lying. Just like it is possible to prove some marketing is
fraudulent.

------
RickJWagner
No way. Open source will (keep) finding a way. It's a force of nature.

------
Merrill
A trade war may stimulate Open Source. Each adversary might subsidize the
development of Open Source equivalents of the other's key proprietary products
and services protected by Intellectual Property.

------
NicoJuicy
I actually hope that software ( open source) could be more like trade.

Eg. Follow human rights, No great firewall and you can use it.

Global trade has done a lot of good for the world, in general, there hasn't
been any big war in the last 70 years.

Why: 996

------
writepub
> If Huawei has truly engaged in a long-term pattern of conduct significantly
> adverse to national security, surely, some independent security research
> would have already found and published a paper

Presenting non sequitur as evidence has become par for the course. Let's step
back to one day before the heartbleed bug was discovered in ssl libs, when a
similar argument could've been made regarding the ssl library's security. Only
to be disproven a day later.

------
slim
why is ARM doing business with Huawei? they don't manufacture their SOCs or do
they?

~~~
cududa
Huawei licenses the ARM instruction set and some architecture components. If
it’s a mobile processor, at the very least it’s going to license ARM
instructions

