Just like political decisions made in the ‘70’s and 80’s led to cheap corn syrup becoming ubiquitous in the US food chain, so political decisions made in China, perhaps around the same time, have now addicted us to their technology. Are we hopelessly addicted, or is there a cure?
The story of how high fructose corn syrup (HFCS) became dominant in the US food (especially soda) industry has been the subject of a number of books and articles over the years. It’s a tale of how political decisions can subvert normal market forces, leading to unnatural fluctuations in supply and demand, and subsidies that make one alternative significantly more attractive than another.
While we aren’t qualified to draw conclusions, there are plenty of experts who agree that the widespread effect of excess fructose in the diet of the average American may be one of the underlying causes of America’s current obesity crisis, with some research even seeking to draw a link between HFCS and drug addiction due to its impact on dopamine levels.
What has corn syrup got to do with china and tech?
If we abstract back to what started this “addiction to cheap syrup” it seems clear that it began with some key political decisions that influenced supply and pricing in the market. Today China has done much the same with decisions and subsidies designed to make manufacturing (of any kind, not just technology) so cheap as to be impossible to compete with in the western world.
We have now reached the point that almost every major technology vendor, regardless of where they call “home”, is completely reliant on Chinese manufactured chips, sub assemblies (both hardware and compiled code) and/or fully manufactured end products from large sub-contract manufacturers. The technology supply chain is now vast, complex and opaque, but all roads now lead through China. We’re addicted; our greed loves how cheap it is and how profitable that makes it. It’s deep in the recipe of the goods we consume, whether we want it or not, and we’re now so addicted, cold turkey is nigh impossible.
It’s not really about China. It’s about trust.
Ironically, the core issue isn’t “China” per se. Indeed some argue that the current focus on specific Chinese brands is only really the tip of the iceberg. The real challenge, we believe, is in the opaque process by which products are built today, regardless of location.
Inherent in the design of most hardware is a reliance on different kinds of sub-assembly – be they hardware or software. There are lots of places where compromises can hide from both the “brand” and the eventual end user in pre-assembled bits of hardware and compiled pieces of code. And a reliance on a relatively small number of large sub-contract manufacturers who put these pieces together means that the subversion of products from numerous end user brands becomes easier through compromise of the supply chain and/or manufacturing process.
Why aren’t more people talking about this?
The risk posed by this assembled hardware and firmware is bigger than is generally acknowledged, as announcing breaches has wide-ranging implications for those affected, and so many events are managed discreetly. Those of you who work in defence, intelligence or insurance, will know how deep the problem is, but without a solution few will raise it as a problem. It’s almost a shared “dirty secret.”
You need to stop trusting vendors, including us.
The only true way to have confidence in the products you install in your racks is to have complete transparency into what is inside the box. We don’t subscribe to the dirty secret because we’re the only vendor actually doing something positive to mitigate this type of risk.
- Manufacture in our own facility (in the US)
- Compile all code (including firmware) from source
- Can inspect (and allow select customers to inspect) every line of that code
- Can prove the provenance of every component
- Can prove that every assembly and sub-assembly is an accurate manifestation of design intent
- In this way you don’t need to trust SoftIron or its staff. If you have complete transparency into the end product, then you have the ability to verify every aspect of the product for yourself. This is the way it should be for all vendors, especially those delivering into sensitive and/or critical environments.
Unfortunately, this is not the case today.
Time for a low fructose diet
SoftIron isn’t the answer to this systemic issue; we’re just the first opportunity to start to reduce some of the “syrup” in your diet. If we care as much about improving the health of the nation’s IT infrastructure as we do about improving our nation’s actual health, then now is the time to start. Contact us here to strike up a conversation about it.