What's new

Huawei Is “Happy With Crappy” – Why Are Their Customers?

striver44

BANNED
Joined
Jul 25, 2016
Messages
4,832
Reaction score
-16
Country
Indonesia
Location
Indonesia
Further significant technical issues have been identified in Huawei’s engineering processes, leading to new risks in the UK telecommunications networks. No material progress has been made by Huawei in the remediation of the issues reported last year.UK Oversight Board, 2019 Annual Report


960x0.jpg

Huawei Chief Financial Officer, Meng Wanzhou, leaves her Vancouver home to appear in British ... [+]

AFP VIA GETTY IMAGES

The press headlines about Huawei over the past couple years have focused on what the non-technical media find most titillating, the easiest to comprehend, the most sell-able angles: national security risks, espionage, racketeering, stolen American technology, secret deals with Iran and North Korea, etc. In short, they proffer a narrative of criminality and geopolitics. The image of Huawei’s Chief Financial Officer Meng Wanzhou, showing up in court in Jimmy Choo silver stiletto heels and an ankle bracelet, makes for great copy. Rich, foreign, wicked, sexy.

But these sensational particulars distract us from another story, which is emerging from the reports by the UK’s Huawei Cyber Security Evaluation Centre Oversight Board. The Board was created in 2014 for the sole and express purpose of assessing and mitigating “any perceived risks arising from the involvement of Huawei in parts of the United Kingdom’s (UK) critical national infrastructure.” Its work is rigorous and narrowly technical. Five annual reports have been issued to date, dealing with engineering issues that could possibly compromise the performance of Huawei’s equipment and/or create risks for UK telecommunications operators and end users, and with Huawei’s responses to these issues.

Risks associated with any advanced technology are diverse in nature. They can include the juicy cyber risks linked to national security which the mainstream press has seized upon. But they also include more basic risks: the equipment may not work well, may not work as intended, may break down, may create vulnerabilities in the larger network. This is the same constellation of risk that any new aircraft, computer operating system, or medical device faces. A product may be poorly designed, poorly engineered, subject to weak configuration control, problematic to maintain. Modern high tech product development involves extremely elaborate techniques and protocols designed to control these basic product risks: computer aided design and simulation; fault management and failure analysis; supply chain management (SCM); product lifecycle management (PLM); total quality management (TQM); continuous improvement processes (CIP)…boring, pragmatic, essential. They make the difference between technology that works and technology that fails.

Most of what the UK’s Oversight Board reports on has little to do with cyber-security. They focus on breakdowns in basic engineering discipline at Huawei. Highlights of the 46-page Report (which includes considerable technical detail) include the following (the bullet points below are verbatim quotes).


“Process Deficiencies”



  • [Huawei exhibits] an exceptionally complex and poorly controlled development and build process… [with] serious and systematic defects in Huawei’s software engineering.
  • Huawei’s underlying build process which provides no end-to-end integrity, no good configuration management, no lifecycle management of software components across versions… poor hygiene in the build environments.
  • It is difficult to be confident that vulnerabilities discovered in one build are remediated in another build through the normal operation of a sustained engineering process.


Inadequate Configuration Control

[Configuration control is something any computer user can understand. Upgrades, or fixes, to operating systems or applications software all require keeping careful track of which version is installed, which changes can be applied, in what sequence. Strong configuration control is essential for any software-based system. It should be routine. Not for Huawei.]



  • Huawei’s configuration management [processes]… have not been universally applied across product and platform development groups or across configuration item types (source code, build tools, build scripts etc). Without good configuration management, there can be no end-to-end integrity in the products as delivered by Huawei, and limited confidence in Huawei’s ability to understand the content of any given build or in their ability to perform true root cause analysis of identified issues
  • Configuration management of the build environment is poor and sometimes non-existent.
  • Configuration management of virtual machines used during the build process is poor. Specifically, virtual machines were not clean at build start, with many containing (sometimes irrelevant) source code, artefacts of previous builds and other detritus.
  • Configuration management of source code is poor.
  • [We] first demanded proper configuration management from Huawei in 2010.


“Vulnerabilities” (i.e., the technical bottom line)



  • The number and severity of vulnerabilities discovered…is a particular concern.
  • Serious vulnerabilities reported in previous evaluations continue to persist in newer versions… many vulnerabilities being of high impact…risky code…little improvement in software engineering… no end-to-end integrity in the products
  • HCSEC has continued to find serious vulnerabilities in the Huawei products examined. Several hundred vulnerabilities and issues were reported.


Huawei’s Inadequate Response



  • Huawei’s software engineering and cyber security competence are failing to improve sufficiently.
  • The Oversight Board tasked Huawei with providing a plan to remediate the software engineering and cyber security issues… [The Board] currently is not confident that Huawei is able to remediate the significant problems it faces.
  • [We] remain concerned about the time elapsed since discovery of this issue without a credible plan being presented.
  • Unless and until a detailed plan has been provided and reviewed, it is not possible to offer any degree of confidence that the identified problems can be addressed by Huawei.
  • Commitments from Huawei in the past have not brought about any discernible improvements. The Oversight Board note in particular the commitments first made in 2012…
  • [We have] limited confidence in Huawei’s ability to understand…or to perform true root cause analysis of identified issues.


Deployment Risk (the business bottom line)

The Board’s Report notes that its remit does not extend to advising operators directly on equipment choices. But they make the point plainly enough.



  • It is impossible to provide end-to-end assurance in the security and integrity of the [Huawei] products in use.
  • [There is] significant risk in the UK telecommunications infrastructure brought about by Huawei’s equipment.


The real question is: How is Huawei still in business at all?

I have some experience with the wireless industry, as a suppler of technology to the major operators. One or two major technical flaws, if not resolved promptly, would have killed any deal I was ever involved in. Poor documentation was unacceptable. Sophisticated customers audited our configuration control throughout the development and manufacturing process.

In the case of Huawei, the British experts have flagged “several hundred” deficiencies. (Actually, in the technical paragraphs of the Report, identified software problems number in the thousands.)

To put this in perspective, Boeing’s now-grounded 737 Max aircraft is said to have suffered perhaps 3 important defects.



  • Boeing has discovered another software problem..the third different software problem that has been discovered since the plane was grounded in March. ... The new issue apparently has to do with a warning light that was “staying on for longer than a desired period,” according to Bloomberg. ... Boeing and the FAA have previously disclosed two other glitches…


A stuck warning light. A “glitch.” A mild word for a problem that may have caused the deaths of several hundred people, and certainly cost Boeing $100 Bn+ in market value. (It is true of course that defective cellphones don’t kill anyone. The products are different in nature. But from a purely technical perspective, Huawei’s shortcomings are arguably just as alarming.)

The ability of Huawei to do any business at all in this industry — given the scope of the deficiencies documented by the British experts – is frankly inconceivable. One would hope that the findings laid out in this Report will be digested and understood by the relevant governments and potential customers. The Germans, for example, are said to be “sitting on the fence” with respect to Huawei. It is hard to imagine a German systems engineer reading the UK Report and reaching any but a negative conclusion on the deployability of Huawei equipment.

The sexy headlines today about Huawei have to do with the U.S./China dispute, but the real problems are so much more basic, prosaic, operational, and unforgiving. American and Chinese leaders could decide tomorrow to settle their differences, “drop the charges,” and eliminate the geopolitical aspects of the controversy. But you can’t wave away “several hundred vulnerabilities” and “poor and sometimes non-existent” processes of basic technology management. No tech company I know would survive this damning report card. The outcome here is predictable.

https://www.forbes.com/sites/george...crappy--why-are-their-customers/#bb9da4136c3b
 
. .
Further significant technical issues have been identified in Huawei’s engineering processes, leading to new risks in the UK telecommunications networks. No material progress has been made by Huawei in the remediation of the issues reported last year.UK Oversight Board, 2019 Annual Report


960x0.jpg

Huawei Chief Financial Officer, Meng Wanzhou, leaves her Vancouver home to appear in British ... [+]

AFP VIA GETTY IMAGES

The press headlines about Huawei over the past couple years have focused on what the non-technical media find most titillating, the easiest to comprehend, the most sell-able angles: national security risks, espionage, racketeering, stolen American technology, secret deals with Iran and North Korea, etc. In short, they proffer a narrative of criminality and geopolitics. The image of Huawei’s Chief Financial Officer Meng Wanzhou, showing up in court in Jimmy Choo silver stiletto heels and an ankle bracelet, makes for great copy. Rich, foreign, wicked, sexy.

But these sensational particulars distract us from another story, which is emerging from the reports by the UK’s Huawei Cyber Security Evaluation Centre Oversight Board. The Board was created in 2014 for the sole and express purpose of assessing and mitigating “any perceived risks arising from the involvement of Huawei in parts of the United Kingdom’s (UK) critical national infrastructure.” Its work is rigorous and narrowly technical. Five annual reports have been issued to date, dealing with engineering issues that could possibly compromise the performance of Huawei’s equipment and/or create risks for UK telecommunications operators and end users, and with Huawei’s responses to these issues.

Risks associated with any advanced technology are diverse in nature. They can include the juicy cyber risks linked to national security which the mainstream press has seized upon. But they also include more basic risks: the equipment may not work well, may not work as intended, may break down, may create vulnerabilities in the larger network. This is the same constellation of risk that any new aircraft, computer operating system, or medical device faces. A product may be poorly designed, poorly engineered, subject to weak configuration control, problematic to maintain. Modern high tech product development involves extremely elaborate techniques and protocols designed to control these basic product risks: computer aided design and simulation; fault management and failure analysis; supply chain management (SCM); product lifecycle management (PLM); total quality management (TQM); continuous improvement processes (CIP)…boring, pragmatic, essential. They make the difference between technology that works and technology that fails.

Most of what the UK’s Oversight Board reports on has little to do with cyber-security. They focus on breakdowns in basic engineering discipline at Huawei. Highlights of the 46-page Report (which includes considerable technical detail) include the following (the bullet points below are verbatim quotes).


“Process Deficiencies”



  • [Huawei exhibits] an exceptionally complex and poorly controlled development and build process… [with] serious and systematic defects in Huawei’s software engineering.
  • Huawei’s underlying build process which provides no end-to-end integrity, no good configuration management, no lifecycle management of software components across versions… poor hygiene in the build environments.
  • It is difficult to be confident that vulnerabilities discovered in one build are remediated in another build through the normal operation of a sustained engineering process.


Inadequate Configuration Control

[Configuration control is something any computer user can understand. Upgrades, or fixes, to operating systems or applications software all require keeping careful track of which version is installed, which changes can be applied, in what sequence. Strong configuration control is essential for any software-based system. It should be routine. Not for Huawei.]



  • Huawei’s configuration management [processes]… have not been universally applied across product and platform development groups or across configuration item types (source code, build tools, build scripts etc). Without good configuration management, there can be no end-to-end integrity in the products as delivered by Huawei, and limited confidence in Huawei’s ability to understand the content of any given build or in their ability to perform true root cause analysis of identified issues
  • Configuration management of the build environment is poor and sometimes non-existent.
  • Configuration management of virtual machines used during the build process is poor. Specifically, virtual machines were not clean at build start, with many containing (sometimes irrelevant) source code, artefacts of previous builds and other detritus.
  • Configuration management of source code is poor.
  • [We] first demanded proper configuration management from Huawei in 2010.


“Vulnerabilities” (i.e., the technical bottom line)



  • The number and severity of vulnerabilities discovered…is a particular concern.
  • Serious vulnerabilities reported in previous evaluations continue to persist in newer versions… many vulnerabilities being of high impact…risky code…little improvement in software engineering… no end-to-end integrity in the products
  • HCSEC has continued to find serious vulnerabilities in the Huawei products examined. Several hundred vulnerabilities and issues were reported.


Huawei’s Inadequate Response



  • Huawei’s software engineering and cyber security competence are failing to improve sufficiently.
  • The Oversight Board tasked Huawei with providing a plan to remediate the software engineering and cyber security issues… [The Board] currently is not confident that Huawei is able to remediate the significant problems it faces.
  • [We] remain concerned about the time elapsed since discovery of this issue without a credible plan being presented.
  • Unless and until a detailed plan has been provided and reviewed, it is not possible to offer any degree of confidence that the identified problems can be addressed by Huawei.
  • Commitments from Huawei in the past have not brought about any discernible improvements. The Oversight Board note in particular the commitments first made in 2012…
  • [We have] limited confidence in Huawei’s ability to understand…or to perform true root cause analysis of identified issues.


Deployment Risk (the business bottom line)

The Board’s Report notes that its remit does not extend to advising operators directly on equipment choices. But they make the point plainly enough.



  • It is impossible to provide end-to-end assurance in the security and integrity of the [Huawei] products in use.
  • [There is] significant risk in the UK telecommunications infrastructure brought about by Huawei’s equipment.


The real question is: How is Huawei still in business at all?

I have some experience with the wireless industry, as a suppler of technology to the major operators. One or two major technical flaws, if not resolved promptly, would have killed any deal I was ever involved in. Poor documentation was unacceptable. Sophisticated customers audited our configuration control throughout the development and manufacturing process.

In the case of Huawei, the British experts have flagged “several hundred” deficiencies. (Actually, in the technical paragraphs of the Report, identified software problems number in the thousands.)

To put this in perspective, Boeing’s now-grounded 737 Max aircraft is said to have suffered perhaps 3 important defects.



  • Boeing has discovered another software problem..the third different software problem that has been discovered since the plane was grounded in March. ... The new issue apparently has to do with a warning light that was “staying on for longer than a desired period,” according to Bloomberg. ... Boeing and the FAA have previously disclosed two other glitches…


A stuck warning light. A “glitch.” A mild word for a problem that may have caused the deaths of several hundred people, and certainly cost Boeing $100 Bn+ in market value. (It is true of course that defective cellphones don’t kill anyone. The products are different in nature. But from a purely technical perspective, Huawei’s shortcomings are arguably just as alarming.)

The ability of Huawei to do any business at all in this industry — given the scope of the deficiencies documented by the British experts – is frankly inconceivable. One would hope that the findings laid out in this Report will be digested and understood by the relevant governments and potential customers. The Germans, for example, are said to be “sitting on the fence” with respect to Huawei. It is hard to imagine a German systems engineer reading the UK Report and reaching any but a negative conclusion on the deployability of Huawei equipment.

The sexy headlines today about Huawei have to do with the U.S./China dispute, but the real problems are so much more basic, prosaic, operational, and unforgiving. American and Chinese leaders could decide tomorrow to settle their differences, “drop the charges,” and eliminate the geopolitical aspects of the controversy. But you can’t wave away “several hundred vulnerabilities” and “poor and sometimes non-existent” processes of basic technology management. No tech company I know would survive this damning report card. The outcome here is predictable.

https://www.forbes.com/sites/george...crappy--why-are-their-customers/#bb9da4136c3b


But their technology wins :)

Huawei Atlas 900 AI Cluster Wins the Only Best of Show Award for AI at Interop Tokyo 2020
AddThis Sharing Buttons
Share to LinkedIn
LinkedInShare to TwitterTwitterShare to FacebookFacebookShare to RedditRedditShare to Pinterest
Pinterest

Tokyo, Japan – WEBWIRE – Friday, June 5, 2020

The jury panel at Interop Tokyo 2020 has given the Huawei Atlas 900 AI cluster the Best of Show Award in recognition of its powerful AI computing and superior heat dissipation. Huawei Atlas 900 is the only AI product of 2020 to receive the Best of Show Award. The exceptional performance of Atlas 900 is a catalyst for global AI research and drives AI application across industries.

The Best of Show Award is the highest honor of the Interop conference. Only products which meet the high standards of quality demanded by the Japanese IT market are considered.

Tony Xu, President of Huawei Ascend Computing, said, “The Huawei Atlas AI computing solution provides powerful computing and ultimate energy efficiency for all AI scenarios across devices, the edge, and the cloud. The Atlas 900 AI cluster provides data centers with powerful computing, high linearity, and the best energy efficiency to accelerate data-intensive research, such as astronomical exploration, weather prediction, oil exploration, and gene sequencing. Research breakthroughs translate into practical benefits for people worldwide.”

Atlas 900 is the fastest AI training cluster in the world. It delivers a total computing power of 256 to 1024 petaFLOPS at half precision (FP16), equivalent to the computing power of 500,000 personal computers. Atlas 900 shattered the world record on the ResNet-50 benchmark test for model training by completing training in 59.8 seconds. Atlas 900 is the only product capable of completing the training in under a minute. Atlas 900 has broad applications in scientific research and business innovation for faster training of AI models with images and videos.

Atlas 900 integrates three interfaces for high-speed interconnection: Huawei Cache Coherence System (HCCS), PCIe 4.0, and 100G Ethernet. The Atlas 900 AI cluster leverages the Huawei CloudEngine data center switches to work on a 100 TB/s full-mesh, non-blocking dedicated network for parameter synchronization. The network slashes parameter synchronization latency by 10 to 70 percent to streamline AI model training.

Heat dissipation is a critical issue for an AI training cluster with such high computing power. That is why the Atlas 900 AI cluster adopts a groundbreaking system for heat dissipation. It leads industry innovation with a full liquid cooling solution and a rack-scale enclosed adiabatic design. This design delivers tremendous heat dissipation even for single racks with power consumption of up to 50 kW. It achieves a power usage effectiveness (PUE) of below 1.1 for data centers, almost reaching the ideal PUE of 1.0. Atlas 900 improves over air-cooled 8-kW racks by reducing equipment room space by 79%. Its innovative liquid cooling system provides energy-intensive, high-density, and low-PUE deployment to drastically reduce customer TCO.

Huawei is fostering cooperation to build the Ascend computing industry with open hardware, open source software, and partner enablement. Huawei provides full-stack AI computing infrastructure and application solutions to power industries with AI and create pervasive intelligence.
https://www.webwire.com/ViewPressRel.asp?aId=260022
 
. .

Pakistan Defence Latest Posts

Back
Top Bottom