2.5 Admins 2.5 Admins 292: Trivyally Infected
28 snips
Mar 26, 2026 Discussion of a controversial US rule forcing consumer routers to be made in America and why origin does not equal security. Deep dive into a Trivy supply-chain compromise and how CI/CD tools become high-value targets. Examination of geo-targeted malware behavior suggesting state motives. Practical talk on filesystem safety inside VMs, ZFS crash consistency, and journaling advice.
AI Snips
Chapters
Transcript
Episode notes
Made In USA Rule Misses Security Point
- The US router ban focuses on physical manufacture, not software provenance, which makes it ineffective for security.
- Allan Jude argues firmware/source audits would be more meaningful than forcing assembly in the US.
Run OPNsense On X86 If You Need Trust
- Use open router OSs like OPNsense on x86 hardware if you can't trust consumer kit or need control.
- Jim Salter points out assembling on generic x86 lets you avoid dubious vendor firmware while keeping routing features.
Router Compromise Yields Limited Value
- Compromising a router gives metadata like DNS and IP patterns but not HTTPS content, limiting value.
- Jim Salter explains most traffic is encrypted and websites already leak richer tracking data than a router compromise would.
