Could it be related to Netgear being manufactured in Vietnam Thailand and Indonesia to avoid China tariffs and that somehow got them through an audit? I only ask if the overall unwritten goal is to avoid China.
> Could it be related to Netgear being manufactured in Vietnam Thailand and Indonesia to avoid China tariffs and that somehow got them through an audit? I only ask if the overall unwritten goal is to avoid China.
> Pursuing activities antagonistic to [China] has become further paralyzed by Commerce Secretary Howard Lutnick ordering staff that they need his signoff for any China-related actions, people familiar with the matter said. As a result, even senior Commerce officials at times sit by his office waiting or outside the building, watching for his car. Officials at other agencies pursued a ban on a China-linked router maker by styling it as an order that doesn’t name the company or China.
> ...
> One such office had already determined that China-founded router company TP-Link and China-linked internet-connected trucks and buses pose national security risks. Officials thought vulnerabilities in their software could provide China access to spy on U.S. communications or access sensitive infrastructure.
> Interagency reviews had reached a similar conclusion about the risk of TP-Link and supported a ban. Staff had set in motion new rule-making to restrict U.S. sales of those products before they were put on hold and office leadership dismissed, according to officials familiar with the process.
> ...
> Supporters of a ban on TP-Link in March eked out a victory. The Federal Communications Commission announced a ban on new imports of all foreign-made routers, “regardless of the nationality of the producer,” a blanket prohibition that also accomplishes sidelining Chinese routers without naming the country or TP-Link. The new rule was designed in part to minimize disruptions to Trump’s relationship with Xi, people familiar with the matter said.
I would love to see the US rekindle the domestic manufacture of affordable consumer/prosumer network hardware. The US can already manufacture SoCs, PWBs, and chassis hardware, we just need a business case for putting it all together. Managed well, sustained protection from international competition could provide this business case, and buffer against global shipping disruptions, while the sheer volume of CPE equipment would eventually drive down costs.
Domestic manufacturing is not coming back because there are no guarantees whatsoever that this ban is going to last. Nobody is going to shell out hundreds of millions to setup manufacturing for such a low-margin product when it is much cheaper and risk-free to just sidestep the ban.
It seems very obvious that they are probably going to give router companies that have an okay or above reputation time to comply with the law and cheap Chinese imports where they obviously have a strong relationship with the Chinese government or any sort of questionable reputation immediate ban.
I feel like pretending a department under this administration's thumb is actually going to act honestly is a bit absurd.
They made a donation ... somewhere. Now they're all good. None of Trump's bluster is honest, they're just graft gates.
It wasn't any different during the first administration. I worked at a company slated to be acquired by a foreign company. But the approval just never came from the feds. Then one day the acquiring foreign company CEO visited the White House and that day Trump approved it. Trump even made a little speech about jobs. Then we were all told we were going to be laid off... just like that almost all the American jobs gone. Shortly after one of Trump's companies announced a big land deal in the home country of the acquiring company. MEGA ...
The looting stage of collapse, people tend to think someone will come and save things but so long as there is more money in decline the leaders will do that instead.
Among other reasons: the recent ban was on FCC approval for new products. Existing products that had already secured FCC approval are unaffected by the new policy and can continue being sold.
Maybe I'm missing something, but isn't the router ban intended to affect foreign companies, not one based in San Jose, California? If so, that would explain why they get an exception.
My bigger fear is whether Netgear has one or more backdoors exploitable for use by the US government. It's firmware will have to be reverse engineered and then reviewed by AI, proof-based analysis, and security researchers.
In the long term, an absence of competition bodes poorly.
Updated parent comment. Ideally, looking beyond this work, and more generally, a funded AI would be used to do analysis and then to dispatch tasks to qualified humans. A network of available qualified humans would have to exist that the AI can access. Humans could then of course provide feedback to AI for the loop to continue with new tasks to humans. Think Uber but more generally for AI to tap into real-world work and expertise.
That sounds dystopian as hell to me. Are security researchers willing to become interchangeable units of cognition, as devalued as uber drivers? I hope not.
But your edit makes my original comment unneeded. I was reacting to this jump to “we need ai to solve this!” when the ai is still largely unproven marketing hype from a bunch of highly leveraged ai companies with manic gambler ceos.
You seem to be living in 2024 wrt your assertions about AI. Or maybe it is me who hasn't caught up with the AI-hate agenda of the hoi-polloi since 2024.
We’re talking about ai for security auditing. Until a week ago, ai for security auditing was virtually non-existent. But i guess if I was mainlining ai marketing in a haze of llm psychosis, a week ago might feel like 2024.
Just because Anthropic advertised something last week does not mean that other LLMs couldn't be used for the same purpose since 2024. Any decent code-generating tool-calling agentic LLM has had the innate ability to audit code. Anthropic's model wasn't the first answer and it's not the final answer.
A toddler has the innate ability to audit code. They’re just not very good at it. I stand by my position that LLMs are an unproven tech when it comes to security auditing.
As of this moment all we have is “data” straight from marketing departments, and a handful of anecdotes.
No, a toddler does not have the ability to audit code. It takes good software security skills, which agentic coding LLMs absolutely possess. It doesn't have to be perfect. With veritable dinosaur-grade beliefs like yours, nothing would ever change in the world, at least not for the better, with extinction being the only inevitability.
No, because you should assume all code will be analyzed and attacked by adversarial AIs. That’s the real world impact of Project Glasswing and the like. If attackers are using it so should the blue team. AI analysis should be a part of your security review but not the whole thing.
Maybe. We’ll see. Glasswing’s marketing talking points aside, what you describe seems like a likely future - but it’s unclear to me how soon that future is.
I was under the impression the ping back to china security issues are what prompted this, until they were evaluated. I don't think Netgear would have a problem passing the audit.
Obviously the Trump family is being made richer or more powerful somehow. It’s obvious. Saying there is no obvious reason is as insane as believing the delay in banning TikTok wasn’t corrupt.
I passed on an invitation to tender a number of years ago because there was no way to meet the minority / women quota that was tied to it. The big players use pass through front companies which isn’t feasible for me as I’m a solo operator.
The Netgear thing is more egregious but the quotas are more pervasive. I would like to be rid of both.
The funding was tied to women and minorities only, so no veteran option. Also I would have had to get certified for that specific location which involves a third party that comes in and interviews the women / minorities to make sure they have actual positions of power and were not just figureheads. They had a scale down option so they could opt for a very small purchase that would actually be smaller than the audit cost let alone the cost of passing such an audit.
How do you think we got the grifting government? It is because people were upset with what the democrats were doing. Maybe if they stopped doing that they wouldn’t have lost. They’ve failed to lean and since Trump is so bad they still won’t need to learn and will continue their mistakes and keep losing.
If by "doing things" you mean "accumulating mysterious anonymous crypto payments" and "getting a large draw from one of your shell companies", then yes.
no obvious reason
Could it be related to Netgear being manufactured in Vietnam Thailand and Indonesia to avoid China tariffs and that somehow got them through an audit? I only ask if the overall unwritten goal is to avoid China.
> Could it be related to Netgear being manufactured in Vietnam Thailand and Indonesia to avoid China tariffs and that somehow got them through an audit? I only ask if the overall unwritten goal is to avoid China.
That goal isn't even that secret:
https://www.wsj.com/world/china/trump-china-xi-beijing-e2472...:
> Pursuing activities antagonistic to [China] has become further paralyzed by Commerce Secretary Howard Lutnick ordering staff that they need his signoff for any China-related actions, people familiar with the matter said. As a result, even senior Commerce officials at times sit by his office waiting or outside the building, watching for his car. Officials at other agencies pursued a ban on a China-linked router maker by styling it as an order that doesn’t name the company or China.
> ...
> One such office had already determined that China-founded router company TP-Link and China-linked internet-connected trucks and buses pose national security risks. Officials thought vulnerabilities in their software could provide China access to spy on U.S. communications or access sensitive infrastructure.
> Interagency reviews had reached a similar conclusion about the risk of TP-Link and supported a ban. Staff had set in motion new rule-making to restrict U.S. sales of those products before they were put on hold and office leadership dismissed, according to officials familiar with the process.
> ...
> Supporters of a ban on TP-Link in March eked out a victory. The Federal Communications Commission announced a ban on new imports of all foreign-made routers, “regardless of the nationality of the producer,” a blanket prohibition that also accomplishes sidelining Chinese routers without naming the country or TP-Link. The new rule was designed in part to minimize disruptions to Trump’s relationship with Xi, people familiar with the matter said.
I would love to see the US rekindle the domestic manufacture of affordable consumer/prosumer network hardware. The US can already manufacture SoCs, PWBs, and chassis hardware, we just need a business case for putting it all together. Managed well, sustained protection from international competition could provide this business case, and buffer against global shipping disruptions, while the sheer volume of CPE equipment would eventually drive down costs.
But fickle bans will never get us there.
Domestic manufacturing is not coming back because there are no guarantees whatsoever that this ban is going to last. Nobody is going to shell out hundreds of millions to setup manufacturing for such a low-margin product when it is much cheaper and risk-free to just sidestep the ban.
All Xi has to do is send Him a plane.
Mikrotik manufactures routers in Latvia, of all places. I don't think it's as hard as you make it out to be.
It seems very obvious that they are probably going to give router companies that have an okay or above reputation time to comply with the law and cheap Chinese imports where they obviously have a strong relationship with the Chinese government or any sort of questionable reputation immediate ban.
I feel like pretending a department under this administration's thumb is actually going to act honestly is a bit absurd.
They made a donation ... somewhere. Now they're all good. None of Trump's bluster is honest, they're just graft gates.
It wasn't any different during the first administration. I worked at a company slated to be acquired by a foreign company. But the approval just never came from the feds. Then one day the acquiring foreign company CEO visited the White House and that day Trump approved it. Trump even made a little speech about jobs. Then we were all told we were going to be laid off... just like that almost all the American jobs gone. Shortly after one of Trump's companies announced a big land deal in the home country of the acquiring company. MEGA ...
What was the home country of the acquiring company? UAE? Argentina?
MEGA was founded by Kim Dotcom, who currently lives in New Zealand
MEGA is now headquartered in Hungary...who until very recently was run by someone very much aligned with the far right movement.
The looting stage of collapse, people tend to think someone will come and save things but so long as there is more money in decline the leaders will do that instead.
> The looting stage of collapse […]
Remember folks: pillage before you burn.
Either they agreed to put the back door in their routers or someone got paid off.
Mysterious new buyer for one of Trump's crypto coins.
Considering most have a basic VPN server built in already they sort of have a built in back door by design
The obvious reason is bribes.
Why is TP Link still being sold.
Among other reasons: the recent ban was on FCC approval for new products. Existing products that had already secured FCC approval are unaffected by the new policy and can continue being sold.
In other words: it’s security theater and dubious economic protectionism, not a genuine attempt to counter a cyber threat.
Yes.
"There are already foxes in the hen house, but we'll ban new foxes from entering!"
Follow the money.
Maybe I'm missing something, but isn't the router ban intended to affect foreign companies, not one based in San Jose, California? If so, that would explain why they get an exception.
The router ban affects routers made in foreign countries, Netgear's headquarters should be irrelevant. The author's previous article spells this out better https://www.theverge.com/tech/899906/fcc-router-ban-march-20...
My bigger fear is whether Netgear has one or more backdoors exploitable for use by the US government. It's firmware will have to be reverse engineered and then reviewed by AI, proof-based analysis, and security researchers.
In the long term, an absence of competition bodes poorly.
Why AI? An unproven proprietary tech is your go-to over skilled security researchers?
Updated parent comment. Ideally, looking beyond this work, and more generally, a funded AI would be used to do analysis and then to dispatch tasks to qualified humans. A network of available qualified humans would have to exist that the AI can access. Humans could then of course provide feedback to AI for the loop to continue with new tasks to humans. Think Uber but more generally for AI to tap into real-world work and expertise.
That sounds dystopian as hell to me. Are security researchers willing to become interchangeable units of cognition, as devalued as uber drivers? I hope not.
But your edit makes my original comment unneeded. I was reacting to this jump to “we need ai to solve this!” when the ai is still largely unproven marketing hype from a bunch of highly leveraged ai companies with manic gambler ceos.
You seem to be living in 2024 wrt your assertions about AI. Or maybe it is me who hasn't caught up with the AI-hate agenda of the hoi-polloi since 2024.
We’re talking about ai for security auditing. Until a week ago, ai for security auditing was virtually non-existent. But i guess if I was mainlining ai marketing in a haze of llm psychosis, a week ago might feel like 2024.
Just because Anthropic advertised something last week does not mean that other LLMs couldn't be used for the same purpose since 2024. Any decent code-generating tool-calling agentic LLM has had the innate ability to audit code. Anthropic's model wasn't the first answer and it's not the final answer.
A toddler has the innate ability to audit code. They’re just not very good at it. I stand by my position that LLMs are an unproven tech when it comes to security auditing.
As of this moment all we have is “data” straight from marketing departments, and a handful of anecdotes.
No, a toddler does not have the ability to audit code. It takes good software security skills, which agentic coding LLMs absolutely possess. It doesn't have to be perfect. With veritable dinosaur-grade beliefs like yours, nothing would ever change in the world, at least not for the better, with extinction being the only inevitability.
No, because you should assume all code will be analyzed and attacked by adversarial AIs. That’s the real world impact of Project Glasswing and the like. If attackers are using it so should the blue team. AI analysis should be a part of your security review but not the whole thing.
Maybe. We’ll see. Glasswing’s marketing talking points aside, what you describe seems like a likely future - but it’s unclear to me how soon that future is.
> My bigger fear is whether Netgear has one or more backdoors exploitable for use by the US government.
With Asus you can use third-party firmware (e.g., Merlin): is that possible with Netgear?
I was under the impression the ping back to china security issues are what prompted this, until they were evaluated. I don't think Netgear would have a problem passing the audit.
Obviously the Trump family is being made richer or more powerful somehow. It’s obvious. Saying there is no obvious reason is as insane as believing the delay in banning TikTok wasn’t corrupt.
Sounds like pay to play, the usual Trumpian playbook (no pun intended)
They paid the shakedown fee.
that’s the outcome of soft fascism: a lot of pay to play.
I passed on an invitation to tender a number of years ago because there was no way to meet the minority / women quota that was tied to it. The big players use pass through front companies which isn’t feasible for me as I’m a solo operator.
The Netgear thing is more egregious but the quotas are more pervasive. I would like to be rid of both.
It’s very possible to do so. Partner with someone in the space and they take a vig.
An even better option is to partner with a veteran owned entity, which often allows you to bypass the bidding process.
The funding was tied to women and minorities only, so no veteran option. Also I would have had to get certified for that specific location which involves a third party that comes in and interviews the women / minorities to make sure they have actual positions of power and were not just figureheads. They had a scale down option so they could opt for a very small purchase that would actually be smaller than the audit cost let alone the cost of passing such an audit.
What Trump is doing is outright grift; payola, racketeering.
And you think it's a good moment to complain about affirmative action?
How do you think we got the grifting government? It is because people were upset with what the democrats were doing. Maybe if they stopped doing that they wouldn’t have lost. They’ve failed to lean and since Trump is so bad they still won’t need to learn and will continue their mistakes and keep losing.
Cutting off one's nose to spite one's face does not convincingly impugn one's face.
I wish you the best of luck turning the sinking ship around, I’ve already voted with my feet.
‘The United States’ foreign router ban didn’t make a whole lot of sense, and today may not change that.`
???
No obvious reason? What if the Executive Branch is a dog chasing cars?
It’s just doing things.
If by "doing things" you mean "accumulating mysterious anonymous crypto payments" and "getting a large draw from one of your shell companies", then yes.