Follow Slashdot stories on Twitter


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Pure crap (Score 1) 268

Heh... it's not that I disagree with you, philosophically. It's just that, where the rubber meets the road, a huge proportion of the applications and systems out there are not robustly designed.

It's very common for applications to expect either success or failure. Success implies that it's behaving correctly. Failure means anything went wrong. In many ways, FTDI's previous attempt at this -- bricking the devices -- was PREFERABLE to this, as it always resulted in failure. You can be angry that they killed your device (which you may or may not have even known was counterfeit), but it pretty much would always fail.

In this case, intentionally manipulating the output could have innumerable unpredictable effects. As noted, can FTDI know that there's not an application out there looking for a value in a specific position? Now, their error message aligns the "DE" in "DEVICE" in that position... the application doesn't fail. It just starts assuming a hex value of '222' for all data runs. What impact might that have?

Look... you can apportion blame and responsibility all you want. Ideal-world politics don't work well in situations like this. The real world is a lot messier, and anyone who pretends otherwise is selling something. I'm not predicting life-ending disaster from this change. All I'm saying is that FTDI has no way to know if it _could_ result in life-ending disaster, and are being ridiculously foolish to take the risk, when they're well aware that their end-users have no way of knowing whether they're affected.

Comment Re:Pure crap (Score 1) 268

Do you have auto updates enabled on any of the machinery that you use USB to serial converters on? If not, why not?

No, I don't... and that's because I'm not an idiot. ;)

Unfortunately, 20 years in this business have taught me that a significant share of people doing this kind of work are. Furthered by the fact that a significant share of business owners/managers (even in large companies) will shave costs anywhere they think they can get away with it.

My basic point is that "non critical" links in the infrastructure can still cascade into critical failures. Many of the developers/integrators in the chain never even recognize the ways that their outputs will be used downstream. And subtle or not, it's never safe to assume that modifying the output of something low-level like a serial controller will not have un-subtle effects on the application. The way these industrial apps often work, it might assume the value is 0. Or it might line up where the "DE" in the word "device", in that error message, is interpreted as the integer 222. There is literally no way for us (or FTDI) to know.

Point is, I can foresee hundreds of ways this could go bad, in places that people don't view as "mission critical". (The desktop PC of a warehouse manager, a dumb throw-away "converter" PC that was simply stuck in a remote location to turn a serial device into a "network server", etc... People do ALL kinds of crap to engineer solutions for specific scenarios, often in small suppliers or companies too tiny to have good control processes or discipline.)

Murphy's Law, and all...

Comment Re:Pure crap (Score 4, Insightful) 268

Not necessarily true. Low-level technology like this is frequently the source of "cascading failure" that can endanger people or property.

For instance, we have many USB-to-Serial devices installed in chains that capture weight readings from industrial scales. If this suddenly and inobtrusively starts causing that measurement data to be misaligned in the output, those weight readings could be transmitted to shippers who may or may not re-weigh the product based on our volume. In the worst case scenario, something like this could be done as the last check-weight for loading an aircraft -- a weight-critical application where getting it wrong can cause a tail-strike on takeoff.

Screwing with low-level data INTENTIONALLY is never a good thing. End users have no way of ever knowing that it's happening. Pushing it by Windows Update, where no devs are involved to catch the error, is a recipe for potential disaster somewhere.

This IS Pure Crap... on the part of FTDI.

Comment The perennial disconnect... (Score 4, Insightful) 574

There are two fundamental dichotomies that hide under this argument, and they've been going on for years, if not decades.

First, there's the disconnect between large business and small business. Second, there's the disconnect between what people have previously been paid (or their peers have), and what they are actually worth. This is coming from a guy who has hired 5 software developers so far this year, and has 2 slots still available...

A lot of developers are looking at what happens at Google and Microsoft (aside from the layoffs...), and try to use that as a standard when they apply for a position at a 50-person shop in the midwest. This creates an expectation disconnect where someone gets an offer for $65k, but won't take it because they've been convinced by the Internet, their Career Planning & Placement department, or the job postings on career boards, that their skills are worth $90k.

This is an "expectation shortage", and results when there are not enough candidates willing to take the positions that ACTUALLY EXIST. It's all well and good to say that employers are under-paying developers, and looking for cheap labor. But the market does set rates, and the fact is that most software projects away from the coasts just don't support paying developers $120k/year - at least not sustainably.

The second disconnect occurs when people misconstrue what it takes to be hired and promoted in the majority of companies, other than the mega-corporations who can have 200 people doing the same job. The sad fact is that you pretty much have to be a specialist to GET a job, and then you have to be a generalist to KEEP it. The specialists who stay in their pidgeon-hole are always the first against the wall when the next re-org comes. But the generalists who have 75% competency in an array of skill-sets rarely make the cut during interviews, but have enormous job security in their current positions -- though often feel themselves "stuck" in positions where they may not feel like they're advancing quickly enough.

This is a failure of cultivation and and expectation problem on the part of employers. It creates a market distortion where people are encouraged to specialize, and then dumped back onto the market with inflated expectations of their overall worth when that very specialization becomes a liability. (Ruby, anyone...?)

From the inside, I think it's undeniable that there is a shortage of quality, trained developers, with attitudes and ethics that will lead to long-term advancement and quality employment. That doesn't mean that there is a shortage of bodies with the raw skills necessary to do the job. But, in the end, that hardly matters... companies aren't hiring automata, even if some of them want to pay as though they were.

There are ample failures on both sides of the equation, and large companies are exacerbating those problems with their treatment of many H-1Bs and "mass hiring" of fresh graduates (at insanely inflated salaries) who then get culled 9 months later.

But candidates are also making the problem worse by viewing software development as a single, unified market, and clinging to the belief that just because Company X in Boston could afford to pay $x for a given product/project, that their skills are still worth $x when they move to Company Y in Pittsburgh, creating software for a completely different industry.

The end result is a shortage of jobs that don't require specialists to get through the door, and a shortage of employees able to adjust their expectations to the realities of the market we are in. When you meet in the middle, it's a real shortage, regardless of how it came to pass.

Comment Double-standard and misunderstanding of politics.. (Score 4, Insightful) 422

So while I'm not a tin-foil-hat wearing conspiracy theorist, I do note amongst the young technorati something of a double-standard. Surveillance, big data and privacy violations are bad when they're used to infringe social rights, but GOOD when they're used to attack people perceived as infringing social rights... C'est la vie.

But more to the point, single-issue activists ALWAYS misunderstand the voting habits of multi-issue voters. Particularly Republicans, who are not just straight-up conservatives as they are often portrayed, but often socially liberal _fiscal_ conservatives who choose not to vote based on social policy. Turning multi-issue swing voters into single-issue activists isn't a straight-forward process, even if you identify who they are.

Finally, this kind of effort makes the assumption that such voters are simply awaiting the right contact or motivation to write their congressperson and demand action. Whereas, in reality, while activists often view the disengaged as "against the cause", the reality is, in most instances, such voters just don't care about that cause.

Slashdot Top Deals

Decaffeinated coffee? Just Say No.