Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - FTDI driver breaks hw again. (eevblog.com)

janoc writes: It seems that the infamous FTDI driver that got famous by intentionally bricking counterfeit chips has got a new update that injects garbage data ("NON GENUINE DEVICE FOUND!") into the serial data. This was apparently going on for a while, but only now is the driver being pushed as an automatic update through Windows Update, thus many more people stand to be affected by this.

Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.

Comment Re:Stupid question (Score 1) 95

This stick is going to be woefully underpowered for Windows. It has only 4GB of RAM - that will barely run Windows alone.

And Windows on IoT SoC boards - why? Windows only makes sense if you want to exploit the Windows development ecosystem. Which is nonexistent for those small IoT boards. So you can as well put Linux or an RTOS on it and save power, licensing costs (should you decide to sell you widget) and support nightmares.

Comment Re:It'll be out of date (Score 1) 196

Well, considering that updating maps in the built-in satnav of my boss' BMW can cost around 800 euro (old car, proprietary satnav, proprietary maps, not user updatable, so service costs on top + margin), this is just going to be a nightmare.

The good thing is that these idiocies will be targeting primarily the premium (= expensive) car segment. The low end clunkers most people drive will be stuck with "tablets" for their AC controls at best.

Comment Vivaldi is Opera (Score 1) 140

Vivaldi is built by the same people as the original (before it became a "skin" for Chrome) Opera was, so the design and features are not really surprising.

I wonder what will we have to sell to be able to use this browser, though. Aka, how is Vivaldi going to make money with this "free" (as in beer) browser?

Comment Re:lesson learned? (Score 1) 183

I am not sure how this post got moderated "Informative".

Sorry, but you are seriously ignorant about how Linux package repositories work. There is not GPG signature "audit trail". Only the packages uploaded to the repositories are signed. The distros only package the code - do you really believe (and trust) that the person who has compiled and signed the package has actually verified that it is malware free? Or that everyone who posts whatever code to Github or wherever else where the distro gets their software from is required to GPG sign it so the changes can be verified? Where did you get that idea from? AFAIK, only very few projects do this - e.g. Linux Kernel requires maintainers to sign off on every patch. However, that is not common at all and most projects don't even sign even code releases!

And how would you actually imagine the "free of malware" verification being done with the thousands of packages that are in an average Linux distro? A good example of this was the NSA weakened RNG that would up in pretty much every single Linux distribution. Or bugs like Hearbleed - the only difference between a bug and a malware is that the latter was created intentionally. Technically there is little difference and the impact can be very much the same.

So no, cryptographically signed Linux repositories are certainly not immune to malware. There has been modified code distributed through these in the past - usually because the upstream source code repository got hacked and modified code inserted there.

The only thing the Linux signed packages ensure is that the package that ends up on your machine is the same as the one released/uploaded by the repository maintainer. Nothing else. That protects only against stuff like the various crapware being bundled in the installers. If there is a hidden malware or a nasty bug in the actual code, you are screwed equally well. That it doesn't happen so often with Linux is mainly because Linux is not an interesting target for this type of criminals and scammers yet, not because of some impenetrable security.

So get off your high horse, please. You have no clue.

Comment What is that project for? (Score 1) 437

If it is just for fun, go ahead and play with Rust. You can write C-compatible libraries with it no problem.

If it is for work, however ... Stay with your C.

Rust is nice and everything, but the ecosystem is incredibly small. There are few libraries for it, many are already unmaintained and/or not working. Also the tooling (IDEs, compiler, the cargo build tool, etc.) are fairly immature. I have been looking at it recently with the goal of writing some extension modules for Node.js & .NET, but I went back to regular C for this reason.

Comment Re:They made the disclosure (Score 2) 229

They have been at this for a while. AVG was autoinstalling extensions into all Windows browsers that automatically redirect your browsing through an AVG proxy (supposedly to keep you safe from viruses, ehm) for a long time. So this was only a matter of time.

BTW, AVG is not really a Czech company anymore. They have moved to the US and in the Czech republic is only their R&D centre now (Czech programmers cost 1/10th of what an US one would).

Comment Re:What kind of post is this? (Score 1) 43

I suggest that you broaden your horizon before you go ranting. You wouldn't make a fool of yourself.

First, that card doesn't work well with *any* Linux drivers, open source or not. Even their Catalyst driver is horrible in Linux.

Second, OpenGL in Linux is much more important for the professionals than gamers - large portion of virtual reality image generators (machines that render the landscapes, vehicles etc. depending on the instructions from the simulation system) used by all sorts of simulators (military, flight, driving, etc.) run Linux, because it is much easier to develop for, to keep it stable and the latest bells and whistles are not required.

Unfortunately, thanks to the boneheaded AMD management that had only a *single* developer working on Linux drivers (it used to be that way, maybe it has changed since then) and their poor OpenGL performance, driver stability (and bugs!) this is pretty much an Nvidia market now.
The same story for CAD and 3D modelling in Linux - again an Nvidia market.

So saying that this is somehow acceptable, because you are not playing games is really not helpful.

Comment Re:Yeah right... (Score 1) 76

More like the gizmo will never get made unless they have money from elsewhere and are using Kickstarter only as a marketing campaign

You seem to think that's a bad thing. It's the purest form of market research there is - not only did you get people interested in your thing, but you got them to put money behind it.

I don't have a problem with market research, but then please mark it as such. This is just dishonest and it does a disservice to everyone else by giving the impression to the general public that an actual product can be made for that ridiculous budget and timeline. Then campaigns with genuine products and realistic budgets will never get financed because people take this sort of thing as standard and realistic. At least these guys have some real prototypes and aren't just selling hot air there.

Also, doing a "market research" Kickstarter as a mean to convince VCs and/or angel investors to give you funds is pretty much a suicidal gamble - now you have 20k people who have put down their money for your gizmo and you still have no real funding to produce it. And you may not be able to get it - 20k people wanting a $200 gizmo is not that much interesting from the investment point of view by itself (that's just $4million) and it is pretty much the worst project size possible when it comes to manufacturing - too big to build in a garage and not big enough to actually give you access to the manufacturing facilities you will need. Also, few projects reach that sort of size on Kickstarter, most get much less. So unless it is something really groundbreaking, truly visionary that will make the VCs go gaga and pull out the checkbooks, you will have trouble attracting investment (heck,it is a stupid touchpad like the one Apple sells already ...). However, you are stuck with the commitment to build and ship those 20k units already ...

I more inclined to say that these people are an idealistic startup trying to bring their first project to the market, with no real past experience doing so. The completely BS time line shows that as well - they budgeted one month only for tooling and production - just the injection molding tooling production takes several weeks for every iteration (and costs thousands of $$$ a pop) and it is pretty much granted they will not get it right the first time.

So my bet is that this will ship a year or two late, over budget and probably drive the company to bancruptcy in the process.

Comment Re:Yeah right... (Score 2) 76

More like the gizmo will never get made unless they have money from elsewhere and are using Kickstarter only as a marketing campaign. The $60k they are asking for won't cover even the materials. Just the mandatory FCC/CE/UL certifications will take a third of their budget, assuming that they actually pass on the first try.

This article gives a good breakdown of how much it does actually cost to build and ship a hardware product:
https://medium.com/bolt-blog/w...

Comment Re:Most people won't care (Score 1) 107

Yeah, right. So it only took a decade to get serious OpenSSL bugs discovered and fixed - despite the project being open from the start. And that is most likely an order of magnitude smaller project than something like even moderately complex CPU core, written in a language that many more people are familiar with.

Yes, if it wasn't open, the bugs probably wouldn't have been found, but that's speculation - we simply will never know. If you hope to find a "backdoor" (which could be simply so subtle as intentionally weakening some crypto support instructions or random number generator if some flags are set) in a ton of Verilog/VHDL code where you need to understand both the hardware *and* the crypto, you are seriously delusional. Even the vendors themselves have only a fairly small team of people that actually understands this type of code. It is so ultra specialized niche. You will probably not see the weakness even if you were looking straight at it unless you are a specialist in exactly this domain and familiar with the implementation.

Anyhow, it is a moot point - the mainstream CPUs are never going to be "open sourced", because it is the core intellectual property of these companies.

Comment Re:Most people won't care (Score 1) 107

Sorry, but you need to get real here.

First, these FPGAs don't quite have enough power to run a design comparable with an Intel/AMD CPU as most people know them. So this effort is pretty much irrelevant for dealing with backdoors in mainstream hardware. Their goals are quite different, mostly to do with on the fly reconfigurable computation - something that is hard or impossible to do if you cannot generate the bitstream using your tools.

Second, even if you had a fully open sourced design somehow, how many people do you think would be able to actually understand it to the degree that they would be able to verify that there is no backdoor? Or even verify that the design is complete and the backdoor part is not withheld? It is not possible to build these without the in-house tools companies like AMD or Intel use (they don't use off-the-shelf FPGA tools, those are too small/slow to handle these large CPUs). Most people wouldn't be able to understand even the Verilog/VHDL for the tiny microcontroler implemented in the article.

I am all for openness and open sourcing as much as possible but that is not a panacea and in cases such as these it would only give false sense of security.

Comment Re:We need better legislation (Score 2) 102

Except it is regulated as one. In fact, most countries don't make any distinction whether the RC model is fixed wing, heli, multirotor or whatever. Once it is unmanned and falls into the "model" category, it is regulated the same.

That most owners don't know that there are *gasp* laws and rules that apply to their toys is not the problem with the laws, unfortunately.

Comment Re:We need better legislation (Score 3, Insightful) 102

"Drones" - aka small multirotor helis - are regulated as RC model aircraft in most countries already. Not sure where you are, but perhaps make sure that you actually know what laws are on the books already before calling for more regulation.

The problem is not lack of regulation but the fact that 99.9% of the owners of these things have no clue about the rules that actually apply to their hobbies. RC model flyers have been rarely caught doing similar stupidities before because:
a) it is hard to do with a fast moving fixed wing plane,
b) traditional model helis are tricky to fly and very expensive, few people would risk their toy like this after they have finally mastered it,
c) few RC models were computerized to the degree that they essentially "fly themselves", including GPS waypoints and what not. RC flying was always about the flying skills, not taking videos for Youtube.
d) the enforcement was caught flatfooted, the few RC model owners around have newer posed problems but now every yahoo has a gizmo that requires no skills to fly and don't give a shit about any rules (if they are even aware of them).

As I see it, unless the police is allowed to take these things out by force, then things aren't going to change. Tracking down an owner of a drone hoovering somewhere high in the air autonomously is pretty much impossible unless you are very lucky. They don't need to emit radio signal continuously, the gizmo can navigate by GPS so unless you literally run into a guy with the controller you will not find him.

And as regulation is concerned - that could actually use to be relaxed quite a bit. E.g. in most of Europe if you want to record video using an RC plane/heli/drone for commercial purposes, the rules are very draconian - you need essentially a full private pilot license as if you were flying a full sized plane, you must always have a spotter next to you, are not allowed to fly beyond line of sight, etc. And this applies regardless of whether you are recording over a crowd of people (which requires additional permits) or only some fields for a local farmer ...

Slashdot Top Deals

A good supervisor can step on your toes without messing up your shine.

Working...