Hospital equipment? Quite possibly.
Air traffic control? Dunno.
I don't know that any of FTDI's parts (especially the FT232 concerned here) are certified for life-critical systems, so they wouldn't appear in those settings.
In this whole affair, the chain of responsibility goes back to the suppliers of the counterfeit parts.
- Products stop working as intended, they are returned to the manufacturer.
- Manufacturer has cluster of returned products. Investigates.
- All came from factory X, between dates Y and Z.
- Supplier of FT232 for that batch/es grilled. Taken to court.
- Supplier goes to their supplier seeking satisfaction
- And so on until the counterfeit chip maker has nobody to sell to.
T-shirt idea:" OMG FDTI Killed my Dongle.. You Bastards"
When I look on the "Texas instruments" site they have a "pricing at 1k" column in their product selection tables. As I don't buy components from them in 1k units, those prices are way lower than what I pay with Farnell for 2, 5 or 10 of them. With a lot of products we KNOW that in china people can earn money from putting items in envelopes at $1 per item including shipping. So what makes it impossible that someone in china bought 1k FTDI chips and is willing to sell them to me at cost+shipping+margin ending up cheaper than Farnell at 5, 10 or 20 quantity?
haha essentially what I do but from the UK so faster and more reliable*
*when you don't take royal mail's "performance" into account
All FTDI need to do is write the driver to refuse to talk to fake chips which is perfectly legal and maybe send details of the product back to FTDI so that they can track the offenders down. Now if windows is using FTDI's drivers then that is not the users problem and is something they need to take up with microsoft
Does anyone know for sure how long this driver has been out?
The drivers dated 2014-09-29 have the license file waning of damage to parts, the ones released 2014-02-21 do not.
My guess is since 2014-09-29. This fits in with reports of people having problems starting from early this month.
Our company had some BSOD problems last year. Devices were not bricking, but some computers would BSOD during comm init. Vista and 7 were affected, but not all. The chip (FT232RQ) was purchased from farnell and included in to some expensive gear. Clients started returning our product. Massive losses. We did not find a solution or cause and simply decided that this chip is crap. Went for silicon labs alternative, which works fine and is a lot cheaper too.
I can imagine exact thing happening again.
I saw this issue with PID of 0000 just under a month ago, added the PID to the inf file and was working fine for me.
The fact that Microsoft allowed this in an update is not an issue with Microsoft but with FTDI. it should not have the effect of bricking the device and i'm sure that is borderline illegal.
I have uploaded the inf files to work with the device with a PID of 0000 here:
http://s000.tinyupload.com/?file_id=02202246962541455351Extract the official drivers, replace the inf file with these, then install the inf files one at a time.
FTDI need to release another update through microsoft to change the device PID back to whatever it should be to correct this issue.
Faith in FTDI is now shaken, they need to fix this issue to fix their reputation and image in the eyes of the electronic world.
ALL YOUR BASE ARE BELONG TO US
Our company had some BSOD problems last year. Devices were not bricking, but some computers would BSOD during comm init. Vista and 7 were affected, but not all. The chip (FT232RQ) was purchased from farnell and included in to some expensive gear. Clients started returning our product. Massive losses. We did not find a solution or cause and simply decided that this chip is crap. Went for silicon labs alternative, which works fine and is a lot cheaper too.
I can imagine exact thing happening again.
Thats a sad tale, and just because you bought from Farnell doesn't mean the chips were not fake.
Thats a sad tale, and just because you bought from Farnell doesn't mean the chips were not fake.
Yes, I wanted to say that you can never know, even when buying from legit sources. We still don't know what happened, no proof it being fake etc. So safest step would be to simply not use it.
I just informed my new colleagues about this and response was "ok, I see. No FTDI then."
Another new T-SHIRT idea:
"FTDI - Remember them?"
or simply:
"FTDI - WTF?"
The fact that Microsoft allowed this in an update is not an issue with Microsoft but with FTDI.
It is a potential massive issue with MS.
Unlike the drivers you download from FTDI, which have a warning, albeit hidden on a second page, the MS stuff is installed without express permission.
If someone were to sue, they would sue MS, not FTDI, as it was MS that delivered the malware which broke their hardware.
However where it gets more muddy is showing intent - FTDI clearly had the intent to cause damage, which is not only a civil but pprobally also a criminal matter (in the UK, criminal damage, and Computer Misuse act) .
My guess is MS will not admit whether or not they knew about it, as if they did know, they would also open themselves to action based on intent to cause damage.
All FTDI need to do is write the driver to refuse to talk to fake chips
The problem with this is that the test is also a countermeasure: FTDI tries to brick the device in a specific way, that doesn't affect legit chips.
I have one left (the rest of the boards I bought are still on a boat) so here it goes:
Before:
[178303.303679] usb 2-4.2.4: New USB device found, idVendor=0403, idProduct=6001
After:
[178454.602228] usb 2-4.2.4: New USB device found, idVendor=0403, idProduct=0000
Git pull request for this driver update would be handy, would make for a fantastic Linus rant.
In this whole affair, the chain of responsibility goes back to the suppliers of the counterfeit parts.
- Products stop working as intended, they are returned to the manufacturer.
- Manufacturer has cluster of returned products. Investigates.
- All came from factory X, between dates Y and Z.
- Supplier of FT232 for that batch/es grilled. Taken to court.
- Supplier goes to their supplier seeking satisfaction
- And so on until the counterfeit chip maker has nobody to sell to.
Can you think of any reason why FTDI, being the sole beneficiary of this long, drawn-out and hugely expensive process besides the lawyers, should NOT foot the bill for it?
haha essentially what I do but from the UK so faster and more reliable*
*when you don't take royal mail's "performance" into account
You prefer CityLink or Yodel? Really? Ever had to retrieve a "delivery" from your rubbish bin (I have)?
(BTW I've just had a RM try to deliver a parcel to me despite it being the wrong road - and despite there being a sign 1" from the doorbell indicating that. Worst example of a misdelivery was roof-height scaffolding!)
It is the logo and the IDs used by the chip than makes it "fake".
No it's not. At least in the EU, interfaces, APIs and software functions used for interoperability cannot be copyrighted. Moreover in some countries the reproduction of such interfaces for the purpose of interoperability is even protected, rendering EULAs that forbid 'emulating' a device void. And the driver can not determine if the device brings their logo.
Their only defense was that they're exploiting a side-effect of running some code on the counterfeit device, but that stopped being effective as an excuse the moment they acknowledged they are aware their drivers are actively bricking third party devices.
Shielding behind the EULA is not going to work either: if I plug my end-user device I bough with due diligence from a reputable vendor into someone else's laptop and the driver included in Windows renders it interoperable, where is that I had the chance of being made aware of their policy?
(sidenote: I am sympathetic to their massive issues to fight counterfeit devices flooding their market, on the other hand, I am concerned that my consumer rights don't get in the middle of a battle between manufacturers and clones)
The problem with this is that the test is also a countermeasure: FTDI tries to brick the device in a specific way, that doesn't affect legit chips.
Then they should change it right back when done, but a better test probably exists.
All FTDI need to do is write the driver to refuse to talk to fake chips
The problem with this is that the test is also a countermeasure: FTDI tries to brick the device in a specific way, that doesn't affect legit chips.
They could've written to an even EEPROM location, read it back to check whether it was indeed written, then restored it. This would've been slightly dangerous (disconnecting the device at the wrong time would cause a checksum failure which *might* cause it to malfunction), which is a far cry from consistently and deliberately bricking every device.
Can you think of any reason why FTDI, being the sole beneficiary of this long, drawn-out and hugely expensive process besides the lawyers, should NOT foot the bill for it?
Of course they should foot the bill.
I'm sure they already worked out a ballpark figure of what said bill might be, and still decided they'd end up better off, with their army of accountants and lawyers.
I now face an interesting problem. Suppose I want to buy a USB to serial cable from Saturn (a reputable electronics retailer here in Europe) and the outside of the packet says that it has an FTDI chipset:
If the chipset is genuine the I am supporting FTDI and I do not want to do this.
If the chipset is fake then it will die as soon as I plug the cable into an MS Windows machine.
My only option is therefore to avoid ANY product that has an FTDI chip leading to loss of business on their part. Rather silly on their part, killing their own market like that.
If nothing else this sets a very dangerous precedent.
Crap like DRM is bad enough, but if this sort of behaviour is allowed (e.g. by Microsoft including it in updates), and is considered "acceptable", what next?
Printer bricked after using knock-off cartridge?
Hard disk wiped if MS discovers your license number is a copy?
Phone bricked after using a fake battery?
I don't think that we'll see much of that since it would be plain illegal in several countries. For Germany it's quite simple. Any warning in the licence or another paper about bricking stuff is invalid since it would be a bad surprise and also would discriminate users disproportionately. Bricking devices is a willful damage to property and that's an offence. Things like wiping disks is computer sabotage, also an offence. The vendor would have to compensate the user for any damages and would also face a fine and/or some jail time for the responsible managers.
haha essentially what I do but from the UK so faster and more reliable*
*when you don't take royal mail's "performance" into account
You prefer CityLink or Yodel? Really? Ever had to retrieve a "delivery" from your rubbish bin (I have)?
(BTW I've just had a RM try to deliver a parcel to me despite it being the wrong road - and despite there being a sign 1" from the doorbell indicating that. Worst example of a misdelivery was roof-height scaffolding!)
I'm holding tight for xmas, when RM became privatized my lost deliveries went from 1 per 2 months to 2 per week! they now contractually reserve the right to take 15 days more than "promised" or "aimed" to deliver and even for "special delivery guaranteed by x time next day" they make the contractual right to take 10 days on top of that if they feel like it.
Yea the cheap parcel carriers are crap - you generally get what you pay for
I sense a very interesting shitstorm brewing!
I just cannot fathom what kind of thinking led to releasing a driver like this from FTDI. I'm absolutely certain they WILL get sued by some party having massive losses due to this sabotage.
I agree with every (sensible) person here that showing an explicit window saying this driver will not work this counterfeit chip would have been perfectly good enough. But actively sabotaging chips due to a counterfeit logo, wow.
The only logical conclusion I can come up to is that I will not use any FTDI chips in my own or my work projects because of this debacle. This way I can minimize my (and my employers) risk of getting caught up in this. Also this kind of stuff is pretty telling of the companys ethics and I do not want to condone such behaviour.