Author Topic: FTDIgate 2.0?  (Read 229677 times)

0 Members and 3 Guests are viewing this topic.

Offline madires

  • Super Contributor
  • ***
  • Posts: 4355
  • Country: de
  • A qualified hobbyist ;)
Re: FTDIgate 2.0?
« Reply #525 on: February 07, 2016, 01:24:10 am »
The counterfeit chips do have the FTDI logo. That's why it's counterfeit.
And that's why I sympathize with FTDI. They just try to make the counterfeit chips stop working.
I should have done the same.

Nobody said that FTDI can't protect their IP and brand. It's about the way they do it. Bricking compatible chips or modifying data sent to a compatible chip is computer sabotage or willful damage to property in several countries. It's a crime and FTDI's management could face jail time. This is a fact! And it doesn't matter what FTDI writes in an EULA. If parts of the EULA violate local law, those parts are without any meaning. What FTDI can do legally is to identify products with counterfeit chips and to let law enforcement confiscate and destroy those imports. Or they can release a driver which simply doesn't work with counterfeit or compatible chips.

I don't get it that some people are advocating FTDI's criminal actions. FTDI has done it twice now.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1280
  • Country: 00
Re: FTDIgate 2.0?
« Reply #526 on: February 07, 2016, 01:33:35 am »
The counterfeit chips do have the FTDI logo. That's why it's counterfeit.
And that's why I sympathize with FTDI. They just try to make the counterfeit chips stop working.
I should have done the same.
Bricking compatible chips or modifying data sent to a compatible chip is computer sabotage ...

Preventing counterfeit chips from working with their (FTDI's) driver and inserting a string "not a genuine chip"
is a logical response. Counterfeit chips shouldn't be produced or imported in the first place.
Aim your anger at the counterfeiters.


The difference between theory and practice is less in theory than
the difference between theory and practice in practice.
Expensive tools cannot compensate for lack of experience.
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7805
  • Country: us
  • adieu
Re: FTDIgate 2.0?
« Reply #527 on: February 07, 2016, 01:47:06 am »
You have a very interesting definition of "logical". Also, you seem to be under the impression that only one person can be at fault for something at a time (and that it's whomever you like less)...
No longer active here - try the IRC channel if you just can't be without me :)
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 4355
  • Country: de
  • A qualified hobbyist ;)
Re: FTDIgate 2.0?
« Reply #528 on: February 07, 2016, 02:00:18 am »
Bricking compatible chips or modifying data sent to a compatible chip is computer sabotage ...

Preventing counterfeit chips from working with their (FTDI's) driver and inserting a string "not a genuine chip"
is a logical response. Counterfeit chips shouldn't be produced or imported in the first place.
Aim your anger at the counterfeiters.

Sorry, you can't argue a crime away. If FTDI's driver's would have just stopped working with counterfeit or compatible chips nobody would complain. But FTDI has overdone it in a way which is considered a crime in several countries.
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 2624
  • Country: fr
Re: FTDIgate 2.0?
« Reply #529 on: February 07, 2016, 02:02:22 am »
Preventing counterfeit chips from working with their (FTDI's) driver and inserting a string "not a genuine chip"
is a logical response. Counterfeit chips shouldn't be produced or imported in the first place.
Aim your anger at the counterfeiters.

Karel, you keep repeating the same BS over and over. That won't make any more valid.

You are conflating two issues. Nobody is taking away FTDI's right to defend their IP or their rights. But they must do it in a legal manner. A good example of this was the hullabaloo when Fluke had Sparkfun's shipment of dodgy multimeters confiscated for trademark violation. That is the way to handle it, even though still a bit dicky move on Fluke's part - but they have actually shown good will compensated Sparkfun for it, even though they didn't have to do so.

If FTDI were a French company, they would have been roasted by the state for this already, because it is illegal to tamper with someone else's equipment - it is considered sabotage, especially as it is obviously intentional and not just "happens to not work because we don't guarantee compatibility".

It is the same concept as me not being able to simply shoot and kill a thief stealing my bike - I would end in jail for murder, plain and simple. That doesn't mean I have to let the thief steal it but I must use an a proportionate response instead of just blasting a hole in their head.

There is a concept of proportionality in law - your defense cannot cause more harm or harm that would be grossly out of proportion to the possible damage that could happen if there was no defense. So beating that bike thief up in the process would probably be still considered reasonable, taking their life would be not.

In FTDI's case all that it will take is a single accident that could be attributed to FTDI's grossly reckless actions and people will go to jail, regardless of what you are thinking is their right to do. It is just sad that there are actually people around who still don't get this concept.

« Last Edit: February 07, 2016, 02:04:14 am by janoc »
 

Online 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1177
  • Country: de
Re: FTDIgate 2.0?
« Reply #530 on: February 07, 2016, 02:07:51 am »
This kind of discussion always gets so emotional. Nobody would have complained if FTDI would implement their drivers and tools in a way that they only work with their own products. That's their right and if they did so from the very beginning, this whole problem would have never existed.
On the other hand bricking ICs (and thus devices) or potentially damaging devices by sending out garbage is a no-go. Even though admittedly the chances that an identified fake chip doesn't have an FTDI logo is about as unlikely as people being killed or injured by the "non genuine" string, the mere fact that both is not 100% impossible should be more than enough reason never to do such a thing. Obviously nobody of us has the juridical knowledge to judge the legal implications exactly, but it must be clear that even potentially damaging other people's property is nothing you can do without at least expecting to get legal trouble.
To talk in pictures as this was done so many times before in this thread: if someone stole your car, you should call the police, but setting his house on fire would be considered a crime in most civilized countries. Now to make the picture even more accurate, this is like setting the house of someone on fire who bought your stolen car unknowingly. Who could claim this was just or reasonable?
Trying is the first step towards failure - Homer J. Simpson
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1280
  • Country: 00
Re: FTDIgate 2.0?
« Reply #531 on: February 07, 2016, 02:16:50 am »
Preventing counterfeit chips from working with their (FTDI's) driver and inserting a string "not a genuine chip"
is a logical response. Counterfeit chips shouldn't be produced or imported in the first place.
Aim your anger at the counterfeiters.

Karel, you keep repeating the same BS over and over.

You convinced me with your impressively intelligent reply.

It is the same concept as me not being able to simply shoot and kill a thief stealing my bike ...

I guess you have lost connection with reality. If french people considder that killing a bicycle thief is
the same concept as a softwaredriver that refuses to work with counterfeit chips (chips who shouldn't be produced,
sold or imported in the first place), well, then I'm glad I don't live in France.

The difference between theory and practice is less in theory than
the difference between theory and practice in practice.
Expensive tools cannot compensate for lack of experience.
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7805
  • Country: us
  • adieu
Re: FTDIgate 2.0?
« Reply #532 on: February 07, 2016, 02:26:01 am »
It's a fair analogy, if a bit hyperbolic - in other words, just because somebody does something bad to you, that doesn't mean you get license to do whatever you want to them. All the arguments that FTDI can do this 'because counterfeiters' are missing the point of the argument, which is whether it's a reasonable thing to do at all regardless of why they're doing it.
« Last Edit: February 07, 2016, 02:27:33 am by c4757p »
No longer active here - try the IRC channel if you just can't be without me :)
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1280
  • Country: 00
Re: FTDIgate 2.0?
« Reply #533 on: February 07, 2016, 02:28:37 am »
Sorry, you can't argue a crime away.

Whether or not FTDI has committed a crime still needs to be determined. In the country where I live,
we have legal system with judges for that. So far, I haven't heard about any lawsuit against FTDI.

What we do know for sure is that counterfeiting is a crime (at least in most western countries).
So, aim your anger to the counterfeiters.

The difference between theory and practice is less in theory than
the difference between theory and practice in practice.
Expensive tools cannot compensate for lack of experience.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 4355
  • Country: de
  • A qualified hobbyist ;)
Re: FTDIgate 2.0?
« Reply #534 on: February 07, 2016, 03:43:38 am »
Sorry, you can't argue a crime away.

Whether or not FTDI has committed a crime still needs to be determined. In the country where I live,
we have legal system with judges for that. So far, I haven't heard about any lawsuit against FTDI.

Then please ask a lawyer in your country! I'm not a lawyer but I got an education in basic law and have been involved in legal topics, some being the contact for law enforcement. For Germany it's StGB §303a and §303b ( http://www.gesetze-im-internet.de/stgb/__303a.html and  http://www.gesetze-im-internet.de/stgb/__303b.html , Google Translate might help). If the broken device would be a medical device, a SCADA system or production machine for example, things would become interesting. But nobody would file a complaint about a cheap gadget (the damage would be too small).
 

Offline dannyf

  • Super Contributor
  • ***
  • Posts: 8229
  • Country: 00
Re: FTDIgate 2.0?
« Reply #535 on: February 07, 2016, 03:49:00 am »
Quote
If the broken device would be a medical device,

What is a "broken device"? Who "broke" it?
================================
https://dannyelectronics.wordpress.com/
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1280
  • Country: 00
Re: FTDIgate 2.0?
« Reply #536 on: February 07, 2016, 04:08:38 am »
Sorry, you can't argue a crime away.

Whether or not FTDI has committed a crime still needs to be determined. In the country where I live,
we have legal system with judges for that. So far, I haven't heard about any lawsuit against FTDI.
Then please ask a lawyer in your country!

The people who claim that FTDI is doing something illegal should do that.
I don't have any problems with FTDI. No need for me to ask a lawyer.

I'm not a lawyer ...

Fortunately, I don't need one anyway.

If the broken device would be a medical device, a SCADA system or production machine for example, things would become interesting.

FTDI's driver has been out for quiet some time now and nothing "interesting" has happened so far.


« Last Edit: February 07, 2016, 04:17:42 am by Karel »
The difference between theory and practice is less in theory than
the difference between theory and practice in practice.
Expensive tools cannot compensate for lack of experience.
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #537 on: February 07, 2016, 04:15:22 am »
Hmm they committed a crime?

Well, since they are part of the UK and they are part of the EU, then go ahead by all means and report them to the authorities.

Since you are so sure you get a lawyer and take action.
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 5983
Re: FTDIgate 2.0?
« Reply #538 on: February 07, 2016, 04:36:36 am »
Totally sure. It's a documented errata of the FT232R that was never fixed as far as I can tell, and there is no usable workaround (the workaround in that PDF is total bullshit, because you can't actually feed it data fast enough through USB to keep up with the max bitbang clockrate). The clone chip got it right. The errata PDF actually goes out of its way to be misleading and imply that the bug is fixed in Rev B, while it isn't - of the 3 issues documented, two say "fixed in rev B", but not the timing issue, and the Revision B section says "There are no known new functional issues specific to revision B.". I can confirm that genuine revision C chips are still bugged in bitbang mode. So, two silicon revisions later FTDI still hasn't fixed their broken bitbang mode, while the cloners got it right on the first try (as far as I can tell).
I can imagine the hilarity of someone whose design was based on the clone and worked until they ran into this problem with the new drivers and replaced their chip with a genuine one, only to find that it's now not working like it should... :-DD

It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.
Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post from the first FTDIgate.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 1280
  • Country: 00
Re: FTDIgate 2.0?
« Reply #539 on: February 07, 2016, 04:50:37 am »
It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.
Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post from the first FTDIgate.

I followed your links but I couldn't find any real information about those chips like where I can buy them, and where to find
the datasheet. Can you please provide links with some real useful info?
The difference between theory and practice is less in theory than
the difference between theory and practice in practice.
Expensive tools cannot compensate for lack of experience.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 4355
  • Country: de
  • A qualified hobbyist ;)
Re: FTDIgate 2.0?
« Reply #540 on: February 07, 2016, 04:51:40 am »
Quote
If the broken device would be a medical device,

What is a "broken device"? Who "broke" it?

"Broken device" is a simplification. The act of manipulating data ("NON GENUINE DEVICE FOUND!" instead of what ever is sent) without consensus is a criminal act by itself (§ 303a). Penalty is a fine or up to 2 years jail time. The offender is FTDI with their windows driver sending "NON GENUINE DEVICE FOUND!".

§ 303b is about interfering, modifying or damaging computer based systems which are important to someone else, also includes § 303a. There are three levels of penalties, for private computer systems, for corporate computer systems (includes authorities as well) and for huge damages, cyber criminals and important infractructure. Modifying the USB ID is clearly an illegal modification. Based on what the actual damage is, it could be just a fine (private/corporate) or jail time (up to 3 (private), 5 (corporate) or 10 (huge damage ...) years). The offender is FTDI with the old driver modifying the USB ID. Or with the new one sending "NON GENUINE DEVICE FOUND!" in case that the manipulation interferes with a computer system which is important to the victim.
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #541 on: February 07, 2016, 04:56:05 am »
Since you are in the EU, then report them, let us know how that went.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 4355
  • Country: de
  • A qualified hobbyist ;)
Re: FTDIgate 2.0?
« Reply #542 on: February 07, 2016, 05:02:18 am »
Hmm they committed a crime?

Well, since they are part of the UK and they are part of the EU, then go ahead by all means and report them to the authorities.

Since you are so sure you get a lawyer and take action.

:palm: I'm out. Can't argue about law with people without a basic understanding of law. Silly me.

Just a small hint: please read about "Strafanzeige" and "Strafantrag" and maybe you'll understand.
« Last Edit: February 07, 2016, 05:16:31 am by madires »
 

Offline madsci1016

  • Contributor
  • Posts: 24
  • Country: us
Re: FTDIgate 2.0?
« Reply #543 on: February 07, 2016, 05:09:39 am »


"Broken device" is a simplification. The act of manipulating data ("NON GENUINE DEVICE FOUND!" instead of what ever is sent) without consensus is a criminal act by itself (§ 303a). Penalty is a fine or up to 2 years jail time. The offender is FTDI with their windows driver sending "NON GENUINE DEVICE FOUND!".

§ 303b is about interfering, modifying or damaging computer based systems which are important to someone else, also includes § 303a. There are three levels of penalties, for private computer systems, for corporate computer systems (includes authorities as well) and for huge damages, cyber criminals and important infractructure. Modifying the USB ID is clearly an illegal modification. Based on what the actual damage is, it could be just a fine (private/corporate) or jail time (up to 3 (private), 5 (corporate) or 10 (huge damage ...) years). The offender is FTDI with the old driver modifying the USB ID. Or with the new one sending "NON GENUINE DEVICE FOUND!" in case that the manipulation interferes with a computer system which is important to the victim.

Lol, All FTDI has to do is say "You were using a piece of software that was never advertised nor intended to work with the hardware you had connected to your system." Whether you installed it yourself or you had your computer configured to install it automatically, both are your responsibility to control.

I mean think of it, setting the precedent that by simply copying a VID:PID makes the original certified owners of that ID suddenly liable for any damage caused by malfunction (intentional or not) due to driver mis-identification is ludicrous. That's the whole point of the VID:PID system, to create unique identifying pairs for software to match hardware. Those that broke that trust system should be liable for any damage.
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #544 on: February 07, 2016, 05:16:29 am »
Hmm they committed a crime?

Well, since they are part of the UK and they are part of the EU, then go ahead by all means and report them to the authorities.

Since you are so sure you get a lawyer and take action.

:palm: I'm out. Can't argue about law with people without a basic understanding of law. Silly me.

Since you are such an expert in law and you seen a company committing a crime as you said. Then as an EU citizen you should report them. I don't claim to have intrinsic knowledge of EU law at all, but you do make such claims.

Not reporting a crime is as bad as committing one, right?
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #545 on: February 07, 2016, 05:19:43 am »
Just a small hint: please read about "Strafanzeige" and "Strafantrag" and maybe you'll understand.

Does that mean that you want us to report it for you? I have no beef with FTDI at all.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 4355
  • Country: de
  • A qualified hobbyist ;)
Re: FTDIgate 2.0?
« Reply #546 on: February 07, 2016, 05:26:42 am »
Since you are such an expert in law and you seen a company committing a crime as you said. Then as an EU citizen you should report them. I don't claim to have intrinsic knowledge of EU law at all, but you do make such claims.

Not reporting a crime is as bad as committing one, right?

This is my absolute last reply in this thread:

I'm not an expert, but I have a basic understanding of German law and know my limits. Please read about "Strafanzeige" and "Strafantrag" and maybe you'll understand that your suggestion doesn't make sense. And trolling me doesn't change any facts, but if you like, keep going.
« Last Edit: February 07, 2016, 06:12:17 am by madires »
 

Offline mtdoc

  • Super Contributor
  • ***
  • Posts: 3561
  • Country: us
Re: FTDIgate 2.0?
« Reply #547 on: February 07, 2016, 05:34:12 am »
Not reporting a crime is as bad as committing one, right?

Um no - of course it isn't. Is that what you really believe?  If so are you taking down the license plate numbers and reporting every speeder you see on the road? How about every person you see littering? Every person you know who has illegally downloaded pirated software or media?


I have a question for those here who are voraciously defending and excusing FTDI's actions:

Why have they taken the approach of first bricking chips and then having chips send out erroneous data instead of simply making their driver not work with the clones?

In my mind that is the crux of the issue. In both cases they have deliberately chosen to take punitive action against the end user - not the clone makers but the end user - who in almost every case has no way of knowing they purchased a product with a cloned chip! 

This along with way they've handled the controversy in social media is very telling of their mindset and why so many have decided to stop using their chips in their designs and stop buying products that use their chips.

 

Offline madsci1016

  • Contributor
  • Posts: 24
  • Country: us
Re: FTDIgate 2.0?
« Reply #548 on: February 07, 2016, 05:38:28 am »
I have a question for those here who are voraciously defending and excusing FTDI's actions:

Why have they taken the approach of first bricking chips and then having chips send out erroneous data instead of simply making their driver not work with the clones?

Been answered in this thread:

Quote
Have you ever installed an updated driver to find the hardware stop working? What’s the first thing you do? Do you rip open your computer or device and check all chips for authenticity? What many people do (and admit it, you would to), is roll-back to the last known working driver, curse the company for making a bad new driver, and never update the driver again. That does nothing to alert anyone to a bad supply chain and makes you think FTDI is bad at writing working drivers.
 

Offline miguelvp

  • Super Contributor
  • ***
  • Posts: 5549
  • Country: us
Re: FTDIgate 2.0?
« Reply #549 on: February 07, 2016, 05:43:56 am »
Not reporting a crime is as bad as committing one, right?

Um no - of course it isn't. Is that what you really believe?  If so are you taking down the license plate numbers and reporting every speeder you see on the road? How about every person you see littering? Every person you know who has illegally downloaded pirated software or media?

That is not criminal. I think there is a differentiation of Crime vs Breaking the Law.

 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf