Where is the evidence that fakes make it into the supply chain of FTDI authorised distributors? (which as of now is: Arrow, Digikey, Farnell/Element14, Mouser, and RS)
So let's say we have this sequence:
1. A device is designed in the USA and an FTDI part is specified. No "equivalent" in the BOM.
2. The device is produced by a contract manufacturer in the USA for a couple years using the FTDI part.
3. The contract manufacturer purchasing department inadvertently gets hold of the counterfeit but otherwise apparently functional parts.
4. The units pass the test fixture because it is not regularly updated with the drivers that either disable or transmit bogus data.
5. Some number of units are distributed to the field.
6. Some of the units fail early because the computer already has the updated driver.
7. Other units work for a while and fail when the driver is updated.
8. The designer of the device has long since worked on another project.
9. The now non-functional units go back through the warranty department, instead of the engineering department.
10. It takes some amount of time before the failure rate is noticed and turned over to engineering.
11. Another engineer is assigned to look at the problem. He is otherwise quite skilled, but not experienced with the FTDI products or issues.
12. The contract manufacturer has since sourced legitimate parts.
13. The devices with the counterfeit parts are written off as containing unreliable FTDI parts.
11-alternate - the engineer plugs the device into a computer, types a character, sees a message saying the device isn't genuine, all questions answered. The company contacts the build house, who investigates their supply chain, identifies the cause, and fixes it.
Why are you pretending the problem is so much more mysterious than it actually is?
And why is everybody here pretending it's once again some wide-spread infection, when there is zero evidence to support that? Again, a year ago it was a problem, FTDI exposed it, distributors were forced to investigate their supply chains, and [hopefully] fix the problem. A year later, somebody who KNOWINGLY bought a KNOWN COUNTERFEIT device on eBay runs into a similar issue. So what? He had it coming. There is no reason to believe the counterfeiters have infiltrated the legitimate supply chains again as they did a year ago.
@Tomorokoshi
If I do buy parts from a well known distributor and end up with fake parts I would expect them to rectify the situation.
Someone mentioned they got fakes from Mouser, well, what was Mouser's response when approached about the fakes?
Or didn't they get notified of the problem?
If your distributor is the one selling you fakes, it's their responsibility and they will have to fix it, if I pay for some brand name and got a fake I will be raising hell with who sold the fake to me.
Meanwhile, what about the boards that were replaced that don't have their chip? Reputation and all sorts of other intangibles? There is an awful lot that won't be able to be accounted for in a simple expense ledger.
BTW: if you don't need the extra features of the FTDI chip, just the serial port, it should be possible to modify the VID and PID with FT_Prog, and then use an INF file with the standard Microsoft USB serial port driver, like this one.Really? I thought FTDI did not use the normal serial port protocol (in order to support all those extra features nobody uses ).
Where is the evidence that fakes make it into the supply chain of FTDI authorised distributors? (which as of now is: Arrow, Digikey, Farnell/Element14, Mouser, and RS)
Good on them for continuing the push back against fakes. And to the people questioning what happens to life critical or dangerous equipment when there is a failure of a part, the result should be safe as required by all the various international standards. The manufacturer is on the hook for not testing their parts and keeping the supply chain in check, its usually as simple as checking date codes match on the board to the same ones on the parts you sent.
Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?
Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?Apple don't need to check the source, because they buy directly some containers from the manufaturers, no middle men who can fake it. But for lower volumes a test program would be feasible, if it can be integrated in an automated production environment (=command line program).
I don't think anyone here would have a problem if it simply did not work if a fake FTDI chip was detected. No writing back to the device in a way that destroys it, no altering the communications. Just - doesn't work unless a genuine FTDI chip is used. That's entirely within FTDI's rights. Intentionally damaging a device is over the line.
It is fine to refuse working. It is not fine to dump garbage data.
We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.
We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.
It's not the fault of FTDI that you want to do business with shady contract manufacturers in China.
You take the risk, you take the blame.
We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.
It's not the fault of FTDI that you want to do business with shady contract manufacturers in China.
You take the risk, you take the blame.
Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?Apple don't need to check the source, because they buy directly some containers from the manufaturers, no middle men who can fake it. But for lower volumes a test program would be feasible, if it can be integrated in an automated production environment (=command line program).
We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.
It's not the fault of FTDI that you want to do business with shady contract manufacturers in China.
You take the risk, you take the blame.
It could happen with any contract manufacturer, even US ones. The Chinese manufacturer might not be shady. My reel could be mislabeled and used for another job, so they scramble to replace it. There's a number of ways, malicious or not, that the authenticity of my parts could be compromised. All of that is even assuming I can guarantee the provenance of the parts before I send them out in the first place.
There are a lot of companies that can't make 5000 boards themselves but still can't afford a pick and place machine and reflow oven. Economics and the free market dictate the price of our goods, which is why contract manufacturers exists. Even large companies use them! Ever hear of Foxconn?
Since you have all the answers though, please, suggest an alternative.
We don't have this problem because we don't produce our products in the far-east/Asia.
Where is the evidence that fakes make it into the supply chain of FTDI authorised distributors? (which as of now is: Arrow, Digikey, Farnell/Element14, Mouser, and RS)
Good on them for continuing the push back against fakes. And to the people questioning what happens to life critical or dangerous equipment when there is a failure of a part, the result should be safe as required by all the various international standards. The manufacturer is on the hook for not testing their parts and keeping the supply chain in check, its usually as simple as checking date codes match on the board to the same ones on the parts you sent.
Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?
This is beyond stupid...
Your solution is doable for hobbists doing runs of tens or low hundreds or for extremely expensive stuff (think very high end oscilloscopi) where again few 10's get made each year but for general ewuipment it would be way too much work
It is impossible to show a message box from a Windows driver without some extra work, like a custom user mode application (see e.g. here). And I guess there are limitations what the automatic Windows driver update installs, like no user mode apps, only drivers. So they were lazy and added the TX message.
Of course, not a good solution. I think it is ok when the driver stops working, but it must not send anything unintended. They could release a press release that the driver stops working and provide a link to a user mode application, which checks the device and tells the user that it is a fake chip, instead again such covert actions. And I think the driver can add messages to the Windows event log, which would show the fake chip without installing a test program (@RFZ: can you see anything in the Windows event log?). Seems to be very easy for me: You have a FTDI chip, look in the event log if it is genuine. All manufacturers, users etc. would know it after some time, no big problem. Why do they do such dangerous things again? Microsoft should ban the driver from the update and don't certify it, problem solved, everyone switches to Prolific.
It is impossible to show a message box from a Windows driver without some extra work, like a custom user mode application (see e.g. here). And I guess there are limitations what the automatic Windows driver update installs, like no user mode apps, only drivers. So they were lazy and added the TX message.
Everyone is so caught up in the temporary inconvenience and hardship experienced by users and designers RIGHT NOW, as FTDI rolls out these drivers. Yes, it's hard, RIGHT NOW, but if FTDI keeps it up it will be very easy.
You keep saying there's no way to identify fakes. THERE IS, NOW. In fact it would be difficult to make it any easier.
You keep saying that you might develop a product, send it out, and it later gets bricked. Not if they keep this up. You'd brick your own board as soon as you started development, and all you have to do is plug the customer's board in, hit a character, and you'd know if it's genuine or not. It would never get into the hands of your customers with a fake chip on it.This is rather short sighted... The cloners already have a better chip rolling from the production lines so in a few months FTDI has to find a different way of identifying fakes. There is no way of telling that won't affect boards with real FTDI chips but what is certain is that when the differences between the clones and the real ones get smaller the detection algorithm has to be close to the edge so it is very likely that a real chip will be identified as a fake one. Worse, if they use timing related tests then it may fail every now and then leaving the end user with a device which doesn't work every now and then.
FTDI doesn't have to make it impossible to clone, they just have to make it difficult enough that the counterfeiters move on to another target. They've already forced the arduino knockoff makers to switch from FTDI fakes to another manufacturer, and if the legitimate distribution channels have closed the holes in their supply chains, who are the counterfeiters going to sell to? Where is the market, and why would they spend more and more time fighting FTDI when they could just move to another chip?
When is FTDI going to start bricking other VID/PID that use it's windows driver?
So, you don't need to worry as long as you don't use fake chips.
If you do use fake chips, you should be worried and for a good reason.
I suppose Microsoft's "Genuine Advantage" system should be renamed into Microsoft-gate too?