Counterfeits have been found in the legitimate supply chain.
Reference? Counterfeit FT232 devices specifically, not just "counterfeits of some chip." Has anyone here who has a "real product" and has been buying chips from real distributors received counterfeit FTDI devices? (No, I'm not counting Arduino-like or nth party usb/serial modules purchased from real distributors...)
hobbyist bubble
Have any non-hobbyist products been affected? A lot of "auction site usb/serial cables", a fair number of "arduino clones and derivatives" (perhaps including genuine Arduino Nanos, and some higher-level products that USE arduino-esque boards internally (like that tinyboy 3d printer.) (Or are we saying that arduino modules are no longer merely hobbyist devices? Which would be an interesting development in itself!)
life support
One does hope that if you make life-support equipment, you have in fact negotiated on that "not for use in critical applications" agreement, and DO have better-than-average supply chain management AND testing.
testing and counterfeit identification
Is anyone here a large enough FTDI customer that they can categorically state that FTDI has NOT provided such a tool to their large customers? A "counterfeit check" tool would certainly be nicer than having to run through the full driver version/windows version matrix... I'm not sure that I'd expect it to be available to "hobbyists", though. Or even mid-range manufacturers buying a couple thousand chips/year through Mouser/etc.
[Official FTDI distributor network sucks.]
I can agree with that. Prior to Arduino, FTDI chips were pretty much unobtainable, except through a few odd sources. If you wanted to use USB/Serial adapters, your best bet was an expensive USB/RS232 cable, with subsequent RS232/TTL conversion. :-(
Has anyone checked whether the new driver "malware" behaves the same with non-FTDI VID/PID ? (Can you even change the VID/PID of the counterfeit devices?)
Has the source of the counterfeit devices ever been determined (manufacturer? Path?) Maybe they should just sell their own chip and do their own driver; it can't be that hard - ch340g has penetrated pretty well, to the same sorts of vendors, even though it's significantly different.
-----
I sympathize with FTDI. I really do. But they sure could have handled all this much better. I too would rather have a driver that just didn't work, and plastered the "device manager" with the "counterfeit device" label, instead of bricking chips, or polluting the data stream.
I sympathize with small manufacturers. Or I guess "designers", really. LOTS of manufacturing below the fortune-500 is outsourced to someone, and I really wouldn't know how to go about finding someone with "good supply chain management" when I was mostly looking for "someone who's willing to deal with small volumes from a small designer." Putting that big
? over FTDI would not be good. But the problem isn't unique to FTDI - they've just made it particularly obvious. A different chip with a different clone and a more subtle problem is just as scary, right?
I even sympathize with the hobbyist ordering off auction sites. One might expect occasional non-working merchandise. Things that work for a while, but suddenly stop working because of a non-controllable windows update are scarier. (although, see above about "subtle" issues.)