quite a valid point!

just like you can NEVER trust a windows (or mac or even linux box) that was not setup by you, especially if its a corporate box that was given to you pre-installed.

almost every company of mid-size or larger preinstalled MitM certs for their spying firewalls. they don't tell employees that, but netadmins and sysadmins pretty much all know this.

I work at a large networking company and they didn't tell me WHAT they do or HOW they'd spy on me, but I found out via a friend (in germany) exactly what they are doing. in .de, you have to disclose to the employees a lot more than the US requires you to do, and he relayed the info to me about how our corp laptops come preinstalled with corp spyware. ability to active mic, camera, screen caps, all that bullshit in addition to traffic logging.

I'm a network mgmt guy and when I was out interviewing for jobs (the last few years) almost all of them involved DPI and MitM attacks, even though they tried to explain it away as 'troubleshooting information' and 'for the users benefit'. quite bullshitty but they said it with a straight face, like they believe their own BS.

you guys have to start realizing that corp america is all about privacy invasion; of customers and employees, alike. if you have a corp laptop, do NOT login to your home email systems and keep your work laptops entirely clean of anything personal and home related. yeah, even if you see the lock icon on the browser, it means nothing anymore, in a corp LAN.

I don't think you could modify packets that are in an ssl stream and not have ssl detect it and reject the 'broken' packets.

https is mostly secure (other than MitM attacks on certs) and vpn's are also very secure.

I have a vpn and while I use it mostly at home, there is an android client (even for my ancient 2.x android o/s) for the vpn provider I have and so I could get as complete privacy as possible on my phone, while doing inet things.

problem with that is: so many come from china and the sellers are like cockroaches when the light comes on; they scatter, change names, go out of business and resurface.

there is next to zero ways to punish china based sellers and 99% of them are engaged in selling fakes (of anything, not just chips).

suppose the chip is soldered onto a system that can't easily be fixed? is ftdi going to do the rework? zero point zero percent chance of that happening. so, them sending you another 'chip' is pretty useless, in practice.

shaming the sellers usually wont' work unless its a perma business like sparkfun or adafruit. amazon and ebay sellers are like cockroaches, as I've said. you can't kill them all.

all you could realistically do is give a tool to end users to DETECT fake chips. then, next time you buy one, you run the test and you have a few days or weeks to return to the vendor (while they are still around and in business). then again, ebay would have to ammend its policy to NOT require you to ship the goods back to a china seller, or at least send you a prepaid shipping label.

in reality, I see none of this happening.

best I can do is stop windows update from now on (MS lost all my trust on this, forever, at this point), install 2.10 on my win boxes, lock them down and carry on with my life.

oh, and all ftdi designs I had in progress are now being modified to use another chip instead of ftdi. I may have to buy ftdi's on arduino nanos (I like them...) but I won't DESIGN with the chip in my own embedded boards anymore.

just yesterday, there was a linux kernel patch (on the usb drivers mailing list) that now allows a 0000 pid for ftdi devices.

also, there was a tool by mark lord that allows you to write back any pid value you want, for example, when I ran it, I got this output (and it 'fixed' the chip again, too):

% ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001

ft232r_prog: version 1.24, by Mark Lord.
              eeprom_size = 128
                  vendor_id = 0x0403
                product_id = 0x0000
            self_powered = 0
          remote_wakeup = 1
suspend_pull_downs = 0
          max_bus_power = 90 mA
            manufacturer = FTDI
                      product = FT232R USB UART
                  serialnum = (elided...)
      high_current_io = 0
    load_d2xx_driver = 0
            txd_inverted = 0
            rxd_inverted = 0
            rts_inverted = 0
            cts_inverted = 0
            dtr_inverted = 0
            dsr_inverted = 0
            dcd_inverted = 0
              ri_inverted = 0
                      cbus[0] = TxLED
                      cbus[1] = RxLED
                      cbus[2] = TxDEN
                      cbus[3] = PwrEn
                      cbus[4] = Sleep
Rewriting eeprom with new contents.

"user-settable blacklist."

user, here, is ftdi, though ;(

short answer: yes.

I would not trust their 'fix' if they actually work at the filesystem level.

you'd think this was a sector based issue. you'd think!

even if there is a dos bootable for this, unless it understands ext2/3/4 (and maybe others; jfs, reiser, xfs) then linux guys ARE screwed by this.

I don't trust samsung. but sadly, I did buy a bunch of 840 evo drives over the last year or 2. damn.

samsung is known as the company that makes things last 'the warranty period + 1 day'. almost literally. almost to an art form.

samsung lcd's also are built like crap. one after another, their electrolytics die (fake china caps; like so many others). buying japanese (nichicon, panasonic, etc) low ESR caps usually brings the monitors back to life. I've fished several out of the trash cans and restored them via simple psu cap replacements.

but dammit samsung, why do you have to be SO cheap??

guess I should start avoiding all samsung things, now. I'm tired of their crap.

all datacomm companies are in bed with the spooks. cisco is just like all the others, not special in that regard.

I joined cisco in the early days, back in the early 90's. I was there a short time, then left, and recently came back; so I see the new cisco and do remember the old 3 building cisco. they are not even close to the same company anymore.

I enjoy being there but its more about my group than the company. company wise, I see a lot of bad designs and bad decisions and a lot of young kids who have no business writing or supporting routing software. but like all other valley companies, most work is farmed out to india to the lowest price bidder and the results really show this ;( even locally, you won't find many americans working there and the attention to detail has been long gone. its a young employees company and experience is not really valued, again, like most other bay area companies.

there is a lot of cool stuff going on, but they have lost their ability to stay focused and deliver world-class software like they once did. its now a body shop with very few visionaries left. sad to see that happen.

fear.

control.

keeping you from challenging authority.

pretty much, just that.

(oh, and security theater, too.)

ALL of our founding fathers would be arrested as terrorists.

they fought their own country, the English.

now, we agree with their views, but if the TLA's had their way (and congress, and the president and, well, all the courts, too) they'd be marked as 'bad guys' and would have little to no freedom.

odd, how that turns 360, huh? ;(

as a guy over 50 who has analog meters (triplett, simpson, stuff like that) that are nearly as old as I am, I can say with confidence that you have no idea what you are talking about.

digital meters tend to fail more! they are more complex, and unless you buy very good ones, they will suffer 'cap problems' (esp. if made in china, which nearly all things are, these days).

otoh, buy a used meter of the type I described and as long as it was not hit by a truck, it will likely work and out live YOU.

springs fail? never saw that happen. bushings fail? again, never saw that happen.

I would guess, based on your very high UID that you are a youngster and never really used or lived with such gear before.

probably better to just remain silent than to speak up and tell everyone how much you don't know.

right.

you're only allowed to do illegal things and lie about it AFTER you are hired by the fbi.

does anyone seriously believe that 'law enforcement' is about fighting the good fight and standing up for what is right, anymore?

I have lost 101% confidence in our system's ability to do what's Right(tm). it seems only the stupid or brainwashed would want to work for the government goons.

and of course, goons is basically what they have, now, anyway.

2 words: parallel reconstruction.

FBI is a corrupt org, as are all the top-level 'law enforcement' orgs.

they have no right to call the kettle black, so to speak...

they break any laws they want and they use 'ends justify the means' along the way.

pathetic!

And desktops and laptops last more than 8 to 12 years,

NOT in a corp environment, they don't! 2 or 3 yrs, tops. corps do a 'refresh' and buy new gear (cheaper than supporting older stuff).

and every company I've been at in the bay area, for the last 10 yrs at least, has mandated windows (sometimes giving mac a choice) but they NEVER run linux on the desktop. juniper ran freebsd on the desktop for its engineers (2000 timeframe) but that's the exception, not the rule.

corps keep paying the MS tax. happily, it seems.

MS is not going away. they may not get consumers to rebuy pc's so often but corps do, that much is true.