Are you feeling Luckey, PUNK?
Are you feeling Luckey, PUNK?
I really enjoy when the current generation uses "feels" as a plural noun.
They think it's cute.
They're spoilt with lots of FPS and it bias them in favor of ignoring things like the use of apostrophes when the games pretty fun.
But, since we provided the technology they grew up on, it's probably all our fault that's all they "learnt".
"A fool and his money..."
A TL;DR: Samsung TVs use voice commands and like most other voice command services they outsource voice recognition to their server park. Unlike other services, however, they continously listen and send this data, they don't wait for a button press or keyword.
You mean "unlike other services,
Just like Lennart listens to users, I listened to Lennart...
and then backed up anything important, wiped Linux off my box, and installed FreeBSD.
Listening doesn't guarantee anything - I listen to people all the time, and then ignore them.
Let's first try with upper management and see how it goes.
Yeah, lets start by letting in the top 5% of foreign executive management and see how that works out first.
We can offer them 'competitive wages'... say 60% of what current executives make, just like with H1-Bs, and see things work out. If that works ok then we can progress to letting the top 5% of foreign middle-management in...
I eagerly await ls.service, cat.service, grep.service, etc. No point in having all those separate tools around when systemd can do it all!
I use telnet plenty great for connecting to a tcp port and debugging. It's a horrid thing to run as a service and allow people to login etc.
Yeah, the client comes in handy at times to connect to port 80 and 'handcraft' a http request to see a response, etc... but running a telnet server/service on the machine? Especially on a "security" device?!?!? C'mon... that's just ludicrous in all kinds of ways.
Two things. One, the cloned FTDI subcomponents are in and of themselves essentially indefensible. The notion of "unclean hands" absolutely applies here. Two, that notion further applies to the manufacturer who included the cloned subcomponent in their product. To use a car metaphor, if a car is supposed to use a Bosch-made airbag sensor that has been well-tested and proven to be reliable, but the manufacturer instead knowingly uses counterfeit sensors, they open themselves up to enormous risk in any situation where the reliability of those counterfeit sensors has been called into question. They cannot rely upon any of the due diligence that Bosch has done, nor can they point to Bosch as being at fault. Furthermore, even if they point to the counterfeit manufacturer as being at fault, they themselves end up taking on some of that blame as well, for knowingly having included their product in their car.
No question about the manufacturer being at fault, nor can Bosch be sued for the failure of something they didn't make if it fails in a collision... except if Bosch releases an update 'firmware' for the vehicles that then sees your counterfeit airbag sensor and disables it from functioning at all even though it actually did function (although perhaps not to spec) and might well have saved your life in that accident that, because it didn't function at all due to Bosch's actions, wound you up with a crushed chest, minus one lung, and unable to ever walk again. It would probably be pretty easy, in that case, to prove that while the device may not have been up to spec, it might well have prevented damage that wasn't prevented because of Bosch's actions in totally disabling the device.
They didn't destroy anything, the fine summary is wrong. They temporarily and reversibly altered a writable configuration area to prevent the malfunctioning device from further malfunctioning.
Agreed, however to most users it will seem 'permanent' - and regardless, FTDI would still be potentially liable for other damages as a result of them modifying the device into an unusable (even if temporary) state. What if I'm a self-employed contractor with some critical work for a customer on two (for redundancy) external USB hard drives... that happen to have fake FTDI chips? Suddenly I update my driver and both drives stop working - even on other machines that didn't get the driver update - and on the day when I'm supposed to submit my $50K of billable work to the company, for acceptance/payment? Suddenly I've lost business, income, reputation, *and* probably future business... how much is that worth, and is FTDI liable for disabling devices that, unbeknownst to me, had fake FTDI chips, without even warning/notifying me that the devices weren't acceptable for their driver and letting me disconnect them or refuse/downgrade the driver update?
The import of a counterfeit product into the EU carries a fine up to 10k Euros / item. People bringing back fake Rolex watches were hit with a fine higher than the price of the genuine thing. Just saying...
Perhaps, but if I buy a watch off a guy on the street with a long trenchcoat filled with watches, I'm not 'importing' anything, he did (or perhaps his supplier).
Nobody could complain if they simply went and made their driver incompatible with the forged chips. If there is no working driver, then the customer would have to complain with the original maker of the hardware and demand a working driver. That's quite within FTDI's rights.
The point is that they attack the firmware of the device involved, which is by no accounts ok anymore. This isn't locking out a competitor, it's destruction of a competitor's hardware. Yes, that competitor didn't act correctly by trying to get a free ride. No doubt about that. By that logic, though, it's just a-ok for any printer maker to trash the printer (e.g. by hosing it with printer ink) should they detect that you use anything but their overpriced original stuff.
We are clearly in agreement here except on a single point: changing the PID is neither attacking the firmware nor damaging the hardware. After a PID change, the hardware (and firmware) is still functional -- as long as either some driver can recognize it or the PID is reset to a valid ID.
It may be that FTDI was unable (or unwilling) to find a way for their driver to stop supporting the counterfeited chips, so they just removed the mask (the PID) on the chip that claimed the counterfeits were genuine. That's not damaging the hardware or the firmware, merely modifying an embedded setting.
All that said, FTDI's actions were not appropriate -- and they will likely end up paying for it in the court of public opinion. However, FTDI's driver did not damage or harm the chips themselves -- and they certainly weren't (as some here have claimed) "bricked."
Regardless of whether they were permanently 'bricked' or not, your initial comment was about 'technologically ignorant users' somehow 'requiring' them to support the fake product - the driver can simply refuse to work with the device.
Now, however, you take that 'technically ignorant user' who went out and bought say 3 x 4GB USB dongles that happened to have fake FTDI chips in them, unaware of that fact of course, who then copies his business critical data, say 3 years worth of work, onto all 3 of them (for safe keeping)... then his machine auto-updates his driver (because, again, he's a technically ignorant user) and suddenly he can't get to his data... in fact, again, technically ignorant, he tries all 3 dongles (if the first one fails, try the backup(s) right?).
Now, he can't even take them to another machine that maybe didn't get the driver update, or a Linux machine without the proprietary FTDI driver... sure, it's 'fixable' by him say paying an IT geek (a non-technically-ignorant person) to reprogram the USB ID, but that's a cost he is incurring because of what FTDI did to his devices. And that isn't to mention that perhaps he needed that data to bid on a potential $million contract with someone, on a deadline that he's now missed because of what FTDI did to 'damage' his devices.
He most certainly, if it can be proven that FTDI is *deliberately* breaking (even temporarily) the devices in question, has a good case for damages from FTDI.
They have every right to have thier drivers detect the non-genuine parts, report them and refuse to work with them. Bricking them is clearly causing intentional harm to equipment they don't own. Never excusable.
Agreed. I'd have no problem if their driver reported it as unusable/illegal hardware and refused to work with it. Bricking my hardware is just being vicious to me, the customer, that possibly unwittingly purchased the device - and that kind of policy would make me want to avoid FTDI products in anything I own, real or 'fake'.
But one thing I would very much like to know is how this rootkit got installed in the first place. There's nothing about that in TFA.
That was my question too... how did it get there? I mean, kernel modules don't just magically appear and install themselves...
its always funny to see these posts from AC, no one has the balls to make such idiotic claims with their real names
If you think this is R vs D and not The people vs The government, i got a bridge to sell you.
Even if nixon started it, you have had how many democratic presidents since him? I mean, if the democrats REALLY wanted to end it, they could have. be it carter, or clinton, or now obama. But no. they dont only not stop it but they expand it.
When will people wake up and realize that voting for an R is the same as voting for a D, maybe not in the short term, but the long term as shown this to be the case
Well said. These days it's also about inside vs. outside; those with access to government and those without it. Or maybe ultra-wealthy vs. everyone else.
Your owners don't want it to change, the need more surveillance lest the slaves get restless and think of uprising.
Disc space -- the final frontier!