Author Topic: FTDIgate 2.0?  (Read 382559 times)

0 Members and 5 Guests are viewing this topic.

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #750 on: February 28, 2016, 04:59:04 pm »
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.

There are no two wrongs. Just one. The counterfeiters.

So it's ok for you, when you've got some counterfeit part in you car, let's say a scew, and the manufacturer of the genuine screw smashes all windows and lights of your car?

Not a valid comparison. Physically, FTDI didn't brake anything. What FTDI did is preventing the counterfeit chips from working
with the FTDI driver. It's still possible to use the bricked counterfeit chips with another (yet to be made) driver.


 

Offline madires

  • Super Contributor
  • ***
  • Posts: 7695
  • Country: de
  • A qualified hobbyist ;)
Re: FTDIgate 2.0?
« Reply #751 on: February 28, 2016, 05:06:13 pm »
So it's ok for you, when you've got some counterfeit part in you car, let's say a scew, and the manufacturer of the genuine screw smashes all windows and lights of your car?

Not a valid comparison. Physically, FTDI didn't brake anything. What FTDI did is preventing the counterfeit chips from working
with the FTDI driver. It's still possible to use the bricked counterfeit chips with another (yet to be made) driver.

Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #752 on: February 28, 2016, 05:12:52 pm »
So it's ok for you, when you've got some counterfeit part in you car, let's say a scew, and the manufacturer of the genuine screw smashes all windows and lights of your car?

Not a valid comparison. Physically, FTDI didn't brake anything. What FTDI did is preventing the counterfeit chips from working
with the FTDI driver. It's still possible to use the bricked counterfeit chips with another (yet to be made) driver.

Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?

That's a problem for the garage and/or the car manufacturer. Not mine.
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 7695
  • Country: de
  • A qualified hobbyist ;)
Re: FTDIgate 2.0?
« Reply #753 on: February 28, 2016, 05:58:48 pm »
Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?

That's a problem for the garage and/or the car manufacturer. Not mine.

The same for any shop selling or any manufacturer producing some electronics with a possible counterfeit FTDI chip. And how would they reduce the risk? More stringent checks of supply chains? Or simply go for another chip, possible less expensive? Anyway, FTDI's actions are very stupid.
 

Offline suicidaleggroll

  • Super Contributor
  • ***
  • Posts: 1453
  • Country: us
Re: FTDIgate 2.0?
« Reply #754 on: February 28, 2016, 06:10:18 pm »
Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?

That's a problem for the garage and/or the car manufacturer. Not mine.

The same for any shop selling or any manufacturer producing some electronics with a possible counterfeit FTDI chip. And how would they reduce the risk? More stringent checks of supply chains? Or simply go for another chip, possible less expensive? Anyway, FTDI's actions are very stupid.

That's up to them.  If there's a reasonable chance they're getting counterfeits of ANY chip in their supply chain, they're doing something wrong.  Yes sometimes they slip through and you unknowingly end up with one, but that's a problem regardless of what it's a counterfeit of.  Freaking out because FTDI is actually doing something about it is completely backwards.  You shouldn't want ANY counterfeits, at all.  At least with FTDI you know you've got one and can address the issue directly, instead of spending weeks/months investigating irregular and sporadic failure modes until you manage to track it down (IF you manage to track it down).

More stringent supply chain checking is always the right answer.  Moving to another manufacturer that isn't currently being counterfeited, while continuing to use shady, under-the-table distributors is a lazy way out that just kicks the can down the road and invites counterfeits into all other parts of your product.
 

Offline retrolefty

  • Super Contributor
  • ***
  • Posts: 1648
  • Country: us
  • measurement changes behavior
Re: FTDIgate 2.0?
« Reply #755 on: February 28, 2016, 06:18:14 pm »
Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?

That's a problem for the garage and/or the car manufacturer. Not mine.

The same for any shop selling or any manufacturer producing some electronics with a possible counterfeit FTDI chip. And how would they reduce the risk? More stringent checks of supply chains? Or simply go for another chip, possible less expensive? Anyway, FTDI's actions are very stupid.

 Stupid in your (and others of course) estimation but perhaps not stupid in FTDI's estimation. Their business, their IP, their market, they should be and apparently are free to try and deal with counterfeiters the best they can within the rule of law they are subject to. It's not like any other governments, companies, or users are going to 'fix' the problem for them.

 Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?
 

Online Gyro

  • Super Contributor
  • ***
  • Posts: 9410
  • Country: gb
Re: FTDIgate 2.0?
« Reply #756 on: February 28, 2016, 06:37:47 pm »
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread) - make their drivers simply refuse to work with the fake chips, don't brick them, don't send out garbage text, just don't work with them. It's that simple!  :palm:
Best Regards, Chris
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7799
  • Country: us
  • adieu
Re: FTDIgate 2.0?
« Reply #757 on: February 28, 2016, 06:42:14 pm »
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread) - make their drivers simply refuse to work with the fake chips, don't brick them, don't send out garbage text, just don't work with them. It's that simple!  :palm:

This.

I really don't understand why they went the frankly very puerile route of spitting out garbage data. They can just not work. Very few of us would have a problem with that. I certainly wouldn't.

We've also said this many times in this thread, so "people could suggest better constructive steps" is yet another case of speaking before reading. |O
No longer active here - try the IRC channel if you just can't be without me :)
 

Online Ian.M

  • Super Contributor
  • ***
  • Posts: 12807
Re: FTDIgate 2.0?
« Reply #758 on: February 28, 2016, 06:51:32 pm »
Exactly.  Simply not working with non-FTDI chips is reasonable and expected, but tampering with stored or streamed customer data is on a similar ethical level as the actions of a typical cracker.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #759 on: February 28, 2016, 06:53:23 pm »
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread)

No, it has not.

- make their drivers simply refuse to work with the fake chips, don't brick them, don't send out garbage text, just don't work with them.

Why not? The effect is the same. Counterfeit chips can not be used with FTDI drivers.
Generating the string "not a genuine chip" is just done as a courtesy to inform what the cause is.
For the enduser who has no clue, it makes no difference at all. He needs to get his device returned to the seller to let
it repaired or replaced. Whether or not there's this string does not going to make any difference, isn't it?


 

Online Gyro

  • Super Contributor
  • ***
  • Posts: 9410
  • Country: gb
Re: FTDIgate 2.0?
« Reply #760 on: February 28, 2016, 06:59:05 pm »
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread)

No, it has not.

many, many, Many, Many, MANY, MANY MANY TIMES  |O

Did you get beaten up much when you were at school? Just curious  :-\
Best Regards, Chris
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #761 on: February 28, 2016, 07:00:57 pm »
Exactly.  Simply not working with non-FTDI chips is reasonable and expected, but tampering with stored or streamed customer data is on a similar ethical level as the actions of a typical cracker.

You say that but can you explain why? As far is I understood, there's no data at all apart from the string "not a genuine chip".
I prefer this instead of a non working driver that causes hours, maybe days to debug what is going on.
Thanks to this string, an engineer sees immediately what's going on and can act accordingly.

For the enduser there's no difference. His device is not working. He has to return it anyway, with or without this string.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #762 on: February 28, 2016, 07:04:37 pm »
many, many, Many, Many, MANY, MANY MANY TIMES  |O

Did you get beaten up much when you were at school? Just curious  :-\

You convinced me with your very intelligent reply.
 

Online Gyro

  • Super Contributor
  • ***
  • Posts: 9410
  • Country: gb
Re: FTDIgate 2.0?
« Reply #763 on: February 28, 2016, 07:07:29 pm »
Well that's good then. The thread can finally be closed.  :)
Best Regards, Chris
 

Offline CatalinaWOW

  • Super Contributor
  • ***
  • Posts: 5170
  • Country: us
Re: FTDIgate 2.0?
« Reply #764 on: February 28, 2016, 07:23:37 pm »
I will just say to Karel that if the device fails when not doing a critical test or being used for something you actually needed to do it is perhaps acceptable to force the innocent end user to return their device for repair.  No very comforting if you actually were planning to use it during the days, weeks or months required to resolve the issue.

You would suggest that this experience will encourage people to choose vendors who are more careful in controlling their supply chain.  Valid point.  This would reduce the risk of problems of this nature, although it is impossible to eliminate them totally.  But choosing avoid FTDI parts and devices incorporating them is also a valid choice, in that there is potentially less risk of negative consequences from a mistake.

Hopefully FTDI thought of this when they evaluated their response to those counterfeiting their devices.  Only time will tell if their revenue is sustained or improved by their actions, or if they are financially hurt by them.  I can say that if I were them I would be nervous about the outcome, and as an investor I would be cautious.  The answer is not obvious to me.
 

Online Ian.M

  • Super Contributor
  • ***
  • Posts: 12807
Re: FTDIgate 2.0?
« Reply #765 on: February 28, 2016, 07:26:58 pm »
Exactly.  Simply not working with non-FTDI chips is reasonable and expected, but tampering with stored or streamed customer data is on a similar ethical level as the actions of a typical cracker.

You say that but can you explain why? As far is I understood, there's no data at all apart from the string "not a genuine chip".
I prefer this instead of a non working driver that causes hours, maybe days to debug what is going on.
Thanks to this string, an engineer sees immediately what's going on and can act accordingly.
Incorrect.  See post #161 of this topic.


As you were active in the topic at the time, I can only conclude that you are being deliberately obtuse.

By tampering with the datastream, FTDI made serial activity LEDs look normal, and by failing to identify the driver responsible in their message, FTDI wasted a lot of support technicians time.  A driver that simply rejected the device would have shown up in Device Manager, and the COM port would have been missing.  That would in most cases be far far easier to debug, as Microsoft dropped bundling a terminal program when they released Windows 7 so a lot of end users don't even have the tools to see the message.

 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #766 on: February 28, 2016, 07:28:52 pm »
... to force the innocent end user to return their device for repair. ...

Please, don't confuse cause and effect. It's not FTDI's fault that they have to return their device.
Blame the counterfeiters.
 

Offline zapta

  • Super Contributor
  • ***
  • Posts: 6189
  • Country: us
Re: FTDIgate 2.0?
« Reply #767 on: February 28, 2016, 07:34:01 pm »
Well that's good then. The thread can finally be closed.  :)

Impossible.

https://en.wikipedia.org/wiki/Infinite_loop
 

Offline c4757p

  • Super Contributor
  • ***
  • Posts: 7799
  • Country: us
  • adieu
Re: FTDIgate 2.0?
« Reply #768 on: February 28, 2016, 07:47:45 pm »
Exactly.  Simply not working with non-FTDI chips is reasonable and expected, but tampering with stored or streamed customer data is on a similar ethical level as the actions of a typical cracker.

You say that but can you explain why? As far is I understood, there's no data at all apart from the string "not a genuine chip".
I prefer this instead of a non working driver that causes hours, maybe days to debug what is going on.
Thanks to this string, an engineer sees immediately what's going on and can act accordingly.

For the enduser there's no difference. His device is not working. He has to return it anyway, with or without this string.

Send the message to the system error log, that's how drivers are supposed to report problems. Or do you have an issue with doing things the right way?

For christ's sake, as engineers we should be condemning this just for being poorly engineered! There's a defined place for messages like this, send it there.
No longer active here - try the IRC channel if you just can't be without me :)
 

Offline TheSteve

  • Supporter
  • ****
  • Posts: 3743
  • Country: ca
  • Living the Dream
Re: FTDIgate 2.0?
« Reply #769 on: February 28, 2016, 07:51:17 pm »
I assume it has been mentioned before in this thread but how is this any different then how Prolific handled the counterfeit PL2303 chips? They updated the driver so it doesn't start if the chip is detected to not be genuine.
I am not convinced FTDI is handling this the best way possible but long term I think it is probably there only solution(assuming it doesn't kill the company). We're still using FT232RL's at work, they are the best solution for our product and buying from Digikey we aren't too concerned about fakes.
VE7FM
 

Online Gyro

  • Super Contributor
  • ***
  • Posts: 9410
  • Country: gb
Re: FTDIgate 2.0?
« Reply #770 on: February 28, 2016, 08:29:15 pm »
Well that's good then. The thread can finally be closed.  :)

Impossible.

https://en.wikipedia.org/wiki/Infinite_loop

Well it was a good try - there was even a brief pause.

Maybe I should have tried:

========= END OF THREAD LINE, DO NOT CROSS ==========
                          TROLLS ONLY BEYOND THIS POINT

 :-DD
Best Regards, Chris
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 26752
  • Country: nl
    • NCT Developments
Re: FTDIgate 2.0?
« Reply #771 on: February 28, 2016, 09:21:03 pm »
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.
There are no two wrongs. Just one. The counterfeiters.
I'd like you to show court cases where a company or people got away with damaging third party property because they want to settle a dispute on their own (bypassing the legal system).
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline CatalinaWOW

  • Super Contributor
  • ***
  • Posts: 5170
  • Country: us
Re: FTDIgate 2.0?
« Reply #772 on: February 29, 2016, 12:10:55 am »
... to force the innocent end user to return their device for repair. ...

Please, don't confuse cause and effect. It's not FTDI's fault that they have to return their device.
Blame the counterfeiters.


I agree.  The blame goes to the counterfeiters.  But my response of avoiding the risk of FTDI does not assign blame, it merely assesses the risk to me.

A similar analogy.  All of the blame for terrorism in airline travel belongs to the terrorists.  But my decision to avoid airline travel because I dislike all of the restrictions and examinations has an economic impact on the airlines.  Others will make different decisions.  I know people who would not fly if all of these protections were not in place.  The airlines have bet (with government assistance and apparently correctly) that more people of the latter type exist than people who feel like me.  The only group at fault is the terrorists, but airlines and passengers acting in their own perceived best interests have impacts on each other.

In a perfect world none of the wrongdoers would exist.  In the real world, the people who are trying to behave ethically have to make imperfect choices.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #773 on: February 29, 2016, 07:39:28 am »
Send the message to the system error log, that's how drivers are supposed to report problems.

And what exactly is the gain for the "innocent" enduser? He still needs to return his device for repair.
For the enduser, there's no difference between bricking, replacing the data with a string or simply refusing to work.
The endresult is the same. The device needs to be repaired.
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: 00
Re: FTDIgate 2.0?
« Reply #774 on: February 29, 2016, 10:51:03 am »
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.
There are no two wrongs. Just one. The counterfeiters.
I'd like you to show court cases where a company or people got away with damaging third party property because they want to settle a dispute on their own (bypassing the legal system).

Please, show me an example where FTDI physically damaged chips. As far as I know, the first time they reprogrammed the counterfeit chip and set the VID and PID to 0.
To me, that is not damage because this can be undone. The chips can still be reprogrammed via a software tool to use another driver.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf