Posted by todsacerdoti 11/9/2025
I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.
Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).
Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.
Seem more heavy lobbying to get their US marketshare here rathar than looking for secure products.
Also the report from checkpoint over firmware used to attache EU, the malware is firmware agnostic. As it can be used for other hardware.
Librecmc/Openwrt is great for security and privacy.
With Librecmc, it doesn't contain non-free blobs and uses a Linux libre kernel.
Is that even possible? Or do you always have to be on good terms with the Chinese government to own engineering, design, and manufacturing capabilities in China?
A router, a managed switch or something having an OS is another story.
Bearing in mind that switches generally have special-purpose hardware that's responsible for handling switching, I find it unlikely that cheapass dumbswitches have enough CPU to copy LAN data and send it out to a remote system at any useful speed.
Also, next time you're looking for a switch (or if you're still within the return period for your used switch), consider Mikrotik switches. I've had four CRS326-24G-2S+ units for three, maybe five years now and I'm quite happy with them. However, I know nothing about their routers or WiFi APs.
Probably stuff related to how they handle the MAC table and VLANs.
TP-Link cheap consumer configurable switches used to have, IIRC, a VLAN permanently available on all physical ports, giving access to everything going through a switch. After many complaints, they "upgraded" the firmware to support disabling the VLAN from the GUI, though it remained default enabled, and included a note with something like "we only had it that way because customers demanded it".
If not, I'm not sure what you mean, as a cheapass dumbswitch always allows access to everything going through a switch. It's been my experience that any dumbswitch that can handle jumbo frames will fail to act on VLAN-tagged frames and just pass them through unmolested. (Ones that cannot handle jumbo frames might drop "large" VLAN-tagged frames on the floor.)
The term "configurable" is more useful, because it means that the switch can be configured (vs. non-configurable switches that may also be "smart", i.e., a "dumb" switch is really just a hub).
IIRC, the TP-Link models with this "feature" hard-coded into the GUI would enable a VLAN on all physical ports with VLAN enabled.
Oh, and it was fixed with a firmware update, so it's not like there was some hardware limitation.
That's a slightly strange feature. I guess it was to cope with downstream switches (or administrators(!)) that refused to assign an administrator-assigned VLAN tag to untagged traffic?
> I don't like the terms "dumb" or "smart" when discussing switches, because it isn't very useful.
In the lore that I'm familiar with, there are three general categories, "dumb", "smart", and "managed". The boundaries between the latter two categories are fuzzy... with "smart" switches tending to offer you very little configurability, and "managed" switches offering you nearly everything you'd expect from an Enterprise switch.
It's true that the difference between "dumb" and "not dumb" switches are that the former offers no end-user configuration, but how do you succinctly distinguish between a switch that offers -say- only the ability to force link speeds on specific ports, and a switch that offers link bonding and IGMP snooping and VLANs, and etc., etc., etc.? Use the terms "Prosumer" and "Enterprise"? [0]
But yeah, naming is hard... case in point:
> vs. non-configurable switches that may also be "smart", i.e., a "dumb" switch is really just a hub
Perhaps this was a brain fart on your part, because that's completely incorrect. An Ethernet hub does absolutely no filtering... all traffic that enters on one port is flooded to all other ports on the device. This means that Ethernet collision detection is essential for operation when attached to a hub, and total throughput decreases sharply when one has many chatty stations on one's LAN. The feature that distinguishes a switch from a hub is that a switch doesn't flood unicast traffic because it learns which ports have which MAC addresses behind them and routes traffic based on that information.
[0] Though, if I were king of the world, every consumer-grade switch would have the features of a low-to-mid-range managed switch. While I understand why things are the way they are, it's a crying shame that dumbswitches are the norm.
Does it mean that I am an enemy of the state?