Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 14 May 2020 12:14

ZDNet, Linux and Huawei can prove to be quite an explosive mix

ZDNet, Linux and Huawei can prove to be quite an explosive mix Pixabay

When American tech journalists see the words "vulnerability" and "Huawei" in close proximity these days, they tend to get over-excited and, as a result, produce copy that goes quite wonky.

A classic example of this was seen this week when the site, ZDNet, one of the tech powerhouses, reported on a patch submitted to the Linux kernel project by someone who called his submission Huawei Kernel Self Protection.

The patch was found to have some trivial flaws by the maker of the Grsecurity kernel patch, Brad Spengler – a man who loves publicity and knows that picking a hole in a patch put out by someone who was seemingly associated with Huawei would generate interest among the US press.

He was right. But it's a pity that ZDNet did not take some time to check its facts, with its security writer Catalin Cimpanu theorising that this patch had "sparked interest in the Linux community as (sic) could signal Huawei's wish to possibly contribute to the official kernel".

Cimpanu has a history of screwing up when it comes to Linux. Huawei has been a contributor to the Linux kernel for quite a few years now. As one commenter on the US news aggregation site Slashdot pointed out, in 2017, Huawei was 15th in the list for top companies contributing to the Linux kernel, 4.8– 4.13, and third (after Intel and Google) in in the list of companies bringing in the most new developers.

Again, there are numerous people in numerous companies who make contributions to the Linux kernel on their own time; all patches are scrutinised by Linux creator Linus Torvalds, or one of his trusted lieutenants, before they are finally merged.

Hence, the excitement over some flaws in a patch is not really understandable.

Cimpanu had this gem in his story: "The fact that a Huawei employee wrote code that contains security flaws is nothing new. A report by the UK government last year found that Huawei networking equipment was riddled with security flaws that often went years without receiving patches."

Sure. The man didn't get half as excited when Microsoft, a company that will celebrate 50 years in the software business in 2025, released 111 patches for its numerous products on Tuesday US time. That's a lot of screw-ups there but it didn't merit much excitement over at ZDNet.

Flaws in software are like spoiled currants in a bun – they make for bad taste. The open-source software development model ensures that bugs get picked up more often than in proprietary software.

Cimpanu's last paragraph was another gem: "The reaction from the tech community in this particular case also shows the global anti-Huawei sentiment, which has been spurred in recent years by countless of security issues in the company's products, accusations of intellectual property theft, accusations of hiding secret backdoors in its firmware, and the West's fear of having the Chinese government spy on worldwide communications via the ever-popular Huawei equipment."

I grant you that there may be anti-Huawei sentiment in many Western countries, but there were, at last count, more than 200 nations on this planet, and few of them fall into this bracket.

And for Cimpanu's information, it is good to note that as someone who is living in the US, the NSA's ubiquitous spying is a much greater danger to him than any slurping up of data by some Chinese firm which is located thousands of miles away and has zero chance of proving a danger to him.

There's one more thing to mull over: if Huawei really wanted to introduce bugs into the Linux kernel code, is this the way it would go about it? The company has had the nous to become the world's biggest 5G supplier so surely it should be given credit for a little more intelligence, isn't it?



Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.


talentCRU FREE WEBINAR INVITE - Cybersecurity in COVID-19 times and beyond

With the mass transition to remote working, our businesses are becoming highly dependent on the Internet.

So, it’s no surprise that we’ve seen an increase in cyberattacks.

However, what’s more concerning is that just 51% of technology professionals are highly confident that their cybersecurity teams are able to detect and respond to these threats.

Join us for this free online roundtable where our experts discuss key cybersecurity issues IT leaders are facing during the pandemic, and the challenges that will likely emerge in the coming years.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.




Recent Comments