If US manufacturers (or manufacturers in allied countries) do this, legal avenues exist to hold those manufacturers accountable. Not so with China.
(That is not to say that the FCC change will move the needle on the underlying issue of router security; as some of the ancestor comments have said, lax security practices are common industry-wide, irrespective of country of development/manufacture.)
The Snowden leak showed that Cisco routers had been altered to enable surveillance [1]. Whether or not the manufacturer is complicit, or how the alteration is performed is ultimately irrelevant to the end user. Ultimately, the only people that got in legal trouble for this were Snowden and people who provided service to him.
It is absolutely relevant. It is completely within the realm of feasibility that a foreign nation state would pressure a manufacturer in their jurisdiction to include a backdoor, or simply insert it themselves. Routers are in every home and office in the country, and can be leveraged for immense attacks. It’s a hugely attractive target, and it’s a reasonable security policy to try to limit our exposure to this threat. And it would absolutely make sense for adversaries to avoid buying U.S. made routers for exactly the same reason. Unfortunately this administration is generating more adversaries by the day.
I think you're responding to the wrong comment, or missing the nuance above.
Having state actors redirecting products after shipping, without telling the company or the client it's happening, and installing backdoors, has nothing at all to do with backdoors from manufacturers.
>a foreign nation state would pressure a manufacturer in their jurisdiction to include a backdoor
That absolutely is about jurisdiction and is a much bigger, more scalable attack than intercepting and installing implants. More to the point, it can be done at _any time_ not just the initial ship.
My point is that the US did alter homemade products for export, and that the only people litigated against were the whistleblower and/or companies providing service to him.
> If US manufacturers (or manufacturers in allied countries) do this, legal avenues exist to hold those manufacturers accountable.
With that context added, my point is that the US judicial system would never litigate against e.g. Cisco if they were involved. The issue is not the relation between the state and Cisco, it's the relation between the US justice system and the US national security apparatus that prevents any such litigation to happen.
> legal avenues exist to hold those manufacturers accountable
Maybe in theory. I think the practical chance of enforcing anything meaningful through those legal avenues against a US manufacturer is not meaningfully higher than the chance of doing so against a Chinese manufacturer, so it doesn't make sense to treat them differently on these grounds.
I was recently in a Waymo in SF. It was turning right from a busy street onto a narrow street. Mid-turn, the car slammed on the brakes. I sat there for a couple seconds like “???” wondering if we'd hit something. Then a dude on an e-bike _flies_ past the car in the bike lane.
The car saw this dude coming from way down the street, flying, and was like “yeah, better stop.” Probably saved the biker from serious injury, or worse. I wouldn't have seen him if I was driving.
I would largely agree with that assessment, yeah. Dangerous place to bike, too. I've even seen pedestrians get clobbered by bikers because they stepped into the bike lane not realizing a bike was barreling toward them at 20mph+. This is part of why Waymo and Uber warn you when the dropoff is next to a bike lane.
We started using Buildkite at $DAYJOB years ago and haven't looked back. Incredibly, GitHub Actions seems to have gotten _worse_ in the interim. Absolutely no regrets from switching.
Man. I'd really rather they did the inverse: drop systemd and only maintain the SysV versions of the materials, even if that means dropping GNOME/etc., because I think understanding the Linux init process is far more important than making any specific desktop environment available.
If you're talking about their headphones, I agree they _feel_ cheaply-made, but they are by no means low-quality. When you make headphones with premium materials, they get heavy, and that makes them uncomfortable/painful to wear. Speaking from prior experience. It's an incredibly delicate balancing act. Bose optimizes for comfort, which is important for e.g. long plane rides.
In a previous life, I was the platform architect for the Bluetooth headphones at Bowers & Wilkins. We, naturally, did tons of competitive analysis, and I tend to agree Bose blows sound quality-wise, but their active noise cancelling is hands-down the best in the biz, and they have the weight and comfort extremely dialed-in.
Glad to see them setting a great example here instead of letting these speakers become expensive paperweights.
I'm a Tailwind Plus customer in spite of not being the world's biggest Tailwind fan. Even though it really grinds my gears how unreadable markup can be when littered with Tailwind classes, I appreciate the quality and variety of the templates and components available in Tailwind Plus and the constant (free!) updates. So this is a bummer to hear. Many thanks to Adam and the team.
Zed has been one of the most consequential changes to my dev tools in years. It's noticeably faster in day-to-day use than VS Code (launch time, input latency, etc.), is way less of a resource hog, and has the best Vim mode of any GUI editor I've ever used.
not sure, they do something with the GPU for sure, and because how are you going to draw anything on a monitor or screen without a rendering engine? Surely in their code base they have multiple levels of abstraction for rendering, drawing, and layout in their code base. You can see these kinds of things in other comments here and on their github without reading code.
The browser engine is itself an abstraction point that many people find agreeable on both sides, for those of us that don't have a problem with chromium/codium/electron as a technology, seeing it more so as useful and enabling
In my mind, sharing a common engine across chromium/codium/electron is like how so many things use the linux kernel. To me, the more eyes, devs, and consumers of the code makes it better in the long run
Yes, the thing is, the browser is an extremely expensive abstraction layer. It's like having a car factory where everything is built by general purpose robots - it's very versatile, but obviously if you build an assembly line using dedicated machinery, it's going to run much faster.
But you also have to build your own factory and assembly line, which isn't faster to begin with and takes a lot of effort to get their. Zed still has issues with basics like font rendering and GPU usage from excessive redraws / repaints
Meanwhile, chromium works reasonable well on billions of devices of all shapes and kinds
(That is not to say that the FCC change will move the needle on the underlying issue of router security; as some of the ancestor comments have said, lax security practices are common industry-wide, irrespective of country of development/manufacture.)
reply