> "Bricked" means that it is no longer useful, ever, under any circumstances. It's dead, and not recoverable.
OK, "soft bricked"
The legality of this is still unquestionable. if the enduser has to expend energy undoing the damage then what's happened is a crime in many countries, EULA or no EULA (None is presented when you do a Windows update so a judge will not only toss out any attempt to point to that as a defence, but likely find any such attempt to be in contempt of court)
"there is next to zero ways to punish china based sellers and 99% of them are engaged in selling fakes (of anything, not just chips)."
Incorrect and incorrect.
Chinese copyright, trademark and patent law exists and is enforced. If companies are too bone-arsed lazy to register their trademarks/patents in china then they can't defend them there.
Chinese authorities regularly shut down and arrest counterfeiters - where the IP is registered in china.
Before the americans in this thread pile in, I'll remind you that until the start of the 20th century, european copyrights, patents and trademarks had zero validity in the USA unless explicitly registered there - something which Thomas Edison took advantage of to steal not only the inventions of the Lumiere Bothers (the movie projector), but also their creative works (Their movies) - something which the Lumieres found out the hard way when they tried to move to the USA and were found guilty of copyright infringement for displaying works they had made, but which Edison had registered copyrights on.
Amongst other things the result of this was the global book distribution cartels, which exist to this day, where parts of the world are carved up and a book authored and printed in the USA can be seized as copyright violation if sold in Australia without going through the "correct" distribution channels - which in some cases increase the cover price by a factor of 20 compared to direct imports.
Even now, a EU-registered patent has no validity in the USA unless explicitly registered there too (and vice-versa).
Copyrights/trademarks are a good idea for protecting intellectual property, but not such a good idea when attempts are made to use them as a license to print money, especially in this new era of widely available and rapidly circulating knowledge.
It's counterfeited because it's more expensive than the other pin-compatible devices out there.
FTDI is making quite a profit margin on their devices.
They were effectively faced with a choice of reducing their margin a little on a device which has repaid its R&D costs many times over (which will stop the counterfeiting of their logo) or protecting it by defending against trademark forgery.
The choice they took to protect it amounts to criminal overreach which affects the wrong parties.
"screwed the pooch" doesn't even come close to describing this mess. It may well result in FTDI having to exit the USB-serial market entirely.
"Again (as per previous posts):) FTDI didn't break anything - they moved the USB ID off their allocated(and payed for/licensed range) and that was that"
According to the computer misuse act in the UK, they performed a criminal act by making unauthorised modifications to devices they didn't own.
The fact that utilities exist to reprogram the soft-bricked devices is irrelevant to the law at hand.
There _will_ be legal fallout from this. In the UK the unfair terms in consumer contracts act will wipe outthe clauses that FTDI are relying on and I wouldn't be at all surprised if whoever signed off on it in the UK (it's a scottish company) ends up in court on criminal charges.
The devices in question are internally completely different, but mimic the FTDI command set. They're workalikes, not clones, nightshift runs or factory rejects.
The "sin" comes from marking device packages as FTDI (trademark violation) and presenting a USB Vendor ID of FTDI (unlicensed use of the ID)
Analysis shows that the IP which went into creating the workalikes is at least as expensive as the FTDI devices and the die costs are about the same. What this really exposes is how much FTDI is making from their brand name for what is a generic serial device and what lengths they will go to to protect that brand name.
It's because the profit margin exists over generic, that unscrupulous vendors badge the workalines as FTDI - and the fakes are so good that they're hard to detect visually. The price differential on fake branding is almost nonexistant - 3-5% or less (sometimes no difference), which is within the margin of error on supply chains, so it's no wonder these appeared in production runs.
As others have said, FTDI has burned a shedload of goodwill in a mantter of days. If they wanted to flag attention to the fakes they could have done so in a far less destructive manner (which amounts to arbitrary seizure and destruction of property, something which requires a court order in most countries even for trademark piracy)
Thankfully, there are a bunch of pin-compatible replacements for the device from various makers The FTDI device itself was a pin-compatible replacement for first-generation usb-serial chips.
Workalike makers now know how to make their devices even better mimics of FTDI - plus how to resist VID reprogramming - and a lot of people in the design and build sphere now know that many of the pin-compatible devices are significantly cheaper, use less power and run faster.
The ironic thing out of all this is that the workalikes are significantly faster devices which draw less power and could easily stand on their own 2 feet as a properly branded item. They were sold as FTDI because of resistance to buying other brands by western designers.
End result: Own Goal by FTDI. Did they do this as a prelude to getting out of the serial chip market?
"One is the lights are normally timed based on the road's speed limit, so if traffic is going a lot slower for some reason, then the time to cross the intersection may be greater than the yellow light interval."
There's enough cpu in even a simple traffic light controller these days that slower traffic can be equated with longer yellows if need be.
I'm minded of a 4 lane road in a city I lived as a kid which didn't actually allow enough green time from sidestreets for pedestrians to cross. It used to terrify me when I was 7-8 and there was no pedestrian refuge on the median.
"But then again there are junctions in the UK where you can get trapped into either stopping in a box junction or running a red light - either of which gets you a fine. "
The UK road rules are very clear: "Do not enter an intersection unless the way is clear to exit it"
Technically, if you stop _at any time_ whilst in an intersection, you can be ticketed for careless driving.
Yellow crosshatching in junctions is merely a reminder of the rule on roads which are more prone to blockage and therefore more likely to have active enforcement.
EU lights go from red to red+orange to green. That's AFTER the opposing lights go red. There are minimum dual-red dwell-times, but the transition means you're ready to go when the light goes green and anyone running a red in the other direction is doing so when it's already been red for at least 2 seconds.
I always thought it was odd to have the red+orange before I lived in the EU but it does make for smoother traffic flow (red+orange is still "red" for legal purposes. It's a warning to be ready to move off and you'll get ticketed if you move onto the intersection before a green light)
Simple solution: Set federal minimum amber times, modify by intersection widths and make it a federal crime to set timers shorter than this, with personal as well as corporate liabilities.
A few city managers cooling their heels in jail will have the rest deciding between safety and jailtime, instead of safety and revenue.
I'm surprised that the USA's notorious unlimited liability laws haven't been used to knock the practice on the head. All it would really take is to make it a liability-insurance-voiding action and I bet you'd see managers not take the risk.
Edison was first and foremost a marketer and secondly a highly predatory intellectual property thief.
Ask the Lumiere Brothers - they found he'd not only stolen their moving project equipment and patented it the USA, but he'd also stolen one of their movies and copyrighted it as his own in the USA.
Even his lightbulb R&D stole large amounts of data from Swan - which was legal in the USA, but when he tried to expand into europe, Swan's prior patents forced Edison to back down.
He may have done a lot of stuff himself but for the most part he hired an army of assistants who never received credit for their work or research.
"This should outrage you, a public official at the top of the NSA has taken on another (very high) paying private section job"
As a non-citizen, non-usa resident, it just underscores my perception that the USA is at least as corrupt a place as India, China, Russia, or Nigeria or (add another 20-30 countries in here).
The only difference over the last 20 years is that it's coming more and more into the open with virtually no punishments meted out, whilst other countries are mostly undertaking efforts to stamp corruption out because it's damaging to their economies.
"he was off shift and thought as a private person he could get away with it but was sentenced harsher because as a cop he should have known better."
That was 1978.
In 2014 he'd have been exonerated and the householder convicted of resisting arrest or some other trumped up charge (or dead, with the cop patted on the back and given a bonus).
GPS systems are proving to be far more valuable to indian civilians than the indian military. One of the greatest advances has been the use of GPS-guided farming systems and using GPS data from ground surveys to identify areas most vulnerable to flooding and move people.
Yes, India has grinding poverty, but it's doing far more than the USA ever did to lift its people out of that - meantime the USA's poverty levels keep increasing.
The interesting phenomenon which is emerging (and has emerged in every single country in the world that wealth has increased) is that the middle classes have fewer children. In a country threatened with overpopulation it seems the best way of alleviating this is to minimise poverty.
There are a number of GPS receiver chip designs which are external to the USA (design and manufacture). The problem is that in order to be signed off as Navstar compatible and/or sold in the USA, they have to comply with Navstar's usage restrictions.
Those requirements will probably be thrown out when Gallileo goes live.
It's worth bearing in mind that the Gallileo consortium had to agree to a number of USA demands on operation, with the threat that if GPS systems weren't able to be shut down in certain areas, the USA would simply start shooting nonconforming satellites out of orbit. I suspect the same thing happens with Glonass, else the Indians could have used that in 1999 (it was functional then) and would probably happen to regional systems if it suited the USA/Russia/China (all 3 countries possess demonstrated anti-satellite missile capabilities.)
Even without explosives, there's enough jamming capability in orbit to shut down a 3rd party's navigation satellites if desired.
"Unless the satellites are in geosynchronous orbits, of course, but then you're not going to have the separations you need for a good solution."
The satellites are at geosynchronous altitude but located off the Clarke Belt. This results in a constellation of satellites which appear to move north/south or in a figure 8 above a fixed point on earth.
The japanese system is setup the same way - in that case resulting in rather good australian coverage, but other than Sri Lanka there's nothing due south of India except a few military bases in the southern Indian Ocean.
The footprint for Japan's system is well-described at http://en.wikipedia.org/wiki/Q... - and trhe indian system is more or less the same prionciple.
"Except that today, China is very much an ally of Russia (or maybe even vice versa)."
China and Russia are ancient foes. The Soviet-sino alliance was the abberation, not the norm.
At the moment there's very little love lost between China and Russia and any alliances are out of necessity. The chinese have made it clear on a number of occasions that they're not fans of Putin's form of government (the chinese govt regard him as a destabilising influence, as they're very aware that global peace makes for better trading than endless wars do)
There are only a few places one can cross the Chinese/Russia border and that's a chinese decision. If they were buddy-buddy the border would be far more porous.
Going back to India's navigation system: It's as much about flagwaving as it is about actual regional stability. This is the same reason the french maintain their own navigation systems, separate to any EU projects.
Opensource is the posterkid for bashing this week, but at least the holes are being fixed now that attention is focussed.
The recent windows-related NSA stories show what happens when bugs remain unpublished and can get widely exploited for years before being quietly fixed.
"Many eyes" may not find bugs in a hurry if they're not looking, but when they finally focus on the code, things change rapidly - and the finding of these bugs often inspires other eyes to go check for the same thing in other code (which is how the ancient X bugs were found recently.)
People repeatedly tell me that old code is safe and secure because it's old and therefore stable. My argument is that the only "safe" code is stuff which has been security audited and gets regularly security audited - and that most old stuff has never been properly checked because everyone assumes someone already did it.
"Vodafone here in Europe is also blocking TLS when sending emails through their broadband services. They do so only when port 25 is used; they don't in other cases. "
Endusers (that's you and me) have no business sending mail out on port 25 directly to servers in other parts of the network. That's how spammers operate and it's why allowing endusers to get to world:25 has been deprecated for nearly 20 years.
Most ISPs simply portfilter outbound port 25 to/dev/null and transparently proxy port 80 (http)
Outbound ssl on port 993 (imap), 465/587 (smtp auth) 443(https) or 22 (ssh) is another matter and if I found a ISP filtering or MITMing these I'd scream the house down.
ISPs who MITM your port25 traffic think they're doing endusers (and the world) a favour by keeping spammers at bay. This is misguided optimism at best.
"As for your experience with photo ID, the employee should be in trouble, at least if it was Visa or MC. The merchant agreement prohibits requiring ID. You can ask for it, but if the customer doesn't want to provide it, you can't make it a condition of completing the transaction."
A good lawyer can (and will) trivially argue that this policy facilitates fraud and therefore invalidates any blame the merchant might be taking.
Slashdot Mirror
See other postings about Prolific.
There are a dozen USB-serial devices out there, quite a few are pin-compatible and most of them are cheaper than FTDI's F232R
> "Bricked" means that it is no longer useful, ever, under any circumstances. It's dead, and not recoverable.
OK, "soft bricked"
The legality of this is still unquestionable. if the enduser has to expend energy undoing the damage then what's happened is a crime in many countries, EULA or no EULA (None is presented when you do a Windows update so a judge will not only toss out any attempt to point to that as a defence, but likely find any such attempt to be in contempt of court)
I would not like to be a FTDI exec at the moment.
"there is next to zero ways to punish china based sellers and 99% of them are engaged in selling fakes (of anything, not just chips)."
Incorrect and incorrect.
Chinese copyright, trademark and patent law exists and is enforced. If companies are too bone-arsed lazy to register their trademarks/patents in china then they can't defend them there.
Chinese authorities regularly shut down and arrest counterfeiters - where the IP is registered in china.
Before the americans in this thread pile in, I'll remind you that until the start of the 20th century, european copyrights, patents and trademarks had zero validity in the USA unless explicitly registered there - something which Thomas Edison took advantage of to steal not only the inventions of the Lumiere Bothers (the movie projector), but also their creative works (Their movies) - something which the Lumieres found out the hard way when they tried to move to the USA and were found guilty of copyright infringement for displaying works they had made, but which Edison had registered copyrights on.
Amongst other things the result of this was the global book distribution cartels, which exist to this day, where parts of the world are carved up and a book authored and printed in the USA can be seized as copyright violation if sold in Australia without going through the "correct" distribution channels - which in some cases increase the cover price by a factor of 20 compared to direct imports.
Even now, a EU-registered patent has no validity in the USA unless explicitly registered there too (and vice-versa).
Copyrights/trademarks are a good idea for protecting intellectual property, but not such a good idea when attempts are made to use them as a license to print money, especially in this new era of widely available and rapidly circulating knowledge.
It's counterfeited because it's more expensive than the other pin-compatible devices out there.
FTDI is making quite a profit margin on their devices.
They were effectively faced with a choice of reducing their margin a little on a device which has repaid its R&D costs many times over (which will stop the counterfeiting of their logo) or protecting it by defending against trademark forgery.
The choice they took to protect it amounts to criminal overreach which affects the wrong parties.
"screwed the pooch" doesn't even come close to describing this mess. It may well result in FTDI having to exit the USB-serial market entirely.
"Again (as per previous posts) :) FTDI didn't break anything - they moved the USB ID off their allocated(and payed for/licensed range) and that was that"
According to the computer misuse act in the UK, they performed a criminal act by making unauthorised modifications to devices they didn't own.
The fact that utilities exist to reprogram the soft-bricked devices is irrelevant to the law at hand.
There _will_ be legal fallout from this. In the UK the unfair terms in consumer contracts act will wipe outthe clauses that FTDI are relying on and I wouldn't be at all surprised if whoever signed off on it in the UK (it's a scottish company) ends up in court on criminal charges.
These aren't clones.
The devices in question are internally completely different, but mimic the FTDI command set. They're workalikes, not clones, nightshift runs or factory rejects.
The "sin" comes from marking device packages as FTDI (trademark violation) and presenting a USB Vendor ID of FTDI (unlicensed use of the ID)
Analysis shows that the IP which went into creating the workalikes is at least as expensive as the FTDI devices and the die costs are about the same. What this really exposes is how much FTDI is making from their brand name for what is a generic serial device and what lengths they will go to to protect that brand name.
It's because the profit margin exists over generic, that unscrupulous vendors badge the workalines as FTDI - and the fakes are so good that they're hard to detect visually. The price differential on fake branding is almost nonexistant - 3-5% or less (sometimes no difference), which is within the margin of error on supply chains, so it's no wonder these appeared in production runs.
As others have said, FTDI has burned a shedload of goodwill in a mantter of days. If they wanted to flag attention to the fakes they could have done so in a far less destructive manner (which amounts to arbitrary seizure and destruction of property, something which requires a court order in most countries even for trademark piracy)
Thankfully, there are a bunch of pin-compatible replacements for the device from various makers The FTDI device itself was a pin-compatible replacement for first-generation usb-serial chips.
Workalike makers now know how to make their devices even better mimics of FTDI - plus how to resist VID reprogramming - and a lot of people in the design and build sphere now know that many of the pin-compatible devices are significantly cheaper, use less power and run faster.
The ironic thing out of all this is that the workalikes are significantly faster devices which draw less power and could easily stand on their own 2 feet as a properly branded item. They were sold as FTDI because of resistance to buying other brands by western designers.
End result: Own Goal by FTDI. Did they do this as a prelude to getting out of the serial chip market?
"One is the lights are normally timed based on the road's speed limit, so if traffic is going a lot slower for some reason, then the time to cross the intersection may be greater than the yellow light interval."
There's enough cpu in even a simple traffic light controller these days that slower traffic can be equated with longer yellows if need be.
I'm minded of a 4 lane road in a city I lived as a kid which didn't actually allow enough green time from sidestreets for pedestrians to cross. It used to terrify me when I was 7-8 and there was no pedestrian refuge on the median.
"But then again there are junctions in the UK where you can get trapped into either stopping in a box junction or running a red light - either of which gets you a fine. "
The UK road rules are very clear: "Do not enter an intersection unless the way is clear to exit it"
Technically, if you stop _at any time_ whilst in an intersection, you can be ticketed for careless driving.
Yellow crosshatching in junctions is merely a reminder of the rule on roads which are more prone to blockage and therefore more likely to have active enforcement.
"increase yellows to NHTSA or similar standards"
Make them a legal standard and a state/federal crime to go below the standard. Manglement may want $$$ but they don't like the idea of going to jail.
EU lights go from red to red+orange to green. That's AFTER the opposing lights go red. There are minimum dual-red dwell-times, but the transition means you're ready to go when the light goes green and anyone running a red in the other direction is doing so when it's already been red for at least 2 seconds.
I always thought it was odd to have the red+orange before I lived in the EU but it does make for smoother traffic flow (red+orange is still "red" for legal purposes. It's a warning to be ready to move off and you'll get ticketed if you move onto the intersection before a green light)
Simple solution: Set federal minimum amber times, modify by intersection widths and make it a federal crime to set timers shorter than this, with personal as well as corporate liabilities.
A few city managers cooling their heels in jail will have the rest deciding between safety and jailtime, instead of safety and revenue.
I'm surprised that the USA's notorious unlimited liability laws haven't been used to knock the practice on the head. All it would really take is to make it a liability-insurance-voiding action and I bet you'd see managers not take the risk.
Edison was first and foremost a marketer and secondly a highly predatory intellectual property thief.
Ask the Lumiere Brothers - they found he'd not only stolen their moving project equipment and patented it the USA, but he'd also stolen one of their movies and copyrighted it as his own in the USA.
Even his lightbulb R&D stole large amounts of data from Swan - which was legal in the USA, but when he tried to expand into europe, Swan's prior patents forced Edison to back down.
He may have done a lot of stuff himself but for the most part he hired an army of assistants who never received credit for their work or research.
"But I'm not dead yet"
In the 21st century USA, any such laws would immediately be annulled if it suits those in power.
"This should outrage you, a public official at the top of the NSA has taken on another (very high) paying private section job"
As a non-citizen, non-usa resident, it just underscores my perception that the USA is at least as corrupt a place as India, China, Russia, or Nigeria or (add another 20-30 countries in here).
The only difference over the last 20 years is that it's coming more and more into the open with virtually no punishments meted out, whilst other countries are mostly undertaking efforts to stamp corruption out because it's damaging to their economies.
"he was off shift and thought as a private person he could get away with it but was sentenced harsher because as a cop he should have known better."
That was 1978.
In 2014 he'd have been exonerated and the householder convicted of resisting arrest or some other trumped up charge (or dead, with the cop patted on the back and given a bonus).
GPS systems are proving to be far more valuable to indian civilians than the indian military. One of the greatest advances has been the use of GPS-guided farming systems and using GPS data from ground surveys to identify areas most vulnerable to flooding and move people.
Yes, India has grinding poverty, but it's doing far more than the USA ever did to lift its people out of that - meantime the USA's poverty levels keep increasing.
The interesting phenomenon which is emerging (and has emerged in every single country in the world that wealth has increased) is that the middle classes have fewer children. In a country threatened with overpopulation it seems the best way of alleviating this is to minimise poverty.
There are a number of GPS receiver chip designs which are external to the USA (design and manufacture). The problem is that in order to be signed off as Navstar compatible and/or sold in the USA, they have to comply with Navstar's usage restrictions.
Those requirements will probably be thrown out when Gallileo goes live.
It's worth bearing in mind that the Gallileo consortium had to agree to a number of USA demands on operation, with the threat that if GPS systems weren't able to be shut down in certain areas, the USA would simply start shooting nonconforming satellites out of orbit. I suspect the same thing happens with Glonass, else the Indians could have used that in 1999 (it was functional then) and would probably happen to regional systems if it suited the USA/Russia/China (all 3 countries possess demonstrated anti-satellite missile capabilities.)
Even without explosives, there's enough jamming capability in orbit to shut down a 3rd party's navigation satellites if desired.
"Unless the satellites are in geosynchronous orbits, of course, but then you're not going to have the separations you need for a good solution."
The satellites are at geosynchronous altitude but located off the Clarke Belt. This results in a constellation of satellites which appear to move north/south or in a figure 8 above a fixed point on earth.
The japanese system is setup the same way - in that case resulting in rather good australian coverage, but other than Sri Lanka there's nothing due south of India except a few military bases in the southern Indian Ocean.
The footprint for Japan's system is well-described at http://en.wikipedia.org/wiki/Q... - and trhe indian system is more or less the same prionciple.
"Except that today, China is very much an ally of Russia (or maybe even vice versa)."
China and Russia are ancient foes. The Soviet-sino alliance was the abberation, not the norm.
At the moment there's very little love lost between China and Russia and any alliances are out of necessity. The chinese have made it clear on a number of occasions that they're not fans of Putin's form of government (the chinese govt regard him as a destabilising influence, as they're very aware that global peace makes for better trading than endless wars do)
There are only a few places one can cross the Chinese/Russia border and that's a chinese decision. If they were buddy-buddy the border would be far more porous.
Going back to India's navigation system: It's as much about flagwaving as it is about actual regional stability. This is the same reason the french maintain their own navigation systems, separate to any EU projects.
There's a persistent rumour been circulating for 20 years that XYZ paper money contains RFID chippery, so that Big Brother can track things.
Criminals would love this to be true.
No more guessing who's rich enough to mug, simply scan passers-by and see which nondescript one is carrying the day's cash takings to the bank.
Opensource is the posterkid for bashing this week, but at least the holes are being fixed now that attention is focussed.
The recent windows-related NSA stories show what happens when bugs remain unpublished and can get widely exploited for years before being quietly fixed.
"Many eyes" may not find bugs in a hurry if they're not looking, but when they finally focus on the code, things change rapidly - and the finding of these bugs often inspires other eyes to go check for the same thing in other code (which is how the ancient X bugs were found recently.)
People repeatedly tell me that old code is safe and secure because it's old and therefore stable. My argument is that the only "safe" code is stuff which has been security audited and gets regularly security audited - and that most old stuff has never been properly checked because everyone assumes someone already did it.
"Vodafone here in Europe is also blocking TLS when sending emails through their broadband services. They do so only when port 25 is used; they don't in other cases. "
Endusers (that's you and me) have no business sending mail out on port 25 directly to servers in other parts of the network. That's how spammers operate and it's why allowing endusers to get to world:25 has been deprecated for nearly 20 years.
Most ISPs simply portfilter outbound port 25 to /dev/null and transparently proxy port 80 (http)
Outbound ssl on port 993 (imap), 465/587 (smtp auth) 443(https) or 22 (ssh) is another matter and if I found a ISP filtering or MITMing these I'd scream the house down.
ISPs who MITM your port25 traffic think they're doing endusers (and the world) a favour by keeping spammers at bay. This is misguided optimism at best.
"As for your experience with photo ID, the employee should be in trouble, at least if it was Visa or MC. The merchant agreement prohibits requiring ID. You can ask for it, but if the customer doesn't want to provide it, you can't make it a condition of completing the transaction."
A good lawyer can (and will) trivially argue that this policy facilitates fraud and therefore invalidates any blame the merchant might be taking.
"Bottom line (and there are exceptions), merchants aren't on the hook if it's a face-to-face transaction."
As a merchant, I've experienced what happens on a disputed face-to-face transaction:
It gets reversed and charged the same as card not present fraud.
It's one of the reasons I installed a video surveillance system at the point of sale.