Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Here's how to bypass the iOS lock screen passcode (betanews.com)

Mark Wilson writes: There are numerous ways to keep your smartphone safe from prying eyes, and a lock screen protected with a passcode is a popular choice. But a newly discovered vulnerability in iOS 8 and iOS 9 means that iPhones and iPads could be accessed by attackers.

The vulnerability was discovered by security analyst Benjamin Kunz Mejri and it has been assigned a Common Vulnerability Scoring System (CVSS) count of 6.0, as well as a 'high' severity rating. Apple has been aware of the issue since late last year, but has yet to issue a patch. Full instructions are provided.

Comment Re:Overkill (Score 1) 564

He should really do something much more direct: a camera that faces the drivers, and a screen that displays their face along with the speed they drove at, if they were speeding. When no traffic is around, it should cycle through faces of past speeders. The problem would resolve itself in a few weeks, tops.

Comment Re:25 mph? (Score 1) 564

Here's how I handle it, and it's how mostly everyone else in the U.S. can handle it too:

1. Set cruise control - on most models the lower limit is around 19MPH, so setting to 20 or 25 is not a problem.

2. Pay attention to the fucking road while your car pays attention to staying the speed. Downshift to 2nd or 1st gear (yeah, on an automatic, too) if you're on a downgrade and need some engine braking.

I routinely drive through 20MPH school zones. On cruise control. With a long line of cars behind me - but I don't care. They all vote, they can fucking change the law if they're too inconvenienced.

Now I do agree that the school speed zones are stupid, but I'm not going to be whining about it. I vote instead, and I make my views known to the lawmakers, and I go to relevant meetings and provide comments on this. If enough so-called "citizens" actually took their civic duty seriously, we wouldn't have such stupid laws in place.

Comment Re: Well isn't that lovely (Score 1) 30

Here's why: credit. There are sources of credit that are only easily spent on eBay and a few other online store services. That's all it takes. A lot of people who buy this stuff can't really afford it anyway, so they pay extortionate prices on eBay and such. And then they pay 25% APR on their PayPal credit after the 6 month zero-interest deal on "$100 or more" runs out.

Comment Re:Going after the wrong people (Score 1) 268

> Amazon does not have the technical capability to determine what is genuine and what isn't.

You're not buying from Amazon. You're using Amazon's web shop service, but the transaction is between you and whatever third party seller you get stuff from. Same goes from eBay. People bitch and whine about Amazon and eBay all the time, whereas they only have complaints about third parties the conveniently forget about.

> even very large, reputable manufacturers have experienced counterfeit components in their supply chain

This wasn't for something as simple as FTDI chips. Cisco wasn't getting fake FTDI chips from DigiKey. In real life, this is superbly simple. DigiKey [and other major distributors] and Parallax get their FTDI chips directly from FTDI. Unless FTDI themselves ships them fake stuff, you won't have a problem.

I repeat my experience here: I've been buying FTDI chips for almost a decade, placing orders with DigiKey every month. I have thousands of them in the field, probably more than 10k by now. All the systems are updated to the latest drivers within months of their release, and I've not had any system get identified as a fake by the driver. Let's be serious: I've put zero effort into making sure I don't get fakes. I wasn't even thinking of a possibility of getting fakes. I just stuck to getting the chips from a reputable source that I knew was getting them straight from FTDI. That's all. If you can get such good results with literally no effort, I don't buy that anyone is at a disadvantage. It's nonsense on its face.

Sure, if you ask me FTDI could have generated a lot of positive publicity if they offered some sort of a program where they replace the fakes with the real thing for free (for a limited time, conditions apply, blah blah). While their PR sucks, their bottom line won't be affected by any of it. Again: the only people who bitch and whine about this are demonstrably not FTDI customers. Their past purchasing patterns are a good indication that they wouldn't be future FTDI customers either, since they'll be getting fakes from China in the name of "saving" money. I'm sick and tired of people who do stupid shit and whine about it.

Yeah, if you're buying stuff from China, or a US-based chinese releseller, on eBay, Amazon or Alibaba, you're bound to get fakes. News at 11.

Comment Re:Supply chains (Score 1) 268

They will not guarantee that parts purchased from their biggest official distributors are genuine

How is that FTDI's job?! It's DigiKey's job, for crying out loud!

yes those are the exact sources of parts that they accuse of including counterfeit chips

Bullshit, unless I've been the luckiest bastard on Earth. I've been buying FT232s from DigiKey every month for the last decade or so, starting with revision A of the chip.

The difference between FTDI and Texas Instruments is that TI doesn't say I have to buy it from them or it might be fake; they say if I bought it from any of the distributors on their list then all is good

It doesn't matter what FTDI or TI says. What matters is that if you get it from a reputable distributor, it's the real deal, and you can and should hold the distributor responsible for what they sell to you. Your relationship is between the distributor and you. That's what matters in practice. It's completely unreasonable for FTDI to assume liability for what DigiKey or other distributors are doing. Same goes for TI. If you actually read the fine print (terms and conditions + uniform commercial code), TI is not guaranteeing authenticity of any parts not sold by them either. I don't know who came up with that strawman, it's completely bogus. TI is not a party to a purchase you make from DigiKey.

Comment Re:Going after the wrong people (Score 1) 268

you can order these from reputable suppliers, but there really is no guarantee that you're getting what you think you are

That's false. If you get a FTDI converter from DigiKey or Parallax, that's what you're getting. No ifs nor buts about it.

Ever tried to find out what chipset is used when purchasing from Amazon?

Sorry to state the obvious, but "Amazon" is to such electronics as "eBay" is. You can get anything. If you want to know what you're getting, don't buy there. What's simpler than that?

Good luck insisting on paperwork from Amazon, by the way!

I even doubt very much that Amazon itself is selling any of that gear. It's all third party sellers that do. If you can't get paperwork, you're not getting FTDI chips. I think that people have this weird disconnect between reality and their wishes. They see "FTDI" on a product listing on eBay, Amazon or Alibaba, and they think that's necessarily what they'll get. Well, big duh, it's not. As far as I'm concerned, if you're buying from anyone but big component distributors (DigiKey-scale), or directly from reputable OEMs like Parallax, you're not getting what you paid for, you are getting fakes. If it hurts, don't do it, so to speak.

people least able to control what they're actually buying

If Joe Schmoe buys their FTDI kit from Parallax or DigiKey, they'll get the real deal. It's as simple as that. What you say is almost as if DigiKey had some sort of gullibility ratings, and sold fakes if the customer is naive enough. It doesn't work that way. By buying from random street vendors who happen to have online presence, you are bound to get fakes. I have no qualms with FTDI not caring about that market segment: they are not their customers to begin with.

IRL, you do get what you pay for, pretty much.

Comment Re:I made the right choice last time (Score 1) 268

It is literally impossible for an end user to check a valid supply chain.

It is. If you're buying bare chips, they are genuine if they come from Mouser, DigiKey, Avnet, Distrelec/ELFA, Newark or Allied Electronics. If you get them anywhere else, assume that they are fake. If you're buying devices that use these chips, insist that you're shown documentation for a chip purchase from the sources listed above. If it's absent, you're getting fakes. If you're buying anything from China, you're getting fakes.

It really doesn't get any simpler than that. If I hear one start bitching about the price now: look, it's one's own choice. I've told you what to do not to get fakes. If you insist on doing something else, you'll get fakes, and you'll pay less. I don't want to hear from you about "FTDI chips bad sob sob", because those are not FTDI chips, you're not an FTDI customer, and would you please just shut up. /rant

Comment Re:At this point, I think I'd avoid FTDI hardware. (Score 1) 268

You're not FTDI's customer. You're not even legally allowed to use their drivers with non-FTDI chips. It's rather curious that everyone who whines about this in demonstrably not their customer. FTDI is not punishing anyone they deal with. It's your own choice to use fake chips and use FTDI drivers without legal right to do so.

Go talk to whoever sold you the device with the fake FTDI chip and ask for invoices or purchase orders from a reputable vendor like DigiKey/Mouser. My bet is that they got their chips from eBay or Alibaba. You should be raising a stink with them, not with FTDI.

Comment Re:Going after the wrong people (Score 1) 268

I don't think you really looked at FTDI's website in, like, a decade. One product?! The times when all they has was FT232-A and FT242-A are long gone! They have several different products, and there's a lot of differentiation going on. Their portfolio has more current-design chips than all of their competitors thrown together, as far as USBother protocol converters are concerned.

Sure, if what you need can be done with a CY7C65213 or CY7C65211, go for it. But if you want anything else, you can either implement it in software on a microcontroller with a USB port, or you'll end up using FTDI chips. There's no other choice.

Comment Re:Going after the wrong people (Score 1) 268

in precisely zero cases can I determine whether the chipset is genuine or not before purchase

Easy. If the chips came from a reputable distributor like DigiKey, Mouser, Avnet, Distrlelec/ELFA, Allied, or Newark, the chips are genuine. Otherwise, they aren't. I really fail to see how it could be any easier than that. If you buy from someone who uses FTDI chips and you worry if they are not genuine, then you should do two things (both!):

1. Insist on paperwork showing purchases from the big distributors listed above, or directly from FTDI - and then cross-check with FTDI or distributor to make sure they aren't making papers up.

2. Run newest FTDI driver and if it doesn't throw non-genuine events into the windows log, you're set.

FTDI is really doing you a favor.

Slashdot Top Deals

"Life is a garment we continuously alter, but which never seems to fit." -- David McCord