I'm with you; I have given up believing that our government is good and is trying to do the Right Thing(tm).
they are now more concerned with covering their asses and collecting all info they can 'just in case' they need it. more CYA, really.
parallel reconstruction is a horrible thing, but they use it and so they don't care about laws anymore.
what this has done is make us, the citizens, ALSO not care about the laws. I dont' think they realized this would be the effect, but I see it, in modern attitudes. especially in the young. they don't believe our government is good or trustable anymore and that our laws are corporate self-interest based.
what goes around, comes around. and that's what bothers me the most. the 'arms race' between the gov and the citizens is growing and not de-escalating.
each generation has said 'the world is going to hell in a handbasket' but this time, they really are right.
If there's one point that we want to communicate to the world, it's that SSL/TLS is not computationally expensive any more. Ten years ago it might have been true, but it's just not the case any more. You too can afford to enable HTTPS for your users.
Anyone who believes that buying private links into a providers network is the same as your traffic getting paid priority knows jack shit about network ops.
ever hear of TE (traffic engineering)? I call bullshit on your statement. even inside large isp networks they will give qos to some data more than others. it can be by traffic type or endpoint identity or a combination of many things. my day job is at a major router company and I can (or can't, uhm,...) tell you many things about how you can prioritize traffic with modern core and edge routers and switches.
to say that traffic is not engineered is to lie to us.
they are not a tiny company and so, they have LESS excuses to kill off launched apps and services. 10 or 50 man company, sure, fine. but the mamoth that they are? inexcusable!
do I sense fanboi'ism at YOUR end, mate? I don't have sour grapes; I stopped supporting google and their products years ago. they fooled me once but they are never getting a 2nd chance from me.
so-called 'free applications' or services are bullshit since they can and will be pulled at any time google so chooses.
they are THEY 'short attention span' company of the decade. I can't think of anyone else who abandons their own work so frequently and after its actually launched on the public, too. abandoning things in internal field-test is fine. but once its launched, it should not be killed off without a damned good reason.
with all the brainpower (?) google has, with all their money and employee base, its amazing how much abandonware they have produced over the years.
google makes me laugh. a bunch of children who think they can engineer products. lol. it takes a lot more than just writing code and throwing it on a website to truly be a respectable product engineer. I don't know if google has ANY such people, form what I can see on the outside.
speaking of gps maps, I had a discussion with a guy at work about buying a gps that came with the car vs installing an aftermarket one.
my point to him was that car companies cannot be trusted with your data, your driving locations are WAY too much info to hand over to them, their gps systems are almost always worse than even just your phone's gps and they are expensive as hell. the only upside is that they 'look good' on your dash since it was designed in from the factory.
no, I want no bluetooth from a car company or any other networking thing. no radio uplinks, no beacons, no data logging (hard to avoid the blackboxes that are now built into every car sold to the US folks) but what stuff I am able to stop them from using, I certainly will.
this kind of thing makes buying 10+ yr old used cars look a lot better. it also makes me want to hang onto my old car for as long as I possibly can.
I know you were being funny, but take australia as an example. its often said that everything that moves around down there with more than 2 legs is ready to kill you. all kinds of dangerous venemous creatures in oz; and yet, they are just as afraid of their shadows as we yanks are. they are being terorized by their own people just like we are (ie, the 'authorities').
we have little to fear about the big bad foreigner. we have much more to fear by our own lawmakers and those who carry guns under color of law.
but terror 'sells' and every country has pretty much realized that by controlling people via fear, they can pass any restrictive law they want, spy on anyone they want and get huge 'toys' budgets passed. this never would have happened a few decades ago, but now, we are all pussies - the whole world, pretty much. cowering over shadows in the night.
we are being desensitized to sensibility. the 'zero tolerance' world we now have - the so-called 'new normal' is BULLSHIT and needs to end.
the more we call attention to stupidity (no, not the wifi name but the airlines, in this case!) the better. we need to have more and more of these incidents to make us re-realize that stupid things are not going to hurt us. jumping at every bump-in-the-night is a failwhale.
we need to grow some balls. if it means that more 'authorities' have to start THINKING on their own instead of covering their asses, so be it. but zero-tol is not working and needs to end asap.
some kid takes a PBJ sandwich and eats part of it so that a shape of a gun is made; and he's sent home or expelled. this is just more of the same zero-tol CYA bullshit that also has to end immediately. if we don't come to our senses, we will be ruined (we're long on our way to ruin, as it is; due ENTIRELY to our own fear level).
just like you can NEVER trust a windows (or mac or even linux box) that was not setup by you, especially if its a corporate box that was given to you pre-installed.
almost every company of mid-size or larger preinstalled MitM certs for their spying firewalls. they don't tell employees that, but netadmins and sysadmins pretty much all know this.
I work at a large networking company and they didn't tell me WHAT they do or HOW they'd spy on me, but I found out via a friend (in germany) exactly what they are doing. in.de, you have to disclose to the employees a lot more than the US requires you to do, and he relayed the info to me about how our corp laptops come preinstalled with corp spyware. ability to active mic, camera, screen caps, all that bullshit in addition to traffic logging.
I'm a network mgmt guy and when I was out interviewing for jobs (the last few years) almost all of them involved DPI and MitM attacks, even though they tried to explain it away as 'troubleshooting information' and 'for the users benefit'. quite bullshitty but they said it with a straight face, like they believe their own BS.
you guys have to start realizing that corp america is all about privacy invasion; of customers and employees, alike. if you have a corp laptop, do NOT login to your home email systems and keep your work laptops entirely clean of anything personal and home related. yeah, even if you see the lock icon on the browser, it means nothing anymore, in a corp LAN.
I don't think you could modify packets that are in an ssl stream and not have ssl detect it and reject the 'broken' packets.
https is mostly secure (other than MitM attacks on certs) and vpn's are also very secure.
I have a vpn and while I use it mostly at home, there is an android client (even for my ancient 2.x android o/s) for the vpn provider I have and so I could get as complete privacy as possible on my phone, while doing inet things.
problem with that is: so many come from china and the sellers are like cockroaches when the light comes on; they scatter, change names, go out of business and resurface.
there is next to zero ways to punish china based sellers and 99% of them are engaged in selling fakes (of anything, not just chips).
suppose the chip is soldered onto a system that can't easily be fixed? is ftdi going to do the rework? zero point zero percent chance of that happening. so, them sending you another 'chip' is pretty useless, in practice.
shaming the sellers usually wont' work unless its a perma business like sparkfun or adafruit. amazon and ebay sellers are like cockroaches, as I've said. you can't kill them all.
all you could realistically do is give a tool to end users to DETECT fake chips. then, next time you buy one, you run the test and you have a few days or weeks to return to the vendor (while they are still around and in business). then again, ebay would have to ammend its policy to NOT require you to ship the goods back to a china seller, or at least send you a prepaid shipping label.
in reality, I see none of this happening.
best I can do is stop windows update from now on (MS lost all my trust on this, forever, at this point), install 2.10 on my win boxes, lock them down and carry on with my life.
oh, and all ftdi designs I had in progress are now being modified to use another chip instead of ftdi. I may have to buy ftdi's on arduino nanos (I like them...) but I won't DESIGN with the chip in my own embedded boards anymore.
just yesterday, there was a linux kernel patch (on the usb drivers mailing list) that now allows a 0000 pid for ftdi devices.
also, there was a tool by mark lord that allows you to write back any pid value you want, for example, when I ran it, I got this output (and it 'fixed' the chip again, too):
I don't trust samsung. but sadly, I did buy a bunch of 840 evo drives over the last year or 2. damn.
samsung is known as the company that makes things last 'the warranty period + 1 day'. almost literally. almost to an art form.
samsung lcd's also are built like crap. one after another, their electrolytics die (fake china caps; like so many others). buying japanese (nichicon, panasonic, etc) low ESR caps usually brings the monitors back to life. I've fished several out of the trash cans and restored them via simple psu cap replacements.
but dammit samsung, why do you have to be SO cheap??
guess I should start avoiding all samsung things, now. I'm tired of their crap.
all datacomm companies are in bed with the spooks. cisco is just like all the others, not special in that regard.
I joined cisco in the early days, back in the early 90's. I was there a short time, then left, and recently came back; so I see the new cisco and do remember the old 3 building cisco. they are not even close to the same company anymore.
I enjoy being there but its more about my group than the company. company wise, I see a lot of bad designs and bad decisions and a lot of young kids who have no business writing or supporting routing software. but like all other valley companies, most work is farmed out to india to the lowest price bidder and the results really show this;( even locally, you won't find many americans working there and the attention to detail has been long gone. its a young employees company and experience is not really valued, again, like most other bay area companies.
there is a lot of cool stuff going on, but they have lost their ability to stay focused and deliver world-class software like they once did. its now a body shop with very few visionaries left. sad to see that happen.
ALL of our founding fathers would be arrested as terrorists.
they fought their own country, the English.
now, we agree with their views, but if the TLA's had their way (and congress, and the president and, well, all the courts, too) they'd be marked as 'bad guys' and would have little to no freedom.
as a guy over 50 who has analog meters (triplett, simpson, stuff like that) that are nearly as old as I am, I can say with confidence that you have no idea what you are talking about.
digital meters tend to fail more! they are more complex, and unless you buy very good ones, they will suffer 'cap problems' (esp. if made in china, which nearly all things are, these days).
otoh, buy a used meter of the type I described and as long as it was not hit by a truck, it will likely work and out live YOU.
springs fail? never saw that happen. bushings fail? again, never saw that happen.
I would guess, based on your very high UID that you are a youngster and never really used or lived with such gear before.
probably better to just remain silent than to speak up and tell everyone how much you don't know.
you're only allowed to do illegal things and lie about it AFTER you are hired by the fbi.
does anyone seriously believe that 'law enforcement' is about fighting the good fight and standing up for what is right, anymore?
I have lost 101% confidence in our system's ability to do what's Right(tm). it seems only the stupid or brainwashed would want to work for the government goons.
and of course, goons is basically what they have, now, anyway.
Slashdot Mirror
I'm with you; I have given up believing that our government is good and is trying to do the Right Thing(tm).
they are now more concerned with covering their asses and collecting all info they can 'just in case' they need it. more CYA, really.
parallel reconstruction is a horrible thing, but they use it and so they don't care about laws anymore.
what this has done is make us, the citizens, ALSO not care about the laws. I dont' think they realized this would be the effect, but I see it, in modern attitudes. especially in the young. they don't believe our government is good or trustable anymore and that our laws are corporate self-interest based.
what goes around, comes around. and that's what bothers me the most. the 'arms race' between the gov and the citizens is growing and not de-escalating.
each generation has said 'the world is going to hell in a handbasket' but this time, they really are right.
sadly, I don't see a reversal. ;(
according to google, essentially NO extra cpu (in real terms) is needed anymore.
citation:
https://www.imperialviolet.org...
quote:
If there's one point that we want to communicate to the world, it's that SSL/TLS is not computationally expensive any more. Ten years ago it might have been true, but it's just not the case any more. You too can afford to enable HTTPS for your users.
I'm not sure I follow.
could you restate, maybe in the form of a car analogy?
Anyone who believes that buying private links into a providers network is the same as your traffic getting paid priority knows jack shit about network ops.
ever hear of TE (traffic engineering)? I call bullshit on your statement. even inside large isp networks they will give qos to some data more than others. it can be by traffic type or endpoint identity or a combination of many things. my day job is at a major router company and I can (or can't, uhm, ...) tell you many things about how you can prioritize traffic with modern core and edge routers and switches.
to say that traffic is not engineered is to lie to us.
we are not stupid, you know....
your reply addresses nothing that I posted about.
they are not a tiny company and so, they have LESS excuses to kill off launched apps and services. 10 or 50 man company, sure, fine. but the mamoth that they are? inexcusable!
do I sense fanboi'ism at YOUR end, mate? I don't have sour grapes; I stopped supporting google and their products years ago. they fooled me once but they are never getting a 2nd chance from me.
so-called 'free applications' or services are bullshit since they can and will be pulled at any time google so chooses.
they are THEY 'short attention span' company of the decade. I can't think of anyone else who abandons their own work so frequently and after its actually launched on the public, too. abandoning things in internal field-test is fine. but once its launched, it should not be killed off without a damned good reason.
with all the brainpower (?) google has, with all their money and employee base, its amazing how much abandonware they have produced over the years.
google makes me laugh. a bunch of children who think they can engineer products. lol. it takes a lot more than just writing code and throwing it on a website to truly be a respectable product engineer. I don't know if google has ANY such people, form what I can see on the outside.
speaking of gps maps, I had a discussion with a guy at work about buying a gps that came with the car vs installing an aftermarket one.
my point to him was that car companies cannot be trusted with your data, your driving locations are WAY too much info to hand over to them, their gps systems are almost always worse than even just your phone's gps and they are expensive as hell. the only upside is that they 'look good' on your dash since it was designed in from the factory.
no, I want no bluetooth from a car company or any other networking thing. no radio uplinks, no beacons, no data logging (hard to avoid the blackboxes that are now built into every car sold to the US folks) but what stuff I am able to stop them from using, I certainly will.
this kind of thing makes buying 10+ yr old used cars look a lot better. it also makes me want to hang onto my old car for as long as I possibly can.
my company promised us that there would be layoffs and they actually did make good on that promise.
does that count?
if they need a volunteer, I'm happy to join in.
you gotta go somehow. if I die by bacon, at least I die happy.
I know you were being funny, but take australia as an example. its often said that everything that moves around down there with more than 2 legs is ready to kill you. all kinds of dangerous venemous creatures in oz; and yet, they are just as afraid of their shadows as we yanks are. they are being terorized by their own people just like we are (ie, the 'authorities').
we have little to fear about the big bad foreigner. we have much more to fear by our own lawmakers and those who carry guns under color of law.
but terror 'sells' and every country has pretty much realized that by controlling people via fear, they can pass any restrictive law they want, spy on anyone they want and get huge 'toys' budgets passed. this never would have happened a few decades ago, but now, we are all pussies - the whole world, pretty much. cowering over shadows in the night.
this is not at all a funny matter.
actually, we need more of this.
why?
we are being desensitized to sensibility. the 'zero tolerance' world we now have - the so-called 'new normal' is BULLSHIT and needs to end.
the more we call attention to stupidity (no, not the wifi name but the airlines, in this case!) the better. we need to have more and more of these incidents to make us re-realize that stupid things are not going to hurt us. jumping at every bump-in-the-night is a failwhale.
we need to grow some balls. if it means that more 'authorities' have to start THINKING on their own instead of covering their asses, so be it. but zero-tol is not working and needs to end asap.
some kid takes a PBJ sandwich and eats part of it so that a shape of a gun is made; and he's sent home or expelled. this is just more of the same zero-tol CYA bullshit that also has to end immediately. if we don't come to our senses, we will be ruined (we're long on our way to ruin, as it is; due ENTIRELY to our own fear level).
sounds like it could cause a tainted colonel, to me...
quite a valid point!
just like you can NEVER trust a windows (or mac or even linux box) that was not setup by you, especially if its a corporate box that was given to you pre-installed.
almost every company of mid-size or larger preinstalled MitM certs for their spying firewalls. they don't tell employees that, but netadmins and sysadmins pretty much all know this.
I work at a large networking company and they didn't tell me WHAT they do or HOW they'd spy on me, but I found out via a friend (in germany) exactly what they are doing. in .de, you have to disclose to the employees a lot more than the US requires you to do, and he relayed the info to me about how our corp laptops come preinstalled with corp spyware. ability to active mic, camera, screen caps, all that bullshit in addition to traffic logging.
I'm a network mgmt guy and when I was out interviewing for jobs (the last few years) almost all of them involved DPI and MitM attacks, even though they tried to explain it away as 'troubleshooting information' and 'for the users benefit'. quite bullshitty but they said it with a straight face, like they believe their own BS.
you guys have to start realizing that corp america is all about privacy invasion; of customers and employees, alike. if you have a corp laptop, do NOT login to your home email systems and keep your work laptops entirely clean of anything personal and home related. yeah, even if you see the lock icon on the browser, it means nothing anymore, in a corp LAN.
I don't think you could modify packets that are in an ssl stream and not have ssl detect it and reject the 'broken' packets.
https is mostly secure (other than MitM attacks on certs) and vpn's are also very secure.
I have a vpn and while I use it mostly at home, there is an android client (even for my ancient 2.x android o/s) for the vpn provider I have and so I could get as complete privacy as possible on my phone, while doing inet things.
problem with that is: so many come from china and the sellers are like cockroaches when the light comes on; they scatter, change names, go out of business and resurface.
there is next to zero ways to punish china based sellers and 99% of them are engaged in selling fakes (of anything, not just chips).
suppose the chip is soldered onto a system that can't easily be fixed? is ftdi going to do the rework? zero point zero percent chance of that happening. so, them sending you another 'chip' is pretty useless, in practice.
shaming the sellers usually wont' work unless its a perma business like sparkfun or adafruit. amazon and ebay sellers are like cockroaches, as I've said. you can't kill them all.
all you could realistically do is give a tool to end users to DETECT fake chips. then, next time you buy one, you run the test and you have a few days or weeks to return to the vendor (while they are still around and in business). then again, ebay would have to ammend its policy to NOT require you to ship the goods back to a china seller, or at least send you a prepaid shipping label.
in reality, I see none of this happening.
best I can do is stop windows update from now on (MS lost all my trust on this, forever, at this point), install 2.10 on my win boxes, lock them down and carry on with my life.
oh, and all ftdi designs I had in progress are now being modified to use another chip instead of ftdi. I may have to buy ftdi's on arduino nanos (I like them...) but I won't DESIGN with the chip in my own embedded boards anymore.
just yesterday, there was a linux kernel patch (on the usb drivers mailing list) that now allows a 0000 pid for ftdi devices.
also, there was a tool by mark lord that allows you to write back any pid value you want, for example, when I ran it, I got this output (and it 'fixed' the chip again, too):
% ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001
ft232r_prog: version 1.24, by Mark Lord.
eeprom_size = 128
vendor_id = 0x0403
product_id = 0x0000
self_powered = 0
remote_wakeup = 1
suspend_pull_downs = 0
max_bus_power = 90 mA
manufacturer = FTDI
product = FT232R USB UART
serialnum = (elided...)
high_current_io = 0
load_d2xx_driver = 0
txd_inverted = 0
rxd_inverted = 0
rts_inverted = 0
cts_inverted = 0
dtr_inverted = 0
dsr_inverted = 0
dcd_inverted = 0
ri_inverted = 0
cbus[0] = TxLED
cbus[1] = RxLED
cbus[2] = TxDEN
cbus[3] = PwrEn
cbus[4] = Sleep
Rewriting eeprom with new contents.
"user-settable blacklist."
user, here, is ftdi, though ;(
short answer: yes.
I would not trust their 'fix' if they actually work at the filesystem level.
you'd think this was a sector based issue. you'd think!
even if there is a dos bootable for this, unless it understands ext2/3/4 (and maybe others; jfs, reiser, xfs) then linux guys ARE screwed by this.
I don't trust samsung. but sadly, I did buy a bunch of 840 evo drives over the last year or 2. damn.
samsung is known as the company that makes things last 'the warranty period + 1 day'. almost literally. almost to an art form.
samsung lcd's also are built like crap. one after another, their electrolytics die (fake china caps; like so many others). buying japanese (nichicon, panasonic, etc) low ESR caps usually brings the monitors back to life. I've fished several out of the trash cans and restored them via simple psu cap replacements.
but dammit samsung, why do you have to be SO cheap??
guess I should start avoiding all samsung things, now. I'm tired of their crap.
all datacomm companies are in bed with the spooks. cisco is just like all the others, not special in that regard.
I joined cisco in the early days, back in the early 90's. I was there a short time, then left, and recently came back; so I see the new cisco and do remember the old 3 building cisco. they are not even close to the same company anymore.
I enjoy being there but its more about my group than the company. company wise, I see a lot of bad designs and bad decisions and a lot of young kids who have no business writing or supporting routing software. but like all other valley companies, most work is farmed out to india to the lowest price bidder and the results really show this ;( even locally, you won't find many americans working there and the attention to detail has been long gone. its a young employees company and experience is not really valued, again, like most other bay area companies.
there is a lot of cool stuff going on, but they have lost their ability to stay focused and deliver world-class software like they once did. its now a body shop with very few visionaries left. sad to see that happen.
fear.
control.
keeping you from challenging authority.
pretty much, just that.
(oh, and security theater, too.)
ALL of our founding fathers would be arrested as terrorists.
they fought their own country, the English.
now, we agree with their views, but if the TLA's had their way (and congress, and the president and, well, all the courts, too) they'd be marked as 'bad guys' and would have little to no freedom.
odd, how that turns 360, huh? ;(
as a guy over 50 who has analog meters (triplett, simpson, stuff like that) that are nearly as old as I am, I can say with confidence that you have no idea what you are talking about.
digital meters tend to fail more! they are more complex, and unless you buy very good ones, they will suffer 'cap problems' (esp. if made in china, which nearly all things are, these days).
otoh, buy a used meter of the type I described and as long as it was not hit by a truck, it will likely work and out live YOU.
springs fail? never saw that happen. bushings fail? again, never saw that happen.
I would guess, based on your very high UID that you are a youngster and never really used or lived with such gear before.
probably better to just remain silent than to speak up and tell everyone how much you don't know.
right.
you're only allowed to do illegal things and lie about it AFTER you are hired by the fbi.
does anyone seriously believe that 'law enforcement' is about fighting the good fight and standing up for what is right, anymore?
I have lost 101% confidence in our system's ability to do what's Right(tm). it seems only the stupid or brainwashed would want to work for the government goons.
and of course, goons is basically what they have, now, anyway.
2 words: parallel reconstruction.
FBI is a corrupt org, as are all the top-level 'law enforcement' orgs.
they have no right to call the kettle black, so to speak...
they break any laws they want and they use 'ends justify the means' along the way.
pathetic!