The only thing that’s noteworthy here is that China was still using US based software in critical places.
It’s just insane how big of a dropped ball non-Western software development seems to be. If they’re not going to write and use their own software for everything, then don’t even bother using software! Even some outdated insecure system developed in the 80s would be better than using the latest US software for any kind of infrastructure.
I get why it’s still an issue, because it’s really hard to make an entire country of 1.4+ billion people all get on the same page about best practices on anything. Imagine getting American software developers to adopt stringent security practices. The last company I worked at we were still adopting TLS transport within the company VPN. So if there is a current push in the US to adopt modern security “hygiene” (security standards that the US created), then I can imagine how much harder it is for other countries. And there are a lot of things required to use the latest stuff. You have to have a good software development and release process so you can stay on top of security fixes. And that requires its own infrastructure. And that infrastructure requires its own infrastructure. And managing security-related stuff is a pain in the butt.
I often feel like server software is just a mistake in general and running software on devices other than personal computers should be kept to a minimum. Which is the opposite of how the software industry has developed. But maybe in the future, there will be some kind of acknowledgement and transition to more “local-first” software. Even free software enthusiasts fall into that trap because their expertise comes from the industry they work in which is all server-centric.
Email, for example, should be replaced with something more similar to Signal messaging system. More end-to-end encryption, etc. and most servers should act as simple routers or always-online caches of data in transit.
Servers are such a liability and the whole ecosystem is so messy and complicated. At least with desktop/phone programs it’s a bit easier to reason about their security (in some ways).
For sure, best way to secure data is not to connect it to the internet. Also very much agree that developing domestic software or at least using open source is a basic requirement for maintaining sovereignty. Hopefully China will accelerate their push to excise western proprietary software from their ecosystem.
Chinese uses Microsoft in their military???
EDIT: It was a military-adjacent business, now that I read it more closely. Still really sloppy to use closed-source software developed by the only country that could threaten their military (without using nuclear weapons).
Superpowers play bullshit games with their intelligence agencies - this doesn’t seem like particularly novel behavior for either side…
most americans don’t believe that the united states engages in this sort of behavior, so this is news.
I don’t think that’s true at all. Most of us know sketchy shit happens with intelligence agencies, the rest would say we don’t do it, but if we did it would be for a good reason, and if it wasn’t for a good reason it’s being blown out of proportion
Pretty sure most americans absolutely are aware of US intelligence agencies and the kind of work they do - they’re pretty infamous. At worst, most americans think that its justified for the intelligence agencies to be doing shit like this, which is a fair debate point. But nah, come on, “most americans aren’t aware spies are doing spy shit” hell there’s so many terrible movies glorifying this exact behavior.
