Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud(scmp.com)
scmp.com
Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud
https://www.scmp.com/tech/big-tech/article/3160670/apache-log4j-bug-chinas-industry-ministry-pulls-support-alibaba-cloud
215 comments
https://archive.md/Yvsca
This is why for all the fear of China, the country cannot succeed on its current trajectory.
Things look great until the leaders are doing well, but all it takes is for 1 bad set of leadership for all to fall apart.
And Xi Jinping has guaranteed failure by removing term limits. Term limits meant that other ambitious political leaders were willing to wait and try their luck next turn. But with no term limits multiple generations of leaders are locked out of even the possibility of becoming the party leader, which means they have become a threat to Jinping.
And since so many people are now a threat to him, his selection criteria for people to lead different parts of the party and government has to be based entirely on loyalty rather than competence.
Which almost guarantees a lot of counter productive incompetence.
Things look great until the leaders are doing well, but all it takes is for 1 bad set of leadership for all to fall apart.
And Xi Jinping has guaranteed failure by removing term limits. Term limits meant that other ambitious political leaders were willing to wait and try their luck next turn. But with no term limits multiple generations of leaders are locked out of even the possibility of becoming the party leader, which means they have become a threat to Jinping.
And since so many people are now a threat to him, his selection criteria for people to lead different parts of the party and government has to be based entirely on loyalty rather than competence.
Which almost guarantees a lot of counter productive incompetence.
> This is why for all the fear of China, the country cannot succeed on its current trajectory.
I really really really want this to be true, but I don't think it's wise to discount China as a threat to worldwide autonomy just because they're behaving like typical authoritarians, and have the weaknesses that you'd expect from that kind of government.
Personally I think China's demographic issues should be more of a worry for them. The aftermath of the one-child policy, as well as all the selective abortion (under one-child, parents preferred to give birth to a boy) creating a imbalance between the number of men and women, means their population will start shrinking soon. And there will be a lot of only children supporting both of their parents when they start getting older, not to mention a glut of older folks leaving the workforce without equal replacement from the younger generations.
I really really really want this to be true, but I don't think it's wise to discount China as a threat to worldwide autonomy just because they're behaving like typical authoritarians, and have the weaknesses that you'd expect from that kind of government.
Personally I think China's demographic issues should be more of a worry for them. The aftermath of the one-child policy, as well as all the selective abortion (under one-child, parents preferred to give birth to a boy) creating a imbalance between the number of men and women, means their population will start shrinking soon. And there will be a lot of only children supporting both of their parents when they start getting older, not to mention a glut of older folks leaving the workforce without equal replacement from the younger generations.
You think of China in american terms. For all they care, the world stops at their borders and having to trade outside is a temporary inconvenience. They re not going to be able to expand, you can already see their cultural gradients on its periphery having a lot of issue.
If China was to deal with French, Japanese or Senegalese people, it would immediately crumble. All they can do is firefight for internal stability, or change enormously to inspire positively, but it's not yet looking that way.
If China was to deal with French, Japanese or Senegalese people, it would immediately crumble. All they can do is firefight for internal stability, or change enormously to inspire positively, but it's not yet looking that way.
Even in the worst case scenaro China ends up having twice the population of the USA. The nee 3 child policy for ccp members might help.
Having a contracting population and a smaller fraction of that population working age makes it hard to sustain economic growth. (Ask Japan).
I think per capita numbers are more interesting than absolute numbers, and I'd expect that automation will improve that in the coming decades more than in the last couple of decades.
Russia has been skirting along in mediocrity with its one leader pseudo parliament system for longer than China. Xi is copying Putins playbook here.
The major difference is their positions in economic transitions.
I think the biggest risk for China would be entering mediocrity and flatlining like Russia. Not growing seems to be their biggest fear.
The major difference is their positions in economic transitions.
I think the biggest risk for China would be entering mediocrity and flatlining like Russia. Not growing seems to be their biggest fear.
Russia failed to build economy not based on oil. China's economy much more stable.
According to machine translation (both Google Translate and DeepL) of the law itself, it seems that this is not actually the case, and that the article is simply wrong. Indeed, it seems that they have a legal responsibility to notify the MIIT within two days, but a legal responsibility to notify upstream immediately (according to another commenter, they do not even have any responsibility to disclose to the government, only to Apache).
Perhaps this translation is incorrect, but Chinese speaking commenters below think that it is accurate, so it's probably just the article being wrong (as usual), leading to incorrect conclusions that China is not a threat and will not succeed because they will shoot themselves in the foot etc, while reality is a lot more reasonable.
Perhaps this translation is incorrect, but Chinese speaking commenters below think that it is accurate, so it's probably just the article being wrong (as usual), leading to incorrect conclusions that China is not a threat and will not succeed because they will shoot themselves in the foot etc, while reality is a lot more reasonable.
The article is correct on all factual grounds; Alibaba has been suspended of its participation as a 网络安全威胁信息共享平台合作单位 (whatever that means), and the agency sources that law as the reason. Now you can argue the law does not actually say Alibaba is obligated to report the incident to the China government, but the government is acting as it should, and Alibaba has no recourse but to accept (you have no chance to get a course ruling to overturn the decision in China anyway so what other choice do they have).
[deleted]
The ease with which the term limits were removed indicates that they were never a real limitation in the first place. What prior leader was actually bounded by them?
Jiang and Hu both stepped down after 2 terms. So yes they agreed to it.
Doesn't seem like much of a limitation if they have to agree to it. What happens if they don't?
Wasn't Jiang still leading the military? Hu appears to be the only one that stepped down on time - but more from the rise of Xi rather than this rule.
Wasn't Jiang still leading the military? Hu appears to be the only one that stepped down on time - but more from the rise of Xi rather than this rule.
> Which almost guarantees a lot of counter productive incompetence.
What do dictators do when their policies start failing and popularity declines?
They go to war. Nothing distracts the population as much. This is the biggest risk with China's expanding military power.
What do dictators do when their policies start failing and popularity declines?
They go to war. Nothing distracts the population as much. This is the biggest risk with China's expanding military power.
This is not how China works. Previous leaders only exited power because they were pretty much ousted, and their power was never really institutionally checked.
Mainland China never been ever close to constitutional rule. It's unbelievably naive to think that term limits would've ever been something other than a decoration, and a propaganda point with communists.
Mainland China never been ever close to constitutional rule. It's unbelievably naive to think that term limits would've ever been something other than a decoration, and a propaganda point with communists.
There were emperors in China and many other countries all through the past several thousand years and it is the expectation of the world that they suddenly give up that entire way of life and thinking in one century?
Yeah bro, there were kings and feudal lords and chieftains and emperors (like Rome) all over the rest of the world for thousands of years too. To say that the Chinese are incapable of democracy because being ruled by an autocrat steadily increasing his own power is their "way of life" is frankly insulting to the Chinese.
The Chinese are one of the most crowded nations for a long long time, and their dynamics, views, priorities and choices are different. Also they have a much different history on social dynamics and outcomes.
Judging their systems and dynamics from our point of view misses the point in some cases.
There's an eye opening video about "The Social Credit System" from CCC (Chaos Communication Conference). Take a look if you have time:
https://media.ccc.de/v/35c3-9904-the_social_credit_system
It's an hour long talk.
Judging their systems and dynamics from our point of view misses the point in some cases.
There's an eye opening video about "The Social Credit System" from CCC (Chaos Communication Conference). Take a look if you have time:
https://media.ccc.de/v/35c3-9904-the_social_credit_system
It's an hour long talk.
The Taiwanese seem to have managed the transition.
Taiwan is not a shining beacon of democracy either. Since the creation of the country in 1949, the total number of parties holding power is: two. For important issues like the geopolitical orientation and the business model of the country - the choice between KMT and DPP is like a choice between Pepsi and Coca-cola
There were slaves for thousands of years too, and we ended that pretty quickly.
That's just plainly not true. Deng Xiaopeng set the country up for orderly succession, and it did work up through Xi Jinping. Hu Jintao and Jiang Zemin both cycled through office without any of the things we associate with authoritarian rulers. There was no execution of your political opponents, after you beat them to office, or afterwards.
The argument has been that China needed a reset badly. Free-for-all capitalism hasn't been so great for most folks in the U.S. either, has it? That has been the justification for the heavy hand of the government during Xi's rule. There's also the argument that Western-style term limits prevent long-term strategic planning.
All of those are really tempting and solid arguments, especially given how corrupt China had become with capitalism-ruling-all, but one really does wonder.
As far as Alibaba goes, it's to my understanding that there are no real alternatives to Alibaba Cloud in China (unless you want to go for a foreign solution like AWS or Azure). It would seem that the current government thinks they can get away with making an example of the company as they see fit. There may be some geopolitical logic to that, because Xi's government seeks to make China more independent after Trump's trade wars, and if you have a big, wealthy internet company drawing in the country's top talent, then that's fewer that's e.g. going towards the semiconductor companies they now seek to bolster.
Now there may have been a "correct" policy solution to this, a la antitrust, but it seems Xi's government prefers to be heavy-handed. For me, that's setting some scary precedents, because as other commenters have said, it isn't clear how succession will be handled going forward, and it may well be brutal.
The argument has been that China needed a reset badly. Free-for-all capitalism hasn't been so great for most folks in the U.S. either, has it? That has been the justification for the heavy hand of the government during Xi's rule. There's also the argument that Western-style term limits prevent long-term strategic planning.
All of those are really tempting and solid arguments, especially given how corrupt China had become with capitalism-ruling-all, but one really does wonder.
As far as Alibaba goes, it's to my understanding that there are no real alternatives to Alibaba Cloud in China (unless you want to go for a foreign solution like AWS or Azure). It would seem that the current government thinks they can get away with making an example of the company as they see fit. There may be some geopolitical logic to that, because Xi's government seeks to make China more independent after Trump's trade wars, and if you have a big, wealthy internet company drawing in the country's top talent, then that's fewer that's e.g. going towards the semiconductor companies they now seek to bolster.
Now there may have been a "correct" policy solution to this, a la antitrust, but it seems Xi's government prefers to be heavy-handed. For me, that's setting some scary precedents, because as other commenters have said, it isn't clear how succession will be handled going forward, and it may well be brutal.
> There's also the argument that Western-style term limits prevent long-term strategic planning.
It seems to me that term limits are mostly the reserve of countries that have a genuine fear of authoritarian takeovers from recent experience, e.g. the nonaligned countries in South America and Africa.
Countries with executive power vested in a member of Parliament don’t have such limits, hence how you get people like Merkel, Thatcher and Mark Rutte serving as Prime Minister for so long. You also have long-term planning with the maintenance of a professional civil service rather than political appointees and the use of cabinet level decision making rather than allowing the Head of Government to unilaterally make decisions.
America and France are really the only significant “western” (politically rather than geographically) countries you can say have term limits on executive power. In both cases the introduction of term limits are post-ww2 changes. To use either example as a criticism of “the west” as a whole requires a rather narrow view of the world I think.
It seems to me that term limits are mostly the reserve of countries that have a genuine fear of authoritarian takeovers from recent experience, e.g. the nonaligned countries in South America and Africa.
Countries with executive power vested in a member of Parliament don’t have such limits, hence how you get people like Merkel, Thatcher and Mark Rutte serving as Prime Minister for so long. You also have long-term planning with the maintenance of a professional civil service rather than political appointees and the use of cabinet level decision making rather than allowing the Head of Government to unilaterally make decisions.
America and France are really the only significant “western” (politically rather than geographically) countries you can say have term limits on executive power. In both cases the introduction of term limits are post-ww2 changes. To use either example as a criticism of “the west” as a whole requires a rather narrow view of the world I think.
> Xiaopeng set the country up for orderly succession
No, he did not. He built a cabinet of marionettes, and set himself to be a gray cardinal to run the state from behind the curtain. Jiang Zemin then ousted him out of power.
You know nothing about China past the popular propaganda image they wanted Westerners to see.
No, he did not. He built a cabinet of marionettes, and set himself to be a gray cardinal to run the state from behind the curtain. Jiang Zemin then ousted him out of power.
You know nothing about China past the popular propaganda image they wanted Westerners to see.
> Deng Xiaopeng set the country up for orderly succession, and it did work up through Xi Jinping. Hu Jintao and Jiang Zemin both cycled through office without any of the things we associate with authoritarian rulers. There was no execution of your political opponents, after you beat them to office, or afterwards.
Two orderly successions with no political executions isn’t a particularly high bar…
Two orderly successions with no political executions isn’t a particularly high bar…
For somewhere like China, under authoritarian rule, that is a pretty high bar. The stakes are very high and there are a lot of talented, ambitious individuals. There is no theoretical framework for why one person shouldn't put their family in charge once you accept the idea that one party should be in charge. Deng, Jiang & Hu are all basically heros of the modern era for resisting any temptation.
baybal2(1)
>Two orderly successions with no political executions isn’t a particularly high bar…
disagree. Mao started the culture revolution because he was ousted and succeed in taking back the powers. its a high bar that all leaders after Mao didn't try another culture revolution.
disagree. Mao started the culture revolution because he was ousted and succeed in taking back the powers. its a high bar that all leaders after Mao didn't try another culture revolution.
[deleted]
That's worked remarkably well for Russia.
From Wikipedia
> The Communist Party of China proposed amending the Constitution, for the first time after 2004,[3] including writing Scientific Outlook on Development and Xi Jinping Thought into the Preamble,[4] and removing the provision that the President and Vice President "shall serve no more than two consecutive terms" from the Constitution.[5]
https://en.m.wikipedia.org/wiki/2018_National_People%27s_Con...
> The Communist Party of China proposed amending the Constitution, for the first time after 2004,[3] including writing Scientific Outlook on Development and Xi Jinping Thought into the Preamble,[4] and removing the provision that the President and Vice President "shall serve no more than two consecutive terms" from the Constitution.[5]
https://en.m.wikipedia.org/wiki/2018_National_People%27s_Con...
The most powerful man in China is the Chairman of the Central Military Commission. “Political power grows out of the barrel of a gun” - Mao. The title President is less important so term limits on that position don’t matter. Recent ”anti-corruption” actions have weighed heavily on Jiang Zemin’s allies
Yes, but that same leader is conventionally also the President.
By eliminating term limits in 2018 Xi Jinping was clearly signaling that he did not intend on relinquishing power.
By eliminating term limits in 2018 Xi Jinping was clearly signaling that he did not intend on relinquishing power.
Interestingly Hu Jintao only gained control of the army two years into his term.
> The most powerful man in China is the Chairman of the Central Military Commission.
It's interesting to me that they allowed that to happen, both the US, with its civilian control of the military, and the Soviets, with their convoluted division of manpower, equipment, and commands, took measures to stop that situation from occurring.
It's interesting to me that they allowed that to happen, both the US, with its civilian control of the military, and the Soviets, with their convoluted division of manpower, equipment, and commands, took measures to stop that situation from occurring.
China just doesn't try to hide it
You just look back at China's 5000 years Imperial history. It is no surprise of current development. Chinese history has never had Greek style democracy system. The closest in terms of political development will be Song dynasty which it has a chance to further survive, will likely turn into something like USA. Alas, ask any Chinese scholars, Song dynasty is considered the worst in China as it is "weak". Surprisingly, if you ask the same person, people living during Song dynasty were way better off than Tang or Han dynasty, both golden periods of China before Song. Even if you ask about science
and literarure developments, it too was ahead of previous dynasty. Still, it is consider a failure when in terms of dynasty ranking.
I know about Dr. Sun's republic, Taiwan and "voting politburo" . But these are considered modern development which hasn't really sunk into physche of Chinese race worldwide.
I know about Dr. Sun's republic, Taiwan and "voting politburo" . But these are considered modern development which hasn't really sunk into physche of Chinese race worldwide.
[deleted]
> the country cannot succeed on its current trajectory
What, exactly, is it doing right now? This sounds a lot like "Tom Brady cannot succeed with his current height." Um, he already has, and continues to do so.
What, exactly, is it doing right now? This sounds a lot like "Tom Brady cannot succeed with his current height." Um, he already has, and continues to do so.
This is why for all the fear of America, the country cannot succeed on its current trajectory.
Things look great until the leaders are doing well, but all it takes is 1 Brandon for all to fall apart.
And since so many Americans are now a threat to the Democrats, their selection criteria for people to lead different parts of the party and government has to be based entirely on race and gender rather than competence.
Which almost guarantees a lot of counter productive incompetence.
And since so many Americans are now a threat to the Democrats, their selection criteria for people to lead different parts of the party and government has to be based entirely on race and gender rather than competence.
Which almost guarantees a lot of counter productive incompetence.
That's the point of the comment you're responding to - the USA has term limits, which means that the damage a single bad leader can do is limited.
I'm surprised HN is full of knee jerk assumption without first checking what the government required disclosure policy is.
Here it is: Verify. Report to 'vendor'. Immediately. Report to government including an analysis within 2 days.
Link to policy: http://www.gov.cn/gongbao/content/2021/content_5641351.htm
Link to past HN comment on this on another story on this topic: https://news.ycombinator.com/item?id=29653352
Here it is: Verify. Report to 'vendor'. Immediately. Report to government including an analysis within 2 days.
Link to policy: http://www.gov.cn/gongbao/content/2021/content_5641351.htm
Link to past HN comment on this on another story on this topic: https://news.ycombinator.com/item?id=29653352
I don't think there are any knee jerk assumptions happening; TFA details the differences, including the policy you're referencing.
(archived version of the article: https://archive.md/Yvsca)
From your linked policy (translated by Apple):
>Article 7 Network product providers shall fulfill the following security vulnerability management obligations
>(2) Relevant vulnerability information shall be submitted [...] within 2 days
In this case, an Alibaba researcher found a bug in an Apache product, so this policy wouldn't seem to apply as Alibaba is not the vendor of the product.
(archived version of the article: https://archive.md/Yvsca)
From your linked policy (translated by Apple):
>Article 7 Network product providers shall fulfill the following security vulnerability management obligations
>(2) Relevant vulnerability information shall be submitted [...] within 2 days
In this case, an Alibaba researcher found a bug in an Apache product, so this policy wouldn't seem to apply as Alibaba is not the vendor of the product.
Plainly the linked policy does not ask Alibaba to do what the article says it should do, ie, notify the government first, as per machine translation.
It seems to say that they should notify the vendor (ie, Apache) as soon as possible, and notify the government within 2 days (according to rfoo they are not at all required to disclose it to the government since it's not their product, but they are encouraged to do so), not that they should notify the government first and then wait for approval to notify Apache.
According to google translate:
(1) After discovering or learning about the security vulnerabilities in the provided network products, they should immediately take measures and organize verification of the security vulnerabilities to assess the degree of harm and the scope of the security vulnerabilities; for the security vulnerabilities in their upstream products or components, they should Notify the relevant product provider immediately.
(2) The relevant vulnerability information should be reported to the Ministry of Industry and Information Technology's cyber security threat and vulnerability information sharing platform within 2 days. The content of the submission shall include the product name, model, version, and the technical characteristics, harm, and scope of the vulnerability that have security loopholes in network products.
So according to machine translation, the article is incorrect, and they do not have to notify the CCP first, instead they should have notified Apache first, and then the government within 2 days.
It seems to say that they should notify the vendor (ie, Apache) as soon as possible, and notify the government within 2 days (according to rfoo they are not at all required to disclose it to the government since it's not their product, but they are encouraged to do so), not that they should notify the government first and then wait for approval to notify Apache.
According to google translate:
(1) After discovering or learning about the security vulnerabilities in the provided network products, they should immediately take measures and organize verification of the security vulnerabilities to assess the degree of harm and the scope of the security vulnerabilities; for the security vulnerabilities in their upstream products or components, they should Notify the relevant product provider immediately.
(2) The relevant vulnerability information should be reported to the Ministry of Industry and Information Technology's cyber security threat and vulnerability information sharing platform within 2 days. The content of the submission shall include the product name, model, version, and the technical characteristics, harm, and scope of the vulnerability that have security loopholes in network products.
So according to machine translation, the article is incorrect, and they do not have to notify the CCP first, instead they should have notified Apache first, and then the government within 2 days.
I think the central point of the article is that the Chinese government is deviating from their stated policy by punishing Alibaba with the 6 month freeze, thus making it newsworthy.
Does the article say that? The article says that the law encourages them to notify the government first, which it doesn't seem to.
At the same time, the article doesn't say that China is going to stop supporting Alibaba Cloud, just that that the MIIT is freezing cybersecurity cooperation, as far as I understand the article there is no legal punishment or serious financial punishment, and it's not even clear that the cooperation with the MIIT didn't have other terms. It's not clear either that they followed the 2-day period.
At the same time, the article doesn't say that China is going to stop supporting Alibaba Cloud, just that that the MIIT is freezing cybersecurity cooperation, as far as I understand the article there is no legal punishment or serious financial punishment, and it's not even clear that the cooperation with the MIIT didn't have other terms. It's not clear either that they followed the 2-day period.
From my understanding, Chinese government didn't punish Alibaba according to the regulation discussed above.
Given that the punishment is rather obscure and really weak (okay, your country's CERT felt pissed off and won't talk to you for 6 months, but for megacorps like Alibaba, would they really care?), I don't think they are willing to break the rule, at least for now.
Given that the punishment is rather obscure and really weak (okay, your country's CERT felt pissed off and won't talk to you for 6 months, but for megacorps like Alibaba, would they really care?), I don't think they are willing to break the rule, at least for now.
> and then the government within 2 days.
That's wrong. According to the text Alibaba is not required to report the bug to government at all. The 2 days term apply to "domestic network product provider" which would be ASF/log4j maintainers in this case. But they are not domestic so this does not apply.
That's wrong. According to the text Alibaba is not required to report the bug to government at all. The 2 days term apply to "domestic network product provider" which would be ASF/log4j maintainers in this case. But they are not domestic so this does not apply.
Alibaba Cloud, like the other big clouds, has many Java-based products. They’re certainly the vendor of their own vulnerable Java-based products. Whether some other party wrote the code in question doesn’t change that.
Thanks, you're right that they certainly are the vendor of their own vulnerable Java-based products.
AFAIK when the bug became popular on Dec 9, there are still many Java-based services running by Alibaba Cloud remain unfixed, and it caused chaos and panic among their "SRE"s.
However reading the regulation text again, now I'm not sure in this case what Alibaba should report:
> (二)应当在2日内向工业和信息化部网络安全威胁和漏洞信息共享平台报送相关漏洞信息。报送内容应当包括存在网络产品安全漏洞的产品名称、型号、版本以及漏洞的技术特点、危害和影响范围等。
It said they should report "the name, type and version of the product with the vulnerability, the 'technical characteristics' of the vulnerability and the impact". Does this mean, Alibaba should report, for example:
"Alibaba Cloud hosted Apache Flink stream computing service (whatever brand name they use) contains a pre-auth critical RCE vulnerability due to insecure processing of user input in version a.b.c till x.y.z"?
I'm not seeing how could the government know what the bug really is if "the product" means Alibaba Cloud's own product.
AFAIK when the bug became popular on Dec 9, there are still many Java-based services running by Alibaba Cloud remain unfixed, and it caused chaos and panic among their "SRE"s.
However reading the regulation text again, now I'm not sure in this case what Alibaba should report:
> (二)应当在2日内向工业和信息化部网络安全威胁和漏洞信息共享平台报送相关漏洞信息。报送内容应当包括存在网络产品安全漏洞的产品名称、型号、版本以及漏洞的技术特点、危害和影响范围等。
It said they should report "the name, type and version of the product with the vulnerability, the 'technical characteristics' of the vulnerability and the impact". Does this mean, Alibaba should report, for example:
"Alibaba Cloud hosted Apache Flink stream computing service (whatever brand name they use) contains a pre-auth critical RCE vulnerability due to insecure processing of user input in version a.b.c till x.y.z"?
I'm not seeing how could the government know what the bug really is if "the product" means Alibaba Cloud's own product.
Thanks for the correction. I am not convinced however, if Alibaba ships a single product with Log4J it would be their own product too.
See my sibling comment, if "the product" != log4j, Alibaba is then not required to report that log4j had a vulnerability.
Do you mean by redistributing log4j they became a "network product provider" of log4j?
Do you mean by redistributing log4j they became a "network product provider" of log4j?
Either that, or that one of their own products is vulnerable because of the Log4J vulnerability.
[deleted]
[deleted]
Sure, Alibaba broke the law. But there is no rule of law in China. If laws were truly enforced the entire system would collapse.
This was using the law as a weapon to keep companies in check. If this had been another company firmly in the pocket of the CCP, this would have been overlooked and never made public.
This was using the law as a weapon to keep companies in check. If this had been another company firmly in the pocket of the CCP, this would have been overlooked and never made public.
> But there is no rule of law in China.
Shit HN says. Can we avoid making such blanket statements, please and thank you.
Shit HN says. Can we avoid making such blanket statements, please and thank you.
Define rule of laws? Most people don't consider a system where judge, jury and executioner are a single political party that cannot be criticised. If this is rule of law then it's the lowest bar possible
randomly hating 20% of the worlds population for being born in the WRONG country? seems reasonable!
You can dislike the actions of a government without hating the people governed by that government.
I think one has to be really careful about the language one uses. To step above this, I urge everyone to not criticize "China" (which, while often intended to address the administration, can easily be interpreted as the country as such and its population) but instead be more precise with "the CCP", "the PRC administration", or similar. Similarly, just talking about "China" as opposed to "The PRC" opens it up to inclusion of Taiwan and other territories not de-facto part of the nation.
So many people attach their identity to their country of origin or citizenship. You can think of that what you want, but by avoiding "attacking the country" verbally, you shield your argument from that flavor of wumao vitriol.
The OP does this right: "CCP pulls support", not "China pulls support".
I see a similar thing with Israel - don't want to be portrayed as antisemitic? Address the administration, not the country.
So many people attach their identity to their country of origin or citizenship. You can think of that what you want, but by avoiding "attacking the country" verbally, you shield your argument from that flavor of wumao vitriol.
The OP does this right: "CCP pulls support", not "China pulls support".
I see a similar thing with Israel - don't want to be portrayed as antisemitic? Address the administration, not the country.
man synecdoche
What's this comment made in reference to?
[deleted]
TIL Chinese government consists of 20% of world’s population. I thought my country’s administration was overblown and inefficient
Typical communist inefficiency
what are you referring to?
Why does the Chinese Government need to be told _at all_? You're saying that doesn't seem strange to you? The government busy silently exterminating a people and who employ mass surveillance and other obvious human rights violations, that they ask for cyber vulnerabilities to be specifically delivered to them doesn't register a reaction with you at all?
To be fair... CERT has affiliations with the US government.
https://en.wikipedia.org/wiki/CERT_Coordination_Center
> The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center.
https://en.wikipedia.org/wiki/CERT_Coordination_Center
> The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center.
Let's cut the BS. The fact was that Ali Cloud failed to report the issue to MIIT (required by law, it has to be report cyber security incidents to MIIT immediately) weeks after notifying Apache(a foreign entity).
I'm not sure if such behaviors would be desirable in any country.
I'm not sure if such behaviors would be desirable in any country.
[deleted]
Classic HN. you're getting downvoted by fools. I made your point independently, before finding this comment.
It really is worrying how little pause a factually correct comment gave the people reading the thread. We really live in a post-truth world.
Well, it's a pity that doesn't matter how hard we try, it's just impossible to make some ppl understand the fact.
Why?
Did they want to protect themselves before alerting anyone?
Did they want to use this to infiltrate others?
Did they want to protect themselves before alerting anyone?
Did they want to use this to infiltrate others?
There is a rule that requires cloud providers like Alibaba Cloud to report vulnerabilities within 2 days. Alibaba violated this rule.
Note that the article is misleading as the rule doesn't require the disclosure must be made to the government first.
Note that the article is misleading as the rule doesn't require the disclosure must be made to the government first.
Your info is accurrate. But I doubt anyone cares about it.
Would you mind citing the rule? A similar-sounding policy linked elsewhere doesn't seem to apply to this situation.
This is the law that is mentioned in the article, as a link says that this is application of the MIIT ruling that came into effect September 1st:
http://www.gov.cn/gongbao/content/2021/content_5641351.htm
Here is a machine translation of the relevant section that seems to agree with the GP:
>Article 7 Network product providers shall perform the following network product security vulnerabilities management obligations, ensure that their product security vulnerabilities are repaired in a timely manner and reasonably released, and guide and support product users to take preventive measures:
>(1) After discovering or learning about the security vulnerabilities in the provided network products, they should immediately take measures and organize verification of the security vulnerabilities to assess the degree of harm and the scope of the security vulnerabilities; for the security vulnerabilities in their upstream products or components, they should Notify the relevant product provider immediately.
>(2) The relevant vulnerability information should be reported to the Ministry of Industry and Information Technology's cyber security threat and vulnerability information sharing platform within 2 days. The content of the submission shall include the product name, model, version, and the technical characteristics, harm, and scope of the vulnerability that have security loopholes in network products.
>(3) Remediation of network product security vulnerabilities should be organized in a timely manner. For product users (including downstream manufacturers) that need to take measures such as software and firmware upgrades, network product security vulnerabilities and repair methods should be promptly informed of the product users who may be affected , And provide the necessary technical support.
http://www.gov.cn/gongbao/content/2021/content_5641351.htm
Here is a machine translation of the relevant section that seems to agree with the GP:
>Article 7 Network product providers shall perform the following network product security vulnerabilities management obligations, ensure that their product security vulnerabilities are repaired in a timely manner and reasonably released, and guide and support product users to take preventive measures:
>(1) After discovering or learning about the security vulnerabilities in the provided network products, they should immediately take measures and organize verification of the security vulnerabilities to assess the degree of harm and the scope of the security vulnerabilities; for the security vulnerabilities in their upstream products or components, they should Notify the relevant product provider immediately.
>(2) The relevant vulnerability information should be reported to the Ministry of Industry and Information Technology's cyber security threat and vulnerability information sharing platform within 2 days. The content of the submission shall include the product name, model, version, and the technical characteristics, harm, and scope of the vulnerability that have security loopholes in network products.
>(3) Remediation of network product security vulnerabilities should be organized in a timely manner. For product users (including downstream manufacturers) that need to take measures such as software and firmware upgrades, network product security vulnerabilities and repair methods should be promptly informed of the product users who may be affected , And provide the necessary technical support.
If this is actually true, this article seems like borderline propoganda.
> Did they want to protect themselves before alerting anyone?
Probably yes.
> Did they want to use this to infiltrate others?
Also probably yes.
The NSA does the same thing. They stockpile security vulnerabilities and selectively tell the software vendors about some of them. They like to keep the "high value" vulnerabilities to themselves for use in exploits.
The WannaCry ransomware (see https://en.wikipedia.org/wiki/WannaCry_ransomware_attack and https://en.wikipedia.org/wiki/EternalBlue) did worldwide economic damage and was built on an NSA developed exploit. The NSA knew about this vulnerability in Windows for years and never told Microsoft.
Unfortunately all intelligence agencies everywhere will continue to take this cowboy approach. Until we can get these bad actors under control, their constant undermining of internet infrastructure will continue to hinder efforts to improve internet security.
Probably yes.
> Did they want to use this to infiltrate others?
Also probably yes.
The NSA does the same thing. They stockpile security vulnerabilities and selectively tell the software vendors about some of them. They like to keep the "high value" vulnerabilities to themselves for use in exploits.
The WannaCry ransomware (see https://en.wikipedia.org/wiki/WannaCry_ransomware_attack and https://en.wikipedia.org/wiki/EternalBlue) did worldwide economic damage and was built on an NSA developed exploit. The NSA knew about this vulnerability in Windows for years and never told Microsoft.
Unfortunately all intelligence agencies everywhere will continue to take this cowboy approach. Until we can get these bad actors under control, their constant undermining of internet infrastructure will continue to hinder efforts to improve internet security.
This gave me a good chuckle.
* Google Project Zero researcher: "we found a bug!"
* NSA (internally): "Damnit, scratch that one off the list boys.."
* Google Project Zero researcher: "we found a bug!"
* NSA (internally): "Damnit, scratch that one off the list boys.."
It's not the same thing to develop and keep an exploit for yourself, as it is to require the public companies in your country to report the important bugs they find while effectively also under a temporary gag order. They are super different things.
The super result is super the same: more vulnerabilities exploited for longer.
Surely you can see there's some difference in magnitude here, right? Which one does it more?
And even if the end result has some overlap, there's a bit of an ethical difference between:
* developing an exploit that you keep quiet
* preventing others from talking about exploits they discover
And even if the end result has some overlap, there's a bit of an ethical difference between:
* developing an exploit that you keep quiet
* preventing others from talking about exploits they discover
Surely you can see that they're all bad actors, undermining the software and infrastructure that we all use, putting our systems and our data at risk through their grubby actions and even their grubby inaction, right?
I don't care which bunch of spies does it more. I don't want spies doing it at all.
I don't care which bunch of spies does it more. I don't want spies doing it at all.
> and even their grubby inaction, right?
Yah, I guess by not searching for new exploits tonight for public disclosure, I'm putting the entire software world marginally more at risk by "grubby inaction."
> I don't care which bunch of spies does it more. I don't want spies doing it at all.
I care: some bad actors in my government vs. forcing an entire massive economy to participate in bad actions will have massively different magnitudes of effect.
There's always going to be bad actors, but preventing 15% of the world's population from being good actors surely is a pretty significant thing.
Yah, I guess by not searching for new exploits tonight for public disclosure, I'm putting the entire software world marginally more at risk by "grubby inaction."
> I don't care which bunch of spies does it more. I don't want spies doing it at all.
I care: some bad actors in my government vs. forcing an entire massive economy to participate in bad actions will have massively different magnitudes of effect.
There's always going to be bad actors, but preventing 15% of the world's population from being good actors surely is a pretty significant thing.
Ethically, it’s not the same.
There's nothing ethical about leaving your nation's infrastructure vulnerable to attack just because you want to indulge in the boy's own adventure of attacking the infrastructure of other nations.
It's not ethical. It's not professional. It's school boy stuff.
It's not ethical. It's not professional. It's school boy stuff.
Whoa, I think we're on the same team. I was saying it's not ethical to tell only your gov't about the exploit, and not your customers.
Probably both? It may not even be so much about this particular vulnerability, but rather just setting the law that any future vulnerabilities must first be reported to the party which can then decide to either defend from it or weaponize it.
I would be surprised, even disappointed a bit, if NSA didn't use it for infiltration for a good few months already.
They do use this to infiltrate others: https://www.wsj.com/articles/cyber-daily-hackers-backed-by-c...
well, if the US does, why wouldn't other governments?
I guess everyone has forgotten wikileaks and Snowden already.
I guess everyone has forgotten wikileaks and Snowden already.
Do people really think AWS did not report to the federal agencies about potential risks?
If AWS didn't then their contract for service is deficient. If they had risks which affected their stock price they had obligations to other agencies too. The department of commerce, the federal communications agency, the US Cert, you name it.
Please, no accusations of whataboutery: I am trying to point out that if you are big enough to have economically relevant importance, OR if you supply goods and services to the state, any state, you have obligations in that state relationship.
if I was in government in China and ali baba cloud didn't check in, I might be witholding business too.
If AWS didn't then their contract for service is deficient. If they had risks which affected their stock price they had obligations to other agencies too. The department of commerce, the federal communications agency, the US Cert, you name it.
Please, no accusations of whataboutery: I am trying to point out that if you are big enough to have economically relevant importance, OR if you supply goods and services to the state, any state, you have obligations in that state relationship.
if I was in government in China and ali baba cloud didn't check in, I might be witholding business too.
>And since so many people are now a threat to him, his selection criteria for people to lead different parts of the party and government has to be based entirely on loyalty rather than competence.
>Which almost guarantees a lot of counter productive incompetence.
This applies to every goverment and public institution regardless of its democratic roots
>Which almost guarantees a lot of counter productive incompetence.
This applies to every goverment and public institution regardless of its democratic roots
Would love to know whether their Specialized military network warfare forces and PLA - authorized forces knew about the flaw beforehand.
Absolutely shameless. I’m glad that they’re doing this in the complete open instead of painting themselves as the good guys (unlike, ahem, other western countries)
My deepest thanks for whoever did that decision in Alibaba.
I hope the price Alibaba has to pay for it won't be too high.
Through I expect Alibaba to now fall-in-line wrt. Future decisions of this kind, it's not that they have much choice.
I hope the price Alibaba has to pay for it won't be too high.
Through I expect Alibaba to now fall-in-line wrt. Future decisions of this kind, it's not that they have much choice.
I worry more about the price of the he individuals who made that call.
Curious what “saving face” will look like in practice here.
Very speculative:
It probably gets labeled as a procedural error, i.e. the one(s) who report it to the log4j project thought it is already reported to the government, and the ones on the other side say they thought the first team would report it to the government. Then they "fall-in-line" by implementing a security report system where you can't make the mistake, which automatically reports to the government and you need to get "clearance" to report to the project authors.
Which, might have been what actually happened if I think about it.
It probably gets labeled as a procedural error, i.e. the one(s) who report it to the log4j project thought it is already reported to the government, and the ones on the other side say they thought the first team would report it to the government. Then they "fall-in-line" by implementing a security report system where you can't make the mistake, which automatically reports to the government and you need to get "clearance" to report to the project authors.
Which, might have been what actually happened if I think about it.
"China’s internet security regulator has disciplined Alibaba Group Holding’s cloud computing services unit for failing to first report to the government a critical vulnerability in Apache’s Log4j software that has alarmed the cybersecurity community, Chinese media reported on Wednesday.
The Ministry of Industry and Information Technology (MIIT) is suspending work with Alibaba Cloud as a cybersecurity threat intelligence partner for six months because the company did not immediately report a severe bug in the widely used logging software to the government agency, the 21st Century Business Herald reported. The ministry also said it would reassess whether to resume the partnership at that time, based on measures Alibaba has taken to correct the problem.
Losing the support of the agency could affect business prospects for the cloud computing unit of Alibaba, the owner of the South China Morning Post. However, specific losses for the country’s largest cloud business are hard to determine.
The MIIT launched a cybersecurity threat intelligence sharing platform in December 2019 to serve as a state-led alliance in dealing with security threats. Membership in the platform is government recognition of the member’s capabilities in spotting and managing threats.
The MIIT did not publish a public statement about its decision, and Alibaba did not respond to a request for comment.
The Log4j vulnerability has been described as a “nightmare” and “catastrophic”, with some experts saying it is the most severe cybersecurity threat ever by number of devices affected. The simple piece of Java-based software can be found in countless internet-connected devices, from Internet-of-Things products like televisions and cameras to the servers running cloud operations for tech giants like Amazon, Google and Microsoft.
The flaw first received widespread attention when it was publicly disclosed on December 9, after Alibaba Cloud Security Team engineer Chen Zhoujun discovered the flaw. Chen notified the Apache Software Foundation, the non-profit corporation that develops the open-source Log4j tool, by email on November 24.
According to a regulation passed this year, Chinese companies are obliged to report vulnerabilities in their own software to the MIIT through its National Vulnerability Database website. However, the Internet Product Security Loophole Management Regulation, which went into effect in September, only “encourages” companies to report bugs found in others’ software.
The MIIT cybersecurity management bureau released a statement on December 9 saying it was notified about the vulnerability by “relevant” cybersecurity institutions. The ministry summoned Alibaba Cloud and other cybersecurity firms to discuss the situation, it said. It also urged companies and the public to monitor for updates to patch their systems.
Cybersecurity industry norms encourage notifying vendors of security flaws first, giving them ample time to address the problem, before disclosing the issue to the public. Apache released a patch for the Log4j bug on December 6, three days before public disclosure.
Still, the effect of the bug’s discovery is expected to be wide-ranging because of Log4j’s ubiquity. Many people may not even be aware that their systems are compromised.
The exploit, known as Log4Shell, allows hackers to remotely execute code by getting it logged by the software. This became a problem in the Java edition of Microsoft’s game Minecraft, for example, allowing players’ to compromise others’ systems by sending malicious code through chat messages.
Cybersecurity experts on Twitter have commended the Alibaba Cloud engineer for responsibly disclosing the vulnerability directly to the tool’s developers.
Since the bug’s public disclosure, cybersecurity experts have warned of an increase in activity scanning for Log4j on vulnerable systems. Microsoft said on December 11 that it found that state actors connected with China, Iran, North Korea and Turkey have been both experimenting and exploiting the vulnerability."
The Ministry of Industry and Information Technology (MIIT) is suspending work with Alibaba Cloud as a cybersecurity threat intelligence partner for six months because the company did not immediately report a severe bug in the widely used logging software to the government agency, the 21st Century Business Herald reported. The ministry also said it would reassess whether to resume the partnership at that time, based on measures Alibaba has taken to correct the problem.
Losing the support of the agency could affect business prospects for the cloud computing unit of Alibaba, the owner of the South China Morning Post. However, specific losses for the country’s largest cloud business are hard to determine.
The MIIT launched a cybersecurity threat intelligence sharing platform in December 2019 to serve as a state-led alliance in dealing with security threats. Membership in the platform is government recognition of the member’s capabilities in spotting and managing threats.
The MIIT did not publish a public statement about its decision, and Alibaba did not respond to a request for comment.
The Log4j vulnerability has been described as a “nightmare” and “catastrophic”, with some experts saying it is the most severe cybersecurity threat ever by number of devices affected. The simple piece of Java-based software can be found in countless internet-connected devices, from Internet-of-Things products like televisions and cameras to the servers running cloud operations for tech giants like Amazon, Google and Microsoft.
The flaw first received widespread attention when it was publicly disclosed on December 9, after Alibaba Cloud Security Team engineer Chen Zhoujun discovered the flaw. Chen notified the Apache Software Foundation, the non-profit corporation that develops the open-source Log4j tool, by email on November 24.
According to a regulation passed this year, Chinese companies are obliged to report vulnerabilities in their own software to the MIIT through its National Vulnerability Database website. However, the Internet Product Security Loophole Management Regulation, which went into effect in September, only “encourages” companies to report bugs found in others’ software.
The MIIT cybersecurity management bureau released a statement on December 9 saying it was notified about the vulnerability by “relevant” cybersecurity institutions. The ministry summoned Alibaba Cloud and other cybersecurity firms to discuss the situation, it said. It also urged companies and the public to monitor for updates to patch their systems.
Cybersecurity industry norms encourage notifying vendors of security flaws first, giving them ample time to address the problem, before disclosing the issue to the public. Apache released a patch for the Log4j bug on December 6, three days before public disclosure.
Still, the effect of the bug’s discovery is expected to be wide-ranging because of Log4j’s ubiquity. Many people may not even be aware that their systems are compromised.
The exploit, known as Log4Shell, allows hackers to remotely execute code by getting it logged by the software. This became a problem in the Java edition of Microsoft’s game Minecraft, for example, allowing players’ to compromise others’ systems by sending malicious code through chat messages.
Cybersecurity experts on Twitter have commended the Alibaba Cloud engineer for responsibly disclosing the vulnerability directly to the tool’s developers.
Since the bug’s public disclosure, cybersecurity experts have warned of an increase in activity scanning for Log4j on vulnerable systems. Microsoft said on December 11 that it found that state actors connected with China, Iran, North Korea and Turkey have been both experimenting and exploiting the vulnerability."
Silver lining: The more audacious the CCP gets, the faster their rule will collapse.
Fast for history, but not for people. Just look at North Korea. They've still got plenty of runway for more audacity. For CCP it's like infinity ahead.
Without the CCP it seems rather unlikely North Korea would continue to exist in its current way for long. The only remaining factor standing in the way of their fall then would be western nations not wishing to accept the sudden flood of North Korean refugees that would immediately emigrate from the country when they are no longer held there.
Unlike North Korea, China doesn't have a China to prop them up as a buffer state.
A bit of a reality check : For majority of general Chinese population, Xi Jinping is a great leader.
I don’t think thats gonna happen anytime soon.
Then again, the CCP under Mao was a lot worse, without any hint of collapse.
People’s expectations were also lower. And there wasn’t any incentive for other countries to be involved.
Both those factors have changed. The Chinese people are not gonna tolerate an extended reduction in their quality of life. Anything short of rapid quality of life growth may be catastrophic for the people in power.
And on the other side, other countries have a lot of incentive to further make things difficult for China and it’s leadership.
Both those factors have changed. The Chinese people are not gonna tolerate an extended reduction in their quality of life. Anything short of rapid quality of life growth may be catastrophic for the people in power.
And on the other side, other countries have a lot of incentive to further make things difficult for China and it’s leadership.
The tang ping moment to some degree validates that quality of life has at least plateaued for many, or that the effort involved to further improve QOL isn't worth it. However, that problem doesn't seem unique to China, and other countries are starting at a higher baseline standard of living.
China's already sitting on a ticking time bomb thanks to the one child policy. I'm willing to bet that that's equally likely to set about a collapse.
That's not the case anymore. From [0]
>As recently as 31 May 2021, China's government has relaxed restrictions even more allowing women up to three children.
[0] https://en.wikipedia.org/wiki/One-child_policy#Abolition
>As recently as 31 May 2021, China's government has relaxed restrictions even more allowing women up to three children.
[0] https://en.wikipedia.org/wiki/One-child_policy#Abolition
Just to augment/explain what others are saying:
* Liberalizing birth restrictions can't have any effect on the number of workers until ~20 years later, and in practice much later than that.
* Once the population pyramid has begun to invert, you have fewer people of childbearing age. Reversing the policy cannot replace the children who were not born a few years ago to families who are now beyond the point of seriously considering more children.
* In practice, once having fewer children is socially normalized, it's difficult to have a larger family going forward, and...
* Once you have a severely inverted population pyramid, the cost of supporting elders increases and the economic situation of those of working age deteriorates, which tends to further suppress births.
It takes a long time for these trends to reverse.
* Liberalizing birth restrictions can't have any effect on the number of workers until ~20 years later, and in practice much later than that.
* Once the population pyramid has begun to invert, you have fewer people of childbearing age. Reversing the policy cannot replace the children who were not born a few years ago to families who are now beyond the point of seriously considering more children.
* In practice, once having fewer children is socially normalized, it's difficult to have a larger family going forward, and...
* Once you have a severely inverted population pyramid, the cost of supporting elders increases and the economic situation of those of working age deteriorates, which tends to further suppress births.
It takes a long time for these trends to reverse.
The ticking time bomb refers to the aftermath of the one-child policy. Demographically, there won't be enough adult children to support the parents of the one-child generation as they age.
Too little too late. The inverted demographic pyramid and the huge skewed gender ratio are baked in at this point.
Yeah, China's currently sitting at 1.3 children born per woman -- just like Italy or Spain, which are often cited as the EU "crisis" numbers.
This number is even worse than it appears though, since there are so many more men than women to begin with, thanks to the history of sex-selective abortion in the country. 12 million Chinese women were never born because their parents wanted a son instead of a daughter, and that's an extra 1.3 x 12 = 16 million children that will be missing from the next generation.
China's population is actually predicted to start shrinking in about 5 years.
This number is even worse than it appears though, since there are so many more men than women to begin with, thanks to the history of sex-selective abortion in the country. 12 million Chinese women were never born because their parents wanted a son instead of a daughter, and that's an extra 1.3 x 12 = 16 million children that will be missing from the next generation.
China's population is actually predicted to start shrinking in about 5 years.
> China's population is actually predicted to start shrinking in about 5 years.
A little overall population contraction isn't necessarily dire. The concerning thing is a decreasing fraction of the population being working age.
Ultimately, the most dire predictions have China's population halving over the next lifetime, and a sustained, big drop in youth. That's a pretty damning trend.
A little overall population contraction isn't necessarily dire. The concerning thing is a decreasing fraction of the population being working age.
Ultimately, the most dire predictions have China's population halving over the next lifetime, and a sustained, big drop in youth. That's a pretty damning trend.
Maybe this is how we get robots faster? China starts panicking?
That's great, but 2021 projected birth rates are even lower than the previous years'
That's just closing the barn doors after the horses have left. Much too little, much too late.
The policy has changed but generations of population demographics haven't.
Maybe, but what will they do when the collapse comes?
Like there are many cases where governments tried to avoid an internal collapse by applying external pressure in form of starting a war.
Like there are many cases where governments tried to avoid an internal collapse by applying external pressure in form of starting a war.
I wish but I think they are well enough entrenched so that only a major economic collapse could threaten their rule.
Wishful thinking. Nothing guarantees that.
Optimistic, sure. But historical examples abound.
[deleted]
Glad to live in a free country where we don't praise dictatorships and authoritarianism. The world should just boycott fucking China.
Nationalistic flamewar will get you banned here. No more of this, please.
No, that's not because we're secretly in cahoots with communists—it's because we don't want a site that consists of lame flamewars and then turns itself into scorched earth and then heat death. We want thoughtful, curious conversation. If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
Edit: your previous two comments were egregiously breaking the rules here as well—even worse actually. That's seriously not ok. Please review https://news.ycombinator.com/newsguidelines.html and stop posting like that, regardless of how strongly you feel about $country, and regardless of how legitimate your reasons are (which I'm sure they are). I don't want to ban you but we can't have accounts carrying on like that here.
No, that's not because we're secretly in cahoots with communists—it's because we don't want a site that consists of lame flamewars and then turns itself into scorched earth and then heat death. We want thoughtful, curious conversation. If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.
Edit: your previous two comments were egregiously breaking the rules here as well—even worse actually. That's seriously not ok. Please review https://news.ycombinator.com/newsguidelines.html and stop posting like that, regardless of how strongly you feel about $country, and regardless of how legitimate your reasons are (which I'm sure they are). I don't want to ban you but we can't have accounts carrying on like that here.
Agreed.
Watching ADV China really helped me understand how bad the government is over there: https://youtube.com/c/ADVChina
Watching ADV China really helped me understand how bad the government is over there: https://youtube.com/c/ADVChina
Don't take this to mean I support china or think everything is roses over there, but that channel is simply propaganda. Genorously 40% of it is valid criticism, but if someone in china stubs a toe they will make a 30 minute video about the unsafe furniture epidemic.
I don’t watch that channel but have seen a couple of videos from laowhy86 before he left China, so would be curious to know what is not true on their channel.
Here's a two of his videos where he claims that COVID-19 emerged from a lab:
https://www.youtube.com/watch?v=bpQFCcSI0pU
https://www.youtube.com/watch?v=a-GVcfP1zrg
And here's a pretty thorough analysis of the flaws with this theory: https://www.youtube.com/watch?v=ab-r0capbzk
https://www.youtube.com/watch?v=bpQFCcSI0pU
https://www.youtube.com/watch?v=a-GVcfP1zrg
And here's a pretty thorough analysis of the flaws with this theory: https://www.youtube.com/watch?v=ab-r0capbzk
I'm unsure how he claims to have found the source. The theory begain at the beginning of Jan 2020 but he posted in April 2020.
Just watching the 'thorough' analysis video, he talks about some person who posted a paper about the source, and in the screenshot it shows Feb 2020. And says the source of the paper was from laowhy86's video, which is published April 2020.
I stopped watching there because it already makes no sense.
Just watching the 'thorough' analysis video, he talks about some person who posted a paper about the source, and in the screenshot it shows Feb 2020. And says the source of the paper was from laowhy86's video, which is published April 2020.
I stopped watching there because it already makes no sense.
I believe you misunderstood his analysis.
At timestamp 6:36 of his video [1], laowhy86 analyzes a copy of the draft "The possible origins of 2019-nCoV coronavirus" to conclude that the virus must have come from the lab. This preprint has been shown to be false by future scholarship (see the citations of the draft at [2] for some examples).
Potholer then analyzes the veracity of the claims within that preprint in his video [3], starting with an excerpt of [1] starting at 2:02.
So the timeline should be:
Feb. 2020 - Preprint published
->
Apr. 2020 - laowhy's video
->
May 2020 - potholer's rebuttal
[1] https://www.youtube.com/watch?v=bpQFCcSI0pU
[2] https://scholar.google.com/scholar?cites=1699435143784344899...
[3] https://www.youtube.com/watch?v=ab-r0capbzk
At timestamp 6:36 of his video [1], laowhy86 analyzes a copy of the draft "The possible origins of 2019-nCoV coronavirus" to conclude that the virus must have come from the lab. This preprint has been shown to be false by future scholarship (see the citations of the draft at [2] for some examples).
Potholer then analyzes the veracity of the claims within that preprint in his video [3], starting with an excerpt of [1] starting at 2:02.
So the timeline should be:
Feb. 2020 - Preprint published
->
Apr. 2020 - laowhy's video
->
May 2020 - potholer's rebuttal
[1] https://www.youtube.com/watch?v=bpQFCcSI0pU
[2] https://scholar.google.com/scholar?cites=1699435143784344899...
[3] https://www.youtube.com/watch?v=ab-r0capbzk
> Glad to live in a free country
what country is that?
what country is that?
We did skip a COVID variant Greek letter to appease the dictator though
That’s not even close to true.
There’s tens of millions of people with that name. The WHO did not want to stigmatize all of them which is why they skipped the letter. It had little to do with Xi Jinping alone.
The WHO moved to Greek lettering to avoid stigmatization faced by people who were being associated with different variants. It wouldn’t make much sense to do the same when you can avoid it by just skipping a letter.
There’s tens of millions of people with that name. The WHO did not want to stigmatize all of them which is why they skipped the letter. It had little to do with Xi Jinping alone.
The WHO moved to Greek lettering to avoid stigmatization faced by people who were being associated with different variants. It wouldn’t make much sense to do the same when you can avoid it by just skipping a letter.
Chinese surnames pronounced 'Mu' are similarly common to 'Xi'.
There is a Mu variant of Covid[0]
[0] https://en.wikipedia.org/wiki/SARS-CoV-2_Mu_variant
There is a Mu variant of Covid[0]
[0] https://en.wikipedia.org/wiki/SARS-CoV-2_Mu_variant
Mu is a more common surname than Xi, but they weren't so worried about stigmatizing that name. I have no doubt that they _would_ have avoided it, had anyone brought it to their attention, but they didn't. Yet somehow they avoided Xi.
[deleted]
sniperjzp(2)
yesbut(2)
chenzhekl(2)
sydthrowaway(1)