EEVblog Electronics Community Forum

Electronics => Microcontrollers => Topic started by: RFZ on January 29, 2016, 10:02:47 pm

Title: FTDIgate 2.0?
Post by: RFZ on January 29, 2016, 10:02:47 pm
Hi,
today I wanted to program my arduino nano (Chinese clone) as always, but it didn't work (sync error). I tried another, failed, too. Tried a third... failed.
I hooked up my oscilloscope to the nanos RX (TX of FTDI clone) and really got strange results. Each try to program firmware created different pulses?! (screenshots attached)
I opened windows device manager and looked at a brand new FTDI driver (2.12.12.0) dated 06.01.2016 I obviously got via windows update...
Well, I really can't believe FTDI is messing with the driver again?! So I checked on a second PC, also Windows 10, never an arduino connected to it.
I connected one of the nanos to it. It installed the new FTDI driver via windows update. I opened the COM-Port with Putty and pressed some keys - monitoring it on the oscilloscope. And yep, the same key gives different pulses on the serial port every time...
Can someone please confirm that?!

Edit: Confirmed to be the standard behavior of the FTDI driver for a year now, but now comes back up because of the new driver beeing spread out by windows update. For a fix look at #msg854401 (https://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg854401/#msg854401)
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 29, 2016, 10:35:18 pm
Okay... connecting RX to TX actually reads back "NON GENUINE DEVICE FOUND!". A brief google search tells me that that's actually not new. But I thought FTDI had stopped publishing these drivers via windows update? I had no problems with these chips over the last year... Why are they doing it again now??  :--
Title: Re: FTDIgate 2.0?
Post by: Monkeh on January 29, 2016, 10:43:44 pm
Because they're tired of fakes on the market?
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 29, 2016, 10:49:11 pm
Sure, as if I would buy genuine FTDI chips now  :-DD
All new devices I have use the CH340G. Sending random characters on the RS232 interface may cause really bad things to existing products and the buyer often had no chance to know that he bought a fake chip...  |O But that all had been discussed a year ago.

So, just a warning for you all, be aware of the new FTDI driver coming with windows update!
Title: Re: FTDIgate 2.0?
Post by: langwadt on January 29, 2016, 10:50:21 pm
Because they're tired of fakes on the market?

Seems they are doing their best to makes sure no one want anything says FTDI on it,
killing the market for FTDI chips will solve the problem of fakes, but probly kill FTDI in the process
Title: Re: FTDIgate 2.0?
Post by: c4757p on January 29, 2016, 10:54:51 pm
They're sending out arbitrary signals now? Jesus, that's even worse, who knows what that'll fuck up on some poorly designed device.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 29, 2016, 11:15:49 pm
Because they're tired of fakes on the market?

Seems they are doing their best to makes sure no one want anything says FTDI on it,
killing the market for FTDI chips will solve the problem of fakes, but probly kill FTDI in the process

I have no problem using FTDI, or buying anything that uses FTDI.  Don't buy knockoff crap and it's not a problem.  On the off-chance you do end up getting a knockoff chip in a legitimate product, talk to the manufacturer so they can RMA it and get their supply lines sorted out.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 29, 2016, 11:19:07 pm
I've tried older drivers 2.10.00 and 2.08.30, both give me "NON GENUINE DEVICE FOUND!". Can these chips now be permanently bricked?? Obviously I haven't followed the whole #ftdigate for long time. A year ago I reverted my PIDs to 6001 and used an older driver and everything seemed to be fine after that... until today :(
Title: Re: FTDIgate 2.0?
Post by: c4757p on January 29, 2016, 11:19:44 pm
I'm just waiting for them to screw up the check one of these times and accidentally dick around with official chips ^-^ :popcorn:
Title: Re: FTDIgate 2.0?
Post by: benSTmax on January 29, 2016, 11:29:47 pm
I've tried older drivers 2.10.00 and 2.08.30, both give me "NON GENUINE DEVICE FOUND!". Can these chips now be permanently bricked?? Obviously I haven't followed the whole #ftdigate for long time. A year ago I reverted my PIDs to 6001 and used an older driver and everything seemed to be fine after that... until today :(

I think the fake chips are fine. But since FTDI cannot brick the counterfeit chips anymore they just send some garbage ("NON GENUINE DEVICE FOUND!") over their data endpoints. Doing so won't brick the chips but they will still render the products using them useless. I guess only the Windows driver can do this scam because for Linux, the source code for FTDI driver should be available and such behavior won't be tolerated into a Linux kernel driver. Can you try these boards on a Linux machine?
Title: Re: FTDIgate 2.0?
Post by: Richard Crowley on January 30, 2016, 12:21:23 am
I have no problem using FTDI, or buying anything that uses FTDI.  Don't buy knockoff crap and it's not a problem.  On the off-chance you do end up getting a knockoff chip in a legitimate product, talk to the manufacturer so they can RMA it and get their supply lines sorted out.
That's great if you are a patient end-user consumer with a non-critical application and no particular time schedule.
And buying something expensive enough to come with the bare minimum of "Customer Service".
Apparently you didn't read much of the original discussion.
Title: Re: FTDIgate 2.0?
Post by: andersm on January 30, 2016, 12:26:28 am
I would have thought they'd learn not to get cute by now.

this scam
That's a definition of the word with which I'm not familiar.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 12:34:09 am
Okay, got it back working ;)
If you manually select an older driver, like 2.08.30, you have to change the driver not only on the obvious "USB Serial Port (COMx)" (ftdiport.inf) but also the corresponding "USB Serial Converter" (ftdibus.inf) listed under "USB-Controller" in the device manager. After changing BOTH to 2.08.30, the chip works fine again. It is easy to see if you list the devices by connection. (screenshot)

Guess with the new driver being rolled out by windows update at the moment that might be a trap for lots of us, not having had to deal with this pain in the ass stuff for more than a year now. After setting everything up now, I can remember I had to change BOTH drivers last year, too... It's just not obvious and easy to forget  :-\
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 30, 2016, 12:51:44 am
I have no problem using FTDI, or buying anything that uses FTDI.  Don't buy knockoff crap and it's not a problem.  On the off-chance you do end up getting a knockoff chip in a legitimate product, talk to the manufacturer so they can RMA it and get their supply lines sorted out.
That's great if you are a patient end-user consumer with a non-critical application and no particular time schedule.
And buying something expensive enough to come with the bare minimum of "Customer Service".
Apparently you didn't read much of the original discussion.

Who on earth purchases a critical piece of equipment with a hard time deadline and refuses to pay enough for the bare minimum of "Customer Service"???  They deserve to get kicked in the ass for being so short-sighted.

No, I didn't read the original discussion, and if this is the kind of attitude in it I'm glad I didn't.

FTDI put/puts a lot of time and money into writing and maintaining their drivers, getting them signed and certified, integrated into the Windows Update ecosystem and the Linux kernel, etc.  They recoup this cost through a slightly higher sales price on their products, and people pay it because of the convenience.  Why would you expect to be able to use FTDI's drivers, for free, forever, without purchasing their product?  That attitude just blows my mind.  You should consider every day you've been able to use FTDI's drivers with your counterfeit device as a gift, rather than freaking out when that privilege is finally revoked.  This attitude of entitlement bothers me to no end.  I suppose Microsoft's "Genuine Advantage" system should be renamed into Microsoft-gate too?

These counterfeit companies are welcome to build their own devices, but they should also be writing their own drivers and going through the same process as FTDI to integrate those drivers into consumer operating systems, maintaining them, etc., in order to make their devices usable to end-users.  What's that?  Doing so would mean they'd have to charge FTDI-like prices?  Oh shucks, I guess the world does make sense after-all.

Don't want to deal with this kind of BS?  Then quit shopping on eBay and Alibaba and spend an extra dollar on the real thing.

Note: I'm using "you" in the collective sense, not you specifically.
Title: Re: FTDIgate 2.0?
Post by: Rasz on January 30, 2016, 12:56:55 am
All new devices I have use the CH340G

wait, ch340g has its own usb driver
are you saying FTDI driver is hijacking your ch340g  device?
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 01:02:35 am
wait, ch340g has its own usb driver
are you saying FTDI driver is hijacking your ch340g  device?
No, my CH340G devices are fine. But I still have some old devices with fake FTDIs and these failed today.
Title: Re: FTDIgate 2.0?
Post by: langwadt on January 30, 2016, 01:57:27 am
I have no problem using FTDI, or buying anything that uses FTDI.  Don't buy knockoff crap and it's not a problem.  On the off-chance you do end up getting a knockoff chip in a legitimate product, talk to the manufacturer so they can RMA it and get their supply lines sorted out.
That's great if you are a patient end-user consumer with a non-critical application and no particular time schedule.
And buying something expensive enough to come with the bare minimum of "Customer Service".
Apparently you didn't read much of the original discussion.

Who on earth purchases a critical piece of equipment with a hard time deadline and refuses to pay enough for the bare minimum of "Customer Service"???  They deserve to get kicked in the ass for being so short-sighted.

No, I didn't read the original discussion, and if this is the kind of attitude in it I'm glad I didn't.

FTDI put/puts a lot of time and money into writing and maintaining their drivers, getting them signed and certified, integrated into the Windows Update ecosystem and the Linux kernel, etc.  They recoup this cost through a slightly higher sales price on their products, and people pay it because of the convenience.  Why would you expect to be able to use FTDI's drivers, for free, forever, without purchasing their product?  That attitude just blows my mind.  You should consider every day you've been able to use FTDI's drivers with your counterfeit device as a gift, rather than freaking out when that privilege is finally revoked.  This attitude of entitlement bothers me to no end.  I suppose Microsoft's "Genuine Advantage" system should be renamed into Microsoft-gate too?

These counterfeit companies are welcome to build their own devices, but they should also be writing their own drivers and going through the same process as FTDI to integrate those drivers into consumer operating systems, maintaining them, etc., in order to make their devices usable to end-users.  What's that?  Doing so would mean they'd have to charge FTDI-like prices?  Oh shucks, I guess the world does make sense after-all.

Don't want to deal with this kind of BS?  Then quit shopping on eBay and Alibaba and spend an extra dollar on the real thing.

Note: I'm using "you" in the collective sense, not you specifically.

all makes sense in a perfect world, in the real world people will just stop buying things that says FTDI on it

before FTDI everyone used a different chip (which I can't remember who made), when that company started
making drivers that deliberately refused to work with fakes, everyone switched to FTDI because they just worked   









Title: Re: FTDIgate 2.0?
Post by: Richard Crowley on January 30, 2016, 02:26:06 am
Since @suicidaleggroll didn't read the original discussion, he is uninformed that there is no reliable way for ANYONE (including legitimate distributors and board assemblers) to definitively identify genuine chips vs counterfeit. Many legitimate, official, authorized supply lines have discovered counterfeit chips, sometimes only revealed when the end-user tried to use the product.

FTDI was widely criticized for not simply refusing to talk to counterfeit chips, but for deliberately BRICKING the chips without the customers knowledge or consent.  And after that tsunami of ill-will, they are apparently back at their game of fouling their own nest.  After the first debacle, one could argue that perhaps FTDI didn't DELIBERATELY set out to brick chips (although the the evidence was compelling).  NOW, they are apparently back at the game of not simply refusing to talk to counterfeit chips, but DELIBERATELY sending their own counterfeit data in BOTH directions.  In my book that just adds insult to injury and reinforces the notion that the first round was deliberate and not accidental.

Nobody is out there looking to save a few pennies buying counterfeit FTDI chips. The supply chain is apprently still contaminated with counterfeit chips and FTDI is doing nothing about it but continuing to cripple their own brand name. No wonder people are simply abandoning FTDI completely.  Why would anybody continue to specify FTDI when they have no reasonable assurance that they will get genuine product that will make their customers happy. 
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 30, 2016, 02:28:33 am
all makes sense in a perfect world, in the real world people will just stop buying things that says FTDI on it

If by "people" you mean "people who buy counterfeit devices", then sure, but since they were never supporting FTDI to begin with, it doesn't matter.  I don't buy counterfeit devices (as far as I can help it).  I was never burned by FTDI-gate v1.0 or v2.0.  I have no animosity towards FTDI, and I have no problems buying their chips to integrate into my own boards, or buying devices that utilize their chips.  I imagine most other legitimate users are the same.

People who know better know what they're doing and know what the problem is.  People who don't know better won't blame FTDI, they don't know enough to blame them.  They'll blame the entity that sold them the device, as they rightly should.  That entity, if they know about the fraud, had it coming to them.  If they didn't, they'll blame the manufacturer who built the board.  If the manufacturer knew about the fraud, they had it coming to them.  If they didn't, they'll blame the parts supplier, and so on up the chain, until whoever it was that was screwing people over gets what was coming to them.
Title: Re: FTDIgate 2.0?
Post by: c4757p on January 30, 2016, 02:30:25 am
I just want to know the thought process that led to choosing this over just not doing anything. Transmitting your own "haha u suck" message just seems kinda puerile...
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 30, 2016, 02:35:54 am
Since @suicidaleggroll didn't read the original discussion, he is uninformed that there is no reliable way for ANYONE (including legitimate distributors and board assemblers) to definitively identify genuine chips vs counterfeit. Many legitimate, official, authorized supply lines have discovered counterfeit chips, sometimes only revealed when the end-user tried to use the product.

FTDI was widely criticized for not simply refusing to talk to counterfeit chips, but for deliberately BRICKING the chips without the customers knowledge or consent.  And after that tsunami of ill-will, they are apparently back at their game of fouling their own nest.  After the first debacle, one could argue that perhaps FTDI didn't DELIBERATELY set out to brick chips (although the the evidence was compelling).  NOW, they are apparently back at the game of not simply refusing to talk to counterfeit chips, but DELIBERATELY sending their own counterfeit data in BOTH directions.  In my book that just adds insult to injury and reinforces the notion that the first round was deliberate and not accidental.

Nobody is out there looking to save a few pennies buying counterfeit FTDI chips. The supply chain is apprently still contaminated with counterfeit chips and FTDI is doing nothing about it but continuing to cripple their own brand name. No wonder people are simply abandoning FTDI completely.  Why would anybody continue to specify FTDI when they have no reasonable assurance that they will get genuine product that will make their customers happy.
I know about the widespread problem.  You're still blaming FTDI, but they are not the ones at fault.  Their actions only serve to expose the problem.  Do you honestly expect a device manufacturer to do NOTHING about a widespread counterfeit contamination of legitimate supply chains???  I mean seriously, what did you expect them to do?  Sit on their haunches as they're run out of business by counterfeiters?  What would you have done in their place?

Yes their decision (if it was so) to brick counterfeit devices was sudden and harsh, but IMO it was necessary.  It was the only way to expose the prolific contamination of the supply chain.  Everyone was forced to re-examine their supply, and fix it, cutting the counterfeiters out of the loop.  Harsh, but necessary.  The only reason the fallout was so bad was because that was the first time they had done anything to combat the problem.  In my opinion they should continue this practice indefinitely, it's the only way to keep the counterfeiters out of the supply chain.

You claim there's no way for legitimate distributes to identify genuine chips.  There is, now.  You claim FTDI is doing nothing to combat the contaminated supply chain, what do you think this move is?!?!  What do you think their alternative is?

Quote from: Richard Crowley
Why would anybody continue to specify FTDI when they have no reasonable assurance that they will get genuine product that will make their customers happy.
Their reasonable assurance is the reputation and usage of the build house.  If the build house uses fake chips, which cause the end-product to completely fail, that's a pretty big indicator that there's a problem.  Manufacturers will stop using that build house unless the build house can prove they were not a fault, by tracing the contamination up the supply chain, and so on, until the ones who are at fault are exposed and pushed out of the loop.

Again, harsh, but necessary.
Title: Re: FTDIgate 2.0?
Post by: Muxr on January 30, 2016, 03:08:00 am
It obviously sucks for people affected, but the problem of counterfeit chips hurts everyone. If you're doing hardware outside of China you are at a serious disadvantage even before you take the labor costs into the equation. You don't have access to components that are 1/10th the price.
Title: Re: FTDIgate 2.0?
Post by: rsjsouza on January 30, 2016, 04:12:49 am
Since @suicidaleggroll didn't read the original discussion, he is uninformed that there is no reliable way for ANYONE (including legitimate distributors and board assemblers) to definitively identify genuine chips vs counterfeit. Many legitimate, official, authorized supply lines have discovered counterfeit chips, sometimes only revealed when the end-user tried to use the product.

FTDI was widely criticized for not simply refusing to talk to counterfeit chips, but for deliberately BRICKING the chips without the customers knowledge or consent.  And after that tsunami of ill-will, they are apparently back at their game of fouling their own nest.  After the first debacle, one could argue that perhaps FTDI didn't DELIBERATELY set out to brick chips (although the the evidence was compelling).  NOW, they are apparently back at the game of not simply refusing to talk to counterfeit chips, but DELIBERATELY sending their own counterfeit data in BOTH directions.  In my book that just adds insult to injury and reinforces the notion that the first round was deliberate and not accidental.

Nobody is out there looking to save a few pennies buying counterfeit FTDI chips. The supply chain is apprently still contaminated with counterfeit chips and FTDI is doing nothing about it but continuing to cripple their own brand name. No wonder people are simply abandoning FTDI completely.  Why would anybody continue to specify FTDI when they have no reasonable assurance that they will get genuine product that will make their customers happy.
I know about the widespread problem.  You're still blaming FTDI, but they are not the ones at fault.  Their actions only serve to expose the problem.  Do you honestly expect a device manufacturer to do NOTHING about a widespread counterfeit contamination of legitimate supply chains???  I mean seriously, what did you expect them to do?  Sit on their haunches as they're run out of business by counterfeiters?  What would you have done in their place?

Yes their decision (if it was so) to brick counterfeit devices was sudden and harsh, but IMO it was necessary.  It was the only way to expose the prolific contamination of the supply chain.  Everyone was forced to re-examine their supply, and fix it, cutting the counterfeiters out of the loop.  Harsh, but necessary.  The only reason the fallout was so bad was because that was the first time they had done anything to combat the problem.  In my opinion they should continue this practice indefinitely, it's the only way to keep the counterfeiters out of the supply chain.

You claim there's no way for legitimate distributes to identify genuine chips.  There is, now.  You claim FTDI is doing nothing to combat the contaminated supply chain, what do you think this move is?!?!  What do you think their alternative is?
I have dealt in the past with counterfeit ICs and can tell from my experience the degree of difficulty to identify counterfeits greatly varies depending on the degree of sophistication. In lieu of this, I see FTDI's  identification of a fake (and consequent failure to operate) a reassurance. Bricking perhaps is a bit harsh, but it surely brought the attention the problem deserves.     

Quote from: Richard Crowley
Why would anybody continue to specify FTDI when they have no reasonable assurance that they will get genuine product that will make their customers happy.
Their reasonable assurance is the reputation and usage of the build house.  If the build house uses fake chips, which cause the end-product to completely fail, that's a pretty big indicator that there's a problem.  Manufacturers will stop using that build house unless the build house can prove they were not a fault, by tracing the contamination up the supply chain, and so on, until the ones who are at fault are exposed and pushed out of the loop.

Again, harsh, but necessary.
This is precisely what happens in the real world. I followed the other discussion and this was brought up there as well. The reason why one would still use FTDI devices in the light of this scenario is the reassurance it is easier to identify a fake and point the finger at their supply chain. Bricking a device is one problem, but what about the device specifications of the fake IC? Will it fail outside of the rated temp? Does it follow the USB specs to the "T" or will it fail to work with specific USB version variants, thus turning your customers dissatisfied?
Title: Re: FTDIgate 2.0?
Post by: Richard Crowley on January 30, 2016, 04:28:56 am
You-all keep assuming that customers WANT to buy counterfeit chips.  I can't see why anybody would want to buy counterfeit product even if the FTDI software didn't care.  You rightly observe that there are many downsides to using counterfeit chips and those by themselves would seem enough to discourage people.

The issue is the reaction of FTDI. They could notify the user of a detected counterfeit, they could downgrade performance or even refuse to talk to a counterfeit chip.  But bricking the customer's product, and now (phase 2) sending their own FTDI-generated counterfeit data IN BOTH DIRECTIONS just looks like more of the same extremely belligerent attitude.

We could think of dozens of more graceful and helpful things FTDI could do to ingratiate themselves to their customers and remedy the situation. But instead, they choose to act like a toddler throwing a fit in the public market. @suicidaleggroll appears to have exactly the same attitude as the FTDI management. He would fit right in. He actually did a pretty good job of explaining their behavior. 

However, I am having none of that. I'm voting with my feet and staying well clear of anything with FTDI in it, even if it can proved to be genuine.  Life is challenging enough without choosing to work with such a belligerent  vendor when there are alternatives who appear to have a higher priority for helping their customers.
Title: Re: FTDIgate 2.0?
Post by: zapta on January 30, 2016, 04:42:19 am
I don't buy counterfeit devices (as far as I can help it).

That's the goal of everybody here.

The safets way to achieve that goal is not buying devices with "FTDI" printed on them.
Title: Re: FTDIgate 2.0?
Post by: donotdespisethesnake on January 30, 2016, 05:06:42 am
I am kind of on the fence on this one. Companies making clones is one thing, but counterfeit devices is just not something to be encouraged. I have no idea of the state of FTDI sales figures, and whether counterfeits pose an existential threat. Creating a bad name with customers seems like a bad idea, but I guess FTDI have looked at their sales since the last fiasco and decided that while there may be a lot of noise among small users, it doesn't affect the main buyers.

Certainly, if it was my product, I would be very pissed off with the counterfeiters and their apparent immunity from criminal behaviour.

I think a lot could have been different with better communication. If they started out saying "the counterfeits are a real threat to our company, we need to do something", they might have got more understanding. Coming out of the blue bricking devices is a really bad way to communicate with customers.

The counterfeiters are the real criminals, the unfortunate customer gets caught in the crossfire. Making consumers push back on possibly innocent manufacturers is painful, but may be the only way to deter the counterfeiters (I guess they go counterfeit some other chip instead).

An example of consumer push back : http://www.amazon.com/Blue3D-Ft232rl-Serial-Adapter-Arduino/dp/B012YUANZK/ref=cm_rdp_product (http://www.amazon.com/Blue3D-Ft232rl-Serial-Adapter-Arduino/dp/B012YUANZK/ref=cm_rdp_product) (see one star review).
Title: Re: FTDIgate 2.0?
Post by: Boomerang on January 30, 2016, 08:50:18 am
For a year after the first "FTDIgate" I think they did nothing to educate the suppliers and designers about how to be sure they are buying genuine parts. Refusing to work with counterfeits or sending some warnings through the chips must be THE FINAL STEP of a long educational/certification process - not the first step!

I also think that this attitude will turn people away from using FTDI.
Title: Re: FTDIgate 2.0?
Post by: nctnico on January 30, 2016, 09:03:11 am
all makes sense in a perfect world, in the real world people will just stop buying things that says FTDI on it

If by "people" you mean "people who buy counterfeit devices", then sure, but since they were never supporting FTDI to begin with, it doesn't matter.  I don't buy counterfeit devices (as far as I can help it). 
The problem is in the as far as I can help it part. There just isn't any guarantee that the devices you buy for your production run are real or not. Now imagine you sold 1000 units to a customer which are installed all over the world and a new FTDI driver causes all of them to fail? In how much shit are you in that case? What would that cost you? Do you want to take that risk? I don't so I quit using FTDI USB to serial devices. They aren't that good either so in a way it is good riddance.
Title: Re: FTDIgate 2.0?
Post by: rs20 on January 30, 2016, 09:23:30 am
The issue comes when an engineer, purchasing person or distributor has a hiccup with an order and ends up with counterfeit chips, and FTDI responds to this by choosing to deliberately brick the end-user's chip. If you think that is either moral or remotely logical, then  :wtf:

Remember, if FTDI's customer base is primarily hobbyists, they're out of business -- no semi company can stay afloat on hobbyist purchasing alone. So focussing on hobbyists who buy FTDI chips from eBay is completely missing the point. The issue is the far larger number of customers who don't even know who FTDI is, and are sitting very confused with a broken device in front of them.
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on January 30, 2016, 09:37:58 am
The real damage to FTDI is at the early development stage of a product. A designer will simply not use a particular chip or class of chip. it's just another part of the design to consider.

As for blame, not an issue. Get the design done and out the door.
Title: Re: FTDIgate 2.0?
Post by: andersm on January 30, 2016, 10:50:43 am
Nobody is out there looking to save a few pennies buying counterfeit FTDI chips.
Obviously someone is, or the problem wouldn't exist. Where and how did the counterfeits enter the supply chain?
Title: Re: FTDIgate 2.0?
Post by: electr_peter on January 30, 2016, 11:38:44 am
First FTDI gate greatly diminished my trust in FTDI. This thread shattered all the remains. How can you trust FTDI chips in your products when they can randomly be bricked or start sending false signals for no apparent reason? I am talking as a buyer of original or "maybe original" (How would I now?) IC chips with no intention to buy fakes.

I understand that FTDI faces a problem of counterfeits and they are trying to address it. But the way they do it are just completely backwards and childish. At first, they decided to brick fake device, rendering embedded/consumer/other products and equipment for no apparent reason with no indication to consumer. From final user perspective, "device just stopped working, connection was lost, FTDI failed, ...". In this case the send false communications - that is possibly even worse.
And all this was done by sneaky automatic Windows updates with no indication whatsoever what is going on. I am certain these campaigns were done on purpose by same managers (they just found another barely legal way to screw up their costumers this time).

PC drivers/SW and HW are supposed to either work or not work. Making it work intermittently or making false Rx/Tx is just pure evil - somebody will get hurt from this.

Why don't FTDI drivers simply refuse to work with fake devices and display some warning message? That would be 100% fine and clear to everyone. Remember that FTDI drivers have SW capability to detect fakes by SW means - end user/supplier/vendor do not have this capability.
But bricking devices or sending false signals...

The message I get from all of this - if you design or buy a product with FTDI IC, you are screwed from the beginning because FTDI is not trustworthy company. Why would anybody trust FTDI after all this is beyond me.
Title: Re: FTDIgate 2.0?
Post by: donotdespisethesnake on January 30, 2016, 12:41:56 pm
According to the Wikipedia page https://en.wikipedia.org/wiki/FTDI the new NON GENUINE DEVICE driver has been around since July 2015. That page also has a big chunk on "driver controversy", probably not the sort of publicity you want on a wiki page.

Glassdoor reviews don't read well for FTDI either. They give the impression of a small company with very little money to spend.
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 12:51:41 pm
I have a hard time understanding why there is such a pissy contest here: FTD is under no obligation to produce a driver that supports counterfeit parts. All you need to do is to make sure a) there is a driver for your counterfeit parts; or b) buy the real thing.

For a group that seems to denounce other people based on the slightest infringement of your moral high moral standard, you seem to have a very low moral standard for yourself.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 01:02:16 pm
I have a hard time understanding why there is such a pissy contest here: FTD is under no obligation to produce a driver that supports counterfeit parts. All you need to do is to make sure a) there is a driver for your counterfeit parts; or b) buy the real thing.

For a group that seems to denounce other people based on the slightest infringement of your moral high moral standard, you seem to have a very low moral standard for yourself.

If you haven't watched Daves video back then, I suggest you to watch it now:
Video (https://www.youtube.com/watch?v=eU66as4Bbds)

I would be fine with the driver not supporting the Product and popping up a message that tells me so. But FTDI doesn't do that, they instead send garbage over the line, risking devices causing damage by unexpected behavior AND causing developers and hobbyists like me spending hours on investigating what might be wrong...
How should a normal customer know that a fake chip is causing the device not to work anymore? Probably, if the devices are cheap, customers just buy another one, again supporting the fake chip manufacturer  |O
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 01:21:46 pm
Quote
But FTDI doesn't do that, they instead send garbage over the line,

What's wrong with that? It is their driver and they can do whatever they want. If you don't like that, buy a real thing or use your own driver.

Quote
risking devices causing damage by unexpected behavior

On the real thing or counterfeit part?

Quote
AND causing developers and hobbyists like me spending hours on investigating what might be wrong...

If a "developer" who uses counterfeit part is stupid enough to hope for ftdi support, run away from him/her as fast as you can.

Quote
How should a normal customer know that a fake chip is causing the device not to work anymore?

Ignorance is no defense. That's people always tell you to do your "homework" before your purchase.

The choice seems to be crystal clear to me:

1) buy the real thing and get ftdi support; or
2) buy counterfeit and you are on your own.
Title: Re: FTDIgate 2.0?
Post by: 0xdeadbeef on January 30, 2016, 01:22:59 pm
I think this page sums up everything you need to know about this "non-invasive" fake detection:
http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/ (http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/)
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 01:29:30 pm
If Dave says it is impossible for him to make sure he buys real FTDI chips, then how should I make sure that I buy a product containing a real FTDI chip? I even might not know what an FTDI chip is or if my product I buy uses one?!

Do you know if you Satellite receivers RS232 debug interface is powered by a FTDI chip and if it is actually genuine? Have you done your research on that right?

Also, not by any means do they have the right to destroy or manipulate users products even if they know they use a fake chip. This is called self justice and usually not legal.
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 01:41:10 pm
Quote
If Dave says it is impossible for him to make sure he buys real FTDI chips, then how should I make sure that I buy a product containing a real FTDI chip?

Ignorance is no defense. The fact that someone else cannot do something, or can do something, is no valid defense for your not doing it, or doing it.

Quote
Do you know if you Satellite receivers RS232 debug interface is powered by a FTDI chip and if it is actually genuine? Have you done your research on that right?

I don't. But I also don't buy from unproven vendors either.

Quote
Also, not by any means do they have the right to destroy or manipulate users products even if they know they use a fake chip.

If you don't think they do, sue them.
Title: Re: FTDIgate 2.0?
Post by: 0xdeadbeef on January 30, 2016, 01:58:50 pm
If Dave says it is impossible for him to make sure he buys real FTDI chips, then how should I make sure that I buy a product containing a real FTDI chip? I even might not know what an FTDI chip is or if my product I buy uses one?!
This is exactly the problem.
If I buy cheap $3 FTDI UART converters from eBay, there is a risk they are fake and get bricked. Same is true if you buy FT232R ICs on eBay.
Anyway, if they are detected as fake and bricked, I agree this is partly my fault and usually you're refunded anyway if you complain -> no sweat.

Then again, some time ago I funded a Indiegogo project which used an FT232R as UART/USB interface. I'm sure the guy who ran the campaign was not aware that fake FT232R were used. Probably/maybe not even the Chinese fab where the PCBs were produced and placed did this willingly. Still, I ended up with a fake chip that would render the whole device useless if bricked. This is an issue of course.
Well, I could replace the chip as last resort, but the typical customer can't. So from his view a product bought and owned legally is intentionally destroyed. Even though FTDI's reasons are understandable, this is hard to explain to the customer with the destroyed product.

Even worse, this (not so) "non-invasive" approach is actually worse than bricking. From a legal point of view, it seems crazy to alter the data sent as it's kinda unpredictable what could happen because of this.
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 30, 2016, 02:28:38 pm
What's wrong with that? It is their driver and they can do whatever they want. If you don't like that, buy a real thing or use your own driver.

No they can't, what they are doing is far worse than just bricking devices, if the device si bricked it will just stop working, it might cause some delays and stuff but that's all

but picture this situation:

you have a big machine, industrial stuff, working with high pressure fluid or moving parts (like a saw blade or a milling machine cutter), the tecnician sends a debug comand via usb cable (which is connected to a FTDI chip at the other end) and the IC spits out garbage on the serial side...
that garbage might be interpreted by the machine as a comand to start up the saw or open a valve, leading to an accident and to the death of the tecnician or of his colegue...
well guess who's getting charged for murder, a hint not the counterfaiter, the machine owner or the machine producer...

what they are doing is not just fine...

IT'S CRIMINAL

Instead of harrassing their customers why they don't just get their shit together and fix the fucking supply chain, they can just make the driver stop working with fake IC's (which would be totally fine) and just let people know that you set up some safe purchasing channel (either direct or working in really close contact with one or two well known  global distributors)

as other said this driver update is just a legal bomb waiting to go off dragging down the entire company if they are found guilty they might have to recall the software update, which would require them uninstalling it from every PC  at least in europe (probably even on the whole planet) non internet connected machines also...
Title: Re: FTDIgate 2.0?
Post by: timb on January 30, 2016, 02:39:02 pm

Quote
If Dave says it is impossible for him to make sure he buys real FTDI chips, then how should I make sure that I buy a product containing a real FTDI chip?

Ignorance is no defense. The fact that someone else cannot do something, or can do something, is no valid defense for your not doing it, or doing it.

Quote
Do you know if you Satellite receivers RS232 debug interface is powered by a FTDI chip and if it is actually genuine? Have you done your research on that right?

I don't. But I also don't buy from unproven vendors either.

Quote
Also, not by any means do they have the right to destroy or manipulate users products even if they know they use a fake chip.

If you don't think they do, sue them.

If I buy chips on DigiKey, I expect them to be real. However, they have ended up with counterfeit stock on various occasions, as have all the other big sellers (Mouser, E-4, etc.)

So, this is how the handling chain now looks:

Chip Maker -> Distribution Channel -> Parts Supplier -> Product Designer -> Product Manufacturer -> Retailer -> End User

Now, as the Product Designer, I wholly intend to use legitimate parts. However, the Parts Supplier could have been sold counterfeits, which gets passed onto me and up the chain. Or, I could send the real parts to my Manufacturer who swaps them out with fakes and sells the real ones.

At any rate, the real problem is this: The unknowledgeable end user plugs his shiny new widget into his PC and FTDI's driver bricks it, without so much as a message. He thinks my product is crap and returns it to the Retailer. Or he contacts me and I have to send him a replacement and recall all my products to replace the fake chips with real ones. I lose money either way. (My Parts Supplier might replace the chips, but they won't cover the cost to have the boards fixed; if my Chinese Manufacturer was to blame, I'll be out of pocket for the chips and fixing the board.)

So, in the end, FTDI is punishing designers and end users for problems in the supply chain, beyond their control. It's especially evil as FTDI's answer to this is simply, "Buy the chips direct from us." Which is not feasible in a lot of cases, especially as factory orders from them are regularly out of stock and have 3+ month waits.

They don't even provide a software tool to verify the authenticity of chips, so you can check before you ship. Not even a PDF with tips on spotting fakes. Nothing.

Pushing a driver through Windows Update that intentionally bricks working devices is beyond devious. I could totally live with it popping up a message saying: "This driver has detected a potentially counterfeit FTDI USB to Serial chip on this device. Please contact the device manufacturer for information." That would be fine.

If I were FTDI, here's what I'd do: I'd show a message like that and refuse to work with the device. I'd then offer to sell a version of the driver that worked with the counterfeit chip to the product designers affected, who would then pass it on to their end users. This way, I still make money for the time I put into the driver and the designer doesn't have to lose money recalling or replacing all the boards with counterfeit chips on them. (I'd sell the driver for perhaps 1/4 of what the chip sells for.)

Or, as an alternative, and I'm just throwing this out there: They could not alienate their user base by simply not being complete and utter dickheads. You know, try educating their customer base about the problem and provide tools and solutions to combat it. You know, do that instead of spending time and money making another shitty fucking Arduino clone, which is literally their current high profile project, complete with crowdfunding.

Instead of the educating and the tools, they went all out heavy metal thermonuclear scorched earth. It's like they went full retard. They used a Varon-T Disrupter when they should have started with a Taser.

Furthermore, I
Title: Re: FTDIgate 2.0?
Post by: wraper on January 30, 2016, 02:41:04 pm
you have a big machine, industrial stuff, working with high pressure fluid or moving parts (like a saw blade or a milling machine cutter), the tecnician sends a debug comand via usb cable (which is connected to a FTDI chip at the other end) and the IC spits out garbage on the serial side...
that garbage might be interpreted by the machine as a comand to start up the saw or open a valve, leading to an accident and to the death of the tecnician or of his colegue...
well guess who's getting charged for murder, a hint not the counterfaiter, the machine owner or the machine producer...

what they are doing is not just fine...

IT'S CRIMINAL
And then manufacturer of this equipment must be rightfully sued for this accident. For not controlling the source of the parts for mission critical equipment. Moreover for the inferior design in the first place, lacking safety interlocks. RS-232 converter must not be able to cause a disaster like this, if it can, it's your own fault designing some shit like this.
Title: Re: FTDIgate 2.0?
Post by: wraper on January 30, 2016, 02:43:22 pm
Quote
Instead of harrassing their customers why they don't just get their shit together and fix the fucking supply chain
How if most of the smartasses are buying in some garage where the prices are cheaper?
Quote
Instead of the educating and the tools, they went all out heavy metal thermonuclear scorched earth. It's like they went full retard. They used a Varon-T Disrupter when they should have started with a Taser.
No one cares unless get burned.
Title: Re: FTDIgate 2.0?
Post by: amyk on January 30, 2016, 02:44:09 pm
If you use Windows 10 then the computer isn't really yours anymore, they can force "updates" like this any time they want. Since FTDI decided to actually write a message out, they've just made it easier to identify where in the code the check is done. It should be pretty easy to patch that out.

Could someone upload or point me to a copy of the latest driver that does this? I'd like to do a little investigation... ;)
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 02:56:10 pm
Quote
No they can't,

Why?


Quote
IT'S CRIMINAL

Saying so, even in capital letters, doesn't make it so.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 02:56:51 pm
Could someone upload or point me to a copy of the latest driver that does this? I'd like to do a little investigation... ;)
Pretty sure the latest driver from http://www.ftdichip.com/Drivers/VCP.htm (http://www.ftdichip.com/Drivers/VCP.htm) does the same... It's the same version 2.12.12
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 30, 2016, 03:16:56 pm
Quote
And then manufacturer of this equipment must be rightfully sued for this accident. For not controlling the source of the parts for mission critical equipment. Moreover for the inferior design in the first place, lacking safety interlocks. RS-232 converter must not be able to cause a disaster like this, if it can, it's your own fault designing some shit like this.



whoa whoa whoa, not so fast..

1) my example was intentionally exagerated, for sake of simplicity and time (i cant be here all day thinking and writing about some convoluted chain of events), i agree with you that in that case would be also a manifacturer's problem (note the also not only), but there might be some more complicated going on, like the fake message sent not on a debug port but on an always on connection to some scada device, said connection might breaks but the equipment still works ok (thing not too unexpected if the connection was for example an optional feature, or on a machine which can't stop suddenly in case of a comm's fault), let assume that for a bug (because all firmware is bug free right, even in wierd unexpected and normally not attainable circumstances) a configuration is changed on the machine, and then the machine (maybe after some time) breaks and kills someone (i don't know some speed setpoint in a PID loop is raised or something), in that case the manifacturer can't be blamed, if they show they took all the precautions and that the bug was really obscure and difficoult to predict

2) again you talk about controlling the source what can they do more than to buy from a well known distributor, the source of fakes might not be the direct distributor (farnell mouser or alike) but it might be in china, maybe there is been some problems (read someone at the manifacturing plant has been bribed and has mixed fake IC's with real ones in the reeling machine so that they could sell fakes as real and get a lot more money)...

even if the customer sued the manifacturer, all they have to do is prove they bought IC's from a reputable distributor that they were presumed real and even in the case it the manifacuter had ben found guilty FTDI would not be free, they still caused the death of someone it might not be first degree murder, but it is still Involuntary manslaughter and it's still a pretty bad fellony...
Title: Re: FTDIgate 2.0?
Post by: nowlan on January 30, 2016, 03:24:00 pm
Don't think you can patch a signed driver, without all sort of grief booting windows.
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 30, 2016, 03:50:52 pm
Why?


well I cant talk for every country in the world, but where i live (italy) we have laws such as Articlo 575 Codice Penale (for murder) or Articolo 185 Codice Penale (for generic damages) which state that if someone kills a man he will be prosecuted and sentenced to jail (in normal cases),if to kill it's a company as in this case, there will be one of the dirigents (CEO probably) which will be charged of murder, the second one says that if someone ( either natural or legal person) causes damages to someone else they will have to be refunded for that, goodwill or not who caused the damages will be held responsible, and it's not a mutually exclusive thing, if two different persona's have contributed to the damages being made they will all be guilty, it's like Conspiracy to murder, if my i tie up someone with ropes and a friend of mine kills them, i am also charged with murder, i don't get away with it just because the physical killer was the friend of mine...
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 30, 2016, 04:08:24 pm
Everyone is so caught up in the temporary inconvenience and hardship experienced by users and designers RIGHT NOW, as FTDI rolls out these drivers.  Yes, it's hard, RIGHT NOW, but if FTDI keeps it up it will be very easy.
You keep saying there's no way to identify fakes.  THERE IS, NOW.  In fact it would be difficult to make it any easier.
You keep saying that you might develop a product, send it out, and it later gets bricked.  Not if they keep this up.  You'd brick your own board as soon as you started development, and all you have to do is plug the customer's board in, hit a character, and you'd know if it's genuine or not.  It would never get into the hands of your customers with a fake chip on it.

The reason it's such a pain is because FTDI did nothing for so long, and allowed the problem to get as bad as it is.  Had they been doing this from the beginning, it wouldn't be a problem, and if they keep it up it won't be a problem for much longer.  Again, end-users don't know enough to blame FTDI, the only thing they're going to do is blame the manufacturer, as they rightly should.  The manufacturer will be hurt, yes, but the build house who sourced these parts will be hurt worse in the long run, and the supplier who provided the parts will be hurt the worst in the end.  It's a war between FTDI and counterfeiters, and yes manufacturers and end-users are getting caught in the crossfire, but it had to be done.

Some people are saying this will hurt FTDI in the end.  It might, but that's their call to make.  They made a decision that the damage to their income and reputation caused by such a prolific infection of counterfeits in the supply chain was ultimately worse than the temporary damage to their reputation caused by this move.  They might be right, they might be wrong, but that's their call.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 30, 2016, 04:11:40 pm
Why?


well I cant talk for every country in the world, but where i live (italy) we have laws such as Articlo 575 Codice Penale (for murder) or Articolo 185 Codice Penale (for generic damages) which state that if someone kills a man he will be prosecuted and sentenced to jail (in normal cases),if to kill it's a company as in this case, there will be one of the dirigents (CEO probably) which will be charged of murder, the second one says that if someone ( either natural or legal person) causes damages to someone else they will have to be refunded for that, goodwill or not who caused the damages will be held responsible, and it's not a mutually exclusive thing, if two different persona's have contributed to the damages being made they will all be guilty, it's like Conspiracy to murder, if my i tie up someone with ropes and a friend of mine kills them, i am also charged with murder, i don't get away with it just because the physical killer was the friend of mine...

Your example situation is ridiculous to start with, it makes no sense to keep it going.

Yes the driver causes the chip to send out the wrong ascii character.  You know what else causes the chip to send out the wrong ascii character?  A typo, interference, a bad connection, etc., or how about the fact that it's a counterfeit part with unknown specs and unknown bugs?  Anybody who would walk up to a machine and start sending it data when a simple typo or miscommunication due to interference or a bad connection could cause it to KILL SOMEONE, deserves to be charged with involuntary manslaughter.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 30, 2016, 04:32:55 pm
If I were FTDI, here's what I'd do: I'd show a message like that and refuse to work with the device. I'd then offer to sell a version of the driver that worked with the counterfeit chip to the product designers affected, who would then pass it on to their end users. This way, I still make money for the time I put into the driver and the designer doesn't have to lose money recalling or replacing all the boards with counterfeit chips on them. (I'd sell the driver for perhaps 1/4 of what the chip sells for.)

You must be joking.  You actually think that would make things better?  If FTDI actually offered an inexpensive means to INTENTIONALLY SUPPORT counterfeits?  That would make the problem even worse.  Why would a supplier even bother to check if their source is legitimate when FTDI would actually offer to support it ANYWAY, for less than the price difference between the counterfeit and the real product???

Why would anybody even bother to buy the real thing at all?  That would legitimize the entire counterfeit operation!
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 04:35:08 pm
Quote
if someone kills a man he will be prosecuted

So if you drive over someone with a car, is it you or the CEO of Fiat that should be charged?

Take that example here, you bought a piece of gear off ebay, plugged it into your computer and as a result, you caused damages to others. You think the person who produced the driver, not you, is responsible?

Do you have ANY personal accountability in our society?
Title: Re: FTDIgate 2.0?
Post by: amyk on January 30, 2016, 04:49:43 pm
Don't think you can patch a signed driver, without all sort of grief booting windows.
A quick search shows that in Win10 it's even easier than Vista/7/8, just boot into "disable driver signing" mode to install the patched driver and then on the next boot it'll be back to the regular mode but unsigned drivers that were installed will continue to work.

They made a decision that the damage to their income and reputation caused by such a prolific infection
:P Pun intended?
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 30, 2016, 05:05:07 pm

Yes the driver causes the chip to send out the wrong ascii character.  You know what else causes the chip to send out the wrong ascii character?  A typo, interference, a bad connection, etc.  Anybody who would walk up to a machine and start sending it data when a simple typo or miscommunication due to interference or a bad connection could cause it to KILL SOMEONE, deserves to be charged with involuntary manslaughter.

well there is a huge difference between interferance, bad connection and stuff and willingly send wrong data if you noticed...

interferance, bad connection and stuff are things that can happen just out of bad luck, and no one can be blamed for that, if Anybody walk up to the machine and sends data, and that data kills someone, well you can bet your ass that the anybody will be charged with manslaughter.

as I said, it is not a case of the microcontroller randomly accepting data at the input, it might be a case of CRC/HASH collision,  or more simply a firmware or silicon bug, is it unlikely? well yes very, the chances of it happening are extremely small, it doesn't need to be immediate it just need to be caused by the driver sent text...

then again if the equipment in question is poorly designed the manifacturer will be blamed, but FTDI will also be blamed, it's not that what they have done was necessary, they could have refused to comunicate with the device, if the ic is fake you tell the driver to shut the fuck up, no bricked device, no wrong data, nothing and it would have been al fine, but no they choose to be childish and do what the 5 year old at the kindergarden would have done...

no one is advocating for letting the fakes go, but doing this shit is totally unecessary,or else prove that sending fake data is more effective at fighting counterfeits than refusing to work(provvided you tell the user on the PC it has got the fake IC and all).Fakes will always be with us, be it IC, clothing or anything really, as long as there is an original part, there will be fakes the sooner they get on with it the better, it's like music/film piracy they can use all the DRM's they want they will not stop pirates form reverse engineering or even recording the screen with a camcoder, you will only make the life harder for real users


Quote
if someone kills a man he will be prosecuted
So if you drive over someone with a car, is it you or the CEO of Fiat that should be charged?

it's more like:

i buy a fake ferrari (fake fiat are hard to come by  :-DD)
i'm dumb enough  to take it to the autorized dealer to get the oil changed
the dealer notices that it's a fake ferrari and applies the company rule to flash to the Veichles control unit code that randomly modifies the throtle and brake signals just because they can
while speeding I run  over the poor guy crossing on the zebras because my car refused to brake/kept accellerating

would the ceo of ferrari that instated the rule to flash the modified firmware be held responsible? of course
will i be held responsible and go to jail? shure, i killed a man and i must go to jail

Quote
Do you have ANY personal accountability in our society?
[\quote]

as I already told (if you missed it)

responsibility it's not a mutually exclusive thing, if two different persona's have contributed to the damages being made they will all be guilty

so it can also be that both ferrari ceo and will be found co-responsible and we sill go to jail together (with love XD), since for him to be responsible does not mean that i'm not
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 05:05:51 pm
Everyone is so caught up in the temporary inconvenience and hardship experienced by users and designers RIGHT NOW, as FTDI rolls out these drivers.  Yes, it's hard, RIGHT NOW, but if FTDI keeps it up it will be very easy.
You keep saying there's no way to identify fakes.  THERE IS, NOW.  In fact it would be difficult to make it any easier.
You keep saying that you might develop a product, send it out, and it later gets bricked.  Not if they keep this up.  You'd brick your own board as soon as you started development, and all you have to do is plug the customer's board in, hit a character, and you'd know if it's genuine or not.  It would never get into the hands of your customers with a fake chip on it.

Wrong... your development board does not have the sam FTDI chip on it as the ones you send to ur customers. If you buy a few chips for development, u usually won't buy from the same seller where you buy thousands afterwards. And, depending on availability (and sure, also price) you will have to change sellers from time to time.

The reason it's such a pain is because FTDI did nothing for so long, and allowed the problem to get as bad as it is.  Had they been doing this from the beginning, it wouldn't be a problem, and if they keep it up it won't be a problem for much longer.  Again, end-users don't know enough to blame FTDI, the only thing they're going to do is blame the manufacturer, as they rightly should.  The manufacturer will be hurt, yes, but the build house who sourced these parts will be hurt worse in the long run, and the supplier who provided the parts will be hurt the worst in the end.  It's a war between FTDI and counterfeiters, and yes manufacturers and end-users are getting caught in the crossfire, but it had to be done.

You're sure it won't be a problem for longer? I'm pretty sure there will be (or are already) fake chips that aren't recognized by the driver now. In the future, FTDI will also find a way to identify these. What will they do then? The same again? This problem will stay around for long time...



Just for comparison. If Microsoft decided to shut down every PC with a fake licence just by a windows update, or even worse, write "THIS COPY OF MICROSOFT WINDOWS IS ILLEGAL!" to all your personal documents, what would have happened? If you think FTDI has the right to do what they did, Microsoft should have exactly the same right, right? That would be fun.
However, Microsoft is a good company, they just tell you that your licence isn't valid but let you still use your computer for limited time to backup your data.
Title: Re: FTDIgate 2.0?
Post by: rich on January 30, 2016, 05:13:03 pm
The reason it's such a pain is because FTDI did nothing for so long, and allowed the problem to get as bad as it is.  Had they been doing this from the beginning, it wouldn't be a problem, and if they keep it up it won't be a problem for much longer.

Yup. This is the part that a lot of instantaneous internet outrage seems to ignore. But to follow through, FTDI will need to close down all clones and quickly identify new ones. It sounds like a task that would require exponentially increasing resources as clones get more clone-y. So I'm not sure total eradication is possible, but all FTDI needs to do is move the cloners on to picking a different company to clone.

FTDI demonstrated that it has no consideration for anyone but themselves with the previous malicious bricking incident. Any end-users/design/manufacturers who did make reasonable due-dillegence efforts and still got caught out are simply collateral damage in FTDI's eyes. Hence why those outraged will rightfully choose to avoid FTDI.
Title: Re: FTDIgate 2.0?
Post by: Ian.M on January 30, 2016, 05:15:29 pm
The only stupidity in the idea to sell a licence to continue to use the FTDI driver, is the idea that it should be at a discount.   Take the average retail price of a FTDI chip, add on the cost of maintaining licence servers, staying current with crackers trying to break the node locking technology, transaction and support costs costs etc. and it will probably turn out to be in the $10 to $15 range.   That's still attractive to end users who have $expensive$ equipment down due to supply chain contamination, but would kill the cheap clone cable and module market stone dead and would gain FTDI data on what the non-genuine chips are being found in, and where. 
Title: Re: FTDIgate 2.0?
Post by: rich on January 30, 2016, 06:05:52 pm
That is a bit ransomware though - FTDI could deviously wait until a clone they already know about hits end users in large enough quantity, then release a new driver update which holds the unsuspecting end users exploited. I wouldn't put it past FTDI to already be sending clone data back over the internet from the driver, seem like something they wouldn't think was unethical.
Title: Re: FTDIgate 2.0?
Post by: rrinker on January 30, 2016, 06:11:39 pm
 timb pretty much summed up what I was going to say. You as the designer of a product may specify and use only genuine FTDI chips. Your prototypes all use only the genuine item. Your specifications all say only genuine FTDI.
 Then it goes into production. One week, your production house gets a new shipment of FTDI chips from the very same distributer they've always been getting them from. Only this time, they are fakes. The distributor ordered them from the same supplier they always have, and have gotten the genuine article. Except this time. Now a few thousand of your product are out there with fake FTDI chips, and along comes the drive update and renders them useless. Batches before and batches after don't have a problem. You, and your company, never ever set out to take the cheap way out and use fake FTDI chips - your spec even says FTDI, not some cheap fake or clone. FTDI then causing your product to fail is simply WRONG no matter how you look at it.
 I'm not sure what danny is missing here. How can you not think this is wrong? It does nothing to stop the fakes. It MIGHT stop someone from deliberately specifying fake chips, but the end user doesn't know or care, all they know is their Brand X widget stopped working, Brand X must be a bunch of dopes and I demand my money back. Yet Brand X specified only genuine FTDI chips in their design and to their manufacturing house. There's a HUGE difference between deliberately from the outset using counterfeit parts to save money, and getting stung later by something in the supply chain. Remember the capacitor problem a bunch of years back? The product suppliers weren't specifying cheap junk capacitors, they were specifying high quality known brands, and in manufacturing ended up getting crappy fakes labelled as the good stuff.
 What's the solution? As a designer, never use FTDI again, so that even if something out of your control happens later on in production, your customers won't be storming the HQ with torches and pitchforks demanding someone's head because their devices stopped working.
 Is there anyone with a brain at FTDI that can actually see how stupid this policy is?

Title: Re: FTDIgate 2.0?
Post by: wraper on January 30, 2016, 06:19:39 pm
It does nothing to stop the fakes.
Oh, yes it does. Just look how Chinese arduinos stopped to use fake FTDI chips and switched mostly to CH340. And I think in most cases they did know very well what they put in those arduinos, and had no intention to use genuine parts in the first place. This FTDIgate made this problem publicly known and now people think twice before getting them from dubious sources. Also it made the existing stock of the fake chips being useless junk.
Title: Re: FTDIgate 2.0?
Post by: zapta on January 30, 2016, 06:21:05 pm
I am reading this on Wikipedia's FTDI page

Quote
The company also stated that it was working to create an updated driver which would notify users of non-genuine FTDI products in a "non-invasive" manner.[9][6] The new driver was made available on 3 July 2015.[10] The "non-invasive" method has been found very confusing by some users.[11]

How does the driver "notify users of non-genuine FTDI products" ? 
Title: Re: FTDIgate 2.0?
Post by: wraper on January 30, 2016, 06:25:09 pm
interferance, bad connection and stuff are things that can happen just out of bad luck, and no one can be blamed for that
No, it is not a bad luck. It is poor design or poor implementation.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 06:26:27 pm
How does the driver "notify users of non-genuine FTDI products" ?

It does it in the way that I discovered in my first two post. It substitutes all data sent via the RS232 by the characters "NON GENUINE DEVICE FOUND!" which, in fact, is the most invasive way I can think of.  |O
Title: Re: FTDIgate 2.0?
Post by: Muxr on January 30, 2016, 06:27:43 pm
It would have been a far more effective strategy from FTDI to just display a, "warning: non-genuine FTDI chip in the device" and continue operating as intended, than to brick people's devices.

I hate counterfeit parts as much as the next guy, but the cat's been out of the bag for a long time, this just makes me wary of using anything from FTDI, because they lack tact in dealing with the issue.
Title: Re: FTDIgate 2.0?
Post by: zapta on January 30, 2016, 06:29:48 pm
How does the driver "notify users of non-genuine FTDI products" ?

It does it in the way that I discovered in my first two post. It substitutes all data sent via the RS232 by the characters "NON GENUINE DEVICE FOUND!" which in fact ist the most invasive way I can think of.  |O

Does it assume that most appliances with FTDI display the serial communication to the end user? Doesn't make much sense to me.

Since it's a recent Windows update, I presume that got Microsoft's approval for this behavior.
Title: Re: FTDIgate 2.0?
Post by: Ian.M on January 30, 2016, 06:37:52 pm
That is a bit ransomware though - FTDI could deviously wait until a clone they already know about hits end users in large enough quantity, then release a new driver update which holds the unsuspecting end users exploited. I wouldn't put it past FTDI to already be sending clone data back over the internet from the driver, seem like something they wouldn't think was unethical.
Its no more ransomware than Microsoft's 'genuine advantage' program was.
It would also get the user to register, which gets details of the item containing the detected chip, to aid in tracing how the counterfeits got itnto the supply chain.   If could even, in some cases, be free to the end user if the manufacturer has detected a supply chain problem and bought a volume licence from FTDI so they can avoid a product recall.

If you have a product manufactured using a board assembly contractor, can you always be 100% certain that nobody 'borrowed' a reel of genuine FTDI chips you supplied because they were short on another order and then replaced them locally?  Unfortunately controlling supply chain contamination requires secure manufacturing which pushes up product cost to the point where cheaper items cannot compete effectively on the retail market.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 06:40:02 pm
Does it assume that most appliances with FTDI display the serial communication to the end user? Doesn't make much sense to me.

Since it's a recent Windows update, I presume that got Microsoft's approval for this behavior.
It doesn't make sense at all...

Version 2.12.12 is a new Version that is delivered with windows update since beginning of January ... However, it looks like the previous version, also containing this fake detection behavior is available since July 2015 but I don't know if it was delivered via windows update... I guess I would have noticed it, if it had been deployed by windows update in July 2015 but I cannot know for sure. I don't exactly know why I had no problems since end of 2014 (after unbricking by devices from PID 0000) until yesterday...
Title: Re: FTDIgate 2.0?
Post by: rrinker on January 30, 2016, 06:42:43 pm
How does the driver "notify users of non-genuine FTDI products" ?

It does it in the way that I discovered in my first two post. It substitutes all data sent via the RS232 by the characters "NON GENUINE DEVICE FOUND!" which in fact ist the most invasive way I can think of.  |O

Does it assume that most appliances with FTDI display the serial communication to the end user? Doesn't make much sense to me.

Since it's a recent Windows update, I presume that got Microsoft's approval for this behavior.
The only approval Microsoft does for certified drivers is to validate that they come from who they say they are from, and maybe not break Windows. Since what FTDI did doesn't crash Windows or fail to install as a driver, that's as far as it goes. If the driver bricks a non-genuine FTDI chip in some downstream device, Microsoft doesn't really care, or really even have the means for testing that sort of thing.

Title: Re: FTDIgate 2.0?
Post by: wraper on January 30, 2016, 06:47:46 pm
Why don't FTDI drivers simply refuse to work with fake devices and display some warning message? That would be 100% fine and clear to everyone. Remember that FTDI drivers have SW capability to detect fakes by SW means - end user/supplier/vendor do not have this capability.
To do this, they would need to install same crappy app loading every time windows boots. No thanks, there is already enough of junk doing this.
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 06:57:43 pm
"Except this time. Now a few thousand of your product are out there with fake FTDI chips, ..."

Why is that it is ftdis faulty that you have lax production control? Just because you cannot assure that the real thing is used in your products, some one else has to support it?

Does it sound reasonable to you?
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 07:03:40 pm
Why is that it is ftdis faulty that you have lax production control? Just because you cannot assure that the real thing is used in your products, some one else has to support it?

They do not have to support it. But they have no right to manipulate it either.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 07:08:17 pm
To do this, they would need to install same crappy app loading every time windows boots. No thanks, there is already enough of junk doing this.
I'm not much into programming device drivers but I'm sure there is a way of notifying the user without a permanently running application...
Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 30, 2016, 07:11:29 pm
The solution is easy, people that have used fake FTDI chips should write their own driver, make it available to everyone so a new patch can be issued after forking the money for the new USB device and vendor ID.

Then FTDI is happy and so is the rest.

After all if its thousands of devices out there the cost amongst all of the developers would be minimal, and then you can still pay less for those counterfeit chips instead of the real deal.

Other vendors make FTDI pin compatible devices, but using their own design and drivers.

Also any manufacturer that developed a product that is tainted by the fake chip, has the means to test if the chip is fake or not and if it is fake, then support their product by providing a firmware patch with their own device driver with that new device and vendor ids.

 :popcorn:
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 30, 2016, 07:12:43 pm
interferance, bad connection and stuff are things that can happen just out of bad luck, and no one can be blamed for that
No, it is not a bad luck. It is poor design or poor implementation.


so you can abslutely guarantee that in any case and under any circunstance the product you will design will not fail if subjected to any pattern of connection/disconnection/reconnection cycles due to a bad connection or to any interferance whatsoever whitout ever causing a problem to the circuit???

if so why are you here talking and not making billions upon billions selling guaranteed EMI/EMP immune gear to the military forces of the whole world

the fact is that designing a reasonably safe product is doable, designing a guaranteed safe commercial (well even in 1 off quantity where you can forget the process variation and you can chose precise components) product is impossible, there always will be the corner case where the product will fail, also guaranteeing
that the failure will lead to any damage is not doable either

in the folowing pdf you can see a vast range of examples of failures due to EMI in NASA and other mainly US military gear and vehicles, since you said so we must conclude that NASA and others cited in this article don't know how to design electronic equipment

http://www.cvel.clemson.edu/pdf/nasa-rp1374.pdf (http://www.cvel.clemson.edu/pdf/nasa-rp1374.pdf)
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 07:15:38 pm
"But they have no right to manipulate it either."

How do they "manipulate" it?

Again, for a group that often holds other people to the highest standard of morality, you collectively seem to have a very low bar for yourself.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 07:22:31 pm
How do they "manipulate" it?

My Software is sending "YES" to my device and the FTDI driver converts it to "NON" being sent to my device.

What is it other than manipulation?
Title: Re: FTDIgate 2.0?
Post by: zapta on January 30, 2016, 07:23:34 pm
"But they have no right to manipulate it either."

How do they "manipulate" it?

By intentionally modifying the data sent to the device and not informing the end user about it.
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 30, 2016, 07:28:30 pm
"Except this time. Now a few thousand of your product are out there with fake FTDI chips, ..."

Why is that it is ftdis faulty that you have lax production control? Just because you cannot assure that the real thing is used in your products, some one else has to support it?

Does it sound reasonable to you?

so since is designer's/manifacturer's fault for not checking you can guarantee  and certify that you made shure each and every component you ever specified, active, passive or connector was genuine and that no product did not have any fake part whatsoever?

obviously just buying them on farnell/digikey doesn't count since it's pretty much established that in rare occasion (and not for their fault i'll say) they have sold fake parts (there is even a video where dave got burned from digikey)
Title: Re: FTDIgate 2.0?
Post by: Refrigerator on January 30, 2016, 07:36:59 pm
Wait, does this new driver say "Marco" and expect "Polo" from the original and if it gets nothing it refuses to work ?
How long will it take for the chinese manufacturers to mimic the original ? From what i know the fake FTDI has a mask ROM so all the chinese have to do is to change the mask ?  :popcorn:
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 30, 2016, 07:53:31 pm
probably it'll be some kind of challenge and response mechanism (like ftdi driver send some random bits as challenge, FTDI chip, which is nothing else then a glorified special purpose microcontroller calculate a math function (most probably a hash of some sort) and then spits the answare back to the PC, so is a bit more complicated than just changing a couple of masks

that sais it's not that difficult to reverse engineer the function given enough time with enough math and silicon reverse engineering capabilities as you said i totally expect chinese to change slightly the design and make use of said driver...

DRM (to which this is related) has never, ever, ever worked, it might fend of random casual joe blog's kind of counterfeiters, but chineese industry is not that easy to fool...
Title: Re: FTDIgate 2.0?
Post by: MT on January 30, 2016, 07:57:17 pm
Quote
if someone kills a man he will be prosecuted
So if you drive over someone with a car, is it you or the CEO of Fiat that should be charged?

CEO of FIAT! Because they make so lousy cars!

A Japanese who was killed by the atom bomb once sued US government for dropping it.
Court later found that the Japanese should have sued the guy in the plane who opened the bomb bay doors.
Title: Re: FTDIgate 2.0?
Post by: wraper on January 30, 2016, 08:05:22 pm
they have sold fake parts (there is even a video where dave got burned from digikey)
Most likely they were not fakes and Dave didn't say they are fakes. Most likely Digikey put a wrong part (5%) in the package as it wasn't a full reel.
Title: Re: FTDIgate 2.0?
Post by: 0xdeadbeef on January 30, 2016, 08:05:40 pm
Wait, does this new driver say "Marco" and expect "Polo" from the original and if it gets nothing it refuses to work ?
How long will it take for the chinese manufacturers to mimic the original ? From what i know the fake FTDI has a mask ROM so all the chinese have to do is to change the mask ?  :popcorn:
There is no hint that this (not so) new driver uses a different approach than the older one from 2014 that bricked devices. The idea was (and probably still is) that the genuine chips accept only 32bit (2x16bit) EEPROM writes but some clones accept also single 16bit writes. So if the write succeeds, it's a fake. Or something like that.
Then again, even back then it was clear that only a part of the clones can be identified this way. I have dirt cheap FTDI based USB/UART interfaces from China with suspicious markings and a much too small and sharp pin 1 dent. Still they weren't and aren't identified as fakes.
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 08:06:03 pm
"My Software is sending "YES" to my device and the FTDI driver converts it to "NON" being sent to my device."

Ftdi driver does that because forbthe real thing to transmit "yes" it has to receive a "no". But the counterfeit chip doesn't understand that.

That's still ftdis fault?

Sounds like you know who the fault guy is. You are just refusing to acknowledge it.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 08:13:13 pm
"My Software is sending "YES" to my device and the FTDI driver converts it to "NON" being sent to my device."

Ftdi driver does that because forbthe real thing to transmit "yes" it has to receive a "no". But the counterfeit chip doesn't understand that.

That's still ftdis fault?

Sounds like you know who the fault guy is. You are just refusing to acknowledge it.

No, you got me completely wrong. As I confirmed in the second post in this thread, the FTDI driver makes a fake chip send "NON GENUINE DEVICE FOUND!" repeatedly for any character I try to send...

Sending "123" also gets converted to "NON" and "F*** OFF FTDI"  to "NON GENUINE " ...
Title: Re: FTDIgate 2.0?
Post by: zapta on January 30, 2016, 08:19:54 pm
"My Software is sending "YES" to my device and the FTDI driver converts it to "NON" being sent to my device."

Ftdi driver does that because forbthe real thing to transmit "yes" it has to receive a "no". But the counterfeit chip doesn't understand that.

Doesn't sound reasonable that the driver sends "NON GENUINE DEVICE FOUND!" to genuine chips. They intentionally manipulate the data the app sends.

If they would do it from day 1 it would be OK. Having a Windows update regressing working products is bad. Buying a FTDI based product is a long term risk.
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on January 30, 2016, 08:26:06 pm
I have a hard time understanding why there is such a pissy contest here: FTD is under no obligation to produce a driver that supports counterfeit parts. All you need to do is to make sure a) there is a driver for your counterfeit parts; or b) buy the real thing.

For a group that seems to denounce other people based on the slightest infringement of your moral high moral standard, you seem to have a very low moral standard for yourself.

I just don't have the time, using another part / solution is easier for me and my customers.
Title: Re: FTDIgate 2.0?
Post by: Karel on January 30, 2016, 08:56:08 pm
Buying a FTDI based product is a long term risk.

Nope, no risk at all. Buying a fake chip is a risk.
I don't feel pitty for people who buy cheap chinese (clone) products and start whining when it stops working.


Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 09:02:25 pm
Quote
the FTDI driver makes a fake chip send "NON GENUINE DEVICE FOUND!"

What's wrong with that? their driver isn't designed to work with counterfeit chips and god knows what dire consequences they could be if the counterfeit mis-behaved.

At the heart of the issue is if you think ftdi is obligated to support counterfeit chips. If you think 'yes', you have a (legal) Everest to climb in court, and gazillion $$$ to make off of suing FTDI.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 09:07:20 pm
Quote
the FTDI driver makes a fake chip send "NON GENUINE DEVICE FOUND!"

What's wrong with that? their driver isn't designed to work with counterfeit chips and god knows what dire consequences they could be if the counterfeit mis-behaved.

At the heart of the issue is if you think ftdi is obligated to support counterfeit chips. If you think 'yes', you have a (legal) Everest to climb in court, and gazillion $$$ to make off of suing FTDI.
Once again (and for the last time), just not supporting a fake chip is fine, making it send manipulated wrong and potentially harmful data is not.
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 09:25:24 pm
Quote
making it send manipulated wrong and potentially harmful data is not.

why? To borrow, "what difference does it make?"

When you are actually damaged from such wrong data, you may have a standing to sue. Until then, you are out of luck.
Title: Re: FTDIgate 2.0?
Post by: Ian.M on January 30, 2016, 09:36:07 pm
FTDI could have just written a driver which randomly drops approximately one byte in N if a non-genuine chip is detected.  Start off with N fairly high and decrease it towards 1 in 1000 over time.   Result: fakes and clones get a reputation for being flaky.

If they'd done that originally, FTDIgate would never have happened and they'd still have a reputation as a premium brand for USB connectivity, instead of driving many smart developers to consider alternative chips.
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 09:38:58 pm
Quote
The safest way to avoid fake parts in your product is not to buy jelly bean parts.

I think if you avoid ebay and Chinese parts, you have eliminated 99% of the chance of getting con'd.

Cheap parts are expensive in the end, as the old saying would have it.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 30, 2016, 09:44:37 pm
FTDI could have just written a driver which randomly drops approximately one byte in N if a non-genuine chip is detected.  Start off with N fairly high and decrease it towards 1 in 1000 over time.   Result: fakes and clones get a reputation for being flaky.

If they'd done that originally, FTDIgate would never have happened and they'd still have a reputation as a premium brand for USB connectivity, instead of driving many smart developers to consider alternative chips.

Yeah right, great idea  |O ... Intentionally manipulating computer data / systems can be considered crime, regardless if the device is yours or fake.

Once again. Just imagine Microsoft would randomly delete some bytes of the files you create on PCs with a non genuine licence...
Title: Re: FTDIgate 2.0?
Post by: rs20 on January 30, 2016, 09:55:03 pm
You know, we can debate the legality (yes), morality (no) and stupidity (yes) of FTDI's decision all we want; but it's all irrelevant because these are the death throes of a company rendered obsolete by the availability of US$0.62 MCUs with USB built in... It's not as if Windows doesn't have a CDC class driver built in that can be referred to by a simple text INF file. The driver in question doesn't care who made the chip! It hasn't been seen to corrupt customer data, not even once!

This company used to be based on a real need; now it's staying afloat due to sheer laziness of designers who would rather spend dollars and board space on a problem that can now be solved with a #include. I used to be one of those designers until the first "FTDIgate", it was just the wake-up call I needed because now my designs are smaller and cheaper! Thanks FTDI!  :D
Title: Re: FTDIgate 2.0?
Post by: wraper on January 30, 2016, 10:01:36 pm
FTDI could have just written a driver which randomly drops approximately one byte in N if a non-genuine chip is detected.  Start off with N fairly high and decrease it towards 1 in 1000 over time.   Result: fakes and clones get a reputation for being flaky.
No, FTDI would get a reputation of being flaky. Before FTDI, the most popular were Prolific chips. Counterfeits worked unreliably with the new drivers computer could even catch a BSOD with them. Needless to say, for most of the people it appeared that Prolific chips were crap, not that they have bought a counterfeit.
Title: Re: FTDIgate 2.0?
Post by: rrinker on January 30, 2016, 10:45:53 pm
"Except this time. Now a few thousand of your product are out there with fake FTDI chips, ..."

Why is that it is ftdis faulty that you have lax production control? Just because you cannot assure that the real thing is used in your products, some one else has to support it?

Does it sound reasonable to you?

 Does it sound reasonable to you that someone's device is ruined by the driver? The buyer had no clue a fake FTDI chip was used.

I don't think anyone here would have a problem if it simply did not work if a fake FTDI chip was detected. No writing back to the device in a way that destroys it, no altering the communications. Just - doesn't work unless a genuine FTDI chip is used. That's entirely within FTDI's rights. Intentionally damaging a device is over the line.
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on January 30, 2016, 10:52:54 pm
You know, we can debate the legality (yes), morality (no) and stupidity (yes) of FTDI's decision all we want; but it's all irrelevant because these are the death throes of a company rendered obsolete by the availability of US$0.62 MCUs with USB built in... It's not as if Windows doesn't have a CDC class driver built in that can be referred to by a simple text INF file. The driver in question doesn't care who made the chip! It hasn't been seen to corrupt customer data, not even once!

This company used to be based on a real need; now it's staying afloat due to sheer laziness of designers who would rather spend dollars and board space on a problem that can now be solved with a #include. I used to be one of those designers until the first "FTDIgate", it was just the wake-up call I needed because now my designs are smaller and cheaper! Thanks FTDI!  :D

No argument here.
Title: Re: FTDIgate 2.0?
Post by: rich on January 30, 2016, 11:09:15 pm
FTDI could have just written a driver which randomly drops approximately one byte in N if a non-genuine chip is detected.  Start off with N fairly high and decrease it towards 1 in 1000 over time.   Result: fakes and clones get a reputation for being flaky.
No, FTDI would get a reputation of being flaky. Before FTDI, the most popular were Prolific chips. Counterfeits worked unreliably with the new drivers computer could even catch a BSOD with them. Needless to say, for most of the people it appeared that Prolific chips were crap, not that they have bought a counterfeit.

Well, the Prolific driver shouldn't have caused a BSOD, I'd say they got the reputation they deserved.
Title: Re: FTDIgate 2.0?
Post by: 0xdeadbeef on January 30, 2016, 11:14:58 pm
Yeah, this sounds like a cheap excuse. Prolific drivers were crap and FTDI drivers just worked - that's why FTDI USB/UART bridges became so successful.
That's also why I still stay with FTDI if I need a USB/UART interface. Of course I prefer micros with USB where possible.
Title: Re: FTDIgate 2.0?
Post by: wraper on January 30, 2016, 11:26:20 pm
Yeah, this sounds like a cheap excuse. Prolific drivers were crap and FTDI drivers just worked - that's why FTDI USB/UART bridges became so successful.
That's also why I still stay with FTDI if I need a USB/UART interface. Of course I prefer micros with USB where possible.
This is not an excuse but a constatation of the fact what would be the result if such bright idea would be implemented by FTDI.
Title: Re: FTDIgate 2.0?
Post by: C on January 30, 2016, 11:38:38 pm

Some here like cars in the mix
FTDI gave out keys to the door lock for cars using it's lock.

Old way was open door and get in.

New FTDI test for clones is to Open door and run window down and up with door open. This should take 30 sec.

Now to make it personal, with clones.

Your car has the real thing.
Daughter's car which has a clone tales 28 sec.
Mom's car which has a non clone but same key code takes one minute.
Wife/girlfriend has a clone or real thing that takes 30 sec.

The Wife/girlfriend has a problem finding her car in large parking lots. Her cure is to close the window on a streamer so she can find the car.

If you run your simple safe test what is the results?
It just happens to be raining cats & dogs when you make your test.

Think you should see is what looks to be a safe test harms everyone in this case.
Any change in a driver can have a side effect.


 
Title: Re: FTDIgate 2.0?
Post by: dannyf on January 30, 2016, 11:43:01 pm
Quote
Does it sound reasonable to you that someone's device is ruined by the driver? ***The buyer*** had no clue a fake FTDI chip was used.

Don't you think you answered your question eloquently? emphasis mine.

Who do you think is responsible for a moron running his car off a cliff? The car CEO or the moronic driver?
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 31, 2016, 12:22:40 am
Does it sound reasonable to you that someone's device is ruined by the driver?
No, it was ruined by a counterfeit device making its way into the supply chain.

The buyer had no clue a fake FTDI chip was used.
Doesn't matter.  It's a problem that they received a counterfeit part, and they should take it up with the person who sold them the board/chip.  Run the blame up the chain until the person who made the decision to INTENTIONALLY sell counterfeit devices as legitimate ones gets what they have coming.

For all we know, THIS HAS ALREADY HAPPENED!  Remember, this entire thread is based around a person who intentionally bought a knockoff device that they KNEW had counterfeit parts.  We have NO reason to believe there are ANY counterfeit FTDI chips still in legitimate supply chains.  The last "FTDI-gate" shined a spotlight on the problem and forced distributors to re-examine their supply chains.  We have no reason to believe it didn't work, do we?
Title: Re: FTDIgate 2.0?
Post by: nctnico on January 31, 2016, 01:00:50 am
Everyone is so caught up in the temporary inconvenience and hardship experienced by users and designers RIGHT NOW, as FTDI rolls out these drivers.  Yes, it's hard, RIGHT NOW, but if FTDI keeps it up it will be very easy.
You keep saying there's no way to identify fakes.  THERE IS, NOW.  In fact it would be difficult to make it any easier.
You keep saying that you might develop a product, send it out, and it later gets bricked.  Not if they keep this up.  You'd brick your own board as soon as you started development, and all you have to do is plug the customer's board in, hit a character, and you'd know if it's genuine or not.  It would never get into the hands of your customers with a fake chip on it.
This is rather short sighted... The cloners already have a better chip rolling from the production lines so in a few months FTDI has to find a different way of identifying fakes. There is no way of telling that won't affect boards with real FTDI chips but what is certain is that when the differences between the clones and the real ones get smaller the detection algorithm has to be close to the edge so it is very likely that a real chip will be identified as a fake one. Worse, if they use timing related tests then it may fail every now and then leaving the end user with a device which doesn't work every now and then.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 31, 2016, 01:10:31 am
Everyone is so caught up in the temporary inconvenience and hardship experienced by users and designers RIGHT NOW, as FTDI rolls out these drivers.  Yes, it's hard, RIGHT NOW, but if FTDI keeps it up it will be very easy.
You keep saying there's no way to identify fakes.  THERE IS, NOW.  In fact it would be difficult to make it any easier.
You keep saying that you might develop a product, send it out, and it later gets bricked.  Not if they keep this up.  You'd brick your own board as soon as you started development, and all you have to do is plug the customer's board in, hit a character, and you'd know if it's genuine or not.  It would never get into the hands of your customers with a fake chip on it.
This is rather short sighted... The cloners already have a better chip rolling from the production lines so in a few months FTDI has to find a different way of identifying fakes. There is no way of telling that won't affect boards with real FTDI chips but what is certain is that when the differences between the clones and the real ones get smaller the detection algorithm has to be close to the edge so it is very likely that a real chip will be identified as a fake one. Worse, if they use timing related tests then it may fail every now and then leaving the end user with a device which doesn't work every now and then.

FTDI doesn't have to make it impossible to clone, they just have to make it difficult enough that the counterfeiters move on to another target.  They've already forced the arduino knockoff makers to switch from FTDI fakes to another manufacturer, and if the legitimate distribution channels have closed the holes in their supply chains, who are the counterfeiters going to sell to?  Where is the market, and why would they spend more and more time fighting FTDI when they could just move to another chip?
Title: Re: FTDIgate 2.0?
Post by: timb on January 31, 2016, 01:12:49 am

Quote
Does it sound reasonable to you that someone's device is ruined by the driver? ***The buyer*** had no clue a fake FTDI chip was used.

Don't you think you answered your question eloquently? emphasis mine.

Who do you think is responsible for a moron running his car off a cliff? The car CEO or the moronic driver?

You and eggroll seem to have reading comprehension problems.

I don't care about people like the OP who intentionally buy cheap Chinese Arduino clones.

What I care about are small shops like myself and others on here. People who design products for their own small companies or are consultants that help other small companies do the same.

We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.

We're not big enough to have an entire team on the ground 24/7 in China, which is why we have to use contract manufacturers in the first place! We might not be able to afford buying 100,000 chips directly from FTDI, which is why we use DigiKey et al.

If an entire batch of products get out into the wild and 6 months later FTDI decides to brick them, it's a disaster. Not only is our reputation gone, but it could cause us to go bankrupt.

A counterfeit 74-series logic chip or LM317 has never caused anyone to go bankrupt.

So, to remove that risk I won't use FTDI parts. That solves the problem for me. If FTDI goes out of business as a result, it's a shame, but they made the choice to alienate their customers and, as a result, lost their free ride.

The real problem at FTDI was precisely that free ride. They relied far too much on sales of a USB to Serial converter. Something most MCUs have built in these days and tons of other manufacturers make.

I suppose they tried, with things like that absolutely terrible GPU chip, but there was no real innovation there. It was nothing Chinese LCD chipset vendors and 4D Systems hadn't been doing for years, only less powerful and far too expensive. There was no innovation.

I think that sums up FTDI's biggest problem: Lack of innovation and vision.
Title: Re: FTDIgate 2.0?
Post by: rs20 on January 31, 2016, 01:24:13 am
They've already forced the arduino knockoff makers to switch from FTDI fakes to another manufacturer...

I think the most hilarious and beautiful thing is that even genuine Arduinos* have switched from FTDI to another manufacturer. Not due to FTDIgate, but due to simple obsolescence.  It does make me dream about that parallel universe where they used a second Atmel part instead of FTDI from day one**, and implemented a proper debugger rather than the obscene bootloader hack that we're stuck with today. But I'm getting offtopic.

* as listed on their current site, the Uno, Leonardo, Zero etc
** presumably USB AVRs didn't even exist back then?
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on January 31, 2016, 02:05:58 am

Quote
Does it sound reasonable to you that someone's device is ruined by the driver? ***The buyer*** had no clue a fake FTDI chip was used.

Don't you think you answered your question eloquently? emphasis mine.

Who do you think is responsible for a moron running his car off a cliff? The car CEO or the moronic driver?

You and eggroll seem to have reading comprehension problems.

I don't care about people like the OP who intentionally buy cheap Chinese Arduino clones.

What I care about are small shops like myself and others on here. People who design products for their own small companies or are consultants that help other small companies do the same.

We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.

We're not big enough to have an entire team on the ground 24/7 in China, which is why we have to use contract manufacturers in the first place! We might not be able to afford buying 100,000 chips directly from FTDI, which is why we use DigiKey et al.

If an entire batch of products get out into the wild and 6 months later FTDI decides to brick them, it's a disaster. Not only is our reputation gone, but it could cause us to go bankrupt.

A counterfeit 74-series logic chip or LM317 has never caused anyone to go bankrupt.

So, to remove that risk I won't use FTDI parts. That solves the problem for me. If FTDI goes out of business as a result, it's a shame, but they made the choice to alienate their customers and, as a result, lost their free ride.

The real problem at FTDI was precisely that free ride. They relied far too much on sales of a USB to Serial converter. Something most MCUs have built in these days and tons of other manufacturers make.

I suppose they tried, with things like that absolutely terrible GPU chip, but there was no real innovation there. It was nothing Chinese LCD chipset vendors and 4D Systems hadn't been doing for years, only less powerful and far too expensive. There was no innovation.

I think that sums up FTDI's biggest problem: Lack of innovation and vision.

Nailed it.
Title: Re: FTDIgate 2.0?
Post by: zapta on January 31, 2016, 02:29:27 am
Nailed it.

Like this?

(https://s-media-cache-ak0.pinimg.com/236x/43/d7/46/43d74647b9e6153f74a3c17d254b8a4a.jpg)
Title: Re: FTDIgate 2.0?
Post by: C on January 31, 2016, 02:32:49 am
FT232R data sheet
http://www.ftdichip.com/Support/Documents/DataSheets/ICs/DS_FT232R.pdf (http://www.ftdichip.com/Support/Documents/DataSheets/ICs/DS_FT232R.pdf)

Page 46
First data sheet release August 2005

So the question is when the first chip from FTDI was released
When was the first clone?

Someone with something that was using a RS-232 hardware serial port shifts to using it's USB port via windows.
Someone with something that was using a Linux USB port shifts to using it's USB port via windows.

In both cases FTDI caused the damage, harm and cost owner time.
And as many have stated the repair costs are HUGE and should be paid for by FTDI.

The source for the something could no longer be in business.

I think it has been stated that you can make a chip that talks USB with out being a member of USB-IF.
Two 16-bit numbers does not grant FTDI any rights to damage third party hardware if someone can use the number legally.

ASYNC serial was a big problems back in the 70's. There is no safe way to identify what is on the other end. Any auto configure that a computer could do needed a way to disable auto configure.

The cure is any end user sending back anything that identifies it's self as a USB to serial device with one exception! That it is intended to talk to very old serial devices.

Nailed it.
Think you missed

Lack of innovation and vision of the users of USB to serial chips.
Title: Re: FTDIgate 2.0?
Post by: rrinker on January 31, 2016, 03:21:11 am
Quote
Does it sound reasonable to you that someone's device is ruined by the driver? ***The buyer*** had no clue a fake FTDI chip was used.

Don't you think you answered your question eloquently? emphasis mine.

Who do you think is responsible for a moron running his car off a cliff? The car CEO or the moronic driver?

 So the common consumer buyer of a piece of consumer gear should know the details of the internal circuitry and know if there is a real or fake FTDI chip in there? You are confusing electronic experimenters and professionals with the general public who in no way would have the slightest clue nor the knowledge/skill to determine if the product they are buying has a real FTDI chip or some counterfeit one. WE (meaning participants in this forum) may in general know about the details of the hardware - and may like Dave tear things down and look before even turning it on for the first time - that is not a realistic expectation of a consumer.
 That still does not excuse FTDI from destroying the device. Again - if it simply did not work, I'd find it hard for anyone to say FTDI wouldn't be within their rights. Deliberately damaging things is just wrong. This is like if you had a fake iPhone and an Apple rep saw you with it on the street and came over and smashed it.
Title: Re: FTDIgate 2.0?
Post by: rs20 on January 31, 2016, 03:38:52 am
This is like if you had a fake iPhone and an Apple rep saw you with it on the street and came over and smashed it.

Your example doesn't go far enough, because in your example the person knowingly bought the fake iPhone, and the reason that the phone is smashed is clear to the person.

It's more like if you got given an iPhone by your telephone company (not knowing that the telephone company has dodgy supply chain), and then six months later an Apple rep comes along, carefully opens up your iPhone and cuts the battery wires, and puts it back together without you noticing.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 31, 2016, 03:56:32 am
If the common consumer purchases a piece of equipment with fake parts and suddenly it stops working, they should take it on the manufacturer of that piece of equipment to get it back into working condition.

The manufacturer should know by now how to detect if the FTDI chip they used is fake or not, since there is plenty of information regarding that. They (the manufacturer) are the ones letting their customers down, not FTDI.

On this new iteration of FTDI combating fake chips, they are not modifying the chip nor rendering useless, they just refuse to talk to the counterfeit chips. Nothing to do with the first FTDIGate when they actually bricked the device on purpose.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on January 31, 2016, 04:36:26 am
It is impossible to show a message box from a Windows driver without some extra work, like a custom user mode application (see e.g. here (http://stackoverflow.com/questions/9897693/how-to-display-a-pop-up-message-box-from-a-driver-kernel-mode)). And I guess there are limitations what the automatic Windows driver update installs, like no user mode apps, only drivers. So they were lazy and added the TX message.

Of course, not a good solution. I think it is ok when the driver stops working, but it must not send anything unintended. They could release a press release that the driver stops working and provide a link to a user mode application, which checks the device and tells the user that it is a fake chip, instead again such covert actions. And I think the driver can add messages to the Windows event log, which would show the fake chip without installing a test program (@RFZ: can you see anything in the Windows event log?). Seems to be very easy for me: You have a FTDI chip, look in the event log if it is genuine. All manufacturers, users etc. would know it after some time, no big problem. Why do they do such dangerous things again? Microsoft should ban the driver from the update and don't certify it, problem solved, everyone switches to Prolific.

BTW: if you don't need the extra features of the FTDI chip, just the serial port, it should be possible to modify the VID and PID with FT_Prog, and then use an INF file with the standard Microsoft USB serial port driver, like this one (https://developer.mbed.org/handbook/USBSerial).
Title: Re: FTDIgate 2.0?
Post by: Someone on January 31, 2016, 04:54:24 am
Where is the evidence that fakes make it into the supply chain of FTDI authorised distributors? (which as of now is: Arrow, Digikey, Farnell/Element14, Mouser, and RS)

Good on them for continuing the push back against fakes. And to the people questioning what happens to life critical or dangerous equipment when there is a failure of a part, the result should be safe as required by all the various international standards. The manufacturer is on the hook for not testing their parts and keeping the supply chain in check, its usually as simple as checking date codes match on the board to the same ones on the parts you sent.
Title: Re: FTDIgate 2.0?
Post by: Tomorokoshi on January 31, 2016, 04:58:29 am

So let's say we have this sequence:

1. A device is designed in the USA and an FTDI part is specified. No "equivalent" in the BOM.
2. The device is produced by a contract manufacturer in the USA for a couple years using the FTDI part.
3. The contract manufacturer purchasing department inadvertently gets hold of the counterfeit but otherwise apparently functional parts.
4. The units pass the test fixture because it is not regularly updated with the drivers that either disable or transmit bogus data.
5. Some number of units are distributed to the field.
6. Some of the units fail early because the computer already has the updated driver.
7. Other units work for a while and fail when the driver is updated.
8. The designer of the device has long since worked on another project.
9. The now non-functional units go back through the warranty department, instead of the engineering department.
10. It takes some amount of time before the failure rate is noticed and turned over to engineering.
11. Another engineer is assigned to look at the problem. He is otherwise quite skilled, but not experienced with the FTDI products or issues.
12. The contract manufacturer has since sourced legitimate parts.
13. The devices with the counterfeit parts are written off as containing unreliable FTDI parts.

Unless a very long, multi-week, very expensive investigation is pursued by the designer of the device, the inevitable conclusion is that FTDI produces unreliable parts. Perhaps after two or three rounds of this the expense would be made to find out exactly what happened. If there is a wide variety of designs produced, the failure rate might considered relatively low priority.

With FTDI gaining a reputation for not being reliable, it would not get used for future designs.

Now try to explain all this to the manager who does not understand all the intricacies of the electronics industry.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 31, 2016, 04:59:40 am
When the original IBM came out, IBM did develop some applications for it and then the clones started to pop-up.

IBM programs would actually check if the rom bios was an original IBM bios and refused to work on clones.

Sure, IBM will sell you the software, but you couldn't ask them to make it work on your clone, regardless if you paid for the software.

As for a life support equipment, well, the manufacturer of that equipment would be liable and of course the practitioner that hooks an untested piece of equipment to a patient before testing if it's in working condition.

And as Frank mentions, you can use the standard winusb driver and provide your own vendor and product id, but you are out of luck using software that expects an FTDI driver with their specific vendor and product id.

Say I go to a well known jewelry store and purchase what I think it's a real Tag Heuer watch. Later to find out it was a fake. I think the jewelry store that sold it to me is liable not Tag.
Title: Re: FTDIgate 2.0?
Post by: rs20 on January 31, 2016, 05:02:09 am
...its usually as simple as checking date codes match on the board to the same ones on the parts you sent.
You cannot be serious. Nobody does that.

BTW: if you don't need the extra features of the FTDI chip, just the serial port, it should be possible to modify the VID and PID with FT_Prog, and then use an INF file with the standard Microsoft USB serial port driver, like this one (https://developer.mbed.org/handbook/USBSerial).
Really? I thought FTDI did not use the normal serial port protocol (in order to support all those extra features nobody uses :)).
Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 31, 2016, 05:04:00 am
@Tomorokoshi

If I do buy parts from a well known distributor and end up with fake parts I would expect them to rectify the situation.

Someone mentioned they got fakes from Mouser, well, what was Mouser's response when approached about the fakes?
Or didn't they get notified of the problem?

If your distributor is the one selling you fakes, it's their responsibility and they will have to fix it, if I pay for some brand name and got a fake I will be raising hell with who sold the fake to me.

Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 31, 2016, 05:11:29 am

So let's say we have this sequence:

1. A device is designed in the USA and an FTDI part is specified. No "equivalent" in the BOM.
2. The device is produced by a contract manufacturer in the USA for a couple years using the FTDI part.
3. The contract manufacturer purchasing department inadvertently gets hold of the counterfeit but otherwise apparently functional parts.
4. The units pass the test fixture because it is not regularly updated with the drivers that either disable or transmit bogus data.
5. Some number of units are distributed to the field.
6. Some of the units fail early because the computer already has the updated driver.
7. Other units work for a while and fail when the driver is updated.
8. The designer of the device has long since worked on another project.
9. The now non-functional units go back through the warranty department, instead of the engineering department.
10. It takes some amount of time before the failure rate is noticed and turned over to engineering.
11. Another engineer is assigned to look at the problem. He is otherwise quite skilled, but not experienced with the FTDI products or issues.
12. The contract manufacturer has since sourced legitimate parts.
13. The devices with the counterfeit parts are written off as containing unreliable FTDI parts.

11-alternate - the engineer plugs the device into a computer, types a character, sees a message saying the device isn't genuine, all questions answered.  The company contacts the build house, who investigates their supply chain, identifies the cause, and fixes it.

Why are you pretending the problem is so much more mysterious than it actually is?

And why is everybody here pretending it's once again some wide-spread infection, when there is zero evidence to support that?  Again, a year ago it was a problem, FTDI exposed it, distributors were forced to investigate their supply chains, and [hopefully] fix the problem.  A year later, somebody who KNOWINGLY bought a KNOWN COUNTERFEIT device on eBay runs into a similar issue.  So what?  He had it coming.  There is no reason to believe the counterfeiters have infiltrated the legitimate supply chains again as they did a year ago.
Title: Re: FTDIgate 2.0?
Post by: rs20 on January 31, 2016, 05:27:58 am
A year later, somebody who KNOWINGLY bought a KNOWN COUNTERFEIT device on eBay runs into a similar issue.  So what?  He had it coming.  There is no reason to believe the counterfeiters have infiltrated the legitimate supply chains again as they did a year ago.

Why would FTDI bother doing this to just annoy some hobbyists? Approximately 0.00% of their business is with hobbyists; if that's not the case, then they're already going out of business.
Title: Re: FTDIgate 2.0?
Post by: Someone on January 31, 2016, 05:29:23 am
...its usually as simple as checking date codes match on the board to the same ones on the parts you sent.
You cannot be serious. Nobody does that.
On high value products with expensive parts this is not uncommon, if you want to protect against substitute parts you need to be responsible and do some verification of the process.
Title: Re: FTDIgate 2.0?
Post by: onlooker on January 31, 2016, 05:36:14 am
Quote
Where is the evidence that fakes make it into the supply chain of FTDI authorised distributors? (which as of now is: Arrow, Digikey, Farnell/Element14, Mouser, and RS)

Apparently, in general, counterfeit components got into even more stricly controlled supply chains was not news anymore. This is a quote from a BBC report in 2012 ,

" Vast numbers of counterfeit Chinese electronic parts are being used in US military equipment, a key Senate committee has reported."
Title: Re: FTDIgate 2.0?
Post by: Tomorokoshi on January 31, 2016, 05:44:49 am

So let's say we have this sequence:

1. A device is designed in the USA and an FTDI part is specified. No "equivalent" in the BOM.
2. The device is produced by a contract manufacturer in the USA for a couple years using the FTDI part.
3. The contract manufacturer purchasing department inadvertently gets hold of the counterfeit but otherwise apparently functional parts.
4. The units pass the test fixture because it is not regularly updated with the drivers that either disable or transmit bogus data.
5. Some number of units are distributed to the field.
6. Some of the units fail early because the computer already has the updated driver.
7. Other units work for a while and fail when the driver is updated.
8. The designer of the device has long since worked on another project.
9. The now non-functional units go back through the warranty department, instead of the engineering department.
10. It takes some amount of time before the failure rate is noticed and turned over to engineering.
11. Another engineer is assigned to look at the problem. He is otherwise quite skilled, but not experienced with the FTDI products or issues.
12. The contract manufacturer has since sourced legitimate parts.
13. The devices with the counterfeit parts are written off as containing unreliable FTDI parts.

11-alternate - the engineer plugs the device into a computer, types a character, sees a message saying the device isn't genuine, all questions answered.  The company contacts the build house, who investigates their supply chain, identifies the cause, and fixes it.

Why are you pretending the problem is so much more mysterious than it actually is?


And why is everybody here pretending it's once again some wide-spread infection, when there is zero evidence to support that?  Again, a year ago it was a problem, FTDI exposed it, distributors were forced to investigate their supply chains, and [hopefully] fix the problem.  A year later, somebody who KNOWINGLY bought a KNOWN COUNTERFEIT device on eBay runs into a similar issue.  So what?  He had it coming.  There is no reason to believe the counterfeiters have infiltrated the legitimate supply chains again as they did a year ago.

You know how it is - a board comes back from the field, and you're lucky to get two words more than "bad" on the tag. It might take several months before enough work through to get to an engineer who can identify the problem. Meanwhile another copy gets sent out along with two other boards in the system because the field installer doesn't have the debug cable to crack inbetween two embedded systems.

If the driver on a PC can identify the problem, it can pop up a DOS window with a text message. That gets everyone on the same page faster and cheaper.

It's FTDI that is making this complicated.
Title: Re: FTDIgate 2.0?
Post by: janekm on January 31, 2016, 05:48:07 am
I would have a little bit less of a problem if FTDI weren't to up their own asses about their distribution in the first place. They literally do not have a single distributor that holds stock in mainland China, meaning that to source their chips from their approved suppliers is at minimum a multi-day affair and bureaucracy hassle. And in fact FTDI forces their approved distributors to not sell to other distributors. Meaning the odds of fakes making it into products is increased. Great strategy guys...
Title: Re: FTDIgate 2.0?
Post by: Tomorokoshi on January 31, 2016, 06:07:57 am
@Tomorokoshi

If I do buy parts from a well known distributor and end up with fake parts I would expect them to rectify the situation.

Someone mentioned they got fakes from Mouser, well, what was Mouser's response when approached about the fakes?
Or didn't they get notified of the problem?

If your distributor is the one selling you fakes, it's their responsibility and they will have to fix it, if I pay for some brand name and got a fake I will be raising hell with who sold the fake to me.

Absolutely. You are correct. And they'll cover to the extent of the boards that had the fake installed.

Meanwhile, what about the boards that were replaced that don't have their chip? Reputation and all sorts of other intangibles? There is an awful lot that won't be able to be accounted for in a simple expense ledger.
Title: Re: FTDIgate 2.0?
Post by: C on January 31, 2016, 06:19:12 am
Meanwhile, what about the boards that were replaced that don't have their chip? Reputation and all sorts of other intangibles? There is an awful lot that won't be able to be accounted for in a simple expense ledger.
Like the designer that used the chip after the first driver caused damage.
Title: Re: FTDIgate 2.0?
Post by: janekm on January 31, 2016, 07:04:44 am
Actually the whole situation is stupid beyond belief. What FTDI should have done, in the first instance, is provide a tool that can be used in a test setup to verify that a chip is a valid FTDI part. That would be a move that would actually reduce the number of clones going into products, while giving designers more confidence in using FTDI parts. What they are doing, like others pointed out, simply leads to FTDI parts being replaced by other parts...
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on January 31, 2016, 08:05:19 am
BTW: if you don't need the extra features of the FTDI chip, just the serial port, it should be possible to modify the VID and PID with FT_Prog, and then use an INF file with the standard Microsoft USB serial port driver, like this one (https://developer.mbed.org/handbook/USBSerial).
Really? I thought FTDI did not use the normal serial port protocol (in order to support all those extra features nobody uses :)).
Looks like you are right. I just changed the VID and PID with FT_Prog to a generic usbser.sys device driver file (the mbed inf file doesn't work anymore on Window 10, because it is not signed, a temporary solution is to use this signed inf file (http://www.microchip.com/forums/download.axd?file=0;796940) from Microchip, with VID 04D8 and PID 000A, which just uses the standard usbser.sys) and it says "code 10" in the Windows device manager, device not working. Tested with a FT2232H.

PS: To reset it to the factory programmed VID and PID I shorted CS and VCC (pin 1 and 8 ) of the EEPROM with a tweezer while connecting it to the USB port (you really shouldn't do this if you are not an electronics hacker ^-^ ), because otherwise FT_Prog doesn't detect it and the ft232r_prog on Linux doesn't support the CRC of the more modern FT2232H chip. But if no EEPROM is detected, the factory programmed VID 0403 and PID 6010 will be used and you can then read the EEPROM again and restore the factory programmed VID and PID.
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 31, 2016, 08:48:25 am
Where is the evidence that fakes make it into the supply chain of FTDI authorised distributors? (which as of now is: Arrow, Digikey, Farnell/Element14, Mouser, and RS)

Good on them for continuing the push back against fakes. And to the people questioning what happens to life critical or dangerous equipment when there is a failure of a part, the result should be safe as required by all the various international standards. The manufacturer is on the hook for not testing their parts and keeping the supply chain in check, its usually as simple as checking date codes match on the board to the same ones on the parts you sent.

Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?

This is beyond stupid...

Your solution is doable for hobbists doing runs of tens or low hundreds or for extremely expensive stuff (think very high end oscilloscopi) where again few 10's get made each year but for general ewuipment it would be way too much work
Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 31, 2016, 08:52:08 am
You can bet that Apple does procure the parts well before going into production and their distribution chains are going to be well defined.

Chances for fakes slipping in is for short runs.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on January 31, 2016, 08:58:46 am
Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?
Apple don't need to check the source, because they buy directly some containers from the manufaturers, no middle men who can fake it. But for lower volumes a test program would be feasible, if it can be integrated in an automated production environment (=command line program).
Title: Re: FTDIgate 2.0?
Post by: filssavi on January 31, 2016, 09:23:58 am
Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?
Apple don't need to check the source, because they buy directly some containers from the manufaturers, no middle men who can fake it. But for lower volumes a test program would be feasible, if it can be integrated in an automated production environment (=command line program).

Well even then, there are some applications (white goods) where the manifacturers work hard at shaving off each unnecessary reaistor/capacitor to have higher margins and you call for a custom testing jig that is more expensive(or at least in the same ballpark) than the entire production run (after alla even if it's something to design test end deploy) do you really think that anyone will suck un such bug NRE cost? (I'd shurely change IC)
Title: Re: FTDIgate 2.0?
Post by: Karel on January 31, 2016, 09:29:12 am
I don't think anyone here would have a problem if it simply did not work if a fake FTDI chip was detected. No writing back to the device in a way that destroys it, no altering the communications. Just - doesn't work unless a genuine FTDI chip is used. That's entirely within FTDI's rights. Intentionally damaging a device is over the line.

It is fine to refuse working. It is not fine to dump garbage data.

This I don't understand. For the end user there's no difference. In both cases it effectively bricks the device.

Or are you hypocrite and would you like to rollback to an old driver and, as a result, keep on using the fake chip?


Title: Re: FTDIgate 2.0?
Post by: Karel on January 31, 2016, 09:33:19 am
We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.

It's not the fault of FTDI that you want to do business with shady contract manufacturers in China.
You take the risk, you take the blame.
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on January 31, 2016, 09:45:39 am
We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.

It's not the fault of FTDI that you want to do business with shady contract manufacturers in China.
You take the risk, you take the blame.

FTDI is at fault for putting doubt in the minds of designers, regardless of the intention that was the result. That lowers sales of their chips and that is bad for business.
Title: Re: FTDIgate 2.0?
Post by: timb on January 31, 2016, 10:04:27 am

We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.

It's not the fault of FTDI that you want to do business with shady contract manufacturers in China.
You take the risk, you take the blame.

It could happen with any contract manufacturer, even US ones. The Chinese manufacturer might not be shady. My reel could be mislabeled and used for another job, so they scramble to replace it. There's a number of ways, malicious or not, that the authenticity of my parts could be compromised. All of that is even assuming I can guarantee the provenance of the parts before I send them out in the first place.

There are a lot of companies that can't make 5000 boards themselves but still can't afford a pick and place machine and reflow oven. Economics and the free market dictate the price of our goods, which is why contract manufacturers exists. Even large companies use them! Ever hear of Foxconn?

Since you have all the answers though, please, suggest an alternative.


Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?
Apple don't need to check the source, because they buy directly some containers from the manufaturers, no middle men who can fake it. But for lower volumes a test program would be feasible, if it can be integrated in an automated production environment (=command line program).

Bingo. This is the solution. But they don't.

The big problem with this whole fiasco isn't even the fact FTDI "bricks" the devices. That's bad, for sure, but the fact they silently slipped the driver into Windows update is even worse.

That means potentially thousands of devices could stop working months or years after I have manufactured and sold them to customers. So, in essence FTDI is turning their problem into my problem.

Punishing end users and product creators for supply chain issues only ensures nobody uses your product.

Counterfeit ICs are a big problem, that's for sure. But what FTDI is doing isn't the solution.

On a more general note, in this and my past two posts I've provided clear, concise reasons as to why FTDI's actions are wrong. The few people who agree with them don't seem to be be capable of properly articulating why or to provide any evidence that FTDI's current course is even effective in stopping counterfeits. So, I'll make your argument for you: I posit that it *is* effective in stopping counterfeits, at the expense of the company itself and their product line. If people stop using their parts, they lose sales, ergo they won't be targets for counterfeiters. This seems like a great solution, but they'll go out of business as a result.
Title: Re: FTDIgate 2.0?
Post by: Karel on January 31, 2016, 10:54:47 am
We have every intention of using genuine parts, however, being small companies we might get bit by a shady contract manufacturer in China who "borrowed" our reel of genuine FTDI chips and replaced them with clones, or a supply chain problem with DigiKey.

It's not the fault of FTDI that you want to do business with shady contract manufacturers in China.
You take the risk, you take the blame.

It could happen with any contract manufacturer, even US ones. The Chinese manufacturer might not be shady. My reel could be mislabeled and used for another job, so they scramble to replace it. There's a number of ways, malicious or not, that the authenticity of my parts could be compromised. All of that is even assuming I can guarantee the provenance of the parts before I send them out in the first place.

There are a lot of companies that can't make 5000 boards themselves but still can't afford a pick and place machine and reflow oven. Economics and the free market dictate the price of our goods, which is why contract manufacturers exists. Even large companies use them! Ever hear of Foxconn?

Since you have all the answers though, please, suggest an alternative.

I do understand that you are willing to take those risks in order to keep the production cost low and in order to be able to compete.
I have no problem with that. Just don't blame FTDI when your manufacturer screws up. It's the risk you are willing to take to keep
your business alive. I also understand that you want to "lower" your risk by avoiding FTDI chips.
We don't have this problem because we don't produce our products in the far-east/Asia.
So, we happily continue to use FTDI chips. But it seems that this thread is full of people who think that avoiding FTDI is the only sane
choice... I just don't get it.

FTDI wants to protect their business. And for an enduser, there is no difference between a driver that refuses to work or bricks the
chip or make it send garbage data. In all cases, the device doesn't work.
Also, bricking the chip is more effective because it makes it harder to keep on using the fake chip with an older FTDI driver.
Imho, FTDI is doing the only smart thing here.
Title: Re: FTDIgate 2.0?
Post by: rs20 on January 31, 2016, 11:00:13 am
We don't have this problem because we don't produce our products in the far-east/Asia.

Who are your customers? Consumer? Commercial? Industrial? Medical? Military?
Title: Re: FTDIgate 2.0?
Post by: Someone on January 31, 2016, 11:18:17 am
Where is the evidence that fakes make it into the supply chain of FTDI authorised distributors? (which as of now is: Arrow, Digikey, Farnell/Element14, Mouser, and RS)

Good on them for continuing the push back against fakes. And to the people questioning what happens to life critical or dangerous equipment when there is a failure of a part, the result should be safe as required by all the various international standards. The manufacturer is on the hook for not testing their parts and keeping the supply chain in check, its usually as simple as checking date codes match on the board to the same ones on the parts you sent.

Get out of your hobbist bubble, do you really think that a company like Apple producono tens of millions of pices a year can check the source of each single IC (let alone each component pasdives include) in their phones?

This is beyond stupid...

Your solution is doable for hobbists doing runs of tens or low hundreds or for extremely expensive stuff (think very high end oscilloscopi) where again few 10's get made each year but for general ewuipment it would be way too much work
Hobbyist bubble is not where I work, even medium sized players will negotiate directly with the supplier for pricing and delivery but may still make the transaction through a sales agent/organisation. Supply chain assurance is something the big players do seriously, and having dedicated lines at the fab house can separate the parts to your organisation (who are very professional and wouldn't risk losing the contract to save a few dollars).

I'm still waiting to see the quotes where these fake parts made their way into the authorised distributor network.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 31, 2016, 11:24:36 am
It is impossible to show a message box from a Windows driver without some extra work, like a custom user mode application (see e.g. here (http://stackoverflow.com/questions/9897693/how-to-display-a-pop-up-message-box-from-a-driver-kernel-mode)). And I guess there are limitations what the automatic Windows driver update installs, like no user mode apps, only drivers. So they were lazy and added the TX message.

Of course, not a good solution. I think it is ok when the driver stops working, but it must not send anything unintended. They could release a press release that the driver stops working and provide a link to a user mode application, which checks the device and tells the user that it is a fake chip, instead again such covert actions. And I think the driver can add messages to the Windows event log, which would show the fake chip without installing a test program (@RFZ: can you see anything in the Windows event log?). Seems to be very easy for me: You have a FTDI chip, look in the event log if it is genuine. All manufacturers, users etc. would know it after some time, no big problem. Why do they do such dangerous things again? Microsoft should ban the driver from the update and don't certify it, problem solved, everyone switches to Prolific.

Hmm, I cannot see a message from the driver in the eventlog. If FTDI wanted to show a message to the users, there would be a way, pretty sure.
If there really is NO WAY for a driver to show a message, FTDI could still reserve a PID for a device called "Fake FTDI Chip, please visit ftdi.com/fake" and change the PID of these fakes to this one. Displaying a different device name might also be possible without actually changing the PID... There are ways...
Title: Re: FTDIgate 2.0?
Post by: wraper on January 31, 2016, 11:52:00 am
It is impossible to show a message box from a Windows driver without some extra work, like a custom user mode application (see e.g. here (http://stackoverflow.com/questions/9897693/how-to-display-a-pop-up-message-box-from-a-driver-kernel-mode)). And I guess there are limitations what the automatic Windows driver update installs, like no user mode apps, only drivers. So they were lazy and added the TX message.
As I said before, this is a big no, at least for me. I don't want any apps loading when windows starts. You are suggesting loading crapware on every genuine customer computer instead of punishing only those who use counterfeits. As of windows update, applications coming together with drivers are possible. Don't look further than Nvidia or AMD GPU drivers.
Title: Re: FTDIgate 2.0?
Post by: nctnico on January 31, 2016, 11:56:17 am
Everyone is so caught up in the temporary inconvenience and hardship experienced by users and designers RIGHT NOW, as FTDI rolls out these drivers.  Yes, it's hard, RIGHT NOW, but if FTDI keeps it up it will be very easy.
You keep saying there's no way to identify fakes.  THERE IS, NOW.  In fact it would be difficult to make it any easier.
You keep saying that you might develop a product, send it out, and it later gets bricked.  Not if they keep this up.  You'd brick your own board as soon as you started development, and all you have to do is plug the customer's board in, hit a character, and you'd know if it's genuine or not.  It would never get into the hands of your customers with a fake chip on it.
This is rather short sighted... The cloners already have a better chip rolling from the production lines so in a few months FTDI has to find a different way of identifying fakes. There is no way of telling that won't affect boards with real FTDI chips but what is certain is that when the differences between the clones and the real ones get smaller the detection algorithm has to be close to the edge so it is very likely that a real chip will be identified as a fake one. Worse, if they use timing related tests then it may fail every now and then leaving the end user with a device which doesn't work every now and then.

FTDI doesn't have to make it impossible to clone, they just have to make it difficult enough that the counterfeiters move on to another target.  They've already forced the arduino knockoff makers to switch from FTDI fakes to another manufacturer, and if the legitimate distribution channels have closed the holes in their supply chains, who are the counterfeiters going to sell to?  Where is the market, and why would they spend more and more time fighting FTDI when they could just move to another chip?
The distribution channels will never close their holes. For starters AFAIK the FTDI chips are made in Indonesia. If there is one country where money talks and a fake batch can be introduced into the official supply line it is there!
Then again you'll also need installed base for a product to be recognisable as being used often. If you have a certain chip on a development board you are likely to use that chip again. It has also happened to me many times that a customer has seen a chip on a board and specifically asked to use that chip in a new design. Now think again about Arduino clones using a different chip... that chip will end up in many design requirements instead of the FTDI chips. Following your reasoning FTDI now has shrunk their market share and more importantly: less design-in chances.
Title: Re: FTDIgate 2.0?
Post by: C on January 31, 2016, 12:21:18 pm
Google "ftdi ft232 pinout compatible"
Only bit-bang mode prevents a chip swap.
The smart big manufacturers are probably asking are we still using FTDI? WHY?

Look at what is possible today for same or less cost.
If the usb device did not receive some commutations from the os side driver, it could reattach as a usb flash drive.  One small HTML formated file on the drive and it is very easy for the end user to get what is needed.

When is FTDI going to start bricking other VID/PID that use it's windows driver?
You don't harm or change someone else's property!!
The first time FTDI's actions is it's end.
This second time just nailed the coffin shut.

FTDI has caused more harm then IBM did with it's PS2 line of computers. IBM lost on the PS2.
If Microsoft does not reverse this windows update driver change then Microsoft is also a responsible party to damages.

Title: Re: FTDIgate 2.0?
Post by: Karel on January 31, 2016, 03:35:57 pm
When is FTDI going to start bricking other VID/PID that use it's windows driver?

A driver is tied to a particular VID. As long as you don't mess with your system,
a driver will only be used for the devices which presents themselves with that particular VID.
If a chip is presenting itself with a VID that doesn't belong to that brand and if it is doing so without permission,
it's asking for to be bricked.
So, you don't need to worry as long as you don't use fake chips.
If you do use fake chips, you should be worried and for a good reason.
Title: Re: FTDIgate 2.0?
Post by: janoc on January 31, 2016, 04:05:39 pm
So, you don't need to worry as long as you don't use fake chips.
If you do use fake chips, you should be worried and for a good reason.

I hope you understand the difference between "bricked accidentally because it is incompatible" and "bricked because of an explicit, malicious action". The first one should get an engineer who designed the widget fired for incompetence, the second will get your company sued. There is a fine line between these two cases and I think the wide consensus is that what FTDI is doing cannot really be considered accidental damage anymore.

I do wonder why did FTDI and Microsoft backtrack so quickly when the first FTDIgate broke out, if this sort of thing is considered acceptable - the cost of that step was certainly non-negligible. Could it be that some company lawyer got a heart attack from the idea that some large vendor could sue the bejeezus out of them for damaged equipment and the costs for dealing with the fallout of their stupid actions,  perchance?

Do we really have to go through the 70+ pages long thread from start, rehashing these thoroughly debunked arguments all over again? This is seriously ridiculous. :palm:





Title: Re: FTDIgate 2.0?
Post by: eugenenine on January 31, 2016, 04:24:26 pm
I suppose Microsoft's "Genuine Advantage" system should be renamed into Microsoft-gate too?


Bad example since Microsoft's "Genuine Advantage" has crippled so many legal installs of the Windows over the years.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on January 31, 2016, 04:26:37 pm
A few weeks ago I bought a battery charger from a company called Nitecore.  Apparently Nitecore has had problems with fakes, and their solution seemed simple and effective.  On every unit they send out now, they stick a small sticker with a scratch-off label like you find on gift cards and lottery tickets.  Under the scratch-off label is a code, and you can go to their website to verify the authenticity of the code (presumably once a code has been verified, it can't be checked again, to prevent counterfeiters from just making a bunch of knockoffs with one valid code).  What if FTDI did something similar on their reels?  Full reels get a verification sticker, and only when the reel is going to be opened up is that code checked.  If you buy full reels, you can check it yourself.  If you buy individuals, then you only buy from distributors who check the code before they break it down for resale.  Compared to the cost of the full reel, the minute it would take to verify the code would be insignificant.

Then FTDI could do whatever they want with the driver, and as a manufacturer you wouldn't have any doubts that the parts used on your board are genuine.
Title: Re: FTDIgate 2.0?
Post by: janekm on January 31, 2016, 05:05:01 pm
A few weeks ago I bought a battery charger from a company called Nitecore.  Apparently Nitecore has had problems with fakes, and their solution seemed simple and effective.  On every unit they send out now, they stick a small sticker with a scratch-off label like you find on gift cards and lottery tickets.  Under the scratch-off label is a code, and you can go to their website to verify the authenticity of the code (presumably once a code has been verified, it can't be checked again, to prevent counterfeiters from just making a bunch of knockoffs with one valid code).  What if FTDI did something similar on their reels?  Full reels get a verification sticker, and only when the reel is going to be opened up is that code checked.  If you buy full reels, you can check it yourself.  If you buy individuals, then you only buy from distributors who check the code before they break it down for resale.  Compared to the cost of the full reel, the minute it would take to verify the code would be insignificant.

Then FTDI could do whatever they want with the driver, and as a manufacturer you wouldn't have any doubts that the parts used on your board are genuine.

Yes, something like that is what they should be doing.
Problem: There are fakes of our chips out there and ending up in end products (whether the manufacturer intended them to or not)
Solution: Let's help manufacturers make sure they get our real chips
FTDI's solution: Let's break those manufacturer's products

Genius...  |O

What I would do is assign a unique ID to each chip (they probably do already anyway?) and keep a list on a server. Then a piece of test code can read out that ID and query the server for whether that ID is real and has been read before. No need for scratch labels and can be integrated into production tests.
Title: Re: FTDIgate 2.0?
Post by: free_electron on January 31, 2016, 05:15:34 pm
Quote
if someone kills a man he will be prosecuted
So if you drive over someone with a car, is it you or the CEO of Fiat that should be charged?

CEO of FIAT! Because they make so lousy cars!

A Japanese who was killed by the atom bomb once sued US government for dropping it.
Court later found that the Japanese should have sued the guy in the plane who opened the bomb bay doors.
I doubt that. Dead people can't sue....
Title: Re: FTDIgate 2.0?
Post by: wraper on January 31, 2016, 05:30:28 pm
What I would do is assign a unique ID to each chip (they probably do already anyway?) and keep a list on a server. Then a piece of test code can read out that ID and query the server for whether that ID is real and has been read before. No need for scratch labels and can be integrated into production tests.
And change the silicon/IC model too to achieve this  :palm:.
Title: Re: FTDIgate 2.0?
Post by: Karel on January 31, 2016, 05:42:12 pm
Do we really have to go through the 70+ pages long thread from start, ...

Nope, we all are free to ignore this thread if we want.
If, however, we decide to participate in a discussion, we have to be prepared for people expressing an opinion we may not like.

If, in your opinion, enough has been written about this topic, feel free to leave and let the others continue.

Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 31, 2016, 05:50:23 pm
The other thread was about FTDI bricking devices with fake chips. Nothing to do with this (yet to be corroborated by others) problem.

What I don't understand is why would anyone designing a device would take the random serial data as a valid initialization. Surely you wouldn't design it in such a way to begin with, because a lot of things can talk to a serial COM port even if the drivers were left alone allowing communication with fake chips.
Title: Re: FTDIgate 2.0?
Post by: RFZ on January 31, 2016, 05:52:36 pm
And change the silicon/IC model too to achieve this  :palm:.

USB FTDIChip-ID™ feature is part of the FT232R specs: A unique number (the FTDIChip-ID™) is burnt into the device during manufacture and is readable over USB, thus forming the basis of a security dongle which can be used to protect customer application software from being copied.
Title: Re: FTDIgate 2.0?
Post by: janoc on January 31, 2016, 06:01:43 pm
The other thread was about FTDI bricking devices with fake chips. Nothing to do with this (yet to be corroborated by others) problem.

http://www.amazon.com/gp/customer-reviews/R208GYSGXQ134N/ref=cm_cr_pr_viewpnt?ie=UTF8&ASIN=B012YUANZK#R208GYSGXQ134N (http://www.amazon.com/gp/customer-reviews/R208GYSGXQ134N/ref=cm_cr_pr_viewpnt?ie=UTF8&ASIN=B012YUANZK#R208GYSGXQ134N)

Here a guy with an Intel Galileo board:
https://communities.intel.com/thread/80586?start=0&tstart=0 (https://communities.intel.com/thread/80586?start=0&tstart=0)

Posts on RepRap forums:
http://forums.reprap.org/read.php?262,589133 (http://forums.reprap.org/read.php?262,589133)

I hope that is enough to corroborate that this is a real issue? 2 minutes googling for the "NON GENUINE DEVICE FOUND!" phrase.

And while the old thread was about bricking the non-genuine hw, the same arguments are being rehashed again - often by the same people.


Title: Re: FTDIgate 2.0?
Post by: staze on January 31, 2016, 06:08:25 pm
Son of a....

I spent, literally, 4 hours yesterday trying to troubleshoot a 3d Printer (Tinyboy 3D), with it not working. MProg from FTDI said the chip was fine (right vendor and product ID), but it just wouldn't work. I tried every driver I could find. Finally, I uninstalled the driver, disabled wifi, plugged it in, waited for Windows 7 to install the version it knew (2.4 something), used Mprog 3.5 to reprogram the chip as legit (as per: https://www.youtube.com/watch?v=RZH_qGautqM (https://www.youtube.com/watch?v=RZH_qGautqM)), unplugged, replugged (at which point windows reinstalled it again, with 2.4), and suddenly it started working! I can confirm this "Non Genuine" serial data, since I opened up the Arduino IDE and saw that on the serial console.

You know, I sympathize with FTDI. They're having their tech ripped off. But, it's inappropriate to punish end users who don't have any say. Sure, we could not buy stuff that uses counterfeit chips, but many sellers aren't even going to know. FTDI should be pursuing the counterfeiters in China, and using what legal system China has to stop it. Either that, or create a version of the chip that has such a low price point, they put the cloners out of business by providing legit-working-alternatives for a price point. So annoying that I've lost time because FTDI does this crap, and apparently Microsoft is okay with it (I don't see how this should have passed WHQL). 
Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 31, 2016, 06:11:30 pm
Intel used fake FTDI chips for their Gen 2 Galileo?

That's beyond funny :)

I do have a Galileo 1st gen, I wonder if it has a fake FTDI chip as well. Not that it matters much because the Gen1 Galileo is pretty useless since their GPIO is via I2C (or was it SPI) anyways this is hilarious.  :-DD

At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.
Title: Re: FTDIgate 2.0?
Post by: wraper on January 31, 2016, 06:17:00 pm
Intel used fake FTDI chips for their Gen 2 Galileo?

That's beyond funny :)
It does not have FT232 and why it would have? The guy just connected a counterfeit adapter to it.
Title: Re: FTDIgate 2.0?
Post by: Karel on January 31, 2016, 06:21:05 pm
At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.

That's exactly what FTDI wants to achieve, let the fake chip users write and use their own drivers instead of profiting
from the work of others without permission.
Apparently, it's not that easy to write your own stable and reliable drivers. It's easier to let others do that job for you,
preferably for free...


Title: Re: FTDIgate 2.0?
Post by: donmr on January 31, 2016, 06:28:41 pm
Since @suicidaleggroll didn't read the original discussion, he is uninformed that there is no reliable way for ANYONE (including legitimate distributors and board assemblers) to definitively identify genuine chips vs counterfeit. Many legitimate, official, authorized supply lines have discovered counterfeit chips, sometimes only revealed when the end-user tried to use the product.
...

Apparently FTDI can tell them apart or at least thinks they can.  Why doesn't FTDI help us all detect impostor parts by explaining the difference?  Yes then the fakers will replicate that too but that is what happens when you are an industry leader, you have to keep running to stay in the lead.

Ideally they would make use of the existing IP protection laws to identify their parts and prosecute forgers.
Title: Re: FTDIgate 2.0?
Post by: LoyalServant on January 31, 2016, 06:30:44 pm
Since I stopped using FTDI stuff in my products because of the last time I can breathe easy.
Counterfeits have been found in the legitimate supply chain.
Who wants to take a risk on this?

What moron at FTDI thinks this is a viable business decision?
So what.. I am small potatoes to them
But thousands of us means a lot of lost revenue.

So here is to my heels digging in deeper and not using FTDI.
They proved here that I made the right choice.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on January 31, 2016, 06:47:22 pm
Yep, all FTDI is accomplishing is causing consumers to doubt the reliability of anything with an "FTDI" chip.

For someone like me who feeds his electronics hobby with various cheap boards and do-dads interfacing with USB, I now actively avoid anything that claims to use an FTDI chip since I have no way of knowing authenticity before hand.
Title: Re: FTDIgate 2.0?
Post by: janoc on January 31, 2016, 07:26:21 pm
At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.

That's exactly what FTDI wants to achieve, let the fake chip users write and use their own drivers instead of profiting
from the work of others without permission.
Apparently, it's not that easy to write your own stable and reliable drivers. It's easier to let others do that job for you,
preferably for free...

Yay, someone didn't bother to read. Intel or anyone else will not write anything, the Galileo board was fine. The guy just used an USB-to-UART cable with a bad chip.

I suggest you read the article next time. Also, nobody needs to write any drivers - Windows (and other OSes) come with just fine drivers for the  USB CDC class.

Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 31, 2016, 07:36:01 pm
Who has the time, but I did go through the BOM for both Gen 1 and Gen 2, no FT232 in sight.

Well, he should return his cheap and unsupported USB-UART adapter :)
Title: Re: FTDIgate 2.0?
Post by: janoc on January 31, 2016, 07:40:42 pm
apparently Microsoft is okay with it (I don't see how this should have passed WHQL).

They were ok even with the previous version that was bricking the chips and then pulled it later. I think the WHQL doesn't mean much here - FTDI has some sort of privileged position because their drivers ship directly with Windows, unlike most third-party vendors. So their stuff likely gets only the basic "does it cause BSOD/eat data" test and that's it, because they are trusted.



Title: Re: FTDIgate 2.0?
Post by: janoc on January 31, 2016, 07:50:08 pm
Who has the time, but I did go through the BOM for both Gen 1 and Gen 2, no FT232 in sight.

Well, he should return his cheap and unsupported USB-UART adapter :)

Widlarize it. However, it is a royal pain when an automatic OS update breaks things behind your back, because some idiot in a board room somewhere thought that it is a good idea. I know why Windows doesn't get anywhere near my hardware and FTDI marked chips nowhere near my projects after this.



Title: Re: FTDIgate 2.0?
Post by: FrankBuss on January 31, 2016, 07:52:08 pm
So their stuff likely gets only the basic "does it cause BSOD/eat data" test and that's it, because they are trusted.
After this second incident I really hope this trusted state gets revoked. Otherwise other companies might get encouraged to do similar things.
Title: Re: FTDIgate 2.0?
Post by: Refrigerator on January 31, 2016, 07:59:50 pm
When two guys fight, the third one usually wins.

Let's face it, FTDI will never muffle fake chips, you shouldn't underestimate the ingenuity of the chinese.

This is actually a good thing. FTDI now has a reason to innovate, bring a new chip with some whiz-bang security and maybe some other new and improved features.
Title: Re: FTDIgate 2.0?
Post by: SeanB on January 31, 2016, 08:10:07 pm
Doubt that, more likely they will just lose to better clones, and then try even harder for next time.
Title: Re: FTDIgate 2.0?
Post by: Karel on January 31, 2016, 08:29:02 pm
Yep, all FTDI is accomplishing is causing consumers to doubt the reliability of anything with an "FTDI" chip.

For someone like me who feeds his electronics hobby with various cheap boards and do-dads interfacing with USB, I now actively avoid anything that claims to use an FTDI chip since I have no way of knowing authenticity before hand.

Most of the consumers don't have any knowledge about what's inside a device.
And people who bought fake chips and got burned and because of that start to avoid FTDI chips,
well, they don't make any difference for FTDI because they didn't buy genuine chips in the first place.
The point is, FTDI has nothing to loose. If they don't brick fake chips, people will continue to buy those fake chips.


Title: Re: FTDIgate 2.0?
Post by: janoc on January 31, 2016, 08:47:05 pm
Most of the consumers don't have any knowledge about what's inside a device.
And people who bought fake chips and got burned and because of that start to avoid FTDI chips,
well, they don't make any difference for FTDI because they didn't buy genuine chips in the first place.
The point is, FTDI has nothing to loose. If they don't brick fake chips, people will continue to buy those fake chips.

Most of the consumers no, but FTDI doesn't get their money from consumers. They get the money from companies designing in their hw. And I would not be surprised at all if they lost business because of this type of behaviour. Who is going to take the risk that a vendor of a $2 serial to usb bridge won't go berserk in the future and sends out a driver that will accidentally damage even legit hardware? Mistakes happen and it wouldn't be unprecedented.

Add to it the fact that they don't make it at all easy for the OEMs to actually check whether their stock is legitimate, people would have to be insane to design in their products after this. Enormous potential liability for a two buck chip? Who is going to risk that when there are plenty of alternatives without history of such dick moves?

They have plenty to lose, IMO.







Title: Re: FTDIgate 2.0?
Post by: f4eru on January 31, 2016, 08:54:31 pm
Oh Wow, FTDI did push malware to Windows drivers again.

For my part, I switched to MCP2221 when the original FTDIgate was out.
Title: Re: FTDIgate 2.0?
Post by: kolbep on January 31, 2016, 09:12:46 pm
Flip, Just this morning I purchased 2 x USB to RS232 cables on an auction site.
That was before I read about the FTDIGate 2.0.

I hope these do not use FTDI clones, or they are going right back....
Title: Re: FTDIgate 2.0?
Post by: miguelvp on January 31, 2016, 10:12:36 pm
Intel used fake FTDI chips for their Gen 2 Galileo?

That's beyond funny :)

I do have a Galileo 1st gen, I wonder if it has a fake FTDI chip as well. Not that it matters much because the Gen1 Galileo is pretty useless since their GPIO is via I2C (or was it SPI) anyways this is hilarious.  :-DD

At least Intel will probably roll out a firmware update with their own VID and PID with their own drivers to support the fake chips.

That will be a huge PR problem for Intel. If that was true and I was Intel CEO, I will buy the company (FTDI) and silent it.

Apparently it wasn't the Galileo, just a USB/UART adaptor.
Title: Re: FTDIgate 2.0?
Post by: milsorgen on January 31, 2016, 10:13:55 pm
For a year after the first "FTDIgate" I think they did nothing to educate the suppliers and designers about how to be sure they are buying genuine parts. Refusing to work with counterfeits or sending some warnings through the chips must be THE FINAL STEP of a long educational/certification process - not the first step!

I also think that this attitude will turn people away from using FTDI.

I think you put this current fiasco into perfect focus.
Title: Re: FTDIgate 2.0?
Post by: nikomo on January 31, 2016, 10:59:06 pm
I have one of those handy FT232 modules you can stick on a breadboard (red PCB, Arduino Pro pinout etc.), I figured it would be a fake for sure, but wanted to know (and I only really use it on Linux systems), so I plugged it into my Windows box, let the drivers update, but it works.

People get fake chips in real products, and real chips in dodgy Chinese modules. Kinda funny.
Or the Chinese figured out how to make a fake so good, it won't get noticed by FTDI, and people are suffering with old chips.

Either way, I'm not using FTDI if I'm designing something myself.
Title: Re: FTDIgate 2.0?
Post by: C on January 31, 2016, 11:00:05 pm
My understanding

Version 1 reprogrammed a clone using FTDI's VID to have an invalid PID.
 
Version 2 is sending garbage out the connected ports.

This leaves what will happen in version 3.
The ability to program the VID/PID is one selling point of this chip.
Company X that has it's own VID when using this chip is using some of FTDI's software.
Company X gets some chips that FTDI software ID's as clones.
FTDI is messing with there own VIP/PID where clones use FTDI's software.
Is small company X next? It's still a clone using FTDI's software!

A big company can take legal action, the small company may not have the money to correct the damage and fight the legal battle.

Ask yourself, how many small companies are dropping anything FTDI now before FTDI's version 3 to prevent as much damage as possible.
And by FTDI causing company X to rethink what is needed, it can be seeing much better ways to do the task, some of which they can market.

Better ways started FTDI down fall, clones removed more income, FTDI's actions increases the change to better ways and other company parts. The Better ways finishes it for this.

Title: Re: FTDIgate 2.0?
Post by: mtdoc on January 31, 2016, 11:08:45 pm
Yep, all FTDI is accomplishing is causing consumers to doubt the reliability of anything with an "FTDI" chip.

For someone like me who feeds his electronics hobby with various cheap boards and do-dads interfacing with USB, I now actively avoid anything that claims to use an FTDI chip since I have no way of knowing authenticity before hand.

Most of the consumers don't have any knowledge about what's inside a device.

There are all types of consumers. Many are electronic hobbyists like me who are aware of the issue. Some are also professionals who use relevant devices at work and/or for personal use. It's true most end users of electronics will not know what's inside. But the end result is the same If their device stops working - > lack of trust in "FTDI" containing devices.

Quote
And people who bought fake chips and got burned and because of that start to avoid FTDI chips,
well, they don't make any difference for FTDI because they didn't buy genuine chips in the first place.
The point is, FTDI has nothing to loose.

I think you've missed my point. I have several devices with presumably genuine FTDI chips - but I don't know because I've never risked using their newer drivers and do not allow auto updates. But eventually I'll likely be forced to use them with a newer computer. Thus given a choice I am no longer buying anything that could turn out to have a fake chip in it - i.e. Any device using the "FTDI" chip.
Title: Re: FTDIgate 2.0?
Post by: David97 on January 31, 2016, 11:19:57 pm
 :palm:
(http://www.memecreator.org/static/images/memes/3858459.jpg)
Title: Re: FTDIgate 2.0?
Post by: electr_peter on January 31, 2016, 11:23:30 pm
For those who cannot apprehend that FTDI actions (sending fake serial data) are questionable to others.

Let's say you are a home-owner and have serious financial troubles resulting in missed payments for electricity company. Electricity company sends you a letter informing you that it will discontinue contracted service in a month if no payment is made. You make no payment and after few weeksOR

I hope that difference between a) and b) is clear. In a) company stops providing service. In b) company stops providing service AND decides to screw you up.
FTDI actions are similar to case b). They went one step too far.
Title: Re: FTDIgate 2.0?
Post by: wraper on January 31, 2016, 11:50:32 pm
Thus given a choice I am no longer buying anything that could turn out to have a fake chip in it -
As I understand, you are fine with anything that can counterfeit but does not "turn out".
Title: Re: FTDIgate 2.0?
Post by: amwales on February 01, 2016, 12:04:07 am
Bugger I have quite a few of those FTDI based usb/serial boards I have no idea if they are genuine of not. I've paid anywhere from 7GBP to 2GBP for them over the years from hobbyist retailers, ebay and aliexpress. There were quite a few I've given away too, that's going to be awkward. How do I get my money back from a retailer when I can't prove what board came from where and when? I guess from now on I'll just skip buying anything with an FTDI part on it as I can guarantee ahead of time whether they will be fake or genuine. These guys are clearly idiots and I certainly won't be using their chips in any future designs and will make sure everyone I know is aware of this issue and steers well clear of them.
Title: Re: FTDIgate 2.0?
Post by: amwales on February 01, 2016, 12:13:23 am
Most of the consumers don't have any knowledge about what's inside a device.

That's right they don't. But you know what a few of those consumers listen to us few when we say.
'Yikes, that's got an FTDI on it, it may work today but who knows when down the road it will just stop working because its actually a fake you bought in good faith'. Is it worth taking the risk? FTDI parts are mostly fake now if its coming out of china anyway right?
Title: Re: FTDIgate 2.0?
Post by: Howardlong on February 01, 2016, 12:25:00 am
Woohoo, on El Reg again

http://www.theregister.co.uk/2016/01/31/ftdi_accused_of_bricking_counterfeits_again/ (http://www.theregister.co.uk/2016/01/31/ftdi_accused_of_bricking_counterfeits_again/)
Title: Re: FTDIgate 2.0?
Post by: timb on February 01, 2016, 12:35:01 am
Guys, let's tone down on throwing around words like "illegal" and talking about legal action. It's a bit melodramatic and undermines the legitimacy of our complaints and position as a whole.

What FTDI is doing is legal and while they could get sued, it's unknown what the outcome would be. So, instead of being wildly speculating internet lawyers, I think we should focus on, as Sgt. Joe Friday once never said, "Just the facts, ma'am."
Title: FTDIgate 2.0?
Post by: timb on February 01, 2016, 01:01:27 am
Guys, let's tone down on throwing around words like "illegal" and talking about legal action. It's a bit melodramatic and undermines the legitimacy of our complaints and position as a whole.

What FTDI is doing is legal and while they could get sued, it's unknown what the outcome would be. So, instead of being wildly speculating internet lawyers, I think we should focus on, as Sgt. Joe Friday once never said, "Just the facts, ma'am."

If someone's life support equipment failed due to FTDI gate(s), no matter who is really responsible for, FTDI is doomed, both legally and in their PR.
Let's take one step further, if the failed equipment's OEM got FTDI's consent on using it in a life support equipment, and FTDI's authorized distributor screwed up the supply chain, then it is even worse.
From my experience, that will definitely make FTDI headline of headline in all major newspapers.
Being said, the chance of that happens is narrow, but if it happens, no one can save the company. I hope their legal dept and marketing dept used their brain before making a decision.
If they do not want to get cloned, then sell it cheaper. At one pcs, FT232RL is $4.50, while its competitor, CP2104 sells for $1.43. Both are crystal less, both are full UART, and both have internal ROM (EEPROM vs OTP).

Yes, and an FTDI chip that is used for doing diagnostics on a nuclear missiles could cause it to go off and take out an entire city. Just because it's *possible* doesn't make it *plausible*.

So why sit here and speculate on things that haven't and aren't likely to happen? It's not productive and undermines the integrity of our legitimate issues.

Besides, I'm sure FTDI has a "Not for Life Support Devices" notice in the datasheet or TRM.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 01, 2016, 01:11:03 am
Oh Wow, FTDI did push malware to Windows drivers again.

For my part, I switched to MCP2221 when the original FTDIgate was out.
The MCP2221 looks very good and costs half for 100 at Digikey than the FT232 chip. Why do people still use the FTDI chip for simple USB UART dongles? And I like that it doesn't need an external oscillator, but it can generate a programmable clock output (not very accurate, but depending on the application this is all you need). It has internal flash, so no need for an additional external EEPROM to store customer VID/PID, and with the HID enumeration part you can use it as a USB I2C bridge.

Maybe you can answer some question, because you are already using this chip: From the datasheet it is not clear to me if it supports more than 115,000 baud. The formula says 12 MHz / x (with x integer), but in other chapters it says it supports only 300-115,200 baud. Can I use it with 1 MHz baud rate?

And the datasheet says it doesn't need a driver, it uses the standard virtual COM port driver on Windows. Does this mean you don't even need a custom INF file  for it? I think it is possible in Windows, if the device enumerates as CDC USB device class (see here (https://msdn.microsoft.com/en-us/library/windows/hardware/ff538820(v=vs.85).aspx)). Is this the case for the MCP2221? And does MacOS and Linux support it?

Except for the really nice FIFO and JTAG communication modes in the FT2232H, the MCP2221 looks like the dream chip, if you want an easy USB connection for your device. I think I'll use this in one of my next products, no hassle with USB programming on a microcontroller, it just works, and you can even save an oscillator with this chip to clock the rest of your circuit, and use a cheaper microcontroller with no USB, so it might be even cost neutral or reduce overall cost.
Title: Re: FTDIgate 2.0?
Post by: EEVblog on February 01, 2016, 01:26:38 am
Guys, let's tone down on throwing around words like "illegal" and talking about legal action. It's a bit melodramatic and undermines the legitimacy of our complaints and position as a whole.
What FTDI is doing is legal and while they could get sued, it's unknown what the outcome would be. So, instead of being wildly speculating internet lawyers, I think we should focus on, as Sgt. Joe Friday once never said, "Just the facts, ma'am."

Yep, always a good policy when discussing stuff like this. This a technical forum, we can and should stick to a technical analysis. Of course, talking about the company's approach and potential impacts on industry reputation is fair game too of course.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 01, 2016, 01:31:55 am
Yup, plenty of USB-UART chips, cypress offers an ft232r pin compatible chip:

https://www.eevblog.com/forum/projects/cypress-cy7c65213-a-pin-compatible-ft232r-replacement/ (https://www.eevblog.com/forum/projects/cypress-cy7c65213-a-pin-compatible-ft232r-replacement/)

Not cheap, but you probably can find them for a bit under $1.50

Although there are some differences like not supporting the Oscillator Out on pin 28, well that's the only major difference:
http://www.cypress.com/knowledge-base-article/replacing-ft232r-cy7c65213-usb-uart-lp-bridge-controller-kba85921 (http://www.cypress.com/knowledge-base-article/replacing-ft232r-cy7c65213-usb-uart-lp-bridge-controller-kba85921)
Title: Re: FTDIgate 2.0?
Post by: EEVblog on February 01, 2016, 01:33:27 am
News seems to be spreading, and 300 guests viewing this topic right now.
And FTDI are blocking people who mention it?
https://twitter.com/connorgoodwolf/status/693892542509748224/photo/1
Title: Re: FTDIgate 2.0?
Post by: EEVblog on February 01, 2016, 01:39:48 am
Yep, FTDI are blocking people who mention it, including some guy with 310,000 Youtube subscribers and a propensity to rant...

(https://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/?action=dlattach;attach=198214;image)
Title: Re: FTDIgate 2.0?
Post by: iceisfun on February 01, 2016, 01:46:29 am
Does anyone know the KB that rolls out this driver so I can ignore it?
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 01, 2016, 01:54:45 am
Yep, FTDI are blocking people who mention it, including some guy with 310,000 Youtube subscribers and a propensity to rant...
They blocked you too, that's pathetic. So you can't comment directly under their tweets, but by now they should have heard of the Streisand effect (https://en.wikipedia.org/wiki/Streisand_effect). :-DD
Title: Re: FTDIgate 2.0?
Post by: EEVblog on February 01, 2016, 01:56:43 am
They blocked you too, that's pathetic. So you can't comment directly under their tweets, but by now they should have heard of the Streisand effect (https://en.wikipedia.org/wiki/Streisand_effect). :-DD

It's only going to get worse for FTDI from here  :popcorn:
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 01, 2016, 02:26:03 am
Just added FTDIGate 2.0 to Wikipedia.

https://en.wikipedia.org/wiki/FTDI (https://en.wikipedia.org/wiki/FTDI)

That's all good but apparently this driver has been up since  3 July 2015 as stated in the wiki and as per:
https://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg854788/#msg854788 (https://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg854788/#msg854788)

So it's not a new discovery, many reports since then but I guess this is the first one to bring up a bigger stink about it :)

A report about the July driver can be found here:
http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/ (http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/)

and here:
https://forum.arduino.cc/index.php?PHPSESSID=21071l5u7t2agtrj5u3c25q1t7&topic=270175.msg2310682#msg2310682 (https://forum.arduino.cc/index.php?PHPSESSID=21071l5u7t2agtrj5u3c25q1t7&topic=270175.msg2310682#msg2310682)

Title: Re: FTDIgate 2.0?
Post by: onlooker on February 01, 2016, 02:48:19 am
Quote
Wikipedia page updated.

It will be better if the tone could be more factual and neutral. As is, it may not stay there for long.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 01, 2016, 03:04:34 am
Updated. Subjective adjectives and adverbs are removed. I also added the exact string it send or reads, "NON GENUINE DEVICE FOUND!".
"attack" and "victim devices" sounds a bit subjective, too, maybe just state the facts. And does it read the string, too, or only send it, and send it always, one char for every char you want it to send in a loop, or just occasionally?
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 01, 2016, 03:16:32 am
Well, now it might be too specific with the loopback configuration :) I don't have a fake chip so I can't test it, but I guess it ony sends the string, and that's the main problem why the affected devices don't work anymore. But it might alter received bytes from an independent UART source, too.
Title: Re: FTDIgate 2.0?
Post by: westfw on February 01, 2016, 06:15:50 am
Quote
Counterfeits have been found in the legitimate supply chain.
Reference?  Counterfeit FT232 devices specifically, not just "counterfeits of some chip."  Has anyone here who has a "real product" and has been buying chips from real distributors received counterfeit FTDI devices?  (No, I'm not counting Arduino-like or nth party usb/serial modules purchased from real distributors...)

Quote
hobbyist bubble
Have any non-hobbyist products been affected?   A lot of "auction site usb/serial cables", a fair number of "arduino clones and derivatives" (perhaps including genuine Arduino Nanos, and some higher-level products that USE arduino-esque boards internally (like that tinyboy 3d printer.)  (Or are we saying that arduino modules are no longer merely hobbyist devices?  Which would be an interesting development in itself!)

Quote
life support
One does hope that if you make life-support equipment, you have in fact negotiated on that "not for use in critical applications" agreement, and DO have better-than-average supply chain management AND testing.

Quote
testing and counterfeit identification
Is anyone here a large enough FTDI customer that they can categorically state that FTDI has NOT provided such a tool to their large customers?  A "counterfeit check" tool would certainly be nicer than having to run through the full driver version/windows version matrix...  I'm not sure that I'd expect it to be available to "hobbyists", though.  Or even mid-range manufacturers buying a couple thousand chips/year through Mouser/etc.

Quote
[Official FTDI distributor network sucks.]
I can agree with that.   Prior to Arduino, FTDI chips were pretty much unobtainable, except through a few odd sources.  If you wanted to use USB/Serial adapters, your best bet was an expensive USB/RS232 cable, with subsequent RS232/TTL conversion. :-(


Has anyone checked whether the new driver "malware" behaves the same with non-FTDI VID/PID ?  (Can you even change the VID/PID of the counterfeit devices?)

Has the source of the counterfeit devices ever been determined (manufacturer?  Path?)  Maybe they should just sell their own chip and do their own driver; it can't be that hard - ch340g has penetrated pretty well, to the same sorts of vendors, even though it's significantly different.

-----

I sympathize with FTDI.  I really do.  But they sure could have handled all this much better.  I too would rather have a driver that just didn't work, and plastered the "device manager" with the "counterfeit device" label, instead of bricking chips, or polluting the data stream.

I sympathize with small manufacturers.   Or I guess "designers", really.   LOTS of manufacturing below the fortune-500 is outsourced to someone, and I really wouldn't know how to go about finding someone with "good supply chain management" when I was mostly looking for "someone who's willing to deal with small volumes from a small designer."  Putting that big ???? over FTDI would not be good.   But the problem isn't unique to FTDI - they've just made it particularly obvious.  A different chip with a different clone and a more subtle problem is just as scary, right?

I even sympathize with the hobbyist ordering off auction sites.  One might expect occasional non-working merchandise.    Things that work for a while, but suddenly stop working because of a non-controllable windows update are scarier.  (although, see above about "subtle" issues.)
Title: Re: FTDIgate 2.0?
Post by: marcan on February 01, 2016, 06:34:16 am
After the first debacle, one could argue that perhaps FTDI didn't DELIBERATELY set out to brick chips (although the the evidence was compelling).
No. One couldn't argue that. It was proven beyond any shadow of a doubt that the bricking code was single-purpose, carefully crafted, and purposefully designed to brick clone chips. Anyone who thinks there is even the slightest chance that FTDIgate v1.0 was an accident either can't read the decompiled C code that I posted or is deluding themselves. They identified a small difference in EEPROM write behavior, then worked backwards from that to find a set of commands (including a pre-image attack on their own checksum algorithm) that would be no-ops on the real chips but brick clones. There is no chance that their driver just "happens" to include code that just "happens" to do nothing on real chips but just "happens" to know how to update EEPROM data while keeping the existing checksum correct (because it so happens that updating the checksum would affect legit chips) and just "happens" to include a write PID to 0 command that just "happens" to be a no-op on real chips due to a write buffering technicality.

But yeah, at least FTDIgate v1.0 needed reverse engineering the driver to prove intent. This one they aren't even trying to hide.

Either way, these guys have proven themselves to be utter morons in handling this issue. As I said in the past, the only REASONABLE action would be to refuse to work with clone devices with a user-visible error message informing them of the problem. Bricking devices is infantile and makes them legally liable for destruction of property. Sending garbage data is even worse, it puts USERS at risk due to malfunctioning hardware (industrial controllers and medical devices anyone?) and makes them legally liable for potential destruction of property, or worse, personal harm. Do these guys even have lawyers? Seriously, this is pathetic, wrong, and ridiculous.

Seriously, no more buying FTDI for me. After the first warning I thought maaaaybe I'd give them a second chance (if only because their chips actually work properly most of the time), but at this point I'd rather deal with quirky alternative chips than give them any money.

Incidentally, I took a look at the code and empirically tested a clone device to confirm. The driver replaces all data, TX and RX (and maybe some other things like modem status even? not sure, it's in more than 2 places), with "NON GENUINE DEVICE FOUND! " looped forever. It has nothing to do with looping back TX and RX, that is just one easy way to see it (because you need data to arrive to see the message on RX). I just cross connected a clone on a Windows PC to a legit chip on a Linux machine to confirm that both directions are clobbered. It also sets a registry key for clone devices, although it doesn't seem to check it otherwise. Maybe they're planning something even nastier for the next driver version?

(https://marcan.st/transf/ftdi_registry.png)

(https://marcan.st/transf/ftdi_registry2.png)
Title: Re: FTDIgate 2.0?
Post by: voltlog on February 01, 2016, 07:09:24 am
That's such a bad PR stunt on their end to block people on Twitter. Don't they have any PR people to handle things like this?
It looks like they haven't learned anything from their mistakes and our response should be clear, we should stop using their products.
Title: Re: FTDIgate 2.0?
Post by: Chris Jones on February 01, 2016, 07:18:46 am
....
create a version of the chip that has such a low price point, they put the cloners out of business by providing legit-working-alternatives for a price point.

If your chip designers are better than the fakers, then you can make the chips smaller and therefore cheaper than they can, (unless they directly copy the masks, which can be challenging on recent processes). If you put more wafers through the fabs (TSMC, UMC etc) than the fakers do, then you get better wafer pricing, even if they did copy your masks. Then you can sell the genuine article for less than the fakers can make it for - admittedly without making much profit per unit. I think that such a price reduction (maybe combined with a pop-up warning about detected fake devices - without impairing functionality) would have been the honourable path for FTDI, and they might have got some market share back from their legitimate competitors too.

Title: Re: FTDIgate 2.0?
Post by: Boomerang on February 01, 2016, 07:41:21 am
Just added FTDIGate 2.0 to Wikipedia.

https://en.wikipedia.org/wiki/FTDI

No mention of any preventive measures... only punitive measures!

Some people don't learn even from their own mistakes.
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 01, 2016, 07:58:34 am
Does anyone know the KB that rolls out this driver so I can ignore it?
As far as I know, Driver updates don't have a KB...
The driver will be installed if you plug in a FTDI device the first time, or, if you already have an older FTDI driver it will show up as normal or optional update...
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 01, 2016, 08:08:37 am
Just added FTDIGate 2.0 to Wikipedia.

https://en.wikipedia.org/wiki/FTDI (https://en.wikipedia.org/wiki/FTDI)

That's all good but apparently this driver has been up since  3 July 2015 as stated in the wiki and as per:
https://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg854788/#msg854788 (https://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg854788/#msg854788)

So it's not a new discovery, many reports since then but I guess this is the first one to bring up a bigger stink about it :)

A report about the July driver can be found here:
http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/ (http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/)

Yep, the behavior is not new... I've updated that information in my first posting right after about half an hour later when I found out that the "garbage" the driver sends actually was "NON GENUINE DEVICE FOUND!" and I did a google search on it ;) There is no FTDIgate 2.0, it was just me seeing strange behavior and not doing enough research. But who cares ^^
However, since windows update now publishes a new driver version, lots of people will be confronted with it again... So it's actually not bad to discuss this topic again, even if it's not new. FTDI deserves that bad publicity ;)
Also, to be fair, I haven't found much discussion about the driver actually sending arbitrary data to the devices. I guess after FTDIgate bricking most devices by altering the PID, most users avoided FTDI anyways and/or found way to unbrick the devices and use the old driver. Most of them, like me, may not have been aware of that a new driver with different behavior was released.
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 01, 2016, 08:13:01 am
Is anyone here a large enough FTDI customer that they can categorically state that FTDI has NOT provided such a tool to their large customers?  A "counterfeit check" tool would certainly be nicer than having to run through the full driver version/windows version matrix...
FTDI will never do that. There is no way to guarantee that a chip is valid with a tool (at least now with chips having no cryptographic signature or similar things), you can only guarantee that it's fake. There might be fakes already that FTDI cannot identify by now, but they will be able to in the future.
What if you buy such a chip today, the tool says it is okay, and in a year all your products get bricked because FTDI was able to identify it as fake? No... that won't happen.
Title: Re: FTDIgate 2.0?
Post by: amyk on February 01, 2016, 09:40:55 am
Has the source of the counterfeit devices ever been determined (manufacturer?  Path?)  Maybe they should just sell their own chip and do their own driver; it can't be that hard - ch340g has penetrated pretty well, to the same sorts of vendors, even though it's significantly different.
When the first FTDIgate happened I traced it down by starting here...

http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal)

...and ended up with this:

https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577)

The company now shows they have an "RD232A" along with the original "SR2303HX" (presumably a Prolific clone).

This page shows that CoreChips makes the Supereal brand and they appear to have written their own LAN drivers:
http://catalog.update.microsoft.com/v7/site/ScopedViewRedirect.aspx?updateid=5316ed3d-5397-446c-aaf7-4388e3d03f7a (http://catalog.update.microsoft.com/v7/site/ScopedViewRedirect.aspx?updateid=5316ed3d-5397-446c-aaf7-4388e3d03f7a)
Title: Re: FTDIgate 2.0?
Post by: glynd on February 01, 2016, 10:17:00 am
Intel used fake FTDI chips for their Gen 2 Galileo?

I expect it was a USB serial lead the guy was using with a fake FTDI chip in it...
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 01, 2016, 10:24:40 am
Intel used fake FTDI chips for their Gen 2 Galileo?

I expect it was a USB serial lead the guy was using with a fake FTDI chip in it...
yup, already brought up a couple of times, no FT232 and variants on either Gen 1 or Gen 2 BOM
Title: Re: FTDIgate 2.0?
Post by: donotdespisethesnake on February 01, 2016, 10:59:15 am
Intel used fake FTDI chips for their Gen 2 Galileo?

I expect it was a USB serial lead the guy was using with a fake FTDI chip in it...

It would have helped if the message read "NON GENUINE FTDI DEVICE FOUND", but as a measure of their ineptitude FTDI couldn't even get that right. It obviously didn't occur to them that people wouldn't immediately realise it was the seemingly innocuous USB-serial adapter screwing up their system.  |O

I have to say, in terms of PR screw-ups, this one is as bad as the last FTDI one.

Today I will be looking at how to replace FTDI chips in our designs... even if there is not a technical reason, and obviously we never intend to put counterfeit chips in our products, but we don't and could not check every chip we fit, we rely on suppliers to ship good parts. I have lost trust in FTDI that they will handle things sensibly.
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 01, 2016, 10:59:43 am
Intel used fake FTDI chips for their Gen 2 Galileo?

I expect it was a USB serial lead the guy was using with a fake FTDI chip in it...

And that is one of the major problems with this FTDI driver. Even as a developer, if you hook up a device to your PC using a USB-RS232 converter and you get "NON GENUINE DEVICE FOUND!" on your terminal, you won't expect it to be the converter generating this message. You would think it comes from the device. This is why the user thought the Galileo board was faulty and even Intel opened a support case because they didn't know about the strange FTDI driver.
The message doesn't even contain the words USB-Serial, RS232 or FTDI in it. How, even as a developer, should you supposed to know that the message is talking about the RS232 converter?
Title: Re: FTDIgate 2.0?
Post by: rasmithuk on February 01, 2016, 11:03:45 am
apparently Microsoft is okay with it (I don't see how this should have passed WHQL).

They were ok even with the previous version that was bricking the chips and then pulled it later. I think the WHQL doesn't mean much here - FTDI has some sort of privileged position because their drivers ship directly with Windows, unlike most third-party vendors. So their stuff likely gets only the basic "does it cause BSOD/eat data" test and that's it, because they are trusted.

FTDI don't have any special deal with Microsoft because WHQL doesn't test for anything like this.

To get a WHQL cert you get the tools, take a clean machine and run them on your driver. It produces a log which gets sent back to Microsoft along with the driver.
If it passes the tests it get signed.
If your device claims to meet a standard device type it gets tested for the normal responses but that's all.

Even if Microsoft did test the driver themselves, they'ld do so with the provided hardware, which would be from TFDI and pass their tests.

If the bad driver gets reported to Microsoft they'll probably pull it. As the last version changed the VID/PID it broke hardware which is why it got pulled so fast.
Title: Re: FTDIgate 2.0?
Post by: Barny on February 01, 2016, 11:16:23 am
Sadly I have visited this forum to late.
Today morning, I played a little around with my dev-board while eating my breakfast.

For debug I use the UART to write most registers of my AtMega32.
I was to lazy to use proper check-sums.

And now guess who is proud owner of an fake FT232 chip on his USB-UART bridge without knewing.


The AVR was a little bit upset about getting his Pins shorted to ground while switched to output & deliver 5V.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 01, 2016, 11:46:21 am
Incidentally, I took a look at the code and empirically tested a clone device to confirm.
I found another interesting (unicode) string in the ftdibus.sys file: "The FTDIBUS driver detected a Type 1 counterfeit device and will disable this device." (and the same string with 2-5 instead of 1, can't they use sprintf in a driver?). Can't find the xref with my IDA Pro disassembler, when is it used?
Title: Re: FTDIgate 2.0?
Post by: janoc on February 01, 2016, 01:49:22 pm
Maybe you can answer some question, because you are already using this chip: From the datasheet it is not clear to me if it supports more than 115,000 baud. The formula says 12 MHz / x (with x integer), but in other chapters it says it supports only 300-115,200 baud. Can I use it with 1 MHz baud rate?

I haven't tried this, but I seem to recall that on paper it does support it, but you get lower bandwidth than the FTDI one because they do some silly delays between the USB transactions or something to that effect. The Microchip chip is nothing else but one of the cheap 18F14kxx PICs with a pre-programmed firmware. I think Dangerous Prototypes tried to hook it up to a PICKit when it first came out and it matched the MCU ID. It is apparently 16F1455:

http://blog.zakkemble.co.uk/mcp2221-hid-library/ (http://blog.zakkemble.co.uk/mcp2221-hid-library/)
and
https://www.eevblog.com/forum/reviews/alternatives-to-ftdi-usb-to-uart-converter/msg540581/#msg540581 (https://www.eevblog.com/forum/reviews/alternatives-to-ftdi-usb-to-uart-converter/msg540581/#msg540581)

And the datasheet says it doesn't need a driver, it uses the standard virtual COM port driver on Windows. Does this mean you don't even need a custom INF file  for it? I think it is possible in Windows, if the device enumerates as CDC USB device class (see here (https://msdn.microsoft.com/en-us/library/windows/hardware/ff538820(v=vs.85).aspx)). Is this the case for the MCP2221? And does MacOS and Linux support it?

In Windows you don't need an inf file because it is a standard CDC device. Linux certainly supports it out of the box, no hassle. No idea about Mac, but Macs support standard CDC ACM devices without drivers as well so I would say it is supported there too. It is only Windows that is so screwed up in this regard.

For me the only use for the FTDI hw remains the bit bang mode (I have an adaptor with the FT2232H in it) and the built-in JTAG support and not needing to supply a driver. However, those things are often easier and cheaper done by simply sticking a small micro in there anyway - USB CDC code is pretty much a standard example code from every vendor of USB capable micros I have seen.

J.
Title: Re: FTDIgate 2.0?
Post by: aandrew on February 01, 2016, 03:03:24 pm
FTDI put/puts a lot of time and money into writing and maintaining their drivers, getting them signed and certified, integrated into the Windows Update ecosystem and the Linux kernel, etc.  They recoup this cost through a slightly higher sales price on their products, and people pay it because of the convenience.  Why would you expect to be able to use FTDI's drivers, for free, forever, without purchasing their product?  That attitude just blows my mind.  You should consider every day you've been able to use FTDI's drivers with your counterfeit device as a gift, rather than freaking out when that privilege is finally revoked.  This attitude of entitlement bothers me to no end.  I suppose Microsoft's "Genuine Advantage" system should be renamed into Microsoft-gate too?

These counterfeit companies are welcome to build their own devices, but they should also be writing their own drivers and going through the same process as FTDI to integrate those drivers into consumer operating systems, maintaining them, etc., in order to make their devices usable to end-users.  What's that?  Doing so would mean they'd have to charge FTDI-like prices?  Oh shucks, I guess the world does make sense after-all.

Don't want to deal with this kind of BS?  Then quit shopping on eBay and Alibaba and spend an extra dollar on the real thing.

Note: I'm using "you" in the collective sense, not you specifically.

AMEN! I was very much against FTDI when they decided to "brick" (blank the EEPROM) of counterfeits because it was a (sort of) destructive operation. This, however? I'm okay with this. I buy from aliexpress/ebay all the time and expect weird shit to go down occasionally. It's the price I pay for bottom-dollar electronics and I'm okay with the risk.
Title: Re: FTDIgate 2.0?
Post by: aandrew on February 01, 2016, 03:09:25 pm
Nobody is out there looking to save a few pennies buying counterfeit FTDI chips.

This is not true.

Manufacturers are under constant pressure to lower costs. They in turn put pressure on their procurement departments to get the price down, who then go out and find anyone offering the same line item at a lower cost. Eventually they find it.

We dealt with counterfeit Intel 80196 (motor controller) microprocessors 15 years ago. How did we get it? Exactly how I described above. No, I don't believe for a moment that Arrow will get a line of counterfeit FTDI chips since they're big enough to be talking to FTDI and its manufacturers directly.

Who will be getting counterfeit FTDI devices? The smaller suppliers/distributors who go through a supply chain that does not have the traceability required to ensure a genuine component. It's a cost of doing business with smaller outfits, who are under incredible pressure to get something as cheap as possible.
Title: Re: FTDIgate 2.0?
Post by: dack on February 01, 2016, 03:19:57 pm
The linux drivers are not made by FTDI. They are made by the linux community. That's why they've never had any issues with bricking clones, and will even undo the bricking done by the FTDI drivers.
Title: Re: FTDIgate 2.0?
Post by: marcan on February 01, 2016, 03:37:19 pm
Incidentally, I took a look at the code and empirically tested a clone device to confirm.
I found another interesting (unicode) string in the ftdibus.sys file: "The FTDIBUS driver detected a Type 1 counterfeit device and will disable this device." (and the same string with 2-5 instead of 1, can't they use sprintf in a driver?). Can't find the xref with my IDA Pro disassembler, when is it used?
I'm not a Windows expert, but I believe those are translation/textual string resources used for the system event log. Messages are logged by code, so there wouldn't be a direct xref there, instead that's a table that maps codes to strings and something inside Windows itself does the mapping - so yeah, they can't use sprintf, this is Windows' dumb design I think? (someone with more Windows knowledge might be able to correct me here). I did find the logging code earlier, and what triggers it, but didn't check if it is indeed logged on my windows box. I just did and yeah, it's there:

(https://marcan.st/transf/ftdierr.png)

Of course, they say they'll disable the device, but then go ahead and corrupt its data instead. Nice definition of "disabling".

Types 1-4 mean integrity checks on EEPROM addresses 0x40-0x4f failed (which seem to store manufacturer info, perhaps non-writable? haven't tried, the normal EEPROM user/config area is 0-0x3f), while type 5 does the good old 16-bit EEPROM writes check (what they used to brick devices in the previous version, except this time they revert their changes). It actually writes a 0 to the PID field (without fixing the checksum to match), reads it back, and restores it if written (original chips won't write it as its address is even). Amusingly, all of this is still wrapped in a "if EEPROM checksum is correct" conditional, so you can still use my Python tool to deliberately corrupt your EEPROM which will make the chip work with the official driver (if you're okay with all default configs and no serial number), but even better, if you plug it into a Windows machine with the new driver and unplug it at *just the right time*, the written PID field will cause a checksum failure and the driver will start to work fine with that device!
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 01, 2016, 06:06:05 pm
For me the only use for the FTDI hw remains the bit bang mode (I have an adaptor with the FT2232H in it) and the built-in JTAG support and not needing to supply a driver. However, those things are often easier and cheaper done by simply sticking a small micro in there anyway - USB CDC code is pretty much a standard example code from every vendor of USB capable micros I have seen.
Right, I guess all USB UART chips will have some kind of CPU in it and some firmware. Then it is better to use a standard microcontroller, where you can at least update the firmware, if you need to (e.g. if Windows doesn't support CDC anymore) and where you can implement special things, like bitbanging or JTAG over the serial port.
Title: Re: FTDIgate 2.0?
Post by: Russ.Dill@gmail.com on February 01, 2016, 07:24:21 pm
FTDI put/puts a lot of time and money into writing and maintaining their drivers, getting them signed and certified, integrated into the Windows Update ecosystem and the Linux kernel, etc. 

Hah, FTDI and open source. They have made extremely limited contributions to open source. The Linux kernel driver would not exist if it were up to FTDI. They have a userspace library which is of course *not* open in any way. Luckily people have taken time to make both an open kernel driver and user library. Of course, now I can't do cool things like make my Arduino act like an FTDI directly via v-usb to make integration for windows users easier.
Title: Re: FTDIgate 2.0?
Post by: Monkeh on February 01, 2016, 07:27:47 pm
Of course, now I can't do cool things like make my Arduino act like an FTDI directly via v-usb to make integration for windows users easier.

Why would you need to?

And why would you think it reasonable to make your Arduino behave like a piece of hardware with very specific capabilities when it is nothing of the sort?
Title: Re: FTDIgate 2.0?
Post by: antokadam on February 01, 2016, 08:16:43 pm
I think I found a workaround for this new January FTDI driver. Here's my blog post about it:
http://electropit.com/index.php/2016/02/01/unbrick-your-non-genuine-ftdi-device-2016-january/ (http://electropit.com/index.php/2016/02/01/unbrick-your-non-genuine-ftdi-device-2016-january/)

This is for Windows 10 x64. It includes CDMUninstaller and Windows Registry editing.
Title: Re: FTDIgate 2.0?
Post by: mikerj on February 01, 2016, 08:40:34 pm
Quote
the FTDI driver makes a fake chip send "NON GENUINE DEVICE FOUND!"

What's wrong with that? their driver isn't designed to work with counterfeit chips and god knows what dire consequences they could be if the counterfeit mis-behaved

But it's completely safe to send "NON GENUINE DEVICE FOUND!" to the clone device repeatedly right?  I think that particular argument is a non-starter.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 01, 2016, 09:30:17 pm
Quote
the FTDI driver makes a fake chip send "NON GENUINE DEVICE FOUND!"

What's wrong with that? their driver isn't designed to work with counterfeit chips and god knows what dire consequences they could be if the counterfeit mis-behaved

But it's completely safe to send "NON GENUINE DEVICE FOUND!" to the clone device repeatedly right?  I think that particular argument is a non-starter.

The "it's not supposed to work with this device anyway, so screw it, might as well make demons fly out your nose" argument is just reckless and stupid. Can't we just ignore the trolls who keep making that one?
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 01, 2016, 09:36:33 pm
Quote
the FTDI driver makes a fake chip send "NON GENUINE DEVICE FOUND!"

What's wrong with that? their driver isn't designed to work with counterfeit chips and god knows what dire consequences they could be if the counterfeit mis-behaved

But it's completely safe to send "NON GENUINE DEVICE FOUND!" to the clone device repeatedly right?  I think that particular argument is a non-starter.
I have seen some (safety related!) devices get upset when they receive data which they don't expect so yes: sending random data to a device can lead to damage, injuries and even death. In the case I was involved in those issues where fixed but who knows what is out there and vulnerable for mis-behaving.
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 02, 2016, 12:59:13 am
I used to specify only FTDI for all USB-serial converters for my deployment as they did not pull the trick like a Taiwanese company that made their driver stop working.   For me, if you want to hold me accountable, the only point is when I got my goods and was doing the first testing.  After that, I have no recourse with the sellers and any "update" to disable, to inhibit, to slow down my installations and deployments are not acceptable.  Why should the end users and all the middle tier pay for these problems? And what benefits do these bring to FTDI?  Any corrective action must not affect already deployed and installed devices, too bad if they are too late for the game.  FTDI either is a company full of hatred that seek to hurt all people that use the compatible chips, or is at the brink of going down.   The uncertainty that FTDI and the other taiwanese company bring is not something I want to absorb.  Last batch of FTDI that I got is likely to be geniune so far as it is able to survive all the updates.  But FTDI and the taiwanese chip are in my ban list, whatever chips they may make.
Title: Re: FTDIgate 2.0?
Post by: lovemb on February 02, 2016, 02:31:19 am
As a developer, I love this. I always buy important ICs from reputable vendors, and on top of that now I can even properly test them for fakes.
(I also could with the previous ftdi driver that erased PID, but this is easier now.)

Also, whenever I can I've been using ft230x/ft231x in new designs instead of the common ft232r because of the price.

Title: Re: FTDIgate 2.0?
Post by: winfieldhill on February 02, 2016, 03:34:33 am
Replacing FT232R with CY7C65213 ...
http://www.cypress.com/knowledge-base-article/replacing-ft232r-cy7c65213-usb-uart-lp-bridge-controller-kba85921 (http://www.cypress.com/knowledge-base-article/replacing-ft232r-cy7c65213-usb-uart-lp-bridge-controller-kba85921)

The Cypress chip looks good, isn't expensivve, what driver do the use?
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 02, 2016, 03:51:59 am
Replacing FT232R with CY7C65213 ...
http://www.cypress.com/knowledge-base-article/replacing-ft232r-cy7c65213-usb-uart-lp-bridge-controller-kba85921 (http://www.cypress.com/knowledge-base-article/replacing-ft232r-cy7c65213-usb-uart-lp-bridge-controller-kba85921)

The Cypress chip looks good, isn't expensivve, what driver do the use?

They use their own driver.
Edit: However I recall they recomend that you use your own PID, not sure if they'll let you share their VID. But if you leave the defaults for just the USB-UART vanilla functionality I guess it should be ok to leave the default Cypress PID and VID.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 02, 2016, 06:03:09 am
As a developer..... I always buy important ICs from reputable vendors, and on top of that now I can even properly test them for fakes.
.....
Also, whenever I can I've been using ft230x/ft231x in new designs instead of the common ft232r because of the price.
Aha. So you have a price sensitive application ? that's interesting...  you seem to have a lot of budget for testing fakes though.
That will bite you at some point, because you cannot be sure your test will detect 100% of the fakes, whatever you test.

Never ever think a risk can be brought to 0.
For me, I use reputable vendors who do not push malware to drivers, never ever FTDI any more.

Also, I try to minimize the amount of fakes by using cheap and recent chips in my designs, who do not get copied often because it's probably not worth it.
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 02, 2016, 06:17:56 am
As a developer, I love this. I always buy important ICs from reputable vendors, and on top of that now I can even properly test them for fakes.
Yeah, sure... And what if there are already fakes that aren't recognized by the driver today? You buy thousands, test them (costs you extra money), sell the products... and a year later, it turns out they all were fake and FTDI driver blocks them. What would you do? Still thank FTDI that they now recognize even more fakes?
Title: Re: FTDIgate 2.0?
Post by: diyaudio on February 02, 2016, 06:46:32 am
Can someone please confirm the Windows KB update... 
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 02, 2016, 06:54:21 am
As a developer, I love this. I always buy important ICs from reputable vendors, and on top of that now I can even properly test them for fakes.
Yeah, sure... And what if there are already fakes that aren't recognized by the driver today? You buy thousands, test them (costs you extra money), sell the products... and a year later, it turns out they all were fake and FTDI driver blocks them. What would you do? Still thank FTDI that they now recognize even more fakes?

What if your processor is an Intel or AMD clone?

It's been asked before, someone show proof of a valid claim of a consumer product. If you pay little for a  USB to Serial cable that has a fake FT232 then take it to who sold it to you. Or order in Italy where counterfeiting is heavily enforced.
 
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 02, 2016, 07:06:45 am
What if your processor is an Intel or AMD clone?

It's been asked before, someone show proof of a valid claim of a consumer product. If you pay little for a  USB to Serial cable that has a fake FT232 then take it to who sold it to you. Or order in Italy where counterfeiting is heavily enforced.

If my processor is an Intel clone, I'm pretty sure Intel won't release a driver update causing my CPU to suddenly write "FAKE CHIP DETECTED" all over my RAM, causing Windows to fail with a BSOD. And this is exactly what FTDI is doing.

We don't have to argue about cloned chips or if FTDI has the right to fight them. They do, and it's okay. Just the way they do it is pointless dangerous bullshit.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 02, 2016, 07:08:47 am
The dangerous part is all speculation.

Title: Re: FTDIgate 2.0?
Post by: Karel on February 02, 2016, 07:27:49 am
I have seen some (safety related!) devices get upset when they receive data which they don't expect so yes: sending random data to a device can lead to damage, injuries and even death.

In that case the designer was incompetent. If a device can cause injuries or death, it should have at least some crc check over the
communication channels, specially with rs232. Rs232 is well known for possible glitches on the line.
Only incompetent engineers send plain and unprotected data via rs232 to a potential dangerous device.
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 02, 2016, 07:41:37 am
The dangerous part is all speculation.
Maybe it is. Maybe it won't actually cause a serious malfunction of a device ever.

What it does cause is damage to people that have nothing to do with it. And I mean really nothing. Like Intel and their Galileo board:
https://communities.intel.com/thread/80586
A user connected the board to its PC using a USB to serial converter and after some debugging he found the Galileo sending "NON GENUINE DEVICE FOUND!". He thought the Galileo was sending that. And that's fine, who would really consider that the Serial Converter might intentionally alter the data? That's like considering electrons falling out of your device if you hold it upside down...
Even the guys at Intel thought there was something wrong with their Galileo board. They opened a support case for this guy to investigate further. Only this one case kept them busy for one month. And it was complete pointless debugging and burning several hours of Intel employees and the user for no reason. And, it would have been completely avoidable if FTDI did it right or even mention "FTDI USB to Srial Converter" in their f**** message.
I'm pretty sure thousands of completely innocent developers have to waste lots of hours on debugging because of that...
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 02, 2016, 07:47:19 am
In that case the designer was incompetent. If a device can cause injuries or death, it should have at least some crc check over the
communication channels, specially with rs232. Rs232 is well known for possible glitches on the line.
Only incompetent engineers send plain and unprotected data via rs232 to a potential dangerous device.

So... All G-Code compliant CNC machines were designed by idiots? G-Code, as far as I know, doesn't specify any type of CRC or error correction. But unexpected movements of CNC machines can be pretty dangerous... And G-Code is just an example here. There might be lots of use cases where you just have to use a given protocol and cannot add security mechanisms to it. That might be dangerous, right, but it's not incompetence!

Edit: With such a product you might be able to accept the risk of 0.001% chance for a corrupted byte being received. But FTDI now raises the chance of data corruption to 99.99% deliberately.
Title: Re: FTDIgate 2.0?
Post by: filssavi on February 02, 2016, 08:15:12 am
I have seen some (safety related!) devices get upset when they receive data which they don't expect so yes: sending random data to a device can lead to damage, injuries and even death.

In that case the designer was incompetent. If a device can cause injuries or death, it should have at least some crc check over the
communication channels, specially with rs232. Rs232 is well known for possible glitches on the line.
Only incompetent engineers send plain and unprotected data via rs232 to a potential dangerous device.

You are actually aware that CRC is more of a conveniance to avoid glitch than anything else, it's well known that CRC collisione are not only possibile, they are not all that uncommon the only way (for now) to use a hash check to secure a come channel is to use a cryptographic hash function, for example sha2 (there are no collisione found but they are thaught to be close) or more likely sha3

Now sha2 is not known for being resource friendly, try running it on an 8bitter, or even on a low end cm0 or cm0+


Sending random garbage over the channel is really never a good idea no matter how well the system is designed...
Title: Re: FTDIgate 2.0?
Post by: helge on February 02, 2016, 08:24:51 am
The linux drivers are not made by FTDI. They are made by the linux community. That's why they've never had any issues with bricking clones, and will even undo the bricking done by the FTDI drivers.

... and I assume most of the frustration is rooted in the fact that Microsoft never managed to provide a generic USB-Serial device driver.

Quote from: https://msdn.microsoft.com/en-us/library/windows/hardware/ff538820%28v=vs.85%29.aspx
If you are writing a custom driver:  Before writing a driver for your USB device, determine whether a Microsoft-provided driver meets the device requirements. If a Microsoft-provided driver is not available for the USB device class to which your device belongs, then consider using generic drivers, Winusb.sys or Usbccgp.sys. Write a driver only when necessary.

It might have prevented some funky features like the speed of the D2XX library or MPSSE but for most of the applications it would have worked a treat. Need SPI and JTAG simultaneously? Sure, why not, use the FT2232H. Just need the good 'ol 115200 8N1? Use <generic driver> with <generic usb serial adapter>. Imagine having to install a vendor driver for a mouse or keyboard before being able to use it.
Title: Re: FTDIgate 2.0?
Post by: janekm on February 02, 2016, 08:32:26 am
The linux drivers are not made by FTDI. They are made by the linux community. That's why they've never had any issues with bricking clones, and will even undo the bricking done by the FTDI drivers.

... and I assume most of the frustration is rooted in the fact that Microsoft never managed to provide a generic USB-Serial device driver.

Quote from: https://msdn.microsoft.com/en-us/library/windows/hardware/ff538820%28v=vs.85%29.aspx
If you are writing a custom driver:  Before writing a driver for your USB device, determine whether a Microsoft-provided driver meets the device requirements. If a Microsoft-provided driver is not available for the USB device class to which your device belongs, then consider using generic drivers, Winusb.sys or Usbccgp.sys. Write a driver only when necessary.

It might have prevented some funky features like the speed of the D2XX library or MPSSE but for most of the applications it would have worked a treat. Need SPI and JTAG simultaneously? Sure, why not, use the FT2232H. Just need the good 'ol 115200 8N1? Use <generic driver> with <generic usb serial adapter>. Imagine having to install a vendor driver for a mouse or keyboard before being able to use it.

It was political; Intel/Microsoft didn't want lazy device manufacturers shipping all their devices with generic serial adapter drivers (eliminating the perceived benefits of USB plug&play) so they decided to not ship a standard driver (well sort of did eventually, but requiring the .inf config file). Can't find the source any more though...
Title: Re: FTDIgate 2.0?
Post by: Karel on February 02, 2016, 08:32:59 am
You are actually aware that CRC is more of a conveniance to avoid glitch than anything else, ...

Yes, I am. It was just an example of how to make communication more robust.
It's true that there's no 100% failsafe solution. But not using any protection because nothing is 100% secure, proves incompetency.
You want to use your credit card online via an unencrypted channel? Please do, in the end, nothing is 100% secure... no?

Do you know how Google (and other companies) test and improve their software? By feeding it random data and see what happens.

I repeat my statement. Only incompetent engineers use rs232 in possibly dangerous devices without some protocol to check if the data is valid.

Title: Re: FTDIgate 2.0?
Post by: all_repair on February 02, 2016, 09:22:09 am
The dangerous part is all speculation.
Surprise that you said this.  Of course, it is speculation when you have no real body count to prove .   Once you have one, it becomes a crisis when something not suppose to happen happens, and people started to ask where are all the planning, thinking, and were the engineers sleeping?
Title: Re: FTDIgate 2.0?
Post by: donotdespisethesnake on February 02, 2016, 09:51:06 am
In that case the designer was incompetent. If a device can cause injuries or death, it should have at least some crc check over the
communication channels, specially with rs232. Rs232 is well known for possible glitches on the line.
Only incompetent engineers send plain and unprotected data via rs232 to a potential dangerous device.

So... All G-Code compliant CNC machines were designed by idiots?

Pretty much, yes. G-code was invented sometime last millenium, when CPUs were expensive, so there is some small excuse, but not for the past 30 years.

I've been working in comms and embedded for about 30 years, and anyone doing comms without a robust protocol is definitely incompetent. In a safety critical area, I would expect integrity checking on anything read from disk as well.

Unfortunately, incompetence is quite widespread in the software industry, many people I have worked with are little better than untrained amateurs. The management are usually even more clueless. So it does not surprise me at all.

If your safety critical device fails due to the FTDI data, it was never properly designed or tested, and should never have been certified safe.

Title: Re: FTDIgate 2.0?
Post by: RFZ on February 02, 2016, 10:29:35 am
So... All G-Code compliant CNC machines were designed by idiots?
Pretty much, yes. G-code was invented sometime last millenium, when CPUs were expensive, so there is some small excuse, but not for the past 30 years.
[...]
If your safety critical device fails due to the FTDI data, it was never properly designed or tested, and should never have been certified safe.

Okay. So nevertheless, you agree that there actually are lots of devices out there, designed by idiots, that may fail in not the best way if they receive garbage. Right?
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 02, 2016, 10:48:37 am
I have seen some (safety related!) devices get upset when they receive data which they don't expect so yes: sending random data to a device can lead to damage, injuries and even death.
In that case the designer was incompetent. If a device can cause injuries or death, it should have at least some crc check over the
It is not only about a CRC check but also about buffer overflows. I totally agree about the incompetent designer remark but the fact is those kind of designers are out there and put their software in products which are on the market. We don't live in an ideal world so it is better to be cautious and not send random data to a device.
Title: Re: FTDIgate 2.0?
Post by: Gabri74 on February 02, 2016, 10:56:20 am
Talking about counterfeiting.... I've already seen this type of uniforms... and
the slogan kinda remembers me of something... but I just can't recall....    :-DD

Title: Re: FTDIgate 2.0?
Post by: rasmithuk on February 02, 2016, 11:39:21 am
I'm not a Windows expert, but I believe those are translation/textual string resources used for the system event log. Messages are logged by code, so there wouldn't be a direct xref there, instead that's a table that maps codes to strings and something inside Windows itself does the mapping - so yeah, they can't use sprintf, this is Windows' dumb design I think? (someone with more Windows knowledge might be able to correct me here). I did find the logging code earlier, and what triggers it, but didn't check if it is indeed logged on my windows box. I just did and yeah, it's there:

The windows event log takes a few fixed parameters, to make sorting/filtering easier, and then a raw string.
Apart from a list of standard error codes on the fixed fields you can put whatever you want into the raw section, which is assumed to be human readable text.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 02, 2016, 11:57:25 am
The linux drivers are not made by FTDI. They are made by the linux community. That's why they've never had any issues with bricking clones, and will even undo the bricking done by the FTDI drivers.

... and I assume most of the frustration is rooted in the fact that Microsoft never managed to provide a generic USB-Serial device driver.
Starting with Windows 10 you don't need a custom driver or INF file anymore. Still required for Windows 8.1 and older, see here (https://msdn.microsoft.com/en-us/library/windows/hardware/dn707976(v=vs.85).aspx). Maybe in 10 more years, USB will be fully plug-and-play, as promised 20 years ago :)
Title: Re: FTDIgate 2.0?
Post by: elgonzo on February 02, 2016, 01:24:27 pm
I have seen some (safety related!) devices get upset when they receive data which they don't expect so yes: sending random data to a device can lead to damage, injuries and even death.
In that case the designer was incompetent. If a device can cause injuries or death, it should have at least some crc check over the
It is not only about a CRC check but also about buffer overflows. I totally agree about the incompetent designer remark but the fact is those kind of designers are out there and put their software in products which are on the market. We don't live in an ideal world so it is better to be cautious and not send random data to a device.

(EDIT: I forgot to mention that i agree with nctnico. I am rather ranting about the silly implied notion permeating this thread that with this updated FTDI driver a machine like a CNC would become unsafe, and not using this particular FTDI driver would make the same machine safe again.  Without stating this explicitly, my somewhat coffein-induced rant might be seen as in disagreement with nctnico, which it is not. I hope ;) )


Look, there is no new kind of dangerous situation posed to CNC machines or their operators.
Since their inception, CNC machines had to be designed with safety-relevant problem scenarios in mind. These include, but are not limited to the machine receiving improper parameters exceeding its operating envelope, or plain data garbage. The scenario of a (FTDI) driver sending nonsensical data to the CNC machine is just another flavor of that old scenario.

If a CNC machine cannot deal with such a problem scenario, then it has been designed by idiots. That doesn't mean that i think such machines don't exist. I tend to agree with you that this is not an ideal world. Unscrupulous people/entities are able to peddle their questionable products/services as long as it is dirt-cheap (which nicely leads back to bargain-price counterfeit chips ;) )

Of course, not all improper parameters sent to a CNC machine do exceed its operating envelope. Improper parameters could simply be such that damage/destroy the workpiece or even damage/destroy the tool bit. Obviously, one can imagine a scenario where malevolent software sends the wrong parameters to the machine. But equally, one can imagine a scenario where wrong parameters would be send to the machine simply due to operator error or a bug/glitch in some software module. In terms of safety, there is really no new problem scenario introduced by some FTDI driver sending some bad/garbage data.

With regard to danger to health and life, any CNC machine should have appropriate safety in place. A housing or curtain to protect against flying bits and pieces, guard fences, safety mats, etc... Someone (person/entity) who operates a CNC which is missing critical safety systems (appropriate to the "size" of the machine) is a reckless idiot and there really is no reason or excuse to shift the blame on to a malfunctioning or misbehaving PC (in the broadest sense, including the software and drivers running on it, and also including a communications channel which cannot ensure data integrity by itself) if somebody gets injured...

In my opinion the view that FTDI's driver behavior creates a new safety risk to health and life is quite some hyperbole.

I mean, let's assume for a moment that you have such a machine which reacts allergic and kills everyone in the room if it receives incorrect data.
What if you have a com bridge chip which is not from FTDI in your machine?
What if that chip and the related driver work properly and do not (willfully or accidentally) produce garbage data?
What if the firmware in the machine, or the software running on the controlling PC occasionally produces buggy, glitchy, wrong data that is being sent properly to the machine?
What if there are bit-flips occurring during transfer of data from the PC to the machine, which are not detected via parity bit?
What if the PC crashes or dies mid-transmission?
Will you sleep well in the knowledge that you don't have the abysmal FTDI driver running on the system, and thus health and life are not in danger?


Don't get me wrong. I am not an apologist, and i do not like what FTDI are doing. With regard to economic losses, i would completely understand someone who worries that the behavior of the FTDI driver could lead to unexpected and substantial losses when devices with undiscovered fake FTDI chips are involved in production. This is a by all means a valid and serious concern.

But i don't get why people think that FTDI's driver behavior suddenly creates a new safety hazard that has not been there before. It simply doesn't. It only can trigger a safety hazard that already exists outside of the FTDI driver and (fake) FTDI chip.. Shoot the messenger, i guess...
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 02, 2016, 02:23:58 pm
I also agree that the safety hazzard exists with or without the FTDI driver sending out garbage but still it is better to avoid triggering these safety hazzards. BTW it is not just CNC machines which could cause saftey issues! There are many other scenarios; think along the lines of -for example- a controller for a elevator which is prone to a buffer overflow when it receives bogus data on a diagnostics interface. A while ago a lady walked/fell into an elevator shaft because the doors opened while the elevator wasn't there.
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 02, 2016, 02:44:06 pm
But i don't get why people think that FTDI's driver behavior suddenly creates a new safety hazard that has not been there before. It simply doesn't. It only can trigger a safety hazard that already exists outside of the FTDI driver and (fake) FTDI chip.. Shoot the messenger, i guess...

You're right, it doesn't. But it makes this safety hazard more likely.

Just imagine a device (created by an idiot) where a unknown symbol/command actually causes a malfunction. The chance that a faulty USB to Serial Converter might unintentionally generate a wrong Symbol or a wrong Symbol is read due to a glitch is still pretty low and stays the same throughout its lifetime. With connecting a fake FTDI to it, the chance of causing this device to malfunction actually rises to 100%.

If just 0.0001% of all devices are susceptible to such fault, it's still better if their chance to fail remains 0.001% each instead of 100% ;)

But, don't get me wrong... The main reason I think FTDI does the wrong thing is not because I think they will actually break lots of devices. The main reason because I think it is the wrong way is because most of the users just will have trouble using their device, get frustrated and may never realize what really caused it to fail because there is just no end-user friendly notification...
Title: Re: FTDIgate 2.0?
Post by: elgonzo on February 02, 2016, 02:52:00 pm
I also agree that the safety hazzard exists with or without the FTDI driver sending out garbage but still it is better to avoid triggering these safety hazzards. BTW it is not just CNC machines which could cause saftey issues! There are many other scenarios; think along the lines of -for example- a controller for a elevator which is prone to a buffer overflow when it receives bogus data on a diagnostics interface. A while ago a lady walked/fell into an elevator shaft because the doors opened while the elevator wasn't there.
Of course, i fully agree to avoid possible trigger conditions. Just being curious about what kind of elevator was involved in that accident? Do you have information or a link i can follow? Usually, elevators should have electrical/mechanical door interlocks (operating independently from the elevator control) which prevent the door from opening when the car is not there (and prevent the car from moving again as long as the doors are open). It seems unusual to me that door interlocks would have a digital controller. Then again, i don't really know since i am not in the elevator business and i don't know what cutting-edge modern-day elevators are made of...
Title: Re: FTDIgate 2.0?
Post by: elgonzo on February 02, 2016, 02:54:07 pm
But i don't get why people think that FTDI's driver behavior suddenly creates a new safety hazard that has not been there before. It simply doesn't. It only can trigger a safety hazard that already exists outside of the FTDI driver and (fake) FTDI chip.. Shoot the messenger, i guess...

You're right, it doesn't. But it makes this safety hazard more likely.
I have to agree. Although it worries me a bit thinking about people/entities building, certifying or using safety-critical or safety risk-imposing devices without considering and testing about such possible problem scenarios...

Quote
But, don't get me wrong... The main reason I think FTDI does the wrong thing is not because I think they will actually break lots of devices. The main reason because I think it is the wrong way is because most of the users just will have trouble using their device, get frustrated and may never realize what really caused it to fail because there is just no end-user friendly notification...
Well, i have to agree again.  ;D
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 02, 2016, 03:04:39 pm
I also agree that the safety hazzard exists with or without the FTDI driver sending out garbage but still it is better to avoid triggering these safety hazzards. BTW it is not just CNC machines which could cause saftey issues! There are many other scenarios; think along the lines of -for example- a controller for a elevator which is prone to a buffer overflow when it receives bogus data on a diagnostics interface. A while ago a lady walked/fell into an elevator shaft because the doors opened while the elevator wasn't there.
Of course, i fully agree to avoid possible trigger conditions. Just being curious about what kind of elevator was involved in that accident? Do you have information or a link i can follow?
If you search for 'woman falls in elevator shaft' you'll notice it -shockingly- happens very often! The case I was referring to happened in Germany.
Title: Re: FTDIgate 2.0?
Post by: elgonzo on February 02, 2016, 03:31:31 pm
If you search for 'woman falls in elevator shaft' you'll notice it -shockingly- happens very often! The case I was referring to happened in Germany.
Certainly elevator doors fail sometimes, because door interlocks fail sometimes.
But i am curious about that specific case you mentioned where a digital controller would be able to open the door although no car was there. I believe that a door interlock is wired directly to the respective elevator door operator (not the elevator controller) and does not rely on digital components (which would also mean that door interlocks would not offer a digital debug interface susceptible to buffer overflows). Either i am wrong in my belief, or the case you mentioned required the cooperation of a failed door interlock or personnel having the key to override/unlock the door interlocks. However, that's going off-topic and something where i can apply my Google-Fu to the usual suspects (Honeywell, Unitec, ThyssenKrupp, Otis, etc...) when i have some more idle time. Anyway, thanks for the feedback.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 02, 2016, 03:38:34 pm
If you search for 'woman falls in elevator shaft' you'll notice it -shockingly- happens very often! The case I was referring to happened in Germany.
Certainly elevator doors fail sometimes, because door interlocks fail sometimes.
But i am curious about that specific case you mentioned where a digital controller would be able to open the door although no car was there.
My example was just a purely hypothetical one extrapolated from my experience with how bad some firmware is written. I just can't divulge too much about those experiences for obvious reasons.
Title: Re: FTDIgate 2.0?
Post by: Monkeh on February 02, 2016, 03:40:11 pm
Can someone please confirm the Windows KB update...

There isn't one.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 02, 2016, 03:59:27 pm
My example was just a purely hypothetical one extrapolated from my experience with how bad some firmware is written. I just can't divulge too much about those experiences for obvious reasons.

And what if somebody plugged a laptop into a rocket on the launchpad to run some diagnostics, and this bogus message caused it to ignite and kill everyone in the vicinity!!!  Boycott FTDI!!!

Would we all please stop with these nonsense hypotheticals and discuss the actual facts?  So far there is zero proof that there are any counterfeit devices in legitimate supply chains anymore.  All we have are a handful of people buying known Chinese knockoff products on eBay/Ali, big woop.  Also, if any product could kill somebody because it received the wrong byte over a UART line when plugged into a Windows computer, it was a shit product and was going to kill somebody at some point anyway.  Sure you'd be better off not trying to trigger a problem, but you'd also be better off not using a cheap Chinese knockoff converter to run the interface in the first place.  These ridiculous hypothetical scenarios don't help either side of the discussion.
Title: Re: FTDIgate 2.0?
Post by: Russ.Dill@gmail.com on February 02, 2016, 04:20:03 pm
Of course, now I can't do cool things like make my Arduino act like an FTDI directly via v-usb to make integration for windows users easier.

Why would you need to?

And why would you think it reasonable to make your Arduino behave like a piece of hardware with very specific capabilities when it is nothing of the sort?

It's actually quite straightforward to emulate all of the functions of the FT232RL. I'm not sure if you think that FTDI chips are some kind of black magic, especially the low end ones.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 02, 2016, 04:34:52 pm
Sure you'd be better off not trying to trigger a problem

My favorite part is where you admit you're wrong and still keep going :-+
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 02, 2016, 04:40:38 pm
Sure you'd be better off not trying to trigger a problem

My favorite part is where you admit you're wrong and still keep going :-+

Wrong about what?  About how hypotheticals involving non-existent devices with non-existent counterfeit FTDI chips in legitimate supply chains, killing non-existent people in fantastical ways, are a waste of time and a distraction from the issue at hand?  That's what the entire post was about.

If there was a device out there that could kill somebody because it received an 'N' instead of a '2' over a UART line plugged into a Windows machine (a Windows machine that's connected to the internet, receiving untested updates, with nobody's knowledge), it would have ALREADY KILLED plenty of people before FTDI ever started screwing with counterfeits.  It simply doesn't exist, and fantasizing about "what if a device like that DID exist, how bad would that be???" is pointless.
Title: Re: FTDIgate 2.0?
Post by: LoyalServant on February 02, 2016, 04:41:37 pm
My example was just a purely hypothetical one extrapolated from my experience with how bad some firmware is written. I just can't divulge too much about those experiences for obvious reasons.

Would we all please stop with these nonsense hypotheticals and discuss the actual facts?  So far there is zero proof that there are any counterfeit devices in legitimate supply chains anymore. 

Agree on the hypothetical situations.

While we have not heard of any major blunders in the supply chain like the Newegg and Intel issue a few years back that comes to mind I am sure we can all agree that bad players are constantly trying to infiltrate the supply chain.
I think everyone in the industry shares some responsibility in maintaining the integrity of the supply chain.

Title: Re: FTDIgate 2.0?
Post by: nctnico on February 02, 2016, 04:46:58 pm
Sure you'd be better off not trying to trigger a problem

My favorite part is where you admit you're wrong and still keep going :-+

Wrong about what?  About how hypotheticals involving non-existent devices with non-existent counterfeit FTDI chips in legitimate supply chains, killing non-existent people in fantastical ways, are a waste of time and a distraction from the issue at hand?  That's what the entire post was about.

If there was a device out there that could kill somebody because it received an 'N' instead of a '2' over a UART line plugged into a Windows machine (a Windows machine that's connected to the internet, receiving untested updates, with nobody's knowledge), it would have ALREADY KILLED plenty of people.  It simply doesn't exist, and fantasizing about "what if a device like that DID exist, how bad would that be???" is pointless.
As I wrote before: I have come across firmware doing safety critical tasks and it got upset from receiving data it didn't expect. There is nothing hypothetical about that! Also the assumption FTDI present and future detection algorithms will never be wrong is a false one. So even with a real chip there is a probability things can go wrong (Murphy's law).
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 02, 2016, 04:47:41 pm
Sure you'd be better off not trying to trigger a problem

My favorite part is where you admit you're wrong and still keep going :-+

Wrong about what?  About how hypotheticals involving non-existent devices with non-existent counterfeit FTDI chips in legitimate supply chains, killing non-existent people in fantastical ways, are a waste of time and a distraction from the issue at hand?  That's what the entire post was about.

If there was a device out there that could kill somebody because it received an 'N' instead of a '2' over a UART line plugged into a Windows machine (a Windows machine that's connected to the internet, receiving untested updates, with nobody's knowledge), it would have ALREADY KILLED plenty of people before FTDI ever started screwing with counterfeits.  It simply doesn't exist, and fantasizing about "what if a device like that DID exist, how bad would that be???" is pointless.

You don't get to cause damage just because it would've happened anyway... (https://en.wikipedia.org/wiki/Eggshell_skull)

You said it yourself, read my quote from you!
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 02, 2016, 04:49:09 pm
While we have not heard of any major blunders in the supply chain like the Newegg and Intel issue a few years back that comes to mind I am sure we can all agree that bad players are constantly trying to infiltrate the supply chain.
I think everyone in the industry shares some responsibility in maintaining the integrity of the supply chain.

Absolutely, and I do believe FTDI should be doing as much as they can to help with this.  I am not a distributor, so I don't have any information about what FTDI is or is not doing to ensure either 1) counterfeits don't enter the supply chain, and/or 2) counterfeits are identified before they're sold to customers.  Does anybody else here have any information on this topic?
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 02, 2016, 04:51:51 pm
As I wrote before: I have come across firmware doing safety critical tasks and it got upset from receiving data it didn't expect. There is nothing hypothetical about that!

And how many people have those devices killed?  Or were there other checks in place to ensure that even if the processor did get upset, it still didn't go on a murdering rampage?

So even with a real chip there is a probability things can go wrong (Murphy's law).
So it's a probability now?  With zero evidence that FTDI's counterfeit detection algorithm has ever given a false positive, it's now a probability that it's going to happen.  More hypotheticals...
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 02, 2016, 04:55:07 pm
You don't get to cause damage just because it would've happened anyway... (https://en.wikipedia.org/wiki/Eggshell_skull)

You said it yourself, read my quote from you!

It wouldn't have happened anyway, because those devices don't exist.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 02, 2016, 04:58:30 pm
You said it yourself.

Sure you'd be better off not trying to trigger a problem
Title: Re: FTDIgate 2.0?
Post by: Monkeh on February 02, 2016, 05:12:12 pm
Of course, now I can't do cool things like make my Arduino act like an FTDI directly via v-usb to make integration for windows users easier.

Why would you need to?

And why would you think it reasonable to make your Arduino behave like a piece of hardware with very specific capabilities when it is nothing of the sort?

It's actually quite straightforward to emulate all of the functions of the FT232RL.

So how are you implementing the variable drive current? Do you support both VCP and D2XX drivers? Do you actually emulate the device properly, and if so, why is this even an issue, as surely you'd appear to be a normal FTDI device and they'd be unable to tell the difference?

Don't pretend to be what you're not - use a generic driver or write your own.

Quote
I'm not sure if you think that FTDI chips are some kind of black magic, especially the low end ones.

 ::)
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 02, 2016, 05:17:08 pm
My example was just a purely hypothetical one extrapolated from my experience with how bad some firmware is written. I just can't divulge too much about those experiences for obvious reasons.

Would we all please stop with these nonsense hypotheticals and discuss the actual facts?  So far there is zero proof that there are any counterfeit devices in legitimate supply chains anymore. 

Agree on the hypothetical situations.

While we have not heard of any major blunders in the supply chain like the Newegg and Intel issue a few years back that comes to mind I am sure we can all agree that bad players are constantly trying to infiltrate the supply chain.
I think everyone in the industry shares some responsibility in maintaining the integrity of the supply chain.
There are some kids shouting and keep shouting and defining the supply chain as they wish and imagine.  Any supply chain is as clean as the dirtiest point in the chain.  There were cases and people I knew that were the authorised "CLEAN" channel selling big time to factories, injecting their compatible into the chain.  It took many years for the OEM to find out, because these guys got too greedy and prompted the OEM to investigate.  But the factories were kept in the dark even until now.  It happened, I am sure it is still happening and will never stop happening as long as there are some quick money to be made somewhere.  It is a  forever cat and mouse game.  FTDI is spraying bullets as they like. 
BTW those guys walked off almost trouble-free.  They lost the distributorship but kept the millions (today value should be billions) they had made, because the OEM dared not sue them and had the most to hide, the most to loose.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 02, 2016, 05:25:39 pm
You said it yourself.

Sure you'd be better off not trying to trigger a problem

For fuck's sake, I'm trying to stop the hypotheticals, that's all the post was about.  Quit trying to dig an argument for or against FTDI's actions out of my words, there was none.  I can see both sides of the issue, and both sides have valid points.  The moral/ethical/legal legitimacy of FTDI's actions was not what I was discussing, I was talking about how ridiculous these hypothetical scenarios are, and suggesting that people put an end to them because they're pointlessly dragging down the entire discussion.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 02, 2016, 05:32:41 pm
As I wrote before: I have come across firmware doing safety critical tasks and it got upset from receiving data it didn't expect. There is nothing hypothetical about that! Also the assumption FTDI present and future detection algorithms will never be wrong is a false one. So even with a real chip there is a probability things can go wrong (Murphy's law).

This thread is getting absurd in the claims some people are making regarding safety critical products. Any competent designer of a product with a critical safety factor involved is going to take special care that the device cannot malfunction if it gets bad data from an FTDI chip or any other source. He will use error detecting algorithms to insure the integrity of the data stream and have safety interlocks to prevent any damage if something is not right. To not do so would be professional incompetence. For some reason, sloppy design seems to be tolerated more in the electronics/software industries than it is in other engineering professions.

Some have even argued that CRC algorithms are not perfect and errors can slip through. Sure, that's correct if you're talking about a few corrupted bits here and there, but if FTDI were truly sending random characters, then even the most basic checksum will detect that.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 02, 2016, 05:37:56 pm
As I wrote before: I have come across firmware doing safety critical tasks and it got upset from receiving data it didn't expect. There is nothing hypothetical about that! Also the assumption FTDI present and future detection algorithms will never be wrong is a false one. So even with a real chip there is a probability things can go wrong (Murphy's law).
This thread is getting absurd in the claims some people are making regarding safety critical products. Any competent designer of a product with a critical safety factor involved is going to take special care that the device cannot malfunction if it gets bad data from an FTDI chip or any other source. He will use error detecting algorithms to insure the integrity
You are being super naive here!!! You really don't want to know the shitty firmware I have come across and which still can pass safety regulation tests without problems.

It's always the naive people who say 'that shouldn't happen' which cause the problems. I put a reverse power protection diode or even a bridge rectifier in every DC powered design because even though people shouldn't swap the + and - they still do.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 02, 2016, 05:50:34 pm
You are being super naive here!!! You really don't want to know the shitty firmware I have come across and which still can pass safety regulation tests without problems.

Perhaps we live in different worlds then. In the world I live in engineers take pride in their work and engineer it properly. If there are any safety aspects to a design, they take care that even uncommon failure modes are taken into account and handled properly in a combination of hardware and firmware interlocks.

Just because some people and companies create shitty, dangerous products doesn't mean that everyone does. Tell me--before all this FTDI stuff started, did engineers designing safety critical products that relied on a serial data stream in a safety critical part of the product assume that this data stream was 100% reliable 100% of the time?
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 02, 2016, 06:04:40 pm
Who the hell still needs FTDI?

They are a shitty company, with zero respect for the end-users (who may or most likely may not [which was my case] be aware that their chip is fake).

It's not like we don't have alternatives and we really need them. There are plenty of options out there, from complete software solutions (like V-USB (https://www.obdev.at/products/vusb/index.html)) to other dedicated alternatives, like the CH340G chip, and other solutions from Prolific, Texas, Cypress, Silicon Labs, Microchip, and a few others.

The sooner people stop caring about FTDI and stop using their products, the sooner we'll be rid of the problem.

Regarding the driver, I NEVER let Windows Update automatically update my drivers, since I've had bad experience with that in a distant past. Most of my drivers are probably out-of-date, but they've been working, so I just let them be. Don't fix it unless it's broken. Neverthless, I was a victim of FTDI with my very first Arduino Nano 3.0, because I didn't know any better, and it was a fresh install.

On a side note, some PL-2303HX drivers will simply not work with fake PL2303 chips, but it won't even touch the chip in any way. Prolific even has a utility to detect fake chips.
Title: Re: FTDIgate 2.0?
Post by: Monkeh on February 02, 2016, 06:06:07 pm
On a side note, some PL-2303HX drivers will simply not work with fake PL2303 chips, but it won't even touch the chip in any way. Prolific even has a utility to detect fake chips.

They have a utility to detect old, legitimate, and perfectly functional chips, too; their driver. Which won't work with old chips.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 02, 2016, 06:11:01 pm
You are being super naive here!!! You really don't want to know the shitty firmware I have come across and which still can pass safety regulation tests without problems.
Perhaps we live in different worlds then. In the world I live in engineers take pride in their work and engineer it properly. If there are any safety aspects to a design, they take care that even uncommon failure modes are taken into account and handled properly in a combination of hardware and firmware interlocks.

Just because some people and companies create shitty, dangerous products doesn't mean that everyone does. Tell me--before all this FTDI stuff started, did engineers designing safety critical products that relied on a serial data stream in a safety critical part of the product assume that this data stream was 100% reliable 100% of the time?
Again: I have seen released-for-production safety critical firmware do weird stuff when/after receiving unexpected data. And I've seen much worse than that as well. So yes, competent engineers are very rare. Even with safety interlocks and so on poorly designed firmware can still cause lots of trouble.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 02, 2016, 06:26:46 pm
Again: I have seen released-for-production safety critical firmware do weird stuff when/after receiving unexpected data. And I've seen much worse than that as well. So yes, competent engineers are very rare. Even with safety interlocks and so on poorly designed firmware can still cause lots of trouble.

These companies should be run out of business. I'm not a big fan of government regulation, but this is a case where it's needed. Poor engineering of products with safety critical aspects should not be tolerated.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 02, 2016, 06:31:41 pm
If you search for 'woman falls in elevator shaft' you'll notice it -shockingly- happens very often! The case I was referring to happened in Germany.

"man falls in elevator shaft" >> 389 000  google results
"woman falls in elevator shaft" >> 116 000 google results
"FTDI accident" >> 71 000  google results
"man falls in elevator shaft due to FTDI malware" >> 7  google results

So men fall 3,5x more often into elevator shafts it seems, amd FTDI is responsible for 1/6 of elevator shaft accidents.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 02, 2016, 06:41:02 pm
My favorite part is where you admit you're wrong and still keep going :-+
it's not wrong. typically, a properly done failure analysis for that specific looks like :
- problem : corrupt data on UART due to access conflict with other program/other Hardware
- probability : low
- severity : mid (after implementing CRC)
- risk level : low


Problem : FTDI just increased the probability, and therefore the risk to dangerous levels !
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 02, 2016, 06:45:33 pm
Quote
Any competent designer of a product with a critical safety factor involved is going to take special care that the device cannot malfunction if it gets bad data from an FTDI chip or any other source.

Wrong.
Any competent designer of a product with a critical safety factor involved is going to take special care to reduce the likelihood of  device malfunction down to an acceptable level.
There is no zero risk.
Lesson one in functionnal safety : You cannot eliminate risk. You only reduce it's likelihood or it's severity.

FTDI just raised that risk to an inacceptable level.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 02, 2016, 07:08:38 pm
The hypotheticals re: FTDI's shenanigans causing deaths may be overblown but the general principle and precident it sets- that is - companies reeking havoc on end user systems to combat clones - could easily eventually result in loss of life IMHO.

My end user experience with technology in the medical world has shown me that despite the best intentions of engineers - critical, unexpected faults can and do occur.

As things become more and more connected - there's been a rapid push to incorporate more technology into medical equipment and informatics - with efforts underway to allow more and more automatic connection and control - for example between implanted medical devices or bedside hospital medical equipment - and computerized medical systems accessible 24/7 to doctors and staff caring for patients.

The nature of the economics of the current system of hospital adoption of medical technology prevents the usual feedback mechanisms that force companies to compete based on the quality and reliability of their systems - so that salesmen and marketers are the focus - since once a hospital adopts a specific vendors technology they are pretty much stuck with it no matter how shitty it is.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 02, 2016, 07:14:26 pm
Also the assumption FTDI present and future detection algorithms will never be wrong is a false one.

Can you provide a link to a documented event that shows that FDTI wrongly detected a non-genuine chip
while in reality it was genuine?
Title: Re: FTDIgate 2.0?
Post by: janoc on February 02, 2016, 07:32:01 pm
These companies should be run out of business. I'm not a big fan of government regulation, but this is a case where it's needed. Poor engineering of products with safety critical aspects should not be tolerated.

Agreed. But that doesn't mean that we should tempt fate and try to blow up those poorly engineered products in the meantime.

You know, it is a bit like a kid poking nails into an outlet.  99.9% of time nothing happens - some outlets have shutters, kid is lucky and is poking in the "wrong" hole, etc. Then the chance strikes - and my former colleague woke up at 5AM to a blaring fire alarm and a smouldering wall because the junior managed to push a piece of naked wire into the outlet (that was in Switzerland where shuttered outlets aren't the norm). Pontificating about things being poorly engineered wouldn't have helped him any - he still had a major repair on his hands and was extremely lucky that nobody got hurt.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 02, 2016, 08:02:58 pm
It's interesting to see how some people are clutching at straws and use all kinds of hypothetical cases to justify
their angriness against FTDI instead of pointing to the real culprits (the cloners)...
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 02, 2016, 08:15:16 pm
Also the assumption FTDI present and future detection algorithms will never be wrong is a false one.
Can you provide a link to a documented event that shows that FDTI wrongly detected a non-genuine chip
while in reality it was genuine?
I think I can make the driver do that with some effort (where can I send the bill?). I've seen enough instability issues with the FTDI USB-UART chip in question. Also it is hard to predict what the cloners will come up with next and how the algorithm in the driver will deal with those. Sooner or later the driver will be susceptible to false positives because only code which isn't there is 100% free of errors.
Title: Re: FTDIgate 2.0?
Post by: diyaudio on February 02, 2016, 08:55:27 pm
Just glad my Xilinx Platform USB Download Cable Jtag Programmer arriving soon, dont have a FTDI bridge! 

cypress semiconductor all the way.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 02, 2016, 09:21:44 pm
It's interesting to see how some people are clutching at straws and use all kinds of hypothetical cases to justify
their angriness against FTDI instead of pointing to the real culprits (the cloners)...

The cloners loaded the gun.  FTDI pulled the trigger.  Who's the victim to blame?

And yes, there are real victims here not just hypothetical ones.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 02, 2016, 09:27:02 pm
Quote
Any competent designer of a product with a critical safety factor involved is going to take special care that the device cannot malfunction if it gets bad data from an FTDI chip or any other source.

Wrong.
Any competent designer of a product with a critical safety factor involved is going to take special care to reduce the likelihood of  device malfunction down to an acceptable level.
There is no zero risk.

In the specific case I mentioned (the device knows it has bad data from a data source) it is possible to ensure that nothing bad happens to a very high degree of certainty. I'll not split hairs with you, but it's that "nothing's perfect" mentality that leads to all of the crap designs on the market today. Most of the cheap consumer crap is that way because consumers are not willing to pay for quality. All they care about is price. That's why they buy poorly designed disposable crap at Wal*Mart (a U.S. chain of stores that caters to this crowd) that ends up in a landfill a few months later. Extending this to the realm of this forum, it's why many people here are so eager to buy cheap Arduino and Segger J-Link clones from China -- they don't care about quality or the fact that these products rip off the original designer of these items. They're the same people who'd buy counterfeit Rolex watches or Prada shoes.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 02, 2016, 09:49:40 pm
Extending this to the realm of this forum, it's why many people here are so eager to buy cheap Arduino and Segger J-Link clones from China -- they don't care about quality or the fact that these products rip off the original designer of these items.

As far as I'm aware, Arduino hardware is open source. Clones ok. Counterfeits (using Arduino logo) not ok.

Quote
They're the same people who'd buy counterfeit Rolex watches or Prada shoes.

What? you mean there are electronic hobbyists who are worried about status symbols and fashion and buy these things based on how they look and not function?

I think that is a poor analogy.

A better one might be someone who buys a cheap automobile to get themselves from point A to B, knowing full well that it is not the same quality and may not last as long as a quality product.  Still it works for their purpose.  For most the technical details of why it is lower quality are unimportant to them.  Patent or trademark infringements, "fake" versus real and underlying details of the technology they leave to the manufactures and legal system to sort out.

Title: Re: FTDIgate 2.0?
Post by: Pentium100 on February 02, 2016, 10:02:46 pm
I have a car analogy:

Let's say the rubber diaphragm in the carburetor of my car failed, so I went and bought a new one, replaced the failed one and my car works again. Unknown to me, the new diaphragm is a counterfeit, made from cheaper materials and won't last as long, but should still last a while. However, while I was at a gas station one day, a man came by, opened he hood of my car, found out that the diaphragm is not genuine and cut it up making my car inoperable (FTDIgate 1) or fixed the throttle valve to full open (FTDIgate 2). I do not think I would be OK with that and my anger would be with the man who disabled my car. If and when the fake part failed prematurely by itself, only then my anger would be with the counterfeiter.

But then again, I can buy car parts made by whoever wants to, as long as they fit and work OK...
Title: Re: FTDIgate 2.0?
Post by: janoc on February 02, 2016, 10:58:45 pm
I have a car analogy:

Let's say the rubber diaphragm in the carburetor of my car failed, so I went and bought a new one, replaced the failed one and my car works again. Unknown to me, the new diaphragm is a counterfeit, made from cheaper materials and won't last as long, but should still last a while. However, while I was at a gas station one day, a man came by, opened he hood of my car, found out that the diaphragm is not genuine and cut it up making my car inoperable (FTDIgate 1) or fixed the throttle valve to full open (FTDIgate 2). I do not think I would be OK with that and my anger would be with the man who disabled my car. If and when the fake part failed prematurely by itself, only then my anger would be with the counterfeiter.

But then again, I can buy car parts made by whoever wants to, as long as they fit and work OK...

Don't bother, people like Karel or suicidaleggroll will try to convince you that it is all your fault because you weren't supposed to be cheap and not do your due diligence by demanding a certificate of authenticity from whoever sold you the diaphragm and all their suppliers down to the grunt somewhere in Malaysia who actually made it. In fact, you should have stood behind him and watched him making it in order to be sure that he doesn't replace it with a counterfeit behind your back. See, you didn't do it, it is all your fault!

Then you will have some other folks who will tell you it is the car manufacturer's fault because the car shouldn't be so poorly designed as to let the nefarious guy open the hood and break your car.

And then you will have cops who are hopefully not engineers and thus will do the common sense thing instead of blaming the victim - put the saboteur behind bars.

You can't win with these trolls. Fortunately the people who actually are empowered to do something about it tend to know better - Microsoft pulled the driver last time and it is very likely they will do it again once a sufficiently big stink is raised.
Title: Re: FTDIgate 2.0?
Post by: rch on February 02, 2016, 11:02:09 pm
But then again, I can buy car parts made by whoever wants to, as long as they fit and work OK...
That is only because some governments have decided, in the specific case of cars, but also in some other consumer goods, that the public good of there being cheap replacement parts available for cars of any age is a greater good than that of car manufacturers being able to extract maximum profit from their intellectual property.  It does remind us that the exploitation of intellectual property is not some sort of natural right,  but enabled by  political decision.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 12:08:42 am
You can't win with these trolls.

Troll: (noun) Anyone who doesn't agree with my opinion.
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on February 03, 2016, 01:11:52 am
The dangerous part is all speculation.
Surprise that you said this.  Of course, it is speculation when you have no real body count to prove .   Once you have one, it becomes a crisis when something not suppose to happen happens, and people started to ask where are all the planning, thinking, and were the engineers sleeping?

Speculation is all I need to spec out another device. Unless there is a particular feature that no other chip has I just look at the next best choice.

FTDI could easily kill the clones by selling at a lower or equal cost. Either that or discontinue the chip and come out with a replacement that has a wiz bang feature. Easy no, but better than having the brand damaged.
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 03, 2016, 02:04:55 am
Quote
FTDI could easily kill the clones by selling at a lower or equal cost.

Kind like you losing out to a clone of yours in India because he could do your job at a lower cost. You went home and you wife told you: "you could have easily killed that clone by selling your labor at an even lower cost." :)

After a few rounds of such competition, you may come to appreciate FTDI's position.
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 03, 2016, 02:06:16 am
Quote
You can't win with these trolls.

If you cannot attack the message, attack the messenger.

Pathetic.
Title: Re: FTDIgate 2.0?
Post by: amyk on February 03, 2016, 04:09:37 am
Who the hell still needs FTDI?

They are a shitty company, with zero respect for the end-users (who may or most likely may not [which was my case] be aware that their chip is fake).

It's not like we don't have alternatives and we really need them. There are plenty of options out there, from complete software solutions (like V-USB (https://www.obdev.at/products/vusb/index.html)) to other dedicated alternatives, like the CH340G chip, and other solutions from Prolific, Texas, Cypress, Silicon Labs, Microchip, and a few others.

The sooner people stop caring about FTDI and stop using their products, the sooner we'll be rid of the problem.
:-+ This, absolutely. It's hilarious and a bit sad that FTDI think it's even worth trying to "protect" their IP for what amounts to an IC that would be considered almost trivial in functionality these days. The fact that it's been cloned and there are so many other implementations says that what they have is nothing special. It's just a bloody USB-RS232 converter... the sooner people stop choosing them and move to cheaper, less hostile alternatives, the better.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 04:20:22 am
My question will be, why would a company develop a product that uses the manufacturer's default VID and PID, knowing that any program that can talk to a COM port could cause damage or be dangerous?

Nah, those products are done by cheap and hobby level products and won't invest in making sure their device is bullet proof.

Regardless of FTDI or whatever other chip is used.
Title: Re: FTDIgate 2.0?
Post by: zapta on February 03, 2016, 04:28:00 am
Just stumbled upon this one on the Saelig website. A general purpose counterfeit IC detector.

https://www.youtube.com/watch?v=fJw5ZoT_us4 (https://www.youtube.com/watch?v=fJw5ZoT_us4)
Title: Re: FTDIgate 2.0?
Post by: rdl on February 03, 2016, 04:39:13 am
Why in the world do people let Windows update device drivers in the first place?
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 03, 2016, 04:40:19 am
My question will be, why would a company develop a product that uses the manufacturer's default VID and PID, knowing that any program that can talk to a COM port could cause damage or be dangerous?

Nah, those products are done by cheap and hobby level products and won't invest in making sure their device is bullet proof.

Regardless of FTDI or whatever other chip is used.
If the product uses the FTDI chip, it is the simplest way to use the manufacturers VID and PID, because otherwise you would have to provide an INF file (which needs to be signed for newer Windows versions), which would simply reference the ftdibus.sys driver anyway. As I've tested, the standard Microsoft usbser.sys doesn't work with the FTDI chips.

I think there is nothing wrong with protecting the IP. I really like the functionality of the FTDI chips, especially the modern versions, like the FT2232H, which you can use as a JTAG programmer as well (supported out of the box by the Lattice FPGA programmer). It is some work to produce a good working chip with driver support for all operating systems that usually just works. Cheaper alternatives are not as good, like the MCP2221, which has a gap of 30 us between bytes (http://blog.zakkemble.co.uk/mcp2221-hid-library/), so it is useless for modern higher baud rates like 1 Mbaud and even at 115,200 baud the effective baud rate will be solwer than possible.

Of course, it is another question how to protect the IP. Providing test tools, even displaying a warning for counterfeits is ok, but the product should still work, even if it uses a counterfeit. Or maybe show a warning which says that it will stop working after a month. Then the users have time to replace it, or get the money back from the eBay sellers.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 04:48:20 am
So then any other FT232r based program could cause problems with your device if you leave the PID and VID to be the default one, unless you make sure it doesn't react to random chatter.

Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 03, 2016, 05:38:49 am
So then any other FT232r based program could cause problems with your device if you leave the PID and VID to be the default one, unless you make sure it doesn't react to random chatter.
It is mapped to a serial port (unless you've configured it for the "D2XX Direct" driver), so yes, any program which can send data to a serial port can cause problems with such a device. PID and VID doesn't matter, it will be still a serial port. The only advantage of a custom PID and VID with FTDI chips would be that the intended program could detect its device without the need for the user to specify the serial port number or sending random (for other devices) characters to all COM ports.

If you need a more professional solution, libusb (http://libusb.info) might be better, but more work for the software side, too. On the microcontroller side it is not that much more work, at least was easy last time I tested it with the mbed framework (https://www.mbed.com) on an LPC series chip from NXP.
Title: Re: FTDIgate 2.0?
Post by: Muxr on February 03, 2016, 05:47:41 am
Having thought about this for the past 2-3 days, I am actually now supporting FTDI's decision to do this. Counterfeit components not only hurt the original manufacturer, but also their customers who designed their chips into their products. Because it creates an uneven playing field between those who buy legitimate components and those who have access to counterfeits which cost 1/10th the price.

FTDI has every right to protect their IP.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 03, 2016, 06:06:10 am

FTDI has every right to protect their IP.

Sure they do (I haven't seen anyone argue otherwise).  This is just a poor way to do it and will only alienate more customers.

Title: Re: FTDIgate 2.0?
Post by: Muxr on February 03, 2016, 06:08:10 am

FTDI has every right to protect their IP.

Sure they do (I haven't seen anyone argue otherwise).  This is just a poor way to do it and will only alienate more customers.
I haven't seen anyone suggest a viable alternative to fight clones.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 03, 2016, 06:42:12 am
I haven't seen anyone suggest a viable alternative to fight clones.

- Sell cheaper (that's really overdue, FTDI is overpriced, and their design is old and amortized)
- upgrade your products, and make your customer like the non compatible new features ( by being useful, not the actual kind of upgrade from FTDI)
- get to new markets when your product line is dying off (and don't get angry customers just when you need them to adopt your new products)
- in case of FTDI, stop being a malware company

Also, if you really don't want to be copied,cloned or even counterfeit, there's a simple and very effective solution:
- Be mean, stay small : cloners concentrate on top seller products with very high margin
- Be cheap yet effective : reduce the margin of potential cloners by using cost effective solution on your side, with a reasonable quality
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 06:45:41 am
I haven't seen anyone suggest a viable alternative to fight clones.

- Sell cheaper (that's really overdue, FTDI is overpriced, and their design is old and amortized)
- upgrade your products, and make your customer like the non compatible new features ( by being useful, not the actual kind of upgrade from FTDI)
- get to new markets when your product line is dying off (and don't get angry customer when you need them to design in your new products)
- in case of FTDI, stop being a malware company

Also, if you really don't want to be copied/cloned/counterfeit, there's a simple and very effective solution:
- Be mean, stay small : cloners concentrate on top seller products with very high margin
- Be cheap : reduce the margin of potential cloners by using cost effective solution on your side, with a reasonable quality

Yeah, let every product compete with the prices of the crap you find at Walmart. Why buy quality tools when you can buy cheap crap that might work for a while? I guess I should be able to purchase high quality Swiss tools for the same price as the cheap tools out there.

Just because you want them to be cheaper, it doesn't mean they should be cheaper.
Title: Re: FTDIgate 2.0?
Post by: matseng on February 03, 2016, 06:49:34 am
I ran a quick 24hr vote on Twitter. This was the result:

(http://s29.postimg.org/kmzelqdrr/Screen_Shot_2016_02_03_at_14_47_06.png)
Title: Re: FTDIgate 2.0?
Post by: marcan on February 03, 2016, 06:49:56 am
The windows event log takes a few fixed parameters, to make sorting/filtering easier, and then a raw string.
Apart from a list of standard error codes on the fixed fields you can put whatever you want into the raw section, which is assumed to be human readable text.
The messages in question were logged using a code, though (ErrorCode), the string wasn't directly passed in.

https://msdn.microsoft.com/en-us/library/windows/hardware/ff550571(v=vs.85).aspx

Even with custom error code strings, though, it does support percent-substitution, so yeah, this is just FTDI's shoddy coding.

I haven't seen anyone suggest a viable alternative to fight clones.
How about just failing device enumeration? Or even just refuse to TX/RX any data? They already log a message to the system event log saying that the device is counterfeit. The utterly retarded part is where they corrupt data instead of just refusing to work altogether.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 03, 2016, 06:50:26 am
No, I don't want them to be cheaper.

I only say if you really want to not be copied, don't be in the top range. Somebody else will be in the top range and will be copied.
Top products will be copied, that's just life, you cannot avoid it.

But it should not matter to you, because you're in a different price and quality segment than (legal) clones. Learn to sell that quality to your customers who always look at the low price low quality alternative.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 03, 2016, 06:53:40 am
I ran a quick 24hr vote on Twitter. This was the result:
The thing is : they don't "send a warning text", which would mean dropping an error window.

No, what they do is not sending a warning, What they do is intentionally corrupting data. And that's potentially very dangerous. It's a nogo.
Never use a product that will willingly corrupt your data !!!
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 03, 2016, 06:57:54 am
I haven't seen anyone suggest a viable alternative to fight clones.
Really? Choose one:
*) stop the driver from working with generic error code (like Code 10 / 43 / 48)
*) stop the driver from working and display a user-friendly notification referring to a website that explains what caused the problem and who to inform (if possible)
*) let the user continue using the device (for some time) and display a user-friendly notification referring to a website that explains what caused the problem and who to inform (if possible)
Title: Re: FTDIgate 2.0?
Post by: Ian.M on February 03, 2016, 07:00:08 am
Of course FTDI have a right to restrict their driver to their hardware, but they don't have a right to screw with 3rd party data or hardware while doing so.

What's wrong with simply making the driver reject clones with an error code like any sane company would?  e.g. Prolific used error code 10 (device cannot start).  There wasn't this level of outrage against Prolific - Smart users just avoided unbranded cables/adapters with Prolific drivers.

Even if you think it was OK to tamper with the data on the end user's wire to read "NON GENUINE DEVICE FOUND!", it was a dick move not to use: "NON GENUINE FTDI DEVICE FOUND!"
Title: Re: FTDIgate 2.0?
Post by: RFZ on February 03, 2016, 07:02:45 am
I ran a quick 24hr vote on Twitter. This was the result:

(http://s29.postimg.org/kmzelqdrr/Screen_Shot_2016_02_03_at_14_47_06.png)

I've seen this vote but I think it's completely missunderstandable.
What does "send warning text" mean?
a) Send a warning Text in 7/8bit ASCII via RX/TX lines which won't be visible to a end-user in 98% of applications?
b) Show a readable warning text/notification to the user on the computer?

Sure, "send warning text" won because "Hey, lets send out a warning" is obviously the best thing you can do. And I agree. But the way this warning is sent out has to be specified and understood by those voting. And I doubt that they did...
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 03, 2016, 07:08:39 am
The market demands that higher prices are justified by better quality, features or marketing. It appears FTDI has determined they are not competitive on that basis.

If FTDI can't find a way to protect their IP non destructively and without malware then they must compete in the market or fail.

IMHO the approach they are currently taking will fail.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 07:17:25 am
On the survey there was no option for don't work with clones.

So that 24hr vote doesn't mean much because you took off what they actually did.

As for destructively or malware, no one has shown any evidence of that.

If your product accepts anything that comes from that COM port, then whoever wrote the device code is to blame since any other program can talk to that COM port.

Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 07:28:04 am
Well, after seeing the latest Mailbag:

https://www.eevblog.com/forum/blog/eevblog-847-mailbag/ (https://www.eevblog.com/forum/blog/eevblog-847-mailbag/)

I guess you are all right, we should just buy the counterfeit "Arts of Electronics Third Edition" screw the authors!

Of course I kid, but that's what I'm hearing here. They should provide the real book at the same price as the fake ones!
Title: Re: FTDIgate 2.0?
Post by: Karel on February 03, 2016, 07:34:10 am
Also the assumption FTDI present and future detection algorithms will never be wrong is a false one.
Can you provide a link to a documented event that shows that FDTI wrongly detected a non-genuine chip
while in reality it was genuine?
I think ... blahblahblah...

No link? Thats what I thought.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 03, 2016, 07:38:57 am
FTDI could easily kill the clones by selling at a lower or equal cost.

How do you know that? Are you friends with the bookkeepers of FTDI?
Can you share your inside information?
Title: Re: FTDIgate 2.0?
Post by: Karel on February 03, 2016, 07:41:27 am
Why in the world do people let Windows update device drivers in the first place?

Why in the world do people use Windows in the first place?
Title: Re: FTDIgate 2.0?
Post by: Boomerang on February 03, 2016, 07:47:29 am
I ran a quick 24hr vote on Twitter. This was the result:

(http://s29.postimg.org/kmzelqdrr/Screen_Shot_2016_02_03_at_14_47_06.png)

My choice (if available) would be "do nothing - just don't work with the chip"
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 03, 2016, 09:12:04 am
My question will be, why would a company develop a product that uses the manufacturer's default VID and PID, knowing that any program that can talk to a COM port could cause damage or be dangerous?

Nah, those products are done by cheap and hobby level products and won't invest in making sure their device is bullet proof.

Regardless of FTDI or whatever other chip is used.
If the product uses the FTDI chip, it is the simplest way to use the manufacturers VID and PID, because otherwise you would have to provide an INF file (which needs to be signed for newer Windows versions), which would simply reference the ftdibus.sys driver anyway. As I've tested, the standard Microsoft usbser.sys doesn't work with the FTDI chips.

I think there is nothing wrong with protecting the IP. I really like the functionality of the FTDI chips, especially the modern versions, like the FT2232H, which you can use as a JTAG programmer as well (supported out of the box by the Lattice FPGA programmer).
Every USB-UART bridge has I/O pins so that JTAG programmer functionality can be implement by any of those. It is not an FTDI specific function.
Title: Re: FTDIgate 2.0?
Post by: westfw on February 03, 2016, 10:02:54 am
Just as an aside, I hope that people are feeling really warm and fuzzy about the fact that all these devices with counterfeit FTDI chips are being SO well tested (not!) with the latest FTDI drivers on several operating systems, before they get shipped to you.   AFAIK, the "latest FTDI driver" has not supported counterfeits since FTDIGate 1, about a year ago (windows just stopped pushing the latest to your PCs...), so I think that old stock should be mostly gone.   Vendors have known about the problem, but they apparently haven't done anything about cleaning up their supply chain OR testing their devices.
(If you're buying one of those hypothetical safety-critical products, I hope that EVERY unit shipped gets enough testing to detect this sort of issue!)
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 03, 2016, 10:09:32 am
It is a Moore's law industry, FDTI has actually milked out much more than what a typical company involved in this industry could have done.  To expect to have the same or more shall be wishful thinking.  They are not fighting the compatible, they are fighting Moore's law.  The most valuable thing FDTI had was probably their brand, and if they had been studying IBM and wanted to extract the most value out.  It was to sold their brand away to the lower cost manufacturer when their brand was golden.  But it is too late now after their move of killing compatible chips.  Their chips are finally used by people like me down in the chain, buying for installations and deployment.  It is a lost cause now to me.  I used to spec ONLY FDTI to banning FDTI.  No point thinking about stopping the compatible now, because the whole FDTI well is poisoned.  If I was part of the team, I would want to move all new businesses to another company and show no trace of FDTI association.  Do the protection ahead and not later.  When FDTI is actively poisoning their own well, likely they must have judged there are not much left inside for them.   So Poison it, screw everyone.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 10:10:05 am
Also it should be mentioned that FTDI is not a big corporate company, they are quite small and work (as in overwork their employees) hard to gain a measly $10M or so annually.  Edit: for the whole company not for each individual.

So buying fakes is just adding more working hours for those overworked employees. So go ahead and boycott them so their under 200 employees have to find some other way to earn a living.

 :palm:

Edit: I'll repeat, buy the fake Art Of Electronics 3rd Edition, or make the authors bring the price down to be the same as the counterfeit copies. :palm: :palm:

Yeah like all_repair says, screw everyone!
Title: Re: FTDIgate 2.0?
Post by: westfw on February 03, 2016, 10:29:37 am
Quote
- Sell cheaper (that's really overdue...)
- upgrade your products, and make your customer like the non compatible new features
You mean, like the new FT230/FT231 products.  Smaller, cheaper, additional features...

Quote
- get to new markets when your product line is dying off
The the VNC2 dual USB-host chips and the EVE display driver?

Quote
in case of FTDI, stop being a malware company
They seem to have TRIED to be a "better driver company", offering a driver that worked better and on more platforms than most of their competitors.  (I remember getting a bad feeling when we were looking at another vendor's USB chips, but they ONLY had windows drivers...)  But that was part of what got them noticed by the counterfeiters, probably.
AFAIK, FTDI drivers/chips still have features that aren't available on many alternatives, or not as easily.   (although that "not as easily" may be irrelevant.  Sure, it's theoretically easier to update the EEPROM fields in an FT232 to customize it for your product, compared to having to do a new firmware image for a dedicated microcontroller.  But not THAT much easier...)
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 10:38:09 am
I can picture this:

Yeah, you are all awesome and have achieved in our little Glasgow company what other bigger companies couldn't do. I would love to cut your working hours of 12 hours a day for little compensation and give you all bonuses for all your hard work, but the community is in favor of us cutting the price to compete with companies making clones of our devices, so no bonuses, no raises and I'm sorry to say you have to work 14 hours a day and 8 hours on weekends.

But it's not all a lost, we can all go soak our sorrows at the pub, that is if we can get out of work before last call.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 03, 2016, 12:11:26 pm
Also it should be mentioned that FTDI is not a big corporate company, they are quite small and work (as in overwork their employees) hard to gain a measly $10M or so annually.  Edit: for the whole company not for each individual.

So buying fakes is just adding more working hours for those overworked employees. So go ahead and boycott them so their under 200 employees have to find some other way to earn a living.
Being poor doesn't make it right to damage property belonging to others or corrupt data on purpose with potentially severe consequences! As others noted: it is easy to make the driver not load with a device which the driver thinks is fake. If FTDI goes out of business it is good riddance; that is the way the free market deals with companies which don't innovate to reduce the cost of their products. If you look at the comparison between real and fake you'll notice the fakes are produced on a much more modern process than the real chips! If FTDI cared to do a die shrink they could make their devices much cheaper and lower power so cloning them is much less lucrative. BTW: if the employees at FTDI work for more hours than they get paid for they are utterly stupid.
Title: Re: FTDIgate 2.0?
Post by: StuUK on February 03, 2016, 12:27:42 pm
Also it should be mentioned that FTDI is not a big corporate company, they are quite small and work (as in overwork their employees) hard to gain a measly $10M or so annually.  Edit: for the whole company not for each individual.

So buying fakes is just adding more working hours for those overworked employees. So go ahead and boycott them so their under 200 employees have to find some other way to earn a living.
Being poor doesn't make it right to damage property belonging to others or corrupt data on purpose with potentially severe consequences! As others noted: it is easy to make the driver not load with a device which the driver thinks is fake. If FTDI goes out of business it is good riddance;

Bit harsh, these are peoples jobs, it more likely the management you should be targeting....

Quote
that is the way the free market deals with companies which don't innovate to reduce the cost of their products. If you look at the comparison between real and fake you'll notice the fakes are produced on a much more modern process than the real chips!

Fair but where are those being produced?

Quote
If FTDI cared to do a die shrink they could make their devices much cheaper and lower power so cloning them is much less lucrative.

Couldn't disagree.

Quote
BTW: if the employees at FTDI work for more hours than they get paid for they are utterly stupid.

Calling employees stupid because they work long hours is totally disingenuous, they likely work long hours either because 1) They care about what they do or 2) because they have little choice or 3) a combination of both 1 and 2. The idea they do it because they are stupid is highly unlikely!
Title: Re: FTDIgate 2.0?
Post by: amyk on February 03, 2016, 12:31:41 pm
Also it should be mentioned that FTDI is not a big corporate company, they are quite small and work (as in overwork their employees) hard to gain a measly $10M or so annually.  Edit: for the whole company not for each individual.

So buying fakes is just adding more working hours for those overworked employees. So go ahead and boycott them so their under 200 employees have to find some other way to earn a living.
Their ICs are nothing special anymore. It's like TI going after everyone who clones the 7400...
Title: Re: FTDIgate 2.0?
Post by: janekm on February 03, 2016, 01:09:26 pm
As a developer, I love this. I always buy important ICs from reputable vendors, and on top of that now I can even properly test them for fakes.
(I also could with the previous ftdi driver that erased PID, but this is easier now.)

Also, whenever I can I've been using ft230x/ft231x in new designs instead of the common ft232r because of the price.

Really? You do realise that the next version of fake chips will be able to pass whatever check FTDI are doing in this version, and then at some random time in the future your product might fail because you depended on that oh so reassuring test...

And one day you may be building some devices on a deadline, and you find out that the FTDI chip is the only one on your BOM that only has stock with distributors on the other side of an anal-retentive customs border. And you have 4 days until CNY. You'll be singing a different tune.

BTW here's one example of a distributor that would have carried FTDI chips but now carry alternatives instead because FTDI won't sell to them: https://www.schukat.com/schukat/schukat_cms_en.nsf/previewindex/CMS2BC96E5EAB296935C1257E0000455669?OpenDocument&refDoc=CMS5AA927DF5F442B33C1256D4F005B1771 (https://www.schukat.com/schukat/schukat_cms_en.nsf/previewindex/CMS2BC96E5EAB296935C1257E0000455669?OpenDocument&refDoc=CMS5AA927DF5F442B33C1256D4F005B1771)

And Schukat are a long-established, "name-brand" distributor...

Like I said, FTDI seem to do everything they can to drive themselves out of business here. Businesses building million-unit quantities of their designs weren't using FTDI chips anyway (too expensive and easy to design around), with the exception of Arduino until recently.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 03, 2016, 01:27:29 pm
BTW: if the employees at FTDI work for more hours than they get paid for they are utterly stupid.
Calling employees stupid because they work long hours is totally disingenuous, they likely work long hours either because 1) They care about what they do or 2) because they have little choice or 3) a combination of both 1 and 2. The idea they do it because they are stupid is highly unlikely!
I strongly prefer people who care about what they do but they should do it so they ultimately get something in return! When working over hours for your employer you should get paid or gain useful experience. Otherwise you are just working so your manager (or his/her bosses) get a bigger bonus. If you are a good engineer you can always get another job.
Title: Re: FTDIgate 2.0?
Post by: madires on February 03, 2016, 01:43:41 pm
Their ICs are nothing special anymore. It's like TI going after everyone who clones the 7400...

That's a nice comparison! FTDI has the right to enforce their IP rights, but taking the end customer hostage might be not the best idea. It backfires and could hurt FTDI more than the clones. I think FTDI's management tries to keep their old business strategy working while ignoring the market. It's very similar to the media industry (movies/music). They should innovate and lower the price. The high price is the reason for clones. Cheap chips = less profit per chip, but compensated by more chips sold = no market for clones
Title: Re: FTDIgate 2.0?
Post by: Karel on February 03, 2016, 01:56:45 pm
Their ICs are nothing special anymore. It's like TI going after everyone who clones the 7400...

Your comparison couldn't be more wrong.
People who "clone" the 7400 don't print the name Texas Instruments on their packages and they certainly don't use a "Texas Instruments driver".
Clones are fine if it's not counterfeit and when they don't use other companies USB VID code in order to avoid the investment of writing their own driver.

Title: Re: FTDIgate 2.0?
Post by: all_repair on February 03, 2016, 02:04:38 pm
So buying fakes is just adding more working hours for those overworked employees. So go ahead and boycott them so their under 200 employees have to find some other way to earn a living.
Yah, no fun to loose a living. 
In a stroke of 2 mis-steps, the FDTI has managed to change the perception of their company completely, and damaged their brand totally.  My past FDTI deployments have become ticking time bombs to me.  Can they survive the next FDTI update? and what new compatibles are FDTI going to find? and what new intrusive measures are they going to introduce?  I paid good money for FDTI cables but I can never be sure what did I get.  If I got unlucky and got hit, and my client knew they were "not genuine", then my brand and reputation shall go down the drain with the FDTI.
BTW in some installations, having the latest updates is a regulatory requirement here.
Title: Re: FTDIgate 2.0?
Post by: StuUK on February 03, 2016, 02:23:59 pm
BTW: if the employees at FTDI work for more hours than they get paid for they are utterly stupid.
Calling employees stupid because they work long hours is totally disingenuous, they likely work long hours either because 1) They care about what they do or 2) because they have little choice or 3) a combination of both 1 and 2. The idea they do it because they are stupid is highly unlikely!
I strongly prefer people who care about what they do but they should do it so they ultimately get something in return! When working over hours for your employer you should get paid or gain useful experience. Otherwise you are just working so your manager (or his/her bosses) get a bigger bonus. If you are a good engineer you can always get another job.

That's as maybe but equally prevailing localised market conditions will determine people's options on alternative employers irrespective of whether they are the greatest or not. Can't imagine there are that many alternative opportunities in Glasgow in that particular field....
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 03, 2016, 02:44:43 pm
BTW, regarding the quality of their IP: I just tested the SPI mode of the FT2232H with their sample application for the D2XX driver and the SPI_ReadWrite function (with SPI_TRANSFER_OPTIONS_CHIPSELECT_ENABLE and SPI_TRANSFER_OPTIONS_CHIPSELECT_DISABLE, the only modification I made is to transfer 2 bytes). This is how it looks like:
(http://i.imgur.com/RKscFVP.png)
:palm:
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 03, 2016, 03:05:01 pm
(...)  taking the end customer hostage might be not the best idea. It backfires and could hurt FTDI more than the clones.

Proof of that is several pages of this topic and all the other topics where we bash FTDI. Nobody is bashing Prolific, and they too have had their PL2303 counterfeited and have placed measures to prevent fakes from working with their drivers.

What I don't get is why people are so dead set on using the FT232 chips. The MCP2221 is less expensive, have a broad package options, does the same thing and still have the benefit of a couple GPIO and I2C.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 03, 2016, 03:36:50 pm
My past FDTI deployments have become ticking time bombs to me.  Can they survive the next FDTI update? and what new compatibles are FDTI going to find? and what new intrusive measures are they going to introduce?  I paid good money for FDTI cables but I can never be sure what did I get.  If I got unlucky and got hit, and my client knew they were "not genuine", then my brand and reputation shall go down the drain with the FDTI.

Don't you see?  If those devices used counterfeit chips, then they were ALREADY ticking time bombs.  You were screwed from the moment the distributor threw a reel of counterfeit chips in a box and slapped a label with your address on it (or your build house's address, or the build house who assembled the product you bought).  It doesn't matter what FTDI does or doesn't do, those devices are already ticking time bombs because they use POS counterfeit chips with unknown specs, zero R&D, and zero QC.

Why are you not as concerned with other counterfeit chips making their way into your product?  What about a counterfeit linear regulator with specs so far out of wack that the output ripple ends up destroying half the devices down the line?  Or shorts Vin to Vout as soon as the ambient temp passes 30 C, blowing up everything on the board?

Personally, I'd much rather the driver tell me what's wrong, than spend weeks/months hunting down an interface that randomly corrupts bytes or drops packets whenever the humidity is above 80% on a Thursday.

FTDI has to put something in their driver to stop communication and tell you what's wrong.  Not doing so would just be sweeping the problem under the rug, ruining their reputation, manufacturers' reputations, and allowing the problem to get even worse.

Now WHAT they do is certainly up for debate.  For ME and MY APPLICATIONS, it makes absolutely no difference if they simply won't talk to the chip, brick the chip, or change the output of the chip to read "NOT GENUINE".  No matter what they choose, the device is going back to the manufacturer (or if this is my device, it's going back to the build house, or if I built it myself, I'm getting on the phone immediately with Digikey/Mouser).  It really doesn't make a difference.
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 03, 2016, 03:52:11 pm
My past FDTI deployments have become ticking time bombs to me.  Can they survive the next FDTI update? and what new compatibles are FDTI going to find? and what new intrusive measures are they going to introduce?  I paid good money for FDTI cables but I can never be sure what did I get.  If I got unlucky and got hit, and my client knew they were "not genuine", then my brand and reputation shall go down the drain with the FDTI.

Don't you see?  If those devices used counterfeit chips, then they were ALREADY ticking time bombs.  You were screwed from the moment the distributor threw a reel of counterfeit chips in a box and slapped a label with your address on it (or your build house's address, or the build house who assembled the product you bought).  It doesn't matter what FTDI does or doesn't do, those devices are already ticking time bombs because they use POS counterfeit chips with unknown specs, zero R&D, and zero QC.

Why are you not as concerned with other counterfeit chips making their way into your product?  What about a counterfeit linear regulator with specs so far out of wack that the output ripple ends up destroying half the devices down the line?  Or shorts Vin to Vout as soon as the ambient temp passes 30 C, blowing up everything on the board?

Personally, I'd much rather the driver tell me what's wrong, than spend weeks/months hunting down an interface that randomly corrupts bytes or drops packets whenever the humidity is above 80% on a Thursday.

FTDI has to put something in their driver to stop communication and tell you what's wrong.  Not doing so would just be sweeping the problem under the rug, ruining their reputation, manufacturers' reputations, and allowing the problem to get even worse.

Now WHAT they do is certainly up for debate.  For ME and MY APPLICATIONS, it makes absolutely no difference if they simply won't talk to the chip, brick the chip, or change the output of the chip to read "NOT GENUINE".  No matter what they choose, the device is going back to the manufacturer (or if this is my device, it's going back to the build house, or if I built it myself, I'm getting on the phone immediately with Digikey/Mouser).  It really doesn't make a difference.
I am not going to feed you.  If you are serious then what I can say is please get some real exposure from the industries. 
Title: Re: FTDIgate 2.0?
Post by: MT on February 03, 2016, 04:16:43 pm
I haven't seen anyone suggest a viable alternative to fight clones.

"NON GENUINE FTDI DEVICE FOUND!" PC will self destruct in 50..49..48...47..etc countdown seconds!
Title: Re: FTDIgate 2.0?
Post by: MT on February 03, 2016, 04:20:13 pm
BTW, regarding the quality of their IP: I just tested the SPI mode of the FT2232H with their sample application for the D2XX driver and the SPI_ReadWrite function (with SPI_TRANSFER_OPTIONS_CHIPSELECT_ENABLE and SPI_TRANSFER_OPTIONS_CHIPSELECT_DISABLE, the only modification I made is to transfer 2 bytes). This is how it looks like:
(http://i.imgur.com/RKscFVP.png)
:palm:

"GENUINE FTDI DEVICE FOUND" CONGRATS" PC will self destruct in 50..49..48..47 etc countdown seconds!
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 04:59:29 pm
Why in the world do people use Windows in the first place?

Because it works? Because I've had fewer blue screens in the last few years than I've had kernel panics on Linux? Because a lot of good software (like Photoshop) only runs on Windows and I won't accept poor substitutes (like the Gimp)?
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 03, 2016, 05:10:29 pm
I haven't seen anyone suggest a viable alternative to fight clones.

How about not using FTDI chips in the first place? It's not like we don't have alternatives. I can list at least 5 alternatives.

Now, what would really do an impact on this problem is if China had rigid regulations and control mechanisms on counterfeiting, but then half of their economy would collapse. The Chinese government simply doesn't care about it, don't see it as a problem and I sometimes think they even enforce the practice.

I wonder - and this is an honest doubt - if FTDI can have external markings on their chips that make it harder to counterfeit or make it really obvious it is a counterfeit. Some IRF FETs are often counterfeited as well, but the fake ones are easy to spot.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 05:25:08 pm
I haven't seen anyone suggest a viable alternative to fight clones.

How about not using FTDI chips in the first place? It's not like we don't have alternatives. I can list at least 5 alternatives.

So because a part is cloned we shouldn't use it? Brilliant logic.  |O
Title: Re: FTDIgate 2.0?
Post by: os40la on February 03, 2016, 05:49:55 pm
Because it works? Because I've had fewer blue screens in the last few years than I've had kernel panics on Linux? Because a lot of good software (like Photoshop) only runs on Windows and I won't accept poor substitutes (like the Gimp)?

FYI. Photoshop runs on Unix too.  ;D.  I do agree about Windows being a valid and good OS to use. I use it on my MAC to run CAD. I run whatever OS is needed for my tool. I don't pick my tool to fit my OS. I pick my OS to fit my tool.  If 'you' follow this rule then 'you' will have a much better experience running the tools to get the job done.   :-+
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 03, 2016, 08:00:01 pm
So because a part is cloned we shouldn't use it? Brilliant logic.  |O
No. The point is : Because FTDI is a malware company, and you are at risk if you use them to be fucked and having to recall and replace thousands of products, just use an equivalent chip from a serious company that will not punish and burn you.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 03, 2016, 08:13:17 pm
So because a part is cloned we shouldn't use it? Brilliant logic.  |O
No. The point is : Because FTDI is a malware company, and you are at risk if you use them to be fucked and having to recall and replace thousands of products, just use an equivalent chip from a serious company that will not punish and burn you.
I more or less agree. My biggest worry with using FTDI chips is that I can never be 100% sure real chips end up in my products and I cannot be sure that the current driver and future drivers won't produce a false positive every now and then. I want my products to work and keep working! FTDI and/or my supplier messing up means I have to do a lot of extra work and my reputation for delivering good products becomes damaged. The only way I can make 100% sure I will never get burned by FTDI issues in any form is to use a chip which isn't cloned. Part of running a business is about reducing risks.
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 03, 2016, 08:15:55 pm
Quote
taking the end customer hostage

If the "end customer" bought a fake, s/he probably doesn't qualify as an "end customer" for FTDI: after all, there hasn't any report of FTDI driver not working with real FTDI chips.

Tough to fault FTDI not caring about their non-customers.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 03, 2016, 08:40:50 pm
If the "end customer" bought a fake, s/he probably doesn't qualify as an "end customer" for FTDI
The end customer did not buy a fake. The end customer bought a product which was delivered with an adapter that was bought from a retailer which bought it from a manufacturer which let the PCB be assembled by an assembler which purchased chips sold as "FT232" from a reseller which got a roll of fake chips.
In real life, add at least 3 level on that supply chain....
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 03, 2016, 08:50:51 pm
Quote
The end customer did not buy a fake. The end customer bought ... fake chips.

So the end customer bought a fake, may not knowingly, but a fake nonetheless.

It is like your employer hired a fake "f4eru" based on a resume and promise of performance. After finding out that the fake "f4eru" did not quite perform, the employer went to you and demanded that you come to do the job he had paid the fake "f4eru" to perform.

Per your own argument, you would think the employer is justified, :)
Title: Re: FTDIgate 2.0?
Post by: madires on February 03, 2016, 08:53:06 pm
Quote
taking the end customer hostage

If the "end customer" bought a fake, s/he probably doesn't qualify as an "end customer" for FTDI: after all, there hasn't any report of FTDI driver not working with real FTDI chips.

Tough to fault FTDI not caring about their non-customers.

<end customer mode>
I don't know anything about usb serial converters or FTDI. But when my computer doesn't talk to my iGadget and a quick search shows something like "FTDI driver problem ... fake chips", I could blame the manufacturer for using fake chips or blame FTDI for breaking my iGadget, since I don't know nothing about fake chips or care about that. Why do they put a driver into Windows that breaks my iGadget? It worked all the time until now. So, who's the culprit? It's FTDI.
</end customer mode>
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 03, 2016, 09:04:00 pm
Quote
I don't know anything ... So, who's the culprit?

You answered your own question perfectly, without even trying.

good job, :)
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 03, 2016, 09:05:56 pm
Quote
taking the end customer hostage

If the "end customer" bought a fake, s/he probably doesn't qualify as an "end customer" for FTDI: after all, there hasn't any report of FTDI driver not working with real FTDI chips.

Tough to fault FTDI not caring about their non-customers.

Well, the customer might not see it that way: how many end customers willingly bought fake FTDI chips? I, for one, am not one of them, and I did fall vicitim of FTDI because of a fake FT232RL. In my case, the chip has both VID and PID set to 0x0000, so it's permanently bricked. Until then, as far as I knew, I was an end customer customer of FTDI. I agree that FTDI didn't have to see it that way, but bricking my chip was a really bad move, and a shot at the only innocent party in this whole ordeal.

It's easy to fault FTDI on their business model:
- out of all of the USB-to-UART chips out there, the FT232RL is one of the most expensive (if not THE most expensive). If they made it cheaper, not only it would sell a lot more, but they might even take some space from the fakes.
- they attacked the customer who, most of the time, was unaware that their chip was a fake, and damaged their products

Title: Re: FTDIgate 2.0?
Post by: dannyf on February 03, 2016, 09:13:15 pm
Quote
Well, the customer might not see it that way:

The customer can see it whatever way it wishes to see. Whether there is a valid basis for his perspective remains to be seen.

Quote
I did fall vicitim of FTDI because of a fake FT232RL.

The only way you could fall victim of FTDI if they sold you the fake FT232RL chip. Otherwise, you fell victim of your own and/or the person who sold you the fake chip.

Quote
bricking my chip was a really bad move,

I am sure FTDI has a different perspective: they wrote a set of procedure that works flawlessly on the genuine chip. You happen to plug your fake chip there and ...

Quote
It's easy to fault FTDI on their business model:
- out of all of the USB-to-UART chips out there, the FT232RL is one of the most expensive (if not THE most expensive).

So their crime is they sold their products on a free market to the highest bidder.

By that logic, could someone blame you for wanting to get paid the most for your services on the labor market? The losers whom you rejected for higher pays somewhere else get the right to sue you?
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 09:20:54 pm
So because a part is cloned we shouldn't use it? Brilliant logic.  |O
No. The point is : Because FTDI is a malware company, and you are at risk if you use them to be fucked and having to recall and replace thousands of products, just use an equivalent chip from a serious company that will not punish and burn you.

If I use FTDI how will I be fucked? Does the FTDI driver do bad things with genuine FTDI chips? I have never heard of any evidence that this occurs, so once again, tell me exactly how I'll be fucked if I use genuine FTDI chips in a product...
Title: Re: FTDIgate 2.0?
Post by: os40la on February 03, 2016, 09:32:54 pm
 :popcorn:
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 03, 2016, 09:57:48 pm
It's entertaining to watch the FTDI apologists twist and turn to justify FTDI's tactics. 

The bottom line remains the same: People who unknowingly bought products with fake FTDI chips are being harmed and FTDI's actions are alienating their own customers. 

They are being outdone by other companies with competing products and their actions regarding clones, whether justified or not, are only exacerbating migration of their customers to those alternatives as well as generating a feeling of ill will towards the FTDI brand.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 03, 2016, 10:00:36 pm
BTW, regarding the quality of their IP: I just tested the SPI mode of the FT2232H with their sample application for the D2XX driver and the SPI_ReadWrite function (with SPI_TRANSFER_OPTIONS_CHIPSELECT_ENABLE and SPI_TRANSFER_OPTIONS_CHIPSELECT_DISABLE, the only modification I made is to transfer 2 bytes). This is how it looks like:
(http://i.imgur.com/RKscFVP.png)
:palm:

"GENUINE FTDI DEVICE FOUND" CONGRATS" PC will self destruct in 50..49..48..47 etc countdown seconds!
Yeah, it's hilarious. For the record: it is already broken in the original code without my modifications (but some chips might work with such a CS strobe signal). Even if I uncomment the define "DEVELOPMENT_FIXED_CS" in fdti_spi.c. Apperently "development" didn't fix it, and the workaround doesn't work either :-DD Now trying bitbang mode.
Title: Re: FTDIgate 2.0?
Post by: uno on February 03, 2016, 10:10:39 pm
I've designed and built product using FTDI chips.  Real ones, that were bought from a reputable distributor.

I've known since the specification phase that the windows drivers were licensed only to be used with genuine parts.

I make my living designing and building things, and I totally sympathize with FTDI, and I support what they did.

The drivers for FTDI chips are FTDI's property.  Pretty much standard license terms.  Every time a clone chip uses FTDI's driver, FTDI loses money.  To a product manufacturer, this is an untenable position.

The change that FTDI made to their driver causes the driver to not work properly with cloned chips.  It is not "bricking" the chips, the learned from their 2014 mistake.  The driver just won't work right with them, it injects some text into the serial data stream, and the text describes the problem.  Short of doing nothing, that is the only way they can notify the user that the device is counterfeit.  It's not possible to pop up a message box from inside a device driver.  It may be possible to make some text appear in the device driver's properties box and FTDI might have done this, but somebody would have to look for it.

I have a ton of USB to serial converters around here, and I standardized FTDI after too much trouble with Prolific.  There's a non-zero chance I have one with a fake chip in it, and if that is the case, I'm gonna take my lumps and send hate mail to the vendor, if they are still in business.

Maybe the counterfeiters can write their own driver.  Somehow I doubt that.  When you steal IP, you will probably lose.  When you buy product with stolen IP in it (even if you did not know) it is analogous to receiving stolen property, and you lose.

Uno
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 10:15:00 pm
It's entertaining to watch the FTDI apologists twist and turn to justify FTDI's tactics. 

The bottom line remains the same: People who unknowingly bought products with fake FTDI chips are being harmed and FTDI's actions are alienating their own customers. 

They are being outdone by other companies with competing products and their actions regarding clones, whether justified or not, are only exacerbating migration of their customers to those alternatives as well as generating a feeling of ill will towards the FTDI brand.

Not really, they are being harmed by whoever sold them the product. Otherwise we all should get Walmart Quality for everything we purchase no matter if you buy at Neiman Marcus you still get the fake stuff.

So take it back to the store and force the manufacturers to check their supplies. Letting fakes taint the distribution chains doesn't help anyone other than the counterfeiters.

Again No one responded yet about purchasing the fake Art Of Electronics 3rd edition or forcing the authors to bring the price down to the same cost as the counterfeiters.

Hey Walmart is good at that, making local companies compete to cheap import prices but with local quality and bringing full companies down because if the company doesn't agree then they can't sell there, if they do, they probably do it at a loss but is better than loosing it all.
 :palm:
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 03, 2016, 10:29:26 pm

Again No one responded yet about purchasing the fake Art Of Electronics 3rd edition or forcing the authors to bring the price down to the same cost as the counterfeiters.


That is entirely different.

If Horowitz and Hill were breaking into peoples homes and burning or defacing the copies people had unknowingly bought - then that might be analogous.

No one here has been defending the cloners. The issue is the way FTDI is responding.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 03, 2016, 10:33:21 pm
More food for thought:
What FDTI is doing is basically being a vigilante. Now imagine the grocery store around the corner gets robbed while your wife and children are shopping. Instead of just handing over the money to the robber, hand over the camera footage to the police and collect the insurance money later on the store owner decides to try to shoot the robber but kills your wife and children instead. How would everyone feel about that? I can't imagine a sane person being satisfied by that outcome! My point is: there is a legal system in place for a good reason and that is catching the real bad guys and to prevent collateral damage!
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 03, 2016, 10:39:54 pm
Oh c'mon.  Lighting counterfeits on fire?  Shooting your wife and children?

There's a bit of a disconnect between that and sending out a message that says "non genuine device found"...

Does anybody here have an actual, real, USB->UART equipped device, in your possession, that would explode, go on a killing rampage, or otherwise be permanently destroyed if you were to plug it into your computer, open up hyper terminal, and type "NON GENUINE DEVICE FOUND" with your keyboard?  I HIGHLY HIGHLY doubt it.
Title: Re: FTDIgate 2.0?
Post by: donotdespisethesnake on February 03, 2016, 10:42:20 pm
Finally, FTDI having clone trouble is inevitable. Their chips are too expensive, and they are using the same design for years. Microchip, WCH and Silabs all have perfect substitutes for 1/4 of its price, probably even cheaper than clone FTDIs.

I don't see that - Digikey prices, $, 1000q

MCP2221   1.62
CP2104      1.25
FT230XQ    1.48

I didn't look for equivalent packages, but they are pretty much in the same ballpark.
Title: Re: FTDIgate 2.0?
Post by: Monkeh on February 03, 2016, 10:44:37 pm
Finally, FTDI having clone trouble is inevitable. Their chips are too expensive, and they are using the same design for years. Microchip, WCH and Silabs all have perfect substitutes for 1/4 of its price, probably even cheaper than clone FTDIs.

I don't see that - Digikey prices, $, 1000q

MCP2221   1.62
CP2104      1.25
FT230XQ    1.48

I didn't look for equivalent packages, but they are pretty much in the same ballpark.

People in this thread are conveniently ignoring the modern, lower cost FTDI solutions, because it doesn't fit the bashing.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 03, 2016, 10:48:59 pm
I am not going to feed you.  If you are serious then what I can say is please get some real exposure from the industries.

I take it you disagree with something I said.  Care to elaborate, or would you like to continue implying anybody who doesn't agree with you is an idiot who can safely be ignored, all while providing absolutely nothing to back up that view?
Title: Re: FTDIgate 2.0?
Post by: ve7xen on February 03, 2016, 10:49:07 pm
I find it hilarious how strongly the FTDI apologists think their IP protection should be. Even with western-style IP overreach, the only IP violation of the counterfeits is their outer markings. If they were unmarked, or marked with the manufacturer's markings, they would be totally legal. Reverse engineering and cloning is even encouraged and explicitly allowed for in the functional IP protection that exists. The PC BIOS being cloned in a very similar manner is often touted as the reason for the commodification of PCs. Nobody is claiming the masks were stolen (or the counterfeits would any test...).

Thanks to Windows Update they don't even need to distribute the driver with the device, which means they don't have to violate FTDI's copyright on the driver, it will just load itself anyway.

Using FTDI's VID/PID is perhaps questionable, but so far I don't think IP protection has extended to magic 16-bit numbers.

Their driver can do whatever it wants short of causing permanent damage as they did before, but they are deluded if they think it will do any good whatsoever. The cheap products will do a better job of cloning or move to a different, cheaper chip, and I guarantee they will lose some design wins as a result of engineers avoiding their antics. Getting into an arms race with cloners of what is almost a commodity item at this point is insane. They will lose, and waste lots of money and customer good will doing so.
Title: Re: FTDIgate 2.0?
Post by: Monkeh on February 03, 2016, 10:53:52 pm
Finally, FTDI having clone trouble is inevitable. Their chips are too expensive, and they are using the same design for years. Microchip, WCH and Silabs all have perfect substitutes for 1/4 of its price, probably even cheaper than clone FTDIs.

I don't see that - Digikey prices, $, 1000q

MCP2221   1.62
CP2104      1.25
FT230XQ    1.48

I didn't look for equivalent packages, but they are pretty much in the same ballpark.

I was talking about the old, clumsy FT232RL.

Which is only ever used in recent years because of counterfeits being cheap.

That and Arduino users not knowing how to do anything but copy and paste.
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 03, 2016, 10:58:18 pm
Almost at zero cost, the FUD strategy (fear, uncertainty and doubt) is used on competitor product in keeping and in gaining customers, and in charging a premium.

You can test all you want at the point of purchase of your FDTI, but you never know what FDTI you really get, they may or may not work weeks, months, or years down the road.   FDTI is one of the rare companies that did, and is continuing doing FUD to their own brand.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 11:10:20 pm
The bottom line remains the same: People who unknowingly bought products with fake FTDI chips are being harmed and FTDI's actions are alienating their own customers. 

They're being harmed all right--by the counterfeit chip makers and the people who have lost control of their supply chain--not FTDI. While I'm sorry these people ended up with unusable products, the blame lies with whoever they bought it from (or upstream from there).

When the U.S. Secret Service confiscates counterfeit currency, even if you received it unknowingly, they are NOT going to replace the bogus currency they seize with genuine dollars. They're effectively denying you the use of that money. Same with FTDI--they're denying your use of their drivers with your counterfeit product, even though you may not have knowingly bought it with bogus parts (although I'm sure that a lot of people would buy such an item even knowing that it had counterfeit parts if it's cheaper than the same thing with legitimate chips).
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 03, 2016, 11:18:09 pm

When the U.S. Secret Service confiscates counterfeit currency, even if you received it unknowingly, they are NOT going to replace the bogus currency they seize with genuine dollars.

And if counterfeiting was a widespread problem (it's not) and the government suddenly had a widespread policy of seizing and not replacing a large number of average peoples cash that would be similarly wrongheaded and self-destructive.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 11:30:02 pm
That's fine. But dumping trash data or frying chips are not fine.

And making counterfeit chips or otherwise ripping off FTDI's IP is fine? Maybe in China, but not where I'm from.

Sure, FTDI took the nuclear option here, but I think they're completely justified in doing so.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 11:32:27 pm
And if counterfeiting was a widespread problem (it's not) and the government suddenly had a widespread policy of seizing and not replacing a large number of average peoples cash that would be similarly wrongheaded and self-destructive.

They already do it: https://en.wikipedia.org/wiki/Civil_forfeiture_in_the_United_States (https://en.wikipedia.org/wiki/Civil_forfeiture_in_the_United_States)
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 03, 2016, 11:32:38 pm
And if counterfeiting was a widespread problem...

Do you have any reason to believe this FTDI counterfeit problem is any more widespread (outside of the cheap clone devices on eBay/Ali)?  Has anybody here purchased any FTDI device from a legitimate distributor in the last, say, 6 months and received a fake?  I've purchased hundreds over the last 2-3 years, and have never seen one (at least none has ever been detected as such by their driver).
Title: Re: FTDIgate 2.0?
Post by: timb on February 03, 2016, 11:35:36 pm

The bottom line remains the same: People who unknowingly bought products with fake FTDI chips are being harmed and FTDI's actions are alienating their own customers. 

They're being harmed all right--by the counterfeit chip makers and the people who have lost control of their supply chain--not FTDI. While I'm sorry these people ended up with unusable products, the blame lies with whoever they bought it from (or upstream from there).

When the U.S. Secret Service confiscates counterfeit currency, even if you received it unknowingly, they are NOT going to replace the bogus currency they seize with genuine dollars. They're effectively denying you the use of that money. Same with FTDI--they're denying your use of their drivers with your counterfeit product, even though you may not have knowingly bought it with bogus parts (although I'm sure that a lot of people would buy such an item even knowing that it had counterfeit parts if it's cheaper than the same thing with legitimate chips).

That's fine. But dumping trash data or frying chips are not fine.

This. Refuse to load the driver and print a message to the system log, but don't spew trash data out and don't brick the chips. This isn't hard to understand...

Since you guys love extreme analogies so much, here's one for you:

FTDI just keeps digging the hole deeper and deeper; their disgruntled customers are pissing in the hole; all while the counterfeiters shit in it. Eventually they're going to drown in a hole full of piss and shit. 
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 11:36:17 pm
Cloning die is a big no go. Cloning protocol, as long as it was not patented, is fine at least in China. But you CAN NOT put FTDI logo on the chip, of course.

In this particular case these bogus chips must have had the FTDI logo on them because everyone's saying that even legitimate distributors haven't been able to tell the good chips from the bad.
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 03, 2016, 11:37:02 pm
Quote
the government suddenly had a widespread policy of seizing and not replacing a large number of average peoples cash that would be similarly wrongheaded and self-destructive.

So, France and Italy are suddenly no longer the utopia you had wanted for you and your family?

Welcome to reality.

:)
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 03, 2016, 11:43:56 pm
This. Refuse to load the driver and print a message to the system log, but don't spew trash data out and don't brick the chips. This isn't hard to understand...

What isn't too hard to understand is that we've become an entitlement society where nothing is our fault or our problem and that someone else should foot the bill for these screw ups. The marketplace is rife with this. The only reason counterfeit Rolex watches, Gucci handbags, Prada shoes, and cable TV pirate boxes exist is because there's a ready market for them (and don't try to tell me that anyone who's offered a "Rolex" for $50 has the slightest inkling that it's genuine).
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 03, 2016, 11:51:38 pm

Again No one responded yet about purchasing the fake Art Of Electronics 3rd edition or forcing the authors to bring the price down to the same cost as the counterfeiters.


That is entirely different.

If Horowitz and Hill were breaking into peoples homes and burning or defacing the copies people had unknowingly bought - then that might be analogous.

No one here has been defending the cloners. The issue is the way FTDI is responding.

Not different, consumers don't know they are buying a fake, and hurts the reputation of the authors when it's not the real thing. The only difference is that they can't do much about it other than to spread the word like they did by sending Dave the counterfeit book.

On FTDI,
The driver just refuses to talk to the device and informs you that the device is a counterfeit. What more do you want? That's far from breaking some equipment.

The only thing I hear is speculation that it might. But since it hasn't happen for the last 7 months to this date, I guess it's just that, speculation.

Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 12:01:01 am
Ok, sat by the sidelines and watched long enough, had to register to make a comment.

I don’t think many of the engineers attacking here have every worked in marketing to understand the real issue here. Instead of discussing what FTDI could have done, let’s discuss what the cloners could have done.

As many have pointed out, the clone chips are a whole different architecture, they are not copying FTDI silicon IP. They could have been really lazy, squatted a random VID/PID and just copied FTDI’s drivers, modified the VID/PID to match and released a true competitor to FTDI without relying on FTDI drivers. But they didn’t do that.

Why? Because they don’t want to be competitors to FTDI, they want you to think they ARE FTDI.

Because they don’t see profit in being a competitor to FTDI, as no one ordering large quantities is going to randomly buy a no-name competitor that has no brick-and-mortar support chain in place like FTDI. They want you to think you are paying the big bucks for a trusted name, trusted reliability and trusted support chain for a product that has none of the above.

To anyone working marketing for FTDI, this has been war for years, they have been under major assault.

To give an example of how important brand integrity is, let me tell you about my relative. He took a job for a while as a big brand repair tech. Let’s say Samsung. During his training they had to take apart brand new $2000 LCD TV sets to the motherboard and put them back together. They were judged on how well the TVs functioned after this process. Then, all the TVs were thrown out. Even if they worked. All 20 techs in the class, in a class repeated every month, TVs were thrown out. And a guard was stationed 24/7 at the garbage can so no employees would take a TV home. And companies do this for all their electronics used for training! Think of all that e-waste.

Because Samsung would rather eat the cost of these TVs, then risk a single one ending up on craigslist, sold and then failing after a month since QC is useless once the TV was taken apart. That could be one customer that would swear never to buy Samsung again, and the brand is tarnished.

That is how marketing people consider the importance of brand recognition.


I know of, through direct interaction, 2 large tech companies that use FTDI in their products today. In a 5 figures of quantity scale. They use them because of their history and brand trust. Their chips have worked well for years, and they have engineers on call that have worked with us during development issues. I  polled the tech labs of both companies after the last FTDIgate and none of the veteran engineers batted an eye, and they still use FTDI, because it’s FTDI. It works, well, and has for years. We pay to get them from US distributors and have never had a product stop working due to a fake chip.


This. Refuse to load the driver and print a message to the system log, but don't spew trash data out and don't brick the chips. This isn't hard to understand...

Really? Let's think through this...

Have you ever installed an updated driver to find the hardware stop working? What’s the first thing you do? Do you rip open your computer or device and check all chips for authenticity? What many people do, is roll-back to the last known working driver, curse the company for making a bad new driver, and never update the driver again. That does nothing to alert anyone to a bad supply chain. And it does everything to make you think FTDI is horrible at releasing working drivers.

Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 04, 2016, 12:01:47 am
And if counterfeiting was a widespread problem (it's not) and the government suddenly had a widespread policy of seizing and not replacing a large number of average peoples cash that would be similarly wrongheaded and self-destructive.

They already do it: https://en.wikipedia.org/wiki/Civil_forfeiture_in_the_United_States (https://en.wikipedia.org/wiki/Civil_forfeiture_in_the_United_States)

You've missed the point.

What if tomorrow the government announced that they had determined that there was in circulation a large number of counterfeit $20 bills - say encompassing 10% of bills in circulation - that were not easy for the average person to detect.  If they then stationed secret service agents in front of every grocery store in the country who then proceeded to, without permission, go through each person's wallet and remove the counterfeit bills, would you support that? How do you think the public would respond?

The government would never be so stupid to do this. Instead of focusing on the average end user of currency - they appropriately put a lot of effort into making it difficult to counterfeit and then directly target the counterfeiters in their enforcement.

The currency analogy is better than others but still imperfect. Why?  Because, unlike currency, FTDI could choose another way to to target the end user as others have pointed out. Simply - make the driver non functional with fake chips.  Bricking chips and generating erroneous output is not ok and will only contribute to their ongoing fall.
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 04, 2016, 12:07:51 am
This. Refuse to load the driver and print a message to the system log, but don't spew trash data out and don't brick the chips. This isn't hard to understand...

I am not sure "refuse to load" and 'refuse to work" is an acceptable solution.  It is too late to do this kind of fixes.  Prolific did that when they were relatively new and acted very fast.  Frankly it is too late for FDTI having a much larger installed base and acted so late.   For future-FDTI that still has a brand to protect.  They have to do a manual scheme (forget about potecting their driver, protect the "brand").  There need to have somekind of codes from the big boxes, to the individual trays and eventually down to the final dongle that their customers can check online to verify.  And they can keep track and display the number of time, location of all the previous verifications.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 12:11:25 am
And if counterfeiting was a widespread problem (it's not) and the government suddenly had a widespread policy of seizing and not replacing a large number of average peoples cash that would be similarly wrongheaded and self-destructive.

They already do it: https://en.wikipedia.org/wiki/Civil_forfeiture_in_the_United_States (https://en.wikipedia.org/wiki/Civil_forfeiture_in_the_United_States)

You've missed the point.

What if tomorrow the government announced that they had determined that there was in circulation a large number of counterfeit $20 bills - say encompassing 10% of bills in circulation - that were not easy for the average person to detect.  If they then stationed secret service agents in front of every grocery store in the country who then proceeded to, without permission, go through each person's wallet and remove the counterfeit bills, would you support that? How do you think the public would respond?

The government would never be so stupid to do this. Instead of focusing on the average end user of currency - they appropriately put a lot of effort into making it difficult to counterfeit and then directly target the counterfeiters in their enforcement.

The currency analogy is better than others but still imperfect. Why?  Because, unlike currency, FTDI could choose another way to to target the end user as others have pointed out. Simply - make the driver non functional with fake chips.  Bricking chips and generating erroneous output is not ok and will only contribute to their ongoing fall.

Your argument is based on the scale of the problem, which as far as I know we don't have and accurate idea of the number of counterfeit vs real FTDI chips is production products, so your whole argument is based on assumptions.

My wife was a bartender in college. She's been paid and tipped with fake $50 and $100 bills all the time, and every time it came out of her take of the tips/salary. That's the rules to make employees do a better job at screening for fakes. And it happens to bar tenders across the country, as bad guys think darken bars is the best chance of getting away with it.

I like this fake currency analogy as it is spot on.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 04, 2016, 12:28:52 am
The analogy is not spot on. Fake cash can be spotted/tested the moment you receive it. A device with a fake FTDI chip is impossible to spot. Every time I have to deal with a relatively large amount of cash I have it tested. Now show me a device which can test whether a device has a fake FTDI chip in it or not.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 12:36:58 am
The analogy is not spot on. Fake cash can be spotted/tested the moment you receive it. A device with a fake FTDI chip is impossible to spot. Every time I have to deal with a relatively large amount of cash I have it tested. Now show me a device which can test whether a device has a fake FTDI chip in it or not.

LOL! That's actually what this firmware does! Put FTDIs in a jig and attach them to a windows PC, it will now scream out at you that it's fake! Any suspect device with a FTDI chip in it will now self test with this driver.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 04, 2016, 12:40:40 am
The analogy is not spot on. Fake cash can be spotted/tested the moment you receive it. A device with a fake FTDI chip is impossible to spot. Every time I have to deal with a relatively large amount of cash I have it tested. Now show me a device which can test whether a device has a fake FTDI chip in it or not.
LOL! That's actually what this firmware does! Put FTDIs in a jig and attach them to a windows PC, it will now scream out at you that it's fake! Any suspect device with a FTDI chip in it will now self test with this driver.
Buzzzz wrong! You never know if your device has a better fake the driver cannot detect yet but the next driver will. Money has clearly defined markers which tell whether it is genuine or not so a test for real/fake money is well defined. Detecting fake FTDI chips on the other hand is a moving target. Today a device can pass the test, tomorrow it may not.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 12:47:45 am
The analogy is not spot on. Fake cash can be spotted/tested the moment you receive it. A device with a fake FTDI chip is impossible to spot. Every time I have to deal with a relatively large amount of cash I have it tested. Now show me a device which can test whether a device has a fake FTDI chip in it or not.
LOL! That's actually what this firmware does! Put FTDIs in a jig and attach them to a windows PC, it will now scream out at you that it's fake! Any suspect device with a FTDI chip in it will now self test with this driver.
Buzzzz wrong! You never know if your device has a better fake the driver cannot detect yet but the next driver will. Money has clearly defined markers which tell whether it is genuine or not so a test for real/fake money is well defined. Detecting fake FTDI chips on the other hand is a moving target. Today a device can pass the test, tomorrow it may not.

Wait a minute, you are arguing that fake money and fake FTDI are not equally because fake FTDIs are always getting better at being fakes and fake money is not? Really?

Advances and printers and scanners didn't make the federal exchange design new and tougher protections? SO i guess all currency started out with ink markers, holograms, interleaved strips, Micro-printing, etc all at once 100s of years ago and the counterfeit groups had a challenge to face that never changed. Huh. 
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 04, 2016, 12:54:49 am

Your argument is based on the scale of the problem, which as far as I know we don't have and accurate idea of the number of counterfeit vs real FTDI chips is production products, so your whole argument is based on assumptions.

No it is not. Change the number to 1% - it's the same - would you then support agents stopping everyone entering a grocery store and confiscating counterfeit currency?

Quote
My wife was a bartender in college. She's been paid and tipped with fake $50 and $100 bills all the time, and every time it came out of her take of the tips/salary.
   50-$100 tips! What kind of bartender was she? In any case - did it happen to her? was she ok with that?

Quote
That's the rules to make employees do a better job at screening for fakes. And it happens to bar tenders across the country, as bad guys think darken bars is the best chance of getting away with it.

This is were your example completely breaks down.  It's based on the fact that the bartender, waiter, cashier, etc can detect the fake bills before accepting them.  I was a waiter years ago and we were trained to examine large bills (generally not tips) and how to detect fakes - so were the cashiers . If the bills did not show any of the tell tale signs - we were not responsible.

Again - what if the counterfeit bills were impossible for the general public to detect (as is the case with the fake FTDI chips)?

No one buying a product has the ability to know it contains a FTDI clone before purchasing and even after it may be difficult or even impossible to determine if it is fake without running FTDIs destructive firmware.

What the FTDI apologists continue to ignore is the fact that consumers have no way of knowing the product has a fake FTDI chip in it beforehand and are being harmed by FTDIs tactics if it does. This is causing the people who make the choice of what chip to use in their product - choose other chips. FTDI claims to be targeting the cloners but continues to shoot themselves in the foot.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 01:13:58 am

No it is not. Change the number to 1% - it's the same - would you then support agents stopping everyone entering a grocery store and confiscating counterfeit currency?


Again do you have accurate #s of fake FTDIs to compare? I don't. And IF you willingly posse or use fake currency, you are breaking the law. Your example is actually more tame than reality. What's the difference between agents checking your purse, or you trying to spend the fake money, the cashier holding onto it when they see it's fake and calling the cops? That's what actually happens, as cashiers if you detect a fake you are told to hold onto it, report it to management so they can call the cops. You don't get it back. I was a cashier for Publix as a kid. That was the procedure.

Once identified you lose use of that counterfeit money. Just like here where you lose use of the fake FTDI, once identified. Socially it's always been accepted that the world works as receiver beware. Just because you got dupped into taking something fake, doesn't mean you have a legal or moral right to use it or pass it along. Wherever the fake is detected, it gets taken away.

Quote
   50-$100 tips! What kind of bartender was she? In any case - did it happen to her? was she ok with that?

PAID and tipped. Not just tipped. And no, of course not. But she didn't blame the system by which the bill was determined counterfeit, she blamed the person that gave it to her!

Quote

This is were your example completely breaks down.  It's based on the fact that the bartender, waiter, cashier, etc can detect the fake bills before accepting them.  I was a waiter years ago and we were trained to examine large bills (generally not tips) and how to detect fakes - so were the cashiers . If the bills did not show any of the tell tale signs - we were not responsible.

We have that now ! It's this firmware. You can build a jig and test all incomming stock. It will self test when you connect it to a Windows PC.

Quote
no way of knowing the product has a fake FTDI chip in it beforehand and are being harmed by FTDIs tactics if it does.

Funny, I assume for all fake ICs, not just FTDI, that we never have a good way to know if they are fake or not. Some bad FETs may overheat and catch fire. We still don't blame the fire for making the device inoperative. We blame the supply chain that gave us the fake
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 04, 2016, 01:29:47 am

Again do you have accurate #s of fake FTDIs to compare?
And again, that is irrelevant to the point.

And obviously if the number of fake chips was very, very small, FTDI would not attempt these shenanigans.

Quote
We have that now ! It's this firmware. You can build a jig and test all incomming stock. It will self test when you connect it to a Windows PC.
You've completely ignored my point: The one who is being punished, end user buying the product has no way of determining the authenticity before they buy it and also after they buy it (without a destructive firmware test).

There seems to be a real inability by some to acknowledge that the people most adversely affected by FTDI's actions are those who have no way to avoid the problem other than try to buy products that use chips from other manufacturers- that is assuming they are even sophisticated enough to know how to determine that.

Quote
Some bad FETs may overheat and catch fire. We still don't blame the fire for making the device inoperative. We blame the supply chain that gave us the fake
Strawman. No one would blame FTDI if fake chips were catching on fire.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 04, 2016, 01:35:03 am
...
What the FTDI apologists continue to ignore ...

That labeling of people that don't share your opinion cancels everything you are saying because you are not being objective.

Myself I find Cypress offerings better for my needs, that doesn't tarnish my objectivity of expressing my opinion against IP theft.

Buy go ahead and promote piracy all you want.

Let's be clear about what the driver does and doesn't, your PC sends characters and the driver echoes the "NON GENUINE DEVICE FOUND!" character by character as you try to communicate with the device.

Even if the device receives those strings it would be a pretty poorly designed protocol that blindly accepts anything without initialization and exchanging some initialization handshakes to make sure the device is communicating with the appropriate piece of software running on the PC, otherwise any other program can hijack the COM port and create havoc.

I think it's a valid implementation from FTDI part to protect their hard work.

Claiming that a lot of devices are affected by this? well then they should return them to whoever was careless enough to use fakes, and I don't buy it that they are victims, they are purchasing the cheapest offerings on purpose, so it's their fault for promoting unfair competition and theft.

What if you buy an expensive piece of kit, you check it and it has Rubycon caps on the power supply so you feel really good about it, but they happen to be fake and shortly after a year and your warranty expiring, they start leaking. Who are you going to blame?

The message that comes across from you, even if you have mentioned many times that you are against counterfeit products is that you are indeed blaming companies that are trying to do something about it.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 04, 2016, 01:59:19 am
I don't buy it that they are victims, they are purchasing the cheapest offerings on purpose, so it's their fault for promoting unfair competition and theft.

People who buy inexpensive things are "promoting unfair competition and theft"? What's your cutoff price where one transitions from promoting theft to being an honest buyer?
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 02:12:21 am

And obviously if the number of fake chips was very, very small, FTDI would not attempt these shenanigans.

There's only 0.01% counterfeit currency in circulation. Yet there what like 6 tiers of anti-counterfeit technology built into our bills now? At how much of an investment into the R&D to enable that technology? And every time a new detection method was developed to detect fake currency, all the people holding the now detectable fake currency suddenly loss the use of that money. Sounds awfully familiar.

Quote
You've completely ignored my point: The one who is being punished, end user buying the product has no way of determining the authenticity before they buy it and also after they buy it (without a destructive firmware test).


Because it's hard to detect fakes we shouldn't bother to do something about it? Should we apply that to all illegal activity? FTDI has literally given us tools to make it easier to test for fakes.

Quote

There seems to be a real inability by some to acknowledge that the people most adversely affected by FTDI's actions are those who have no way to avoid the problem other than try to buy products that use chips from other manufacturers- that is assuming they are even sophisticated enough to know how to determine that.

I have a way. Buy from real vendors. You pay more money for the insurance you are getting real products. Personally, 5 figures worth of units and no fakes. I have yet to see an example of Digikey selling counterfeit FTDIs. And if they did, I be dam sure they replace the fake stock at no cost.

Quote
Quote
Some bad FETs may overheat and catch fire. We still don't blame the fire for making the device inoperative. We blame the supply chain that gave us the fake
Strawman. No one would blame FTDI if fake chips were catching on fire.

And I don't blame them for a vendor selling me fake chips. They have no obligation to make non FTDI hardware work with FTDI drivers
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on February 04, 2016, 02:24:31 am
Morals aside, who here would design a product with a component (any component) known to be on the counterfeit market when alternatives (from alternate manufacturers or by way of a design change) exist?

I avoid components that have a known counterfeit on the market, it's beneficial to my customers.

Try talking this over with a customer, tell them you want the design that contains a part that is currently being counterfeit. They will say give me another option.

This is the reality of the market, I do feel sympathy and even understand where they are coming from but I will not risk a customers design because of the issue.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 02:30:23 am
Morals aside, who here would design a product with a component (any component) known to be on the counterfeit market when alternatives (from alternate manufacturers or by way of a design change) exist?

I avoid components that have a known counterfeit on the market, it's beneficial to my customers.

Try talking this over with a customer, tell them you want the design that contains a part that is currently being counterfeit. They will say give me another option.

This is the reality of the market, I do feel sympathy and even understand where they are coming from but I will not risk a customers design because of the issue.

That is a valid risk mitigation strategy, but comes with an associated design/redesign cost. Every time one of your components starts to be counterfeit, you have to do the R&D to identify and test a replacement.

 I choose to rely on the safety of my historically proven supply channels. (Digikey, for example) to make sure I never receive fakes. It's higher risk, by some small measure, but it's lower development costs, as I don't need to redesign my products just because a component starts to enter the black market.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 04, 2016, 02:33:25 am
I don't buy it that they are victims, they are purchasing the cheapest offerings on purpose, so it's their fault for promoting unfair competition and theft.

People who buy inexpensive things are "promoting unfair competition and theft"? What's your cutoff price where one transitions from promoting theft to being an honest buyer?

Easy, you contact FTDI sales and they should take care of you as far as the distribution and support goes.

Since people speculate I'm going to do the same.

What if some shady manufacturer started to sell uCurrents that look like the real thing but not really up to spec. What would Dave do when he is inundated with support calls and asking for refunds, as far as the consumer is concerned it's his product after all and he should offer support because they did buy it in good faith even if they though it was a bit odd that the price was just 10% of the original.

Or what if someone shadowed his content with his material on YouTube? Oh wait, that did happen.
I can think of a thousand ways to monetize other peoples videos under the fair use clause.

Same thing with Open Source Hardware, sure there will be pressure not to do it, but legally there is no recourse.

I wonder how much did FTDI saved just by not having to deal with customer support cases and engineering hours investigating those cases, when now they just can tell the manufacturer that they where very unfortunate to purchase fake chips and to contact their sales department so they can find a trusted distributor.

The thing is that the customer doesn't even know what FTDI is, so they will go to the manufacturer to straighten things out since they are after all the ones that sold the product and they should support it. I don't see why FTDI has to support non FTDI products that are eating in their profits.

Also are these clones 100% up to spec, as in do they have the same capabilities that that FT232 has according the datasheet?
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 04, 2016, 02:40:18 am
That labeling of people that don't share your opinion
it's a descriptive term. I'm open to suggestions for an equally concise term to refer to those who try and justify FTDI's actions
Quote
cancels everything you are saying because you are not being objective.
a convenient way to dodge the issues I raise.
Quote
Buy go ahead and promote piracy all you want.
Strawman. I've seen no one justifying piracy. The issue being discussed is what is the appropriate response to piracy? Who's  not being objective here?

Quote
The message that comes across from you, even if you have mentioned many times that you are against counterfeit products is that you are indeed blaming companies that are trying to do something about it.
No, what I am saying is that FTDI's tactics have been misguided and self destructive. I think what these responses by them show (including their response to Dave on Twitter) is that this area of their business is failing. The reason likely has little to do with the clones but instead is largely due to the availability of better alternatives as you yourself and others here have pointed out. If I was an investor in FTDI, I would take these episodes to be a sign to get out.
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on February 04, 2016, 02:42:41 am
Morals aside, who here would design a product with a component (any component) known to be on the counterfeit market when alternatives (from alternate manufacturers or by way of a design change) exist?

I avoid components that have a known counterfeit on the market, it's beneficial to my customers.

Try talking this over with a customer, tell them you want the design that contains a part that is currently being counterfeit. They will say give me another option.

This is the reality of the market, I do feel sympathy and even understand where they are coming from but I will not risk a customers design because of the issue.

That is a valid risk mitigation strategy, but comes with an associated design/redesign cost. Every time one of your components starts to be counterfeit, you have to do the R&D to identify and test a replacement.

 I choose to rely on the safety of my historically proven supply channels. (Digikey, for example) to make sure I never receive fakes. It's higher risk, by some small measure, but it's lower development costs, as I don't need to redesign my products just because a component starts to enter the black market.

- Minimizing fakes is just a matter of knowing and trusting your sources, not an issue for any normal design unless you spec out an out of production device. So no arguments on that one.
- Once designed there is no real issue. You don't pull a product unless you have actually installed a part that will or is causing issues.
- My original statements refer to original design or as part of an upgrade that is already taking place.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 02:56:30 am


- Minimizing fakes is just a matter of knowing and trusting your sources, not an issue for any normal design unless you spec out an out of production device. So no arguments on that one.
- Once designed there is no real issue. You don't pull a product unless you have actually installed a part that will or is causing issues.
- My original statements refer to original design or as part of an upgrade that is already taking place.

I guess I am misreading your original post, as I thought you were inferring to never design with FTDI again.

The companies I know of have existing products in the field with FTDI, and will continue to sell those products without changing them away from FTDI, and will also continue to use FTDI in new designs, as the IP of the company is already invested in FTDI, and designing, regression testing, and supporting mixed products with mixed drivers would cost more money.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 04, 2016, 03:03:20 am

There's only 0.01% counterfeit currency in circulation. Yet there what like 6 tiers of anti-counterfeit technology built into our bills now?
Exactly. The effort goes into making the technology harder to copy. i.e. Innovation. If FTDI can't innovate their way out of the clone problem by competing on price or features- too bad - they fail. Unfair? Perhaps but that is the way the market works.

Quote

Because it's hard to detect fakes we shouldn't bother to do something about it?
Another Strawman. No one said that. The question is how best to respond.

Quote

I have a way. Buy from real vendors. You pay more money for the insurance you are getting real products. Personally, 5 figures worth of units and no fakes. I have yet to see an example of Digikey selling counterfeit FTDIs. And if they did, I be dam sure they replace the fake stock at no cost.
And once again you fail to acknowledge that thei issue is that it's the end users being affected, not just those buying components for manufacturing.
Title: Re: FTDIgate 2.0?
Post by: zapta on February 04, 2016, 03:29:50 am
...
What the FTDI apologists continue to ignore ...

That labeling of people that don't share your opinion cancels everything you are saying because you are not being objective.

+1

No need to lower the debate with personal labels.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 04, 2016, 03:34:37 am
That labeling of people that don't share your opinion
it's a descriptive term. I'm open to suggestions for an equally concise term to refer to those who try and justify FTDI's actions
Huh, it's more than a descriptive term and obviously not taken at random, do not insult also my intelligence and comprehension of the human factor.
I mean, "Apologist" on your use it's a combination of defender and apologizing on someone else's behalf with a demeaning connotation touch to it.
Very carefully selected.

Quote
cancels everything you are saying because you are not being objective.
a convenient way to dodge the issues I raise.
Not at all, you said:
Quote
What the FTDI apologists continue to ignore is the fact that consumers have no way of knowing the product has a fake FTDI chip in it beforehand and are being harmed by FTDIs tactics if it does. This is causing the people who make the choice of what chip to use in their product - choose other chips. FTDI claims to be targeting the cloners but continues to shoot themselves in the foot.

And I did reply this as well which you have not included:
Quote
Let's be clear about what the driver does and doesn't, your PC sends characters and the driver echoes the "NON GENUINE DEVICE FOUND!" character by character as you try to communicate with the device.

Even if the device receives those strings it would be a pretty poorly designed protocol that blindly accepts anything without initialization and exchanging some initialization handshakes to make sure the device is communicating with the appropriate piece of software running on the PC, otherwise any other program can hijack the COM port and create havoc.

I think it's a valid implementation from FTDI part to protect their hard work.

Claiming that a lot of devices are affected by this? well then they should return them to whoever was careless enough to use fakes, and I don't buy it that they are victims, they are purchasing the cheapest offerings on purpose, so it's their fault for promoting unfair competition and theft.

What if you buy an expensive piece of kit, you check it and it has Rubycon caps on the power supply so you feel really good about it, but they happen to be fake and shortly after a year and your warranty expiring, they start leaking. Who are you going to blame?

Quote
Buy go ahead and promote piracy all you want.
Strawman. I've seen no one justifying piracy. The issue being discussed is what is the appropriate response to piracy? Who's  not being objective here?
Hmm Strawman... is that you Mojo? he used it a lot.
kidding aside, look at what you didn't quote me on, I did address that I think (In My Opinion, to be clear) that FTDI did the right thing and their response on their second approach is a good response to the issue at hand.

Clearly the consumer doesn't even know what FTDI is or means, maybe a flower delivery service, their device stops working they call the manufacturer since they are the ones that made the product.

Quote
The message that comes across from you, even if you have mentioned many times that you are against counterfeit products is that you are indeed blaming companies that are trying to do something about it.
No, what I am saying is that FTDI's tactics have been misguided and self destructive. I think what these responses by them show (including their response to Dave on Twitter) is that this area of their business is failing. The reason likely has little to do with the clones but instead is largely due to the availability of better alternatives as you yourself and others here have pointed out. If I was an investor in FTDI, I would take these episodes to be a sign to get out.

Yup, their first approach was harsh and they did deserve the heat.
This time around, I think they are on their right to not support non-FTDI components and associated support costs.

If some device stops working I contact the manufacturer I don't go to the chip and contact the chip maker.

Why should FTDI allow their driver talk to non FTDI chips? just because they did before? that's not reason enough (In my opinion again) if it's hurting their bottom line.

It's their property (the driver that is) so they are free to do what they want, will it end up hurting them or helping them, I'm pretty sure they are monitoring that. As for twitter etc, it's normal for a company not to stir things up, because the vocal minority will amplify their voice while the silent majority doesn't care at all.
Title: Re: FTDIgate 2.0?
Post by: amyk on February 04, 2016, 03:37:19 am
That's fine. But dumping trash data or frying chips are not fine.

And making counterfeit chips or otherwise ripping off FTDI's IP is fine? Maybe in China, but not where I'm from.

Sure, FTDI took the nuclear option here, but I think they're completely justified in doing so.

Cloning die is a big no go. Cloning protocol, as long as it was not patented, is fine at least in China. But you CAN NOT put FTDI logo on the chip, of course.
Actually...

https://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984

...copyright of the layout, i.e. the masks, only lasts for 10 years, at least in the US. I think the FT232s are more than 10 years old now... also, from the article:
Quote
The SCPA permits competitive emulation of a chip by means of reverse engineering.

More food for thought: the only difference between an illegal and legal clone is whether or not there is the FTDI logo on it, which is something the driver cannot determine at all. And if copying a much longer piece of code (https://en.wikipedia.org/wiki/Lexmark_International,_Inc._v._Static_Control_Components,_Inc.) that is required for interoperability is legal, a VID:PID pair is likely to be as well. Even if FTDI tried to twist it into some sort of trademark protection by e.g. making the chip respond with "this is a genuine FTDI device", that probably won't work either: https://en.wikipedia.org/wiki/Sega_v._Accolade
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 04, 2016, 03:48:47 am
that is required for interoperability is legal, a VID:PID pair is likely to be as well. Even if FTDI tried to twist it into some sort of trademark protection by e.g. making the chip respond with "this is a genuine FTDI device", that probably won't work either: https://en.wikipedia.org/wiki/Sega_v._Accolade

Though none of this says FTDI must be forced to write working drivers for devices it doesn't sell. I agree bricking devices might violate the spirit of these court cases, but refusing to work with non genuine hardware doesn't.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 04, 2016, 03:58:28 am

Huh, it's more than a descriptive term and obviously not taken at random, do not insult also my intelligence and comprehension of the human factor.
I mean, "Apologist" on your use it's a combination of defender and apologizing on someone else's behalf
Yes that is the definition.
Quote
with a demeaning connotation touch to it.
No, not part of the definition - that is your judgement of my use.

Again -I'm open to suggestions for a different term. It seems apt and descriptive since it means exactly what you say.  Of course there is a judgement by me associated with it in this case - that is a judgement that the defending and apologizing is unjustified.

It is not meant as a personal attack at all - in fact I have not used it directed at you or anyone specifically - just to concisely refer to those who are - well - apologizing for and defending FTDI's behavior.

To be honest - I have a lot of respect for you miguelvp based on your history of posting here you are knowledgeable and non ideological. If you have taken any of my arguments personally - I apologize.


Quote
I think it's a valid implementation from FTDI part to protect their hard work.
Valid? perhaps. My argument continues to be that it is misdirected and foolish.  That's all. It's not a personal attack on you or anyone else.

Quote
whoever was careless enough to use fakes, and I don't buy it that they are victims, they are purchasing the cheapest offerings on purpose, so it's their fault for promoting unfair competition and theft.

What does "careless enough to use fakes mean"  are you saying the average electronics hobbyist who goes on eBay and searches for USB serial converter is being careless? how are they supposed to determine which have fake chips?. And no price alone is not enough to make that determination.

Quote
Hmm Strawman... is that you Mojo? he used it a lot.

Now that qualifies as a personal attack!. ;D  I'm disappointed. BTW strawman is a commonly used term by many on this and other forums - you realize that I'm sure.

Quote
kidding aside, look at what you didn't quote me on, I did address that I think (In My Opinion, to be clear) that FTDI did the right thing and their response on their second approach is a good response to the issue at hand.

I didn't quote that because it's just a different opinion - not a point of fact to debate.

Quote
No, what I am saying is that FTDI's tactics have been misguided and self destructive. I think what these responses by them show (including their response to Dave on Twitter) is that this area of their business is failing. The reason likely has little to do with the clones but instead is largely due to the availability of better alternatives as you yourself and others here have pointed out. If I was an investor in FTDI, I would take these episodes to be a sign to get out.

Yup, their first approach was harsh and they did deserve the heat.
On that we agree- This most recent approach is still foolish IMO but less bad I agree. In general in this thread though I think the topic has been about their overall approach to this issue - including both attempts go after the fake chips.

In addition, the recent blocking of Dave and others by FTDIChip on Twitter just further reinforces my opinion that their management is completely inept and out of touch.

Title: Re: FTDIgate 2.0?
Post by: boffin on February 04, 2016, 04:33:47 am
Interesting.  New Firmware release today...


http://www.ftdichip.com/Drivers/VCP.htm (http://www.ftdichip.com/Drivers/VCP.htm)
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 04, 2016, 05:26:27 am
I wonder if they changed the string to only go to the PC and not the device?

Or have they succumb to the internet pressure of the vocal few?

I don't have any FTDI chips, clones or not, then again I don't have any xxxduino in here, but maybe I do but if I do, it's probably the real deal.

Nope, I did a "driverquery" on my command prompt and no sign of FTDI.
Title: Re: FTDIgate 2.0?
Post by: filssavi on February 04, 2016, 07:20:54 am
I would like to know if anyone thinks here that what they are doing here is anything more than just a personal vendetta...
By that i mean, the non genuine string (and even the bricking stuff) will not make cloners abbandon the market, it will only prompt them at better emulating the real FTDI ic's to pass the f****in check, and even if it did, what would it bring in FTDI's bank account

It' like thinking that when the police seizes a batch of fake handbags, that would have ben sold for 50€, the clients not finding the clone will go at the Hermes shop and drop 20000€ on a real one. It's not happening, the client will find another fake handbags they like...

I mean piracy is a social/commercial problem, you can't solve it by shouting, yelling and punching people

The core problem here are 2:
-the IC price out of touch with reality, so cloners can undercut the price and still have huge margins
-FTDI is fading out of market by mean of shear obsolescence of their products, even the smallest mcu's have usb in them and the market for USB/serial is disappearing.

So if for a healty company cloners are annoying but inevitabile for FTDI they are an existential threat due to the incompetance of the management
Title: Re: FTDIgate 2.0?
Post by: Karel on February 04, 2016, 07:26:38 am
That's fine. But dumping trash data or frying chips are not fine.

That's your opinion and the opinion of some others, mostly hobbyists who got burned by buying cheap (Chinese) products.
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

Aim your anger to the counterfeiters, not to a a company that tries to protect their investment by not supporting
counterfeit chips with their driver. There's nothing wrong with sending the string "this is not a genuine chip" when counterfeit
is detected.


Title: Re: FTDIgate 2.0?
Post by: Karel on February 04, 2016, 07:31:54 am
I would like to know if anyone thinks here that what they are doing here is anything more than just a personal vendetta...
By that i mean, the non genuine string (and even the bricking stuff) will not make cloners abbandon the market, it will only prompt them at better emulating the real FTDI ic's to pass the f****in check, and even if it did, what would it bring in FTDI's bank account

That's up to FTDI to decide what's best for their interest. I guess they have done some estimaton about this.
Apparently, they think it's better for their business by doing so. As long as they don't break any law, it's completely up to them.
Title: Re: FTDIgate 2.0?
Post by: Gribo on February 04, 2016, 08:35:24 am
I just got an evaluation board from NXP (PNEV512B) which contains an FTDI FT232RQ device. Guess what? VID is 0. Thanks to FTDI and NXP I lost an hour of my life.  :--
Title: Re: FTDIgate 2.0?
Post by: westfw on February 04, 2016, 08:42:27 am
Quote
Has anybody here purchased any FTDI device from a legitimate distributor in the last, say, 6 months and received a fake?
Does anyone have an Arduino Nano that doesn't have a counterfeit FTDI?  There were hints that even the original (Gravitech-manufactured) boards might have had fakes - people who had bought full-price Nanos from trusted distributors were getting their chips bricked back in 2014...
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on February 04, 2016, 08:43:09 am
That's fine. But dumping trash data or frying chips are not fine.

That's your opinion and the opinion of some others, mostly hobbyists who got burned by buying cheap (Chinese) products.
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

Aim your anger to the counterfeiters, not to a a company that tries to protect their investment by not supporting
counterfeit chips with their driver. There's nothing wrong with sending the string "this is not a genuine chip" when counterfeit
is detected.

The real issue is that the decision to "play" with the driver brings attention to the counterfeits. I agree that they have every right to do so (within reason).

For myself and my customers I would opt not to use a potentially counterfeit device in future designs. There are many other choices out there and I'd move on to the next device. This is not a supply issue just another criteria used on a BOM. 
Title: Re: FTDIgate 2.0?
Post by: station240 on February 04, 2016, 08:46:50 am
I just got an evaluation board from NXP (PNEV512B) which contains an FTDI FT232RQ device. Guess what? VID is 0. Thanks to FTDI and NXP I lost an hour of my life.  :--

I've just discovered some of the Ti evaluation/dev boards with onboard JTAG programmer (USB), use a FTDI FT2232D as the device.
$8.53 each in FTDI's shop, or 100 for $633.08, plus crappy exchange rate and postage. Now I have to wonder if FTDI's 'special' drivers* will screw with JTAG programmers, looks like I'll have to ask Ti for help as I would like to have onboard JTAG to USB in my PCB designs.

* special in that no one else is pulling this sort of shit.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 04, 2016, 08:58:12 am
Quote
Has anybody here purchased any FTDI device from a legitimate distributor in the last, say, 6 months and received a fake?
Does anyone have an Arduino Nano that doesn't have a counterfeit FTDI?  There were hints that even the original (Gravitech-manufactured) boards might have had fakes - people who had bought full-price Nanos from trusted distributors were getting their chips bricked back in 2014...

That's hardly a company (well companies now) using legitimate distribution channels, actually as one of the companies was concerned they were the only place to produce the Arduinos.

I think people that have fake chips on their xxxduinos should complain to the manufacturer to make things right, after all it's bad karma to build a business based on someone else's (a student) hard work like the duino folk did.

Title: Re: FTDIgate 2.0?
Post by: janoc on February 04, 2016, 11:07:41 am
That's fine. But dumping trash data or frying chips are not fine.

That's your opinion and the opinion of some others, mostly hobbyists who got burned by buying cheap (Chinese) products.
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

Wow, Karel, I wouldn't want to work for the customer support of your company if your engineers have this attitude! You think that the Intel folks who had to deal with the support request because of the fake adapter work for free or what? Someone has to pay for the wasted hours! And that was a stupid error message on a hobbyist's product, now imagine if a production line stops because of a monitoring PC with Windows XP that has been updated and now spews garbage into a PLC. We are talking hundreds of thousands of euro of lost money because of this.

You have obviously no idea about what it takes to support a commercial product and the nightmares you get - even if you did all due dilligence and this sort of thing is not really your fault - you still get blamed, because the client doesn't (and shouldn't) care!

Our company doesn't build machinery but we build simulators for it to train operators - and have to regularly deal with issues such as PLC that controls the simulator control panels stopping to talk to the rest of the system because some stupid driver got updated behind our back or someone thought it was a good idea to replace a cable. The PLCs use serial ports, so these USB to serial adapters are common. Who do you think gets called when a guy at a factory in Mexico has a problem starting the simulator in the morning? (which is late evening here in France)?

Do you know how much money does all this cost? Both in direct costs (money to pay the engineer to do the actual support and troubleshooting) and indirect - because our product is seen as "broken and never working right", even though the problems are in 99% of cases nothing to do with us - bad cables, unplugged components (yay, cleaners), flooding (yay, facility management), fried equipment because of power surges (yay, someone was too cheap to put in a surge protector despite our explicit advice), etc.

Yes, poor design, people opting for cheap solutions, etc - but one rarely has the luxury to control all of this in real world. If the client decides to do something against your advice, you can't do much there. Also you cannot demand that the PC used for the system is never updated or network connected. That's just not reasonable thing to ask, especially when your product is mainly software and depends on good functioning of the PC (i.e. no viruses, malware, etc.)

We have never bought any of USB to serial adapters ourselves, it is usually the client who supplies the same hw as they are using for production, so how can I guarantee that the supplier didn't ship one with a counterfeit chip with the PLC? Or that even the ethernet enabled PLC doesn't have a fake chip inside? Counterfeit parts were discovered even in airplanes (both Airbus and US military), where the supply chain is much more strictly regulated than for a $10 computer part.

Their supplier likely doesnt have an idea what is in those cables neither because they just got them from Siemens or whoever their vendor is. But it will be us as the integrator who gets hit with the support calls and costs, not Siemens! Siemens will at best replace the cables/PLC, the rest of the expense is out of our pocket. In that situation, a vendor going rogue and doing what FTDI is doing now is just a nightmare. Are we impacted? If yes, how much? What could fail? Where?

Reality doesn't often match with whatever the armchair critics dream out. Some of this can be covered by the contracts (aka client gets billed), but it is still wasted time debugging the problem. That you haven't seen these problems doesn't mean they don't exist but that you should get out of your chair and broaden your horizon before making a fool of yourself.

Title: Re: FTDIgate 2.0?
Post by: madires on February 04, 2016, 11:58:17 am
It's entertaining to watch the FTDI apologists twist and turn to justify FTDI's tactics. 

The bottom line remains the same: People who unknowingly bought products with fake FTDI chips are being harmed and FTDI's actions are alienating their own customers. 

They are being outdone by other companies with competing products and their actions regarding clones, whether justified or not, are only exacerbating migration of their customers to those alternatives as well as generating a feeling of ill will towards the FTDI brand.

Yes, that's excatly how the market works. If FTDI is so concerned about fake chips they shouldn't publish their Windows driver and provide a driver SDK to their customers. So any company building some product with a FTDI chip can get their own USB ID and ship the product with a dedicated driver. The way FTDI deals with the fake chips at the moment is simply :palm:
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 04, 2016, 12:00:52 pm
In addition, the recent blocking of Dave and others by FTDIChip on Twitter just further reinforces my opinion that their management is completely inept and out of touch.

That's completely childish, to say the least. FTDI has made a fool of itself and it continues to do so. They are even worse than the Fine Brothers!

I just wonder if someone from FTDI actually reads these forums. I suspect 1 or 2 members here might be FTDI employees, because of how adamant they are in defending FTDI and their crappy business.
Title: Re: FTDIgate 2.0?
Post by: madires on February 04, 2016, 12:05:07 pm
Quote
bricking my chip was a really bad move,

I am sure FTDI has a different perspective: they wrote a set of procedure that works flawlessly on the genuine chip. You happen to plug your fake chip there and ...

That's called computer sabotage and is an offence in several countries, in case you don't understand the implication of bricking someting on purpose.
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 04, 2016, 12:10:35 pm

"Did a string search in their binary, the notorious "NON GENUINE DEVICE FOUND!" string still exists"

Would be interesting to see how it rracts to a knock off. Ie. The code may be there but it may not actually run.

I have quite a few arduino boards, mostly the Leonardo and the minis. The first thing I do with them is to wipe out the bootloader as I program them as avr boards.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 04, 2016, 12:20:45 pm
I've just discovered some of the Ti evaluation/dev boards with onboard JTAG programmer (USB), use a FTDI FT2232D as the device.
$8.53 each in FTDI's shop, or 100 for $633.08, plus crappy exchange rate and postage. Now I have to wonder if FTDI's 'special' drivers* will screw with JTAG programmers, looks like I'll have to ask Ti for help as I would like to have onboard JTAG to USB in my PCB designs.
I think this is very likely. JTAG is a feature of the D2XX driver. If I configure the D2XX driver with FT_Prog (you can use this program to read your configuration), then it uses the driver ftdibus.sys, which contains the string "NON GENUINE DEVICE FOUND!". Interestingly if I configure it as "Virtual COM Port", it uses ftser2k.sys, and ftcserco.dll and ftserui2.dll, which don't contain the string.

Looks like a mess for me with all the different drivers, but this might be a problem of Windows that you can't use just one driver, if you want a virtual COM port and then other special things.
Title: Re: FTDIgate 2.0?
Post by: rrinker on February 04, 2016, 02:29:57 pm
Quote
Has anybody here purchased any FTDI device from a legitimate distributor in the last, say, 6 months and received a fake?
Does anyone have an Arduino Nano that doesn't have a counterfeit FTDI?  There were hints that even the original (Gravitech-manufactured) boards might have had fakes - people who had bought full-price Nanos from trusted distributors were getting their chips bricked back in 2014...

 Mine's fairly well stuck in the breadboard I have it plugged in to so I can't see the bottom to see what brand the chip is marked as, but if it's a fake FTDI, it's still working perfectly fine and my system is a fully up to date Windows 10 machine - works on my laptop as well. I wouldn't be surprised if mine actually has a knockoff of a knockoff USB chip, considering I paid like $6 for this Nano from Amazon.

Title: Re: FTDIgate 2.0?
Post by: boffin on February 04, 2016, 03:48:53 pm
Maybe damage control is on the way.  There's an upcoming interview between FTDI and Adafruit
https://blog.adafruit.com/2016/02/04/comingsoon-an-interview-with-fred-dart-ceo-of-ftdi-ftdichip-ftdi/

Title: Re: FTDIgate 2.0?
Post by: c4757p on February 04, 2016, 04:07:21 pm
Given what I've seen before, I expect they'll use this interview as a chance not for damage control, but to dig their hole even deeper. They seem to have a thing for, ahem, deep holes.
Title: Re: FTDIgate 2.0?
Post by: marcan on February 04, 2016, 04:16:07 pm
BTW, regarding the quality of their IP: I just tested the SPI mode of the FT2232H with their sample application for the D2XX driver and the SPI_ReadWrite function (with SPI_TRANSFER_OPTIONS_CHIPSELECT_ENABLE and SPI_TRANSFER_OPTIONS_CHIPSELECT_DISABLE, the only modification I made is to transfer 2 bytes). This is how it looks like:
(http://i.imgur.com/RKscFVP.png)
:palm:

(https://mrcn.st/t/bb.png)

FT232R. That was supposed to be a square wave, in bitbang mode. Turns out their clocking is, well.... yeah.

I wonder if the clone chip supports bitbang mode, and if it does, if it works any better.
Title: Re: FTDIgate 2.0?
Post by: marcan on February 04, 2016, 05:04:38 pm
Oh, this is pure gold.

FT232R, clone vs. original, outputting a 38kHz square wave in bitbang mode, same exact code driving both.

(https://mrcn.st/t/ftdi_bitbang_vs_fake.png)

Original at the top, clone at the bottom.

Turns out the clone chips are actually better at following FTDI's own spec (and actually being useful in bitbang mode) than the original, buggy silicon.

Now where can I get a distributor that guarantees they will supply the superior clone chips? I don't want to give FTDI any money, and these things are actually useful in bitbang mode, unlike FTDI's junk.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 04, 2016, 06:11:27 pm
Oh, this is pure gold.

FT232R, clone vs. original, outputting a 38kHz square wave in bitbang mode, same exact code driving both.

(https://mrcn.st/t/ftdi_bitbang_vs_fake.png)

Original at the top, clone at the bottom.

Turns out the clone chips are actually better at following FTDI's own spec (and actually being useful in bitbang mode) than the original, buggy silicon.

Now where can I get a distributor that guarantees they will supply the superior clone chips? I don't want to give FTDI any money, and these things are actually useful in bitbang mode, unlike FTDI's junk.

That's funny.

Now their CEO is devoting time and energy doing interviews? - not a good sign.

I think it's becoming increasingly obvious that FTDI's problem is not cloners, it is FTDI.

Perhaps clone chip makers should just write their own driver and start marketing their chips as a cheaper, better, FTDI pin compatible alternative?  They could  brand them FDTI (at least that would be more honest and not illegal)....
Title: Re: FTDIgate 2.0?
Post by: mikerj on February 04, 2016, 06:43:50 pm
That's your opinion and the opinion of some others, mostly hobbyists who got burned by buying cheap (Chinese) products.
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

And what about the end user who has no choice in whether a genuine FTDI device was used or not?

Aim your anger to the counterfeiters, not to a a company that tries to protect their investment by not supporting
counterfeit chips with their driver. There's nothing wrong with sending the string "this is not a genuine chip" when counterfeit
is detected.

How can you possibly know that?  Can you personally guarantee that no device using an FTDI chip exists that doesn't do something bad or unexpected when that string is sent to it?  Of course you can't.  Sending that string back to the calling application at the PC end is one thing (though still stupid), but sending it to the embedded device using the FDTI chip shows a monumental level of stupidity.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 05, 2016, 06:31:58 am
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

Wrong. Even professionals who check their sources get bitten. Why ? because often, they put high pressure on prices, so the source, or the source of the source of the source gets it where it's cheap. You get what you pay for, and this is the norm in Asia.

There's nothing wrong with sending the string "this is not a genuine chip" when counterfeit is detected.
Wrong and wrong.
1) They don't detect counterfeits. They detect non FTDI chips. It could be a legitimate compatible chip, a clone, a grey market FTDI silicon, or a counterfeit.
2) There's something wrong with corrupting user data. A driver should NEVER maliciously corrupt user data. If an error pops up, it should use the legitimate error channels instead (closing the port, popping up an error message, etc...).
Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 07:32:19 am
That's your opinion and the opinion of some others, mostly hobbyists who got burned by buying cheap (Chinese) products.
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

And what about the end user who has no choice in whether a genuine FTDI device was used or not?

The end user puts a claim at the place where he bought it.

Aim your anger to the counterfeiters, not to a a company that tries to protect their investment by not supporting
counterfeit chips with their driver. There's nothing wrong with sending the string "this is not a genuine chip" when counterfeit
is detected.

How can you possibly know that?  Can you personally guarantee that no device using an FTDI chip exists that doesn't do something bad or unexpected when that string is sent to it?  Of course you can't.  Sending that string back to the calling application at the PC end is one thing (though still stupid), but sending it to the embedded device using the FDTI chip shows a monumental level of stupidity.

That's not the responsibility of FTDI. Every engineer that designs a possible dangerous device that uses a serial port without
any data checking protocol, is an idiot.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 07:40:45 am
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

... because often, they put high pressure on prices, so the source, or the source of the source of the source gets it where it's cheap. You get what you pay for, and this is the norm in Asia.

You take the risk to go for cheap. You take the fame when your business goes well. You take the blame when shit happens
because of your choice to go for cheap.

There's nothing wrong with sending the string "this is not a genuine chip" when counterfeit is detected.
Wrong and wrong.
1) They don't detect counterfeits. They detect non FTDI chips. It could be a legitimate compatible chip, a clone, a grey market FTDI silicon, or a counterfeit.
2) There's something wrong with corrupting user data. A driver should NEVER maliciously corrupt user data. If an error pops up, it should use the legitimate error channels instead (closing the port, popping up an error message, etc...).

Wrong and wrong.
They do detect counterfeit chips. Show me a link to a place where I can buy a legitimate, compatible non-FTDI
chip that gets harmed by the actions of FTDI.
There's nothing wrong with sending the string "this is not a genuine chip". Counterfeiters shouldn't use somebodies elses
USB VID in order to illegally use somebodies elses driver which they have no right to.

Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 07:48:34 am
Perhaps clone chip makers should just write their own driver and start marketing their chips as a cheaper, better, FTDI pin compatible alternative?  They could  brand them FDTI (at least that would be more honest and not illegal)....

They should have done that in the first place.

But probably they are not capable to write a (stable) driver, or writing it costs too much money,
or probably both...
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on February 05, 2016, 08:21:10 am
Perhaps clone chip makers should just write their own driver and start marketing their chips as a cheaper, better, FTDI pin compatible alternative?  They could  brand them FDTI (at least that would be more honest and not illegal)....

They should have done that in the first place.

But probably they are not capable to write a (stable) driver, or writing it costs too much money,
or probably both...

Less overhead, more profit. If a programming skill was needed it could be purchased. They choose items that are profitable to copy. That means low production cost, high selling cost, and they need to pass tests.

Think about the complexity of the task design and distribution. Just getting the things on the underground market is a massive undertaking. Remember we are talking massive numbers of devices.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 08:55:42 am
Perhaps clone chip makers should just write their own driver and start marketing their chips as a cheaper, better, FTDI pin compatible alternative?  They could  brand them FDTI (at least that would be more honest and not illegal)....

They should have done that in the first place.

But probably they are not capable to write a (stable) driver, or writing it costs too much money,
or probably both...

Less overhead, more profit. If a programming skill was needed it could be purchased. They choose items that are profitable to copy. That means low production cost, high selling cost, and they need to pass tests.

Think about the complexity of the task design and distribution. Just getting the things on the underground market is a massive undertaking. Remember we are talking massive numbers of devices.

Exactly. And FTDI whent through all of this and invested a lot of money in their driver. They have all the right to brick or sabotage counterfeit chips that abuse their driver.

Title: Re: FTDIgate 2.0?
Post by: Boomerang on February 05, 2016, 10:51:55 am
The driver cannot look at the marking of the chip. Only small number of specially trained people can look at the chip, make series of tests and say "This is counterfeit for sure."
Title: Re: FTDIgate 2.0?
Post by: amyk on February 05, 2016, 11:41:57 am
Oh, this is pure gold.

FT232R, clone vs. original, outputting a 38kHz square wave in bitbang mode, same exact code driving both.

(https://mrcn.st/t/ftdi_bitbang_vs_fake.png)

Original at the top, clone at the bottom.

Turns out the clone chips are actually better at following FTDI's own spec (and actually being useful in bitbang mode) than the original, buggy silicon.

Now where can I get a distributor that guarantees they will supply the superior clone chips? I don't want to give FTDI any money, and these things are actually useful in bitbang mode, unlike FTDI's junk.
:o Are you sure you didn't get the two mixed up? Or perhaps they're both actually clones, but one passes the test enough to identify as genuine?

AFAIK the clones use a microcontroller whereas the genuine ones are a full ASIC. If true, funny to see the former beating the latter in timing stability... it's usually the other way around.

Karel, you might want to look up the interoperability court cases I posted - it's perfectly legal to make a clone, especially one that's completely different in terms of implementation. Even using FTDI's VID:PID is fine because it's required for interoperability. The only thing that's not is marking it with the FTDI name, and that's not something the driver can determine. In the previous long thread there was mention of COB clones, which are completely unmarked, and this one (http://www.bms.by/eng/spec/PDF/IZ232e-ts.pdf). Perhaps you work for FTDI...? ::)
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 05, 2016, 11:49:37 am
Exactly. And FTDI whent through all of this and invested a lot of money in their driver. They have all the right to brick or sabotage counterfeit chips that abuse their driver.
Please seek legal counsil because your statement is wrong on so many levels!
Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 12:06:17 pm
Exactly. And FTDI whent through all of this and invested a lot of money in their driver. They have all the right to brick or sabotage counterfeit chips that abuse their driver.
Please seek legal counsil because your statement is wrong on so many levels!

So, soon we will see courtcases or a classaction suit against FTDI and FTDI will loose?
Go ahead and surprise me.

Title: Re: FTDIgate 2.0?
Post by: rs20 on February 05, 2016, 12:37:00 pm
So, soon we will see courtcases or a classaction suit against FTDI and FTDI will loose?
Go ahead and surprise me.

 :palm: The victims of FTDI's vandalism can't afford legal action.

FTDI whent through all of this and invested a lot of money in their driver. They have all the right to brick or sabotage counterfeit chips that abuse their driver.

The way you think a company being the victim of counterfeiting* gives them cart blanche to do whatever petty vandalism they want is just astonishing. Schoolyard eye-for-an-eye rubbish, and not even directed at the people who did "the crime"* anyway.

* Given that you're so excited about hard evidence for everything, where is the evidence that FTDI is suffering from a significant, unusual amount of counterfeiting? A company that is perpetually out of stock doesn't really sound like it's actually struggling and maybe should be focussing on production... It's interesting to consider how many second-source (what an idiot would call "counterfeit") ICs exist out there... do you think the world would be a better place if the inventor of the first quad NAND gate started designing chips that bricked any connected quad NAND gates from second-source manufacturers? The fact that the counterfeit FTDI chips use real FTDI drivers is of zero relevance, FTDI wears zero marginal cost for having those drivers distributed by Windows Update. It seems more likely FTDI is a company dying of obsolescence (thank goodness) grasping at excuses and being petty little children about it?
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 05, 2016, 01:54:37 pm
(...) it's perfectly legal to make a clone, especially one that's completely different in terms of implementation. Even using FTDI's VID:PID is fine because it's required for interoperability. The only thing that's not is marking it with the FTDI name, and that's not something the driver can determine. In the previous long thread there was mention of COB clones, which are completely unmarked, and this one (http://www.bms.by/eng/spec/PDF/IZ232e-ts.pdf). Perhaps you work for FTDI...? ::)

That's exactly what I think too. If the guys making "second source" FT232s  (to use rs20's term!) hadn't branded them FTDI FT232RL, then they would be in the clear with possibly a better product and since they have a lower price, they'd have a huge demand for their chips.

It is possibly just a coincidence, but the CH340G chips appeared just around the time of FTDI Gate 1.0. I wonder if the manufacturer of the "second source" FT232 and CH are related. Neverthless, the CH340G chips possibly are taking a lot of market share of the FT232RL, since it is cheaper and as easy to implement (although it requires external crystal, which the FTDI part doesn't). I believe 99% of the Arduino clones are being shipped with the CH340G nowadays. 

And, for the FTDI fanboys out there, WCH (the manufacturer of the CH340G) also has working drivers (for Win, Linux and Mac), so that isn't a big deal. It's not like creating serial drivers for Windows requires an investment of millions of dollars.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 01:57:06 pm
Karel, you might want to look up the interoperability court cases I posted - it's perfectly legal to make a clone, especially one that's completely different in terms of implementation. Even using FTDI's VID:PID is fine because it's required for interoperability. The only thing that's not is marking it with the FTDI name, and that's not something the driver can determine. In the previous long thread there was mention of COB clones, which are completely unmarked, and this one (http://www.bms.by/eng/spec/PDF/IZ232e-ts.pdf). Perhaps you work for FTDI...? ::)

The fact that this will interfere with things that aren't FTDI counterfeits, just FTDI-compatibles, because, y'know, it can't read the markings on the chip, really should end this whole bloody argument. But clearly we have more sleazy businesspeople than real engineers here. Anything in the pursuit of profit...
Title: Re: FTDIgate 2.0?
Post by: madires on February 05, 2016, 01:58:19 pm
That's not the responsibility of FTDI. Every engineer that designs a possible dangerous device that uses a serial port without
any data checking protocol, is an idiot.

I agree on the latter, but the reality is that there are a lot of products with serial interfaces and no input validation. So it's not a non-issue.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 02:10:12 pm
If you're writing a driver, and your number one priority isn't making devices work, you're not writing a driver. If you want to argue that clones are unpredictable and can't be trusted, then fine, refuse to operate with them, the same way my operating system's mouse driver won't even try to talk to my USB flash stick. It knows it can't. Even if the latter reported an incorrect VID/PID and it started to, it'd stop as soon as it realized something wasn't right. Start sending garbage or intentionally damaging the device and you're not an engineer, you're just a dick.

Whatever happened to engineering ethics? Here's a good example (http://www.nspe.org/sites/default/files/resources/pdfs/Ethics/CodeofEthics/Code-2007-July.pdf). Lots of stuff about not endangering life or property. Nothing about "when you can blame someone else for endangerment of life or property, have at it". Nothing about "don't worry about endangering life or property until you've actually seen it happen once, hypothetical hazards aren't real". I seriously hope I never end up owning a device made by some of the people here.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 02:53:09 pm
That's not the responsibility of FTDI. Every engineer that designs a possible dangerous device that uses a serial port without
any data checking protocol, is an idiot.

I agree on the latter, but the reality is that there are a lot of products with serial interfaces and no input validation. So it's not a non-issue.

It's an issue caused by incompetent or criminal engineers.

Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 02:54:22 pm
Whatever happened to engineering ethics?

You should ask that to the engineers who designed the counterfeit chips.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 02:56:51 pm
Whatever happened to engineering ethics?

You should ask that to the engineers who designed the counterfeit chips.

Ahhhh, you're one of those people who think it's okay to do something unethical as long as you're doing it in response to something else unethical.

Okay, that explains this whole thread for me. Makes sense.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 03:49:04 pm
1) They don't detect counterfeits. They detect non FTDI chips. It could be a legitimate compatible chip, a clone, a grey market FTDI silicon, or a counterfeit.

Legitimate manufacturers do not impersonate their competition by spoofing their vendor ID and product ID, in order to piggyback on a closed source, proprietary driver that they do not have permission to use.  If there are any manufacturers doing that (it would take some impressive mental gymnastics to continue calling them "legitimate" at this point), FTDI has every right to say "No", forcing those manufacturers to either write and distribute their own drivers, or obtain the permission of a different competitor and piggy back off of theirs.  What's wrong with competing on a level playing field?  FTDI is under no obligation to properly support chips they did not produce.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 03:53:43 pm
Whatever happened to engineering ethics? Here's a good example (http://www.nspe.org/sites/default/files/resources/pdfs/Ethics/CodeofEthics/Code-2007-July.pdf). Lots of stuff about not endangering life or property. Nothing about "when you can blame someone else for endangerment of life or property, have at it". Nothing about "don't worry about endangering life or property until you've actually seen it happen once, hypothetical hazards aren't real". I seriously hope I never end up owning a device made by some of the people here.

"Endangering life or property"...here we go again.

Let's think about this for a second.  We're talking about a device, which is INTENDED to be plugged into a Windows machine during operation.  Your entire argument is that there is a product out there (not just one, but apparently enough for this to be a serious ethical violation), which if, during it's NORMAL AND INTENDED operation, a user were to open up HyperTerminal and type the wrong character, the device would be permanently destroyed, and/or would injure or kill somebody.

That is an extraordinary claim, and just like with that nutter in the free energy thread, I'd like to see some proof that such a device actually exists.  Until you can provide such proof, these are just baseless suspicious that merit no further discussion.

In the absence of such a ridiculously, criminally buggy piece of hardware, the result is no different than simply refusing to communicate.  The device doesn't work, it provides a message that says why, and the user should take it up with the manufacturer.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 03:55:28 pm
FTDI distribute their driver through the official mechanism on Windows, it's essentially part of the operating system. What the hell is wrong with using it? If they don't want people using their driver they shouldn't give it away.

Let's think about this for a second.  We're talking about a device, which is INTENDED to be plugged into a Windows machine during operation.  Your entire argument is that there is a product out there (not just one, but apparently enough for this to be a serious ethical violation), which if, during it's NORMAL AND INTENDED operation, a user were to open up HyperTerminal and type the wrong character, the device would be permanently destroyed, and/or would injure or kill somebody.

This isn't my claim, can't you read? I don't know if there is such a device, or if there is, how many there are - and neither do FTDI's engineers.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 05, 2016, 03:56:34 pm
Perhaps clone chip makers should just write their own driver and start marketing their chips as a cheaper, better, FTDI pin compatible alternative?  They could  brand them FDTI (at least that would be more honest and not illegal)....

They should have done that in the first place.

But probably they are not capable to write a (stable) driver, or writing it costs too much money,
or probably both...

I find it strange that a company that has the resources and money to create a counterfeit chip doesn't just write their own driver. I'd imagine that writing a driver costs a lot less than developing and testing a chip. Mask sets and proto fabs alone for a chip are ~1M$, which will pay the salaries of ten driver engineers for a year (more in Asia). Surely they could cook up a driver in that period of time.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 03:58:27 pm
This isn't my claim, can't you read?

That is your claim.  You keep talking about damage to property or endangering life, the only way that's possible is if such a device exists.  Prove it, or stop bringing up ethical violations, property damage, endangerment of life, etc.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 03:59:15 pm
FTDI already went to the trouble of getting it into the distribution system, why should they bother writing a driver? Just like if you're building a USB mouse, you use the existing USB HID standard rather than writing your own driver because the driver for that is already on the operating system.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 04:01:25 pm
FTDI already went to the trouble of getting it into the distribution system, why should they bother writing a driver? Just like if you're building a USB mouse, you use the existing USB HID standard rather than writing your own driver because the driver for that is already on the operating system.

Because that driver is not open for everyone to use.  It's FTDI's driver.  The reason it's so well integrated is because of the time and effort FTDI put into doing so.  If FTDI doesn't want their competition to use it, they have every right to not let them.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 05, 2016, 04:01:50 pm
FTDI distribute their driver through the official mechanism on Windows, it's essentially part of the operating system. What the hell is wrong with using it? If they don't want people using their driver they shouldn't give it away.

So let's say that someone cloned Nvidia's graphics chipset and made their own board--should they just piggyback on Nvidia's drivers (which are part of Windows) rather than writing their own? Nvidia has invested millions in writing these drivers and it's a key part of their IP. Where do you draw the line?
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 04:02:16 pm
This isn't my claim, can't you read?

That is your claim.  You keep talking about damage to property or endangering life, the only way that's possible is if such a device exists.  Prove it.

Part of engineering something to be safe is guarding against hypothetical hazards. It doesn't matter if such a device exists. When you intentionally create a driver to send faulty data, you're making the assumption that no safety-critical devices will malfunction, and frankly I do not trust FTDI's engineers with my own safety any farther than I can throw them.

It's not like making the safe choice here was expensive and difficult, and the engineers had to balance theoretical danger against real cost. It would have cost them nothing extra to just refuse to work.

Because that driver is not open for everyone to use.  It's FTDI's driver.  The reason it's so well integrated is because of the time and effort FTDI put into doing so.  If FTDI doesn't want their competition to use it, they have every right to not let them.

Who says? It's on my computer.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 04:03:42 pm
FTDI distribute their driver through the official mechanism on Windows, it's essentially part of the operating system. What the hell is wrong with using it? If they don't want people using their driver they shouldn't give it away.

So let's say that someone cloned Nvidia's graphics chipset and made their own board--should they just piggyback on Nvidia's drivers (which are part of Windows) rather than writing their own? Nvidia has invested millions in writing these drivers and it's a key part of their IP. Where do you draw the line?

Absolutely, why not? The driver is part of the operating system. If they wanted their IP protected they shouldn't have given it away.

Now, whether they should clone the chipset itself is a separate question entirely, and depends on whether they just mimic its behavior or actually went and copied the chip itself.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 04:04:00 pm
Perhaps clone chip makers should just write their own driver and start marketing their chips as a cheaper, better, FTDI pin compatible alternative?  They could  brand them FDTI (at least that would be more honest and not illegal)....

They should have done that in the first place.

But probably they are not capable to write a (stable) driver, or writing it costs too much money,
or probably both...

I find it strange that a company that has the resources and money to create a counterfeit chip doesn't just write their own driver. I'd imagine that writing a driver costs a lot less than developing and testing a chip. Mask sets and proto fabs alone for a chip are ~1M$, which will pay the salaries of ten driver engineers for a year (more in Asia). Surely they could cook up a driver in that period of time.

It makes perfect sense.  They don't want to compete, they want to impersonate.  They want to steal some of FTDI's market share without having to build up their own name and reputation.  So they stick FTDI's logo on the chip, fake the VID/PID, and make under-the-table deals with corrupt suppliers to get them into the system.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 04:09:43 pm
Part of engineering something to be safe is guarding against hypothetical hazards. It doesn't matter if such a device exists

Yes it does, because your entire argument is based around it.  If such a device does not exist, which I am certain of (just like I'm certain there are no operational over-unity devices), then your argument has no merit.  Printing a message that says it's not genuine accomplishes the same thing as refusing to work with the chip, with the addition of reduced debugging time.
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 05, 2016, 04:10:16 pm
Because that driver is not open for everyone to use.

Well, it is freely available for download on their website!

Quote
The reason it's so well integrated is because of the time and effort FTDI put into doing so.  If FTDI doesn't want their competition to use it, they have every right to not let them.

Really? How much money EXACTLY, has FTDI invested in building the drivers? How many man-hours were spent? How can you tell FTDI has spent so much time and effort writing the drivers?

Actually, writing Windows drivers isn't exactly rocket science, and the examples in the Windows DDK (https://msdn.microsoft.com/en-us/windows/hardware/gg454513.aspx) (Driver Development Kit) already take care of a great part of such task.

Unless you have real, factual data, please stop saying that FTDI has invest a lot of time and effort into writing their crappy drivers.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 04:13:20 pm
Yes it does, because your entire argument is based around it.  If such a device does not exist, which I am certain of (just like I'm certain there are no operational over-unity devices), then your argument has no merit.

You're as sure that no devices malfunction when receiving the wrong data as you are that no devices violate basic laws of physics? Damn, you have a lot of faith in engineers. Also never actually used any real-world devices, as far as I can tell.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 04:14:41 pm
Because that driver is not open for everyone to use.

Well, it is freely available for download on their website!
By "everyone" I was clearly referring to competitors trying to impersonate FTDI devices, not end-users of legitimate FTDI devices.

Quote
The reason it's so well integrated is because of the time and effort FTDI put into doing so.  If FTDI doesn't want their competition to use it, they have every right to not let them.

Really? How much money EXACTLY, has FTDI invested in building the drivers? How many man-hours were spent? How can you tell FTDI has spent so much time and effort writing the drivers?

Actually, writing Windows drivers isn't exactly rocket science, and the examples in the Windows DDK (https://msdn.microsoft.com/en-us/windows/hardware/gg454513.aspx) (Driver Development Kit) already take care of a great part of such task.

Unless you have real, factual data, please stop saying that FTDI has invest a lot of time and effort into writing their crappy drivers.

Who cares how much?  They invested their money in it, they are allowed to say who can use it.  If it's so trivially easy and cheap to make a driver for FTDI chips, get it signed, and integrated into the Windows Update ecosystem so transparently that end-users don't even notice, then why don't you do it?  Seriously.  Make your own, advertise it as a universal driver for all FTDI-compatible devices (clones, counterfeits, or legitimate), and sell it or give it away for free as you like.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 04:16:23 pm
Yes it does, because your entire argument is based around it.  If such a device does not exist, which I am certain of (just like I'm certain there are no operational over-unity devices), then your argument has no merit.

You're as sure that no devices malfunction when receiving the wrong data as you are that no devices violate basic laws of physics? Damn, you have a lot of faith in engineers. Also never actually used any real-world devices, as far as I can tell.

Malfunction?  I'm sure there are many that would.  Endanger life?  No.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 04:18:08 pm
Who cares how much?  They invested their money in it, they are allowed to say who can use it.

Horseshit. They put it on my computer, I can use it for anything I damn well please, including with counterfeit devices. Of course, that's a separate question from whether they should or should not mess with those devices, I'm not sure why we're even asking that.

Malfunction?  I'm sure there are many that would.  Endanger life?  No.

Hilariously naive, or frighteningly, if you're actually an engineer.

(Though, also note how you're making hyperbole out of my statements by removing the phrase "or property", which I was careful to include. Endangering property is much more likely.)
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 04:23:00 pm
Who cares how much?  They invested their money in it, they are allowed to say who can use it.

Horseshit. They put it on my computer, I can use it for anything I damn well please, including with counterfeit devices. Of course, that's a separate question from whether they should or should not mess with those devices, I'm not sure why we're even asking that.
You can try, but FTDI is under no obligation to deliver a driver that will work properly with them.

Malfunction?  I'm sure there are many that would.  Endanger life?  No.

Hilariously naive, or frighteningly, if you're actually an engineer.
Why?  Because I don't believe that a device that was developed with such gross incompetence that if during normal, intended operation, a single out of place character or some EMI would result in death, could or would ever make it into a SOL application?  How is that belief frightening to you?
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 05, 2016, 04:26:50 pm
Yes it does, because your entire argument is based around it.  If such a device does not exist, which I am certain of (just like I'm certain there are no operational over-unity devices), then your argument has no merit.

You're as sure that no devices malfunction when receiving the wrong data as you are that no devices violate basic laws of physics? Damn, you have a lot of faith in engineers. Also never actually used any real-world devices, as far as I can tell.
And you probably have never worked on the development of a device where bad data could create a hazardous condition. I have, and believe me, it's not something you take lightly (if you're competent, that is). You do whatever you can to ensure that nothing bad happens no matter what data is thrown at you. You validate the data, using checksums, CRCs, or whatever it takes to ensure that you reject bad data. You put hardware interlocks into the design as an additional fail-safe. And after you do all that you test, test, and do more testing throwing all sorts of bad crap at the device to ensure that you covered all of the pathological cases.

Any engineer designing a safety-critical device that cannot detect and reject "NON GENUINE DEVICE FOUND!" coming in on a serial port deserves to be fired and perhaps even prosecuted.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 05, 2016, 04:28:16 pm
And you probably have never worked on the development of a device where bad data could create a hazardous condition. I have, and believe me, it's not something you take lightly (if you're competent, that is). You do whatever you can to ensure that nothing bad happens no matter what data is thrown at you. You validate the data, using checksums, CRCs, or whatever it takes to ensure that you reject bad data. You put hardware interlocks into the design as an additional fail-safe. And after you do all that you test, test, and do more testing throwing all sorts of bad crap at the device to ensure that you covered all of the pathological cases.

Exactly
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 04:35:21 pm
Yes, we've all heard the argument that competent engineers do things competently. Congratulations, the tautology club meets when the tautology club meets, I'm sure they'd love to have you as a member if they want you. I can only imagine you're trying to distract people from the real argument, which is whether FTDI engineers should go messing with the ones who aren't competent.

Of course, we've all heard your answer already, which is screw people who bought something from incompetent engineers, they should have known better and deserve what they get. I can only hope that bites you someday when you have something designed by an incompetent engineer in a field you didn't have the experience to evaluate properly.
Title: Re: FTDIgate 2.0?
Post by: janoc on February 05, 2016, 04:47:50 pm
It seems that there is another company here that has decided to screw their customers by bricking their devices:

http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair?CMP=Share_iOSApp_Other (http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair?CMP=Share_iOSApp_Other)

I want to see how many here will try to defend their actions - they have all the right to refuse work with non-original and potentially counterfeit components, right?!

Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 05, 2016, 04:51:32 pm
Of course, we've all heard your answer already, which is screw people who bought something from incompetent engineers, they should have known better and deserve what they get. I can only hope that bites you someday when you have something designed by an incompetent engineer in a field you didn't have the experience to evaluate properly.

This happens all the time. People are conditioned to buy the cheapest crap products they can find and therefore shouldn't be surprised when it stops working in a few months. I personally find this irritating not because I feel for these cheapskates, but because it's forcing quality products off the market since they can't compete on price alone. The marketplace has spoken and we're all in a spiral to the bottom.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 05, 2016, 04:53:37 pm
Sine everyone enjoys using what ifs.

What if FTDI decided to optimize the driver to bring new functionality to their ftd2xx.dll library and for whatever reason some clones would act erratically midstream after the device and the program have already established a handshake.

It's in their best interest (FTDI's) to detect and refuse to work with cloned chips at initialization, otherwise they might be liable if they attempt to communicate with devices not designed by them and that might not be up to spec for the driver's features.

So yeah, you can turn the whole thing around legally and FTDI can be firm to state that they don't want to be liable for talking with unknown chips with unknown characteristics.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 04:59:35 pm
Malfunction?  I'm sure there are many that would.  Endanger life?  No.
Hilariously naive, or frighteningly, if you're actually an engineer.

Please refrain from commenting when you are out of arguments.
Insulting somebody doesn't make you look more smart, on the contrary.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 05, 2016, 05:00:52 pm
It seems that there is another company here that has decided to screw their customers by bricking their devices:

http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair?CMP=Share_iOSApp_Other (http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair?CMP=Share_iOSApp_Other)

I want to see how many here will try to defend their actions - they have all the right to refuse work with non-original and potentially counterfeit components, right?!

I'll bite. What Apple is doing here is bricking phones that have potentially been stolen and the button (which is also the fingerprint sensor) replaced to gain access to the stolen phone.

Stolen phones are a big problem and I fully support any efforts on the part of the manufacturers to render stolen phones useless to the thieves. That's the only way to solve the theft problem. If a few innocent people inadvertently get their phones bricked as a result, then that's probably the price we have to pay to solve the greater problem of phone theft.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 05:03:39 pm
Sine everyone enjoys using what ifs.

What if FTDI decided to optimize the driver to bring new functionality to their ftd2xx.dll library and for whatever reason some clones would act erratically midstream after the device and the program have already established a handshake.

It's in their best interest (FTDI's) to detect and refuse to work with cloned chips at initialization, otherwise they might be liable if they attempt to communicate with devices not designed by them and that might not be up to spec for the driver's features.

So yeah, you can turn the whole thing around legally and FTDI can be firm to state that they don't want to be liable for talking with unknown chips with unknown characteristics.

Personally I agree 100%, I'd be totally okay with it refusing to work with known clones on the grounds that they're unpredictable. Quite a different thing from intentionally malfunctioning.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 05, 2016, 05:14:21 pm
It seems that there is another company here that has decided to screw their customers by bricking their devices:

http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair?CMP=Share_iOSApp_Other (http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair?CMP=Share_iOSApp_Other)

I want to see how many here will try to defend their actions - they have all the right to refuse work with non-original and potentially counterfeit components, right?!

I'll bite. What Apple is doing here is bricking phones that have potentially been stolen and the button (which is also the fingerprint sensor) replaced to gain access to the stolen phone.

Stolen phones are a big problem and I fully support any efforts on the part of the manufacturers to render stolen phones useless to the thieves. That's the only way to solve the theft problem. If a few innocent people inadvertently get their phones bricked as a result, then that's probably the price we have to pay to solve the greater problem of phone theft.

Yup, also agree 100%. The implications for self-repair are unfortunate, but pretty much a necessary consequence. Personally, I would never buy an iPhone because of the lack of user-"serviceable" bits - I specifically chose my most recent phone for the removable battery and SD slot, for instance - but that's me, I totally see why other people would like them.
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 05, 2016, 05:21:02 pm
Stolen phones are a big problem and I fully support any efforts on the part of the manufacturers to render stolen phones useless to the thieves. That's the only way to solve the theft problem. If a few innocent people inadvertently get their phones bricked as a result, then that's probably the price we have to pay to solve the greater problem of phone theft.

People die of liver cancer. So let's remove everyone's liver, healthy or otherwise, in order to prevent liver cancer.   :palm:

Reminds me of Angelina Jolie, who removed her breasts and ovaries just because she was afraid of cancer. She wasn't even diagnosed yet, she only found out that she's got the mutated gene, so she just went and mutilated herself. Brilliant. :palm:  :palm:



Title: Re: FTDIgate 2.0?
Post by: madires on February 05, 2016, 05:22:41 pm
What if FTDI decided to optimize the driver to bring new functionality to their ftd2xx.dll library and for whatever reason some clones would act erratically midstream after the device and the program have already established a handshake.

It's in their best interest (FTDI's) to detect and refuse to work with cloned chips at initialization, otherwise they might be liable if they attempt to communicate with devices not designed by them and that might not be up to spec for the driver's features.

So yeah, you can turn the whole thing around legally and FTDI can be firm to state that they don't want to be liable for talking with unknown chips with unknown characteristics.

It's perfectly ok when the driver stops talking to the fake chip, but it's no ok to brick it or to send some modified data which could cause any damage. And bonus points for a driver which tells the user about the fake chip.
Title: Re: FTDIgate 2.0?
Post by: Sal Ammoniac on February 05, 2016, 05:23:45 pm
Stolen phones are a big problem and I fully support any efforts on the part of the manufacturers to render stolen phones useless to the thieves. That's the only way to solve the theft problem. If a few innocent people inadvertently get their phones bricked as a result, then that's probably the price we have to pay to solve the greater problem of phone theft.

People die of liver cancer. So let's remove everyone's liver, healthy or otherwise, in order to prevent liver cancer.   :palm:

When you can't come up with an intelligent argument to get your point across, resort to the most extreme straw man possible.  :palm:
Title: Re: FTDIgate 2.0?
Post by: marcan on February 05, 2016, 05:27:07 pm
FTDI distribute their driver through the official mechanism on Windows, it's essentially part of the operating system. What the hell is wrong with using it? If they don't want people using their driver they shouldn't give it away.

So let's say that someone cloned Nvidia's graphics chipset and made their own board--should they just piggyback on Nvidia's drivers (which are part of Windows) rather than writing their own? Nvidia has invested millions in writing these drivers and it's a key part of their IP. Where do you draw the line?

So let's say that someone cloned Nintendo's GameCube gamepad protocol and made their own controller -- should they just piggyback on Nintendo's system and software rather than developing their own? Nintendo has invested millions in designing this hardware and software ecosystem and it's a key part of their IP. Where do you draw the line?

Oh wait, that's how pretty much every unlicensed third-party video game console controller ever works.

So let's say that someone cloned Microsoft's SMB protocol and made their own compatible implementation -- should they just piggyback on Microsoft's SMB subsystem (which is part of Windows) rather than writing their own OS? Microsoft has invested millions in developing this protocol and integrating it into their OS and it's a key part of their IP. Where do you draw the line?

Oh wait, it's called Samba, and MS was actually ordered by the European Commission (https://en.wikipedia.org/wiki/Microsoft_Corp_v_Commission) to supply the Samba developers with protocol information, as part of an antitrust case.

(https://mrcn.st/t/ftdi_bitbang_vs_fake.png)
:o Are you sure you didn't get the two mixed up? Or perhaps they're both actually clones, but one passes the test enough to identify as genuine?

AFAIK the clones use a microcontroller whereas the genuine ones are a full ASIC. If true, funny to see the former beating the latter in timing stability... it's usually the other way around.
Totally sure. It's a documented errata (http://www.ftdichip.com/Support/Documents/TechnicalNotes/TN_120_FT232R%20Errata%20Technical%20Note.pdf) of the FT232R that was never fixed as far as I can tell, and there is no usable workaround (the workaround in that PDF is total bullshit, because you can't actually feed it data fast enough through USB to keep up with the max bitbang clockrate). The clone chip got it right. The errata PDF actually goes out of its way to be misleading and imply that the bug is fixed in Rev B, while it isn't - of the 3 issues documented, two say "fixed in rev B", but not the timing issue, and the Revision B section says "There are no known new functional issues specific to revision B.". I can confirm that genuine revision C chips are still bugged in bitbang mode. So, two silicon revisions later FTDI still hasn't fixed their broken bitbang mode, while the cloners got it right on the first try (as far as I can tell).
Title: Re: FTDIgate 2.0?
Post by: marcan on February 05, 2016, 06:12:12 pm
It seems that there is another company here that has decided to screw their customers by bricking their devices:

http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair?CMP=Share_iOSApp_Other (http://www.theguardian.com/money/2016/feb/05/error-53-apple-iphone-software-update-handset-worthless-third-party-repair?CMP=Share_iOSApp_Other)

I want to see how many here will try to defend their actions - they have all the right to refuse work with non-original and potentially counterfeit components, right?!

I'll bite. What Apple is doing here is bricking phones that have potentially been stolen and the button (which is also the fingerprint sensor) replaced to gain access to the stolen phone.

As far as I can tell, Apple isn't "bricking" anything, or at least we don't know that they are. Bricking implies deliberate action. FTDI was bricking devices - they wrote code for that purpose. iPhones are getting bricked, but we don't know that that was a deliberate choice.

We know that the home button sensor is paired to the phone (this is part of their security architecture, not some anti-repair crap). This just sounds like their update process makes the assumption that your home button module is the right module for your phone, and then when it isn't something goes wrong and it explodes. The "bricking" is just a consequence of the restore getting interrupted halfway through.

I'm usually one to bash Apple for their anti-competition, anti-third-party practices (they try really hard to stop Linux users from syncing music to their iPhones), but in this particular case, we don't really have any evidence of deliberate malicious action here, at least not yet.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 05, 2016, 06:14:57 pm
We are not talking about FTDIgate 1.0, bringing that up (the bricking) just muds the waters of the current situation and it's just used to distract the topic at hand, not helpful at all.

Did anyone tried the new released driver? does it only talk to the computer or does it still sends the string to the device as well?
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 05, 2016, 06:19:06 pm
So let's say that someone cloned Nvidia's graphics chipset and made their own board--should they just piggyback on Nvidia's drivers (which are part of Windows) rather than writing their own? Nvidia has invested millions in writing these drivers and it's a key part of their IP. Where do you draw the line?

Nvidia releases the driver to microsoft who distributes it gratiously to the user. The user does not sign an EULA for that driver, so he can use it for anything he wants, including reverse engineering it. You can also use the open source "nouveau" driver, which was developped by the community.


Now for a moment, let's assume Nvidoa had another buisness model. Nvidia does sell their driver and give away their board for free. You could use the graphics card with the open source nouveau driver, or you could purchase a right to use the proprietary GeForce driver. No problem with that. You can't give away something to people and try to restrict how they use it.
It's NVIDIA who does put a the line on what they want to give away.
But, if the boards Nvidia gives away put fire to your home, didn't respect ROHS, EMC, safety, or other regulations, they would still be liable. Exactly like people are angry at FTDI intentionally corrupting data.

Besides, it's true that another company is not supposed to use the VID/PID. But you are allowed to do such tricks for the sake of compatibility. Of course, it'S not a "USB" peripherial, because the USB consortium restricts the use of their brand to their members, and to using only their assigned VID. In short, you should not put the logo "USB" on the product. But you can sell it legally.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 05, 2016, 06:27:26 pm
So let's say that someone cloned Nvidia's graphics chipset and made their own board--should they just piggyback on Nvidia's drivers (which are part of Windows) rather than writing their own? Nvidia has invested millions in writing these drivers and it's a key part of their IP. Where do you draw the line?
Nvidia releases the driver to microsoft who distributes it gratiously to the user. The user does not sign an EULA for that driver, so he can use it for anything he wants, including reverse engineering it.
This angle has many similarities of companies cloning Intel's x86 architecture. It turned out Intel couldn't do anything about it!
The legal problem for FTDI is that their driver comes with Windows and is installed silently without the user acknowledging the driver may only be used with hardware made by FTDI.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 05, 2016, 06:29:03 pm
We are not talking about FTDIgate 1.0, bringing that up (the bricking) just muds the waters of the current situation and it's just used to distract the topic at hand, not helpful at all.

Perhaps you aren't but many of the people here are and have been discussing FTDI's actions in toto. It's their pattern of response to this issue that is telling - even if their most recent driver is less bad.

I think based on the numerous posters here and on other sites like Hackaday who have stated they are no longer designing products with FTDI chips due to their actions as well as the  numerous people stating they will no longer buy a product with an "FTDI" chip due to the risks involved shows that FTDI has already lost.

Out of curiosity - I just did an ebay search for "USB UART TTL serial converter"and was shocked to see how many of the listings specifically list alternative chips in the title. I don't remember that being the case in the past (before FTDIgate 1.0)   

Also - I defy anyone here who says - "just don't buy a cheap device and you'll avoid risking getting a clone" to point out which of the FTDI listings are guaranteed fake.  And BTW - I just tested one of the listed $2 FTDI converters which I bought several years ago and turns out the chip on it is not fake - go figure.

FTDI  has clearly lost this battle and all their doing now is speeding up the decline of their USB-serial converter business.  The back and forth here is great fun but irrelevant to  the eventual outcome of this saga.
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 05, 2016, 06:33:06 pm
Stolen phones are a big problem and I fully support any efforts on the part of the manufacturers to render stolen phones useless to the thieves. That's the only way to solve the theft problem. If a few innocent people inadvertently get their phones bricked as a result, then that's probably the price we have to pay to solve the greater problem of phone theft.

People die of liver cancer. So let's remove everyone's liver, healthy or otherwise, in order to prevent liver cancer.   :palm:

When you can't come up with an intelligent argument to get your point across, resort to the most extreme straw man possible.  :palm:

Oh, I got my my point across, but your argument (stolen devices) is absolutely void, because an iphone has several other securities measures other than the fingerprint  sensor.

A properly set up iphone (iOS 7+) can be completely and remotely bricked by the owner if it gets stolen. Post iOS 7, an iphone is effectively locked to an Apple ID, so it has zero value if stolen.

So, as we can see, Apple already had countermeasures in place in case an iphone gets stolen.

Now, and here comes the difference: a [dumb] user failed to set up security on the iphone properly, and it got stolen, and the thief was able to use the device. Whose fault is it: (a) Apple's (b) the user's (c) everyone else who happened to take his/hers legitimate phone to an unauthorized apple repair center?

Let me just give you an example: my state has over 20.8M inhabitants and exactly 853 cities, spread over 586,522.122 km². Do you know how many authorized Apple repair centers are in here? FIVE. That is why most people I know take the phone to unauthorized centers: unauthorized centers repair the phone in a few hours, while the authorized ones will keep your phone for over a month.

Now, you're saying that because Apple isn't able to attend the existing demand, people can't find a solution by their own? They have to subject to over a month wait because there aren't enough authorized repair centers?

And now, because a few people are too dumb to RTFM and properly set up the security in their devices, everyone should have their phones bricked?

My "extreme" comparison fits the bill precisely to what apple is doing. They are hurting people that have never stolen a phone, leaving them with a device that might have cost them a few months of salary just because some other people are completely retarded and can't set up an iphone properly. My comparison is quite precise.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 05, 2016, 07:05:17 pm
So let's say that someone cloned Microsoft's SMB protocol and made their own compatible implementation -- should they just piggyback on Microsoft's SMB subsystem (which is part of Windows) rather than writing their own OS? Microsoft has invested millions in developing this protocol and integrating it into their OS and it's a key part of their IP. Where do you draw the line?

Oh wait, it's called Samba, and MS was actually ordered by the European Commission (https://en.wikipedia.org/wiki/Microsoft_Corp_v_Commission) to supply the Samba developers with protocol information, as part of an antitrust case.

If you should have read your own links, you should have known that the reason was that microsoft has a near monopoly.
As far as I know, FTDI has no monopoly on the (emulated) serial port, neither a monopoly on USB-UART chips.
Please, don't try to behave like you are some kind of lawyer.
Title: Re: FTDIgate 2.0?
Post by: C on February 05, 2016, 07:56:07 pm

From wikipedia
Quote
Western Digital developed this into the first widely available single-chip UART, the WD1402A, around 1971. This was an early example of a medium scale integrated circuit.
A logic chip that sends & receives 5 to 8 bits of DATA.
No restriction on what type of data.
No requirement for a computer!
A hardware way to increase distance and reduce wires.

To save hardware costs, one or both ends might use a computer program to replace hardware.
A great program would verify it's outputs before sending it to the IC.
When operating systems were placed between the program that created the data and the WD1402A, it has to be transparent.

That is 45 years where data was data.

To be clear the FTDI chip is acting like that WD1402A on one end of the circuit and the FTDI driver is now between the program that could do safety checks and the WD1402A.

What happens to very large night print job?
The print job that uses a full box of paper with a cost of $25 to $200 per box.

That string in binary could be anything.
What is if in binary code for a computer chip or storage device?

The unknown is how much damage this output on the serial port has caused.
The second unknown is how much time and money this will cost someone's.

The third unknown is how soon a micro controller will appear in FTDI's packages with the USB, power and ground on the same pins.
 
Now some should be asking why the anti-Malware software on their computer has not flagged or removed this software.
Title: Re: FTDIgate 2.0?
Post by: marcan on February 06, 2016, 05:59:39 am
If you should have read your own links, you should have known that the reason was that microsoft has a near monopoly.
As far as I know, FTDI has no monopoly on the (emulated) serial port, neither a monopoly on USB-UART chips.
Please, don't try to behave like you are some kind of lawyer.

The reason they were forced to provide documentation is because they had a monopoly (hence, antitrust case). FTDI isn't being forced to do anything, because they're not a monopoly, but they also don't have the slightest case against clone chips using their driver (as long as they don't have an FTDI logo), for the same reason Samba is completely legal. Or are you suggesting that Samba would be illegal were it not for that antitrust ruling? My point is that not only is Samba legal, but, to reinforce that fact, the tables were even tilted the other way, against MS, as part of an antitrust ruling. If Samba were illegal to begin with that wouldn't have happened.
Title: Re: FTDIgate 2.0?
Post by: marcan on February 06, 2016, 06:48:30 am
Clone FT232 without using their logo is legal since FTDI, AFAIK did not patent the protocol.
Cloning SMB is not. M$ patented their protocol. However, the reason Samba is legal is because M$ explicitly gave up rights on SMB protocol, as well as many other commonly used M$ protocols/formats, like docx.
The discussion here is pretty much all about trademarks and copyright, which is why I didn't go into patents. Patents are a whole different can of worms, and this goes into the software patents debate which is still very much open. Suffice it to say that FTDI has no case based on their trademarks and copyright.

That said, talking specifically about Samba, it seems the MS patents in question were not infringed by Samba to begin with (https://www.samba.org/samba/ms_license.html) and are largely irrelevant. See here (https://www.samba.org/samba/PFIF/PFIF_agreement.html) for more info (you can't really patent a protocol as far as I know, you can patent specific implementation details, and other people can work around those patents, like Samba does).
Title: Re: FTDIgate 2.0?
Post by: Karel on February 06, 2016, 09:20:30 am
FTDI isn't being forced to do anything, because they're not a monopoly, but they also don't have the slightest case against clone chips
using their driver (as long as they don't have an FTDI logo),  ...

The counterfeit chips do have the FTDI logo. That's why it's counterfeit.
And that's why I sympathize with FTDI. They just try to make the counterfeit chips stop working.
I should have done the same.

Title: Re: FTDIgate 2.0?
Post by: f4eru on February 06, 2016, 09:32:00 am
The counterfeit chips do have the FTDI logo. That's why it's counterfeit...... They just try to make the counterfeit chips stop working.
Bullshit.
Most of these chips do not have a FTDI marking. So they are not counterfeits, they are clones.
Title: Re: FTDIgate 2.0?
Post by: timb on February 06, 2016, 10:48:02 am

1) They don't detect counterfeits. They detect non FTDI chips. It could be a legitimate compatible chip, a clone, a grey market FTDI silicon, or a counterfeit.

Legitimate manufacturers do not impersonate their competition by spoofing their vendor ID and product ID...{Snip}

Yeah, Compaq Computer Corporation totally wasn't a legitimate manufacturer. I mean, how dare they reverse engineer the PC BIOS and capitalize on the huge investment IBM had made by releasing a clone. The nerve!

Fact is, most of these FTDI compatible chips aren't counterfeits. By that I mean they're not direct copies of FTDI's die. Most of them were designed to replicate the function and protocol of the real thing, but are still uniquely different than a real FTDI chip.

The simple fact that FTDI is able to detect them all is proof of this. (If they were straight mask copies they would be functionally identical to a genuine device.)

It wouldn't be super hard for the clone makers to write a CDC device driver to support their own chips, and in modern OS' like OS X it's not strictly needed as there are generic drivers present. I think the big reason they emulate the FTDI protocol is because it's broadly supported out of the box on many platforms. I guess you could say FTDI's driver is Prolific. (http://img.timb.us/emoticon/downsrim.gif)
Title: Re: FTDIgate 2.0?
Post by: Ian.M on February 06, 2016, 10:56:49 am
Analogy time again:  FTDI are entitled to take their ball and go home, (i.e. driver rejects chips it doesn't like), but not to boot it at or through your picture window (i.e. knowingly modify, transiently or otherwise, your data or hardware in a way it wouldn't do with a genuine chip).
Title: Re: FTDIgate 2.0?
Post by: Karel on February 06, 2016, 12:10:59 pm
The counterfeit chips do have the FTDI logo. That's why it's counterfeit...... They just try to make the counterfeit chips stop working.
Bullshit.

You convinced me with your impressively intelligent reply.

Most of these chips do not have a FTDI marking.

It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.



Title: Re: FTDIgate 2.0?
Post by: madires on February 06, 2016, 01:47:28 pm
Clone FT232 without using their logo is legal since FTDI, AFAIK did not patent the protocol.
Cloning SMB is not. M$ patented their protocol. However, the reason Samba is legal is because M$ explicitly gave up rights on SMB protocol, as well as many other commonly used M$ protocols/formats, like docx.

It's much more complex:
https://en.wikipedia.org/wiki/Proprietary_protocol#Reverse_engineering (https://en.wikipedia.org/wiki/Proprietary_protocol#Reverse_engineering)
https://en.wikibooks.org/wiki/Reverse_Engineering/Legal_Aspects (https://en.wikibooks.org/wiki/Reverse_Engineering/Legal_Aspects)
https://www.samba.org/samba/docs/myths_about_samba.html (https://www.samba.org/samba/docs/myths_about_samba.html)
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 06, 2016, 01:53:57 pm
Quote
Reminds me of Angelina Jolie, who removed her breasts and ovaries just because she was afraid of cancer.

Unless she is trying to remove your breasts or ovaries, I have a hard time understanding what beef you have with her actions.
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 06, 2016, 01:58:07 pm
Quote
You can't give away something to people and try to restrict how they use it.

It is done all the time.

Quote
But, if the boards Nvidia gives away put fire to your home, ...they would still be liable.

The fact that you can sue them for liability and they are liable are two different things.

Quote
Besides, it's true that another company is not supposed to use the VID/PID. But you are allowed to do such tricks for the sake of compatibility.

I think you may have put too much stock in your understanding of the laws.
Title: Re: FTDIgate 2.0?
Post by: madires on February 06, 2016, 02:24:10 pm
The counterfeit chips do have the FTDI logo. That's why it's counterfeit.
And that's why I sympathize with FTDI. They just try to make the counterfeit chips stop working.
I should have done the same.

Nobody said that FTDI can't protect their IP and brand. It's about the way they do it. Bricking compatible chips or modifying data sent to a compatible chip is computer sabotage or willful damage to property in several countries. It's a crime and FTDI's management could face jail time. This is a fact! And it doesn't matter what FTDI writes in an EULA. If parts of the EULA violate local law, those parts are without any meaning. What FTDI can do legally is to identify products with counterfeit chips and to let law enforcement confiscate and destroy those imports. Or they can release a driver which simply doesn't work with counterfeit or compatible chips.

I don't get it that some people are advocating FTDI's criminal actions. FTDI has done it twice now.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 06, 2016, 02:33:35 pm
The counterfeit chips do have the FTDI logo. That's why it's counterfeit.
And that's why I sympathize with FTDI. They just try to make the counterfeit chips stop working.
I should have done the same.
Bricking compatible chips or modifying data sent to a compatible chip is computer sabotage ...

Preventing counterfeit chips from working with their (FTDI's) driver and inserting a string "not a genuine chip"
is a logical response. Counterfeit chips shouldn't be produced or imported in the first place.
Aim your anger at the counterfeiters.


Title: Re: FTDIgate 2.0?
Post by: c4757p on February 06, 2016, 02:47:06 pm
You have a very interesting definition of "logical". Also, you seem to be under the impression that only one person can be at fault for something at a time (and that it's whomever you like less)...
Title: Re: FTDIgate 2.0?
Post by: madires on February 06, 2016, 03:00:18 pm
Bricking compatible chips or modifying data sent to a compatible chip is computer sabotage ...

Preventing counterfeit chips from working with their (FTDI's) driver and inserting a string "not a genuine chip"
is a logical response. Counterfeit chips shouldn't be produced or imported in the first place.
Aim your anger at the counterfeiters.

Sorry, you can't argue a crime away. If FTDI's driver's would have just stopped working with counterfeit or compatible chips nobody would complain. But FTDI has overdone it in a way which is considered a crime in several countries.
Title: Re: FTDIgate 2.0?
Post by: janoc on February 06, 2016, 03:02:22 pm
Preventing counterfeit chips from working with their (FTDI's) driver and inserting a string "not a genuine chip"
is a logical response. Counterfeit chips shouldn't be produced or imported in the first place.
Aim your anger at the counterfeiters.

Karel, you keep repeating the same BS over and over. That won't make any more valid.

You are conflating two issues. Nobody is taking away FTDI's right to defend their IP or their rights. But they must do it in a legal manner. A good example of this was the hullabaloo when Fluke had Sparkfun's shipment of dodgy multimeters confiscated for trademark violation. That is the way to handle it, even though still a bit dicky move on Fluke's part - but they have actually shown good will compensated Sparkfun for it, even though they didn't have to do so.

If FTDI were a French company, they would have been roasted by the state for this already, because it is illegal to tamper with someone else's equipment - it is considered sabotage, especially as it is obviously intentional and not just "happens to not work because we don't guarantee compatibility".

It is the same concept as me not being able to simply shoot and kill a thief stealing my bike - I would end in jail for murder, plain and simple. That doesn't mean I have to let the thief steal it but I must use an a proportionate response instead of just blasting a hole in their head.

There is a concept of proportionality in law - your defense cannot cause more harm or harm that would be grossly out of proportion to the possible damage that could happen if there was no defense. So beating that bike thief up in the process would probably be still considered reasonable, taking their life would be not.

In FTDI's case all that it will take is a single accident that could be attributed to FTDI's grossly reckless actions and people will go to jail, regardless of what you are thinking is their right to do. It is just sad that there are actually people around who still don't get this concept.

Title: Re: FTDIgate 2.0?
Post by: 0xdeadbeef on February 06, 2016, 03:07:51 pm
This kind of discussion always gets so emotional. Nobody would have complained if FTDI would implement their drivers and tools in a way that they only work with their own products. That's their right and if they did so from the very beginning, this whole problem would have never existed.
On the other hand bricking ICs (and thus devices) or potentially damaging devices by sending out garbage is a no-go. Even though admittedly the chances that an identified fake chip doesn't have an FTDI logo is about as unlikely as people being killed or injured by the "non genuine" string, the mere fact that both is not 100% impossible should be more than enough reason never to do such a thing. Obviously nobody of us has the juridical knowledge to judge the legal implications exactly, but it must be clear that even potentially damaging other people's property is nothing you can do without at least expecting to get legal trouble.
To talk in pictures as this was done so many times before in this thread: if someone stole your car, you should call the police, but setting his house on fire would be considered a crime in most civilized countries. Now to make the picture even more accurate, this is like setting the house of someone on fire who bought your stolen car unknowingly. Who could claim this was just or reasonable?
Title: Re: FTDIgate 2.0?
Post by: Karel on February 06, 2016, 03:16:50 pm
Preventing counterfeit chips from working with their (FTDI's) driver and inserting a string "not a genuine chip"
is a logical response. Counterfeit chips shouldn't be produced or imported in the first place.
Aim your anger at the counterfeiters.

Karel, you keep repeating the same BS over and over.

You convinced me with your impressively intelligent reply.

It is the same concept as me not being able to simply shoot and kill a thief stealing my bike ...

I guess you have lost connection with reality. If french people considder that killing a bicycle thief is
the same concept as a softwaredriver that refuses to work with counterfeit chips (chips who shouldn't be produced,
sold or imported in the first place), well, then I'm glad I don't live in France.

Title: Re: FTDIgate 2.0?
Post by: c4757p on February 06, 2016, 03:26:01 pm
It's a fair analogy, if a bit hyperbolic - in other words, just because somebody does something bad to you, that doesn't mean you get license to do whatever you want to them. All the arguments that FTDI can do this 'because counterfeiters' are missing the point of the argument, which is whether it's a reasonable thing to do at all regardless of why they're doing it.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 06, 2016, 03:28:37 pm
Sorry, you can't argue a crime away.

Whether or not FTDI has committed a crime still needs to be determined. In the country where I live,
we have legal system with judges for that. So far, I haven't heard about any lawsuit against FTDI.

What we do know for sure is that counterfeiting is a crime (at least in most western countries).
So, aim your anger to the counterfeiters.

Title: Re: FTDIgate 2.0?
Post by: madires on February 06, 2016, 04:43:38 pm
Sorry, you can't argue a crime away.

Whether or not FTDI has committed a crime still needs to be determined. In the country where I live,
we have legal system with judges for that. So far, I haven't heard about any lawsuit against FTDI.

Then please ask a lawyer in your country! I'm not a lawyer but I got an education in basic law and have been involved in legal topics, some being the contact for law enforcement. For Germany it's StGB §303a and §303b ( http://www.gesetze-im-internet.de/stgb/__303a.html (http://www.gesetze-im-internet.de/stgb/__303a.html) and  http://www.gesetze-im-internet.de/stgb/__303b.html (http://www.gesetze-im-internet.de/stgb/__303b.html) , Google Translate might help). If the broken device would be a medical device, a SCADA system or production machine for example, things would become interesting. But nobody would file a complaint about a cheap gadget (the damage would be too small).
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 06, 2016, 04:49:00 pm
Quote
If the broken device would be a medical device,

What is a "broken device"? Who "broke" it?
Title: Re: FTDIgate 2.0?
Post by: Karel on February 06, 2016, 05:08:38 pm
Sorry, you can't argue a crime away.

Whether or not FTDI has committed a crime still needs to be determined. In the country where I live,
we have legal system with judges for that. So far, I haven't heard about any lawsuit against FTDI.
Then please ask a lawyer in your country!

The people who claim that FTDI is doing something illegal should do that.
I don't have any problems with FTDI. No need for me to ask a lawyer.

I'm not a lawyer ...

Fortunately, I don't need one anyway.

If the broken device would be a medical device, a SCADA system or production machine for example, things would become interesting.

FTDI's driver has been out for quiet some time now and nothing "interesting" has happened so far.


Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 06, 2016, 05:15:22 pm
Hmm they committed a crime?

Well, since they are part of the UK and they are part of the EU, then go ahead by all means and report them to the authorities.

Since you are so sure you get a lawyer and take action.
Title: Re: FTDIgate 2.0?
Post by: amyk on February 06, 2016, 05:36:36 pm
Totally sure. It's a documented errata (http://www.ftdichip.com/Support/Documents/TechnicalNotes/TN_120_FT232R%20Errata%20Technical%20Note.pdf) of the FT232R that was never fixed as far as I can tell, and there is no usable workaround (the workaround in that PDF is total bullshit, because you can't actually feed it data fast enough through USB to keep up with the max bitbang clockrate). The clone chip got it right. The errata PDF actually goes out of its way to be misleading and imply that the bug is fixed in Rev B, while it isn't - of the 3 issues documented, two say "fixed in rev B", but not the timing issue, and the Revision B section says "There are no known new functional issues specific to revision B.". I can confirm that genuine revision C chips are still bugged in bitbang mode. So, two silicon revisions later FTDI still hasn't fixed their broken bitbang mode, while the cloners got it right on the first try (as far as I can tell).
I can imagine the hilarity of someone whose design was based on the clone and worked until they ran into this problem with the new drivers and replaced their chip with a genuine one, only to find that it's now not working like it should... :-DD

It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.
Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577) from the first FTDIgate.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 06, 2016, 05:50:37 pm
It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.
Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577) from the first FTDIgate.

I followed your links but I couldn't find any real information about those chips like where I can buy them, and where to find
the datasheet. Can you please provide links with some real useful info?
Title: Re: FTDIgate 2.0?
Post by: madires on February 06, 2016, 05:51:40 pm
Quote
If the broken device would be a medical device,

What is a "broken device"? Who "broke" it?

"Broken device" is a simplification. The act of manipulating data ("NON GENUINE DEVICE FOUND!" instead of what ever is sent) without consensus is a criminal act by itself (§ 303a). Penalty is a fine or up to 2 years jail time. The offender is FTDI with their windows driver sending "NON GENUINE DEVICE FOUND!".

§ 303b is about interfering, modifying or damaging computer based systems which are important to someone else, also includes § 303a. There are three levels of penalties, for private computer systems, for corporate computer systems (includes authorities as well) and for huge damages, cyber criminals and important infractructure. Modifying the USB ID is clearly an illegal modification. Based on what the actual damage is, it could be just a fine (private/corporate) or jail time (up to 3 (private), 5 (corporate) or 10 (huge damage ...) years). The offender is FTDI with the old driver modifying the USB ID. Or with the new one sending "NON GENUINE DEVICE FOUND!" in case that the manipulation interferes with a computer system which is important to the victim.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 06, 2016, 05:56:05 pm
Since you are in the EU, then report them, let us know how that went.
Title: Re: FTDIgate 2.0?
Post by: madires on February 06, 2016, 06:02:18 pm
Hmm they committed a crime?

Well, since they are part of the UK and they are part of the EU, then go ahead by all means and report them to the authorities.

Since you are so sure you get a lawyer and take action.

:palm: I'm out. Can't argue about law with people without a basic understanding of law. Silly me.

Just a small hint: please read about "Strafanzeige" and "Strafantrag" and maybe you'll understand.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 06, 2016, 06:09:39 pm


"Broken device" is a simplification. The act of manipulating data ("NON GENUINE DEVICE FOUND!" instead of what ever is sent) without consensus is a criminal act by itself (§ 303a). Penalty is a fine or up to 2 years jail time. The offender is FTDI with their windows driver sending "NON GENUINE DEVICE FOUND!".

§ 303b is about interfering, modifying or damaging computer based systems which are important to someone else, also includes § 303a. There are three levels of penalties, for private computer systems, for corporate computer systems (includes authorities as well) and for huge damages, cyber criminals and important infractructure. Modifying the USB ID is clearly an illegal modification. Based on what the actual damage is, it could be just a fine (private/corporate) or jail time (up to 3 (private), 5 (corporate) or 10 (huge damage ...) years). The offender is FTDI with the old driver modifying the USB ID. Or with the new one sending "NON GENUINE DEVICE FOUND!" in case that the manipulation interferes with a computer system which is important to the victim.

Lol, All FTDI has to do is say "You were using a piece of software that was never advertised nor intended to work with the hardware you had connected to your system." Whether you installed it yourself or you had your computer configured to install it automatically, both are your responsibility to control.

I mean think of it, setting the precedent that by simply copying a VID:PID makes the original certified owners of that ID suddenly liable for any damage caused by malfunction (intentional or not) due to driver mis-identification is ludicrous. That's the whole point of the VID:PID system, to create unique identifying pairs for software to match hardware. Those that broke that trust system should be liable for any damage.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 06, 2016, 06:16:29 pm
Hmm they committed a crime?

Well, since they are part of the UK and they are part of the EU, then go ahead by all means and report them to the authorities.

Since you are so sure you get a lawyer and take action.

:palm: I'm out. Can't argue about law with people without a basic understanding of law. Silly me.

Since you are such an expert in law and you seen a company committing a crime as you said. Then as an EU citizen you should report them. I don't claim to have intrinsic knowledge of EU law at all, but you do make such claims.

Not reporting a crime is as bad as committing one, right?
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 06, 2016, 06:19:43 pm
Just a small hint: please read about "Strafanzeige" and "Strafantrag" and maybe you'll understand.

Does that mean that you want us to report it for you? I have no beef with FTDI at all.
Title: Re: FTDIgate 2.0?
Post by: madires on February 06, 2016, 06:26:42 pm
Since you are such an expert in law and you seen a company committing a crime as you said. Then as an EU citizen you should report them. I don't claim to have intrinsic knowledge of EU law at all, but you do make such claims.

Not reporting a crime is as bad as committing one, right?

This is my absolute last reply in this thread:

I'm not an expert, but I have a basic understanding of German law and know my limits. Please read about "Strafanzeige" and "Strafantrag" and maybe you'll understand that your suggestion doesn't make sense. And trolling me doesn't change any facts, but if you like, keep going.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 06:34:12 pm
Not reporting a crime is as bad as committing one, right?

Um no - of course it isn't. Is that what you really believe?  If so are you taking down the license plate numbers and reporting every speeder you see on the road? How about every person you see littering? Every person you know who has illegally downloaded pirated software or media?


I have a question for those here who are voraciously defending and excusing FTDI's actions:

Why have they taken the approach of first bricking chips and then having chips send out erroneous data instead of simply making their driver not work with the clones?

In my mind that is the crux of the issue. In both cases they have deliberately chosen to take punitive action against the end user - not the clone makers but the end user - who in almost every case has no way of knowing they purchased a product with a cloned chip! 

This along with way they've handled the controversy in social media is very telling of their mindset and why so many have decided to stop using their chips in their designs and stop buying products that use their chips.

Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 06, 2016, 06:38:28 pm
I have a question for those here who are voraciously defending and excusing FTDI's actions:

Why have they taken the approach of first bricking chips and then having chips send out erroneous data instead of simply making their driver not work with the clones?

Been answered in this thread:

Quote
Have you ever installed an updated driver to find the hardware stop working? What’s the first thing you do? Do you rip open your computer or device and check all chips for authenticity? What many people do (and admit it, you would to), is roll-back to the last known working driver, curse the company for making a bad new driver, and never update the driver again. That does nothing to alert anyone to a bad supply chain and makes you think FTDI is bad at writing working drivers.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 06, 2016, 06:43:56 pm
Not reporting a crime is as bad as committing one, right?

Um no - of course it isn't. Is that what you really believe?  If so are you taking down the license plate numbers and reporting every speeder you see on the road? How about every person you see littering? Every person you know who has illegally downloaded pirated software or media?

That is not criminal. I think there is a differentiation of Crime vs Breaking the Law.

Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 06:59:15 pm

Been answered in this thread:

Quote
Have you ever installed an updated driver to find the hardware stop working? What’s the first thing you do? Do you rip open your computer or device and check all chips for authenticity? What many people do (and admit it, you would to), is roll-back to the last known working driver, curse the company for making a bad new driver, and never update the driver again. That does nothing to alert anyone to a bad supply chain and makes you think FTDI is bad at writing working drivers.

Alright - that is one rational - but it does not answer the question of why they chose to do something that is punitive to the end user.

The answer I think is obvious: - they care more about trying to stop clones than they do about their customers. And yes it IS THEIR customers that they are impacting - because those affected thought they were buying FTDI chips.

As Dave said in the recent Amp Hour show - the onus is on FTDI to develop a technology or other means to make their chips clearly distinct and make the cloners jobs more difficult. (he suggested a holographic type label on the chip as one possible way).  They are doing none of that. Instead they have chosen to take the cheap, lazy way out and change their driver in a way that affects the end user. The most this can possibly achieve to decrease clones is to do so by decreasing  overall use of any FTDI type chips.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 07:07:54 pm
I think there is a differentiation of Crime vs Breaking the Law.
Perhaps English is not your first language?   A crime is synonymous with breaking the law. (https://www.google.com/search?q=definition+of+a+crime&ie=utf-8&oe=utf-8A)

But you were just trolling with your question to Madires weren't you?  I don't believe you or any sane person believes that not reporting a crime is just as bad as committing the crime itself.
Title: Re: FTDIgate 2.0?
Post by: donotdespisethesnake on February 06, 2016, 07:11:06 pm
It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.
Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577) from the first FTDIgate.

I followed your links but I couldn't find any real information about those chips like where I can buy them, and where to find
the datasheet. Can you please provide links with some real useful info?

You can find the Integral IZ232R datasheet here http://www.bms.by/eng/spec/index.php?pass=inf1 (http://www.bms.by/eng/spec/index.php?pass=inf1)
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 06, 2016, 07:23:12 pm
Alright - that is one rational - but it does not answer the question of why they chose to do something that is punitive to the end user.

The answer I think is obvious: - they care more about trying to stop clones than they do about their customers. And yes it IS THEIR customers that they are impacting - because those affected thought they were buying FTDI chips.

As Dave said in the recent Amp Hour show - the onus is on FTDI to develop a technology or other means to make their chips clearly distinct and make the cloners jobs more difficult. (he suggested a holographic type label on the chip as one possible way).  They are doing none of that. Instead they have chosen to take the cheap, lazy way out and change their driver in a way that affects the end user. The most this can possibly achieve to decrease clones is to do so by decreasing  overall use of any FTDI type chips.

Well, step back and look it it from another direction and apply some business logic.

Because drivers don't run in userspace, the other heavily suggest option of "pop-up message" can't be done either. And system logs can be ignored. They choose the way users would most likely be alerted to the fact the have a counterfeit device, by printing out a message in the one place the driver has the direct ability to and will most likely be seen by a user.

Now, the fundamental difference between the 2 sides arguing here is this:

1)  One side believes they should be able to use clones or counterfeit devices even if they are aware of them. 'If it works, it works, who cares if it's not authentic, right?' They are pissed that FTDI is taking their toys away, or that's what if feels like to them. They are using the 'poor end user who has no idea' as an example of why allowing clones to work should be a burden on FTDI.

2) The other side refuses to accept using clones or counterfeits at all. They feel when you buy from companies like FTDI, you pay more for the quality, customer service and support. You have paid more for a company that goes to the trouble to get drivers into the Windows update ecosystem so rapid deployments are easier. And you pay a supplier more to guarantee authentic parts. They are more pissed that a supplier failed by shipping knock-offs instead of the real thing. They support FTDI in their effort to identify and discourage cloning and counterfeiting.

I'm obviously in group 2. Even if a find mid production that products have clone chips in them, they come off the line. I don't care if it seems to work, or maybe even tests better. It's too risky to put trust in an unknown system.

Again, i know of one company that uses FTDI cables in the 4-5 figure magnitude. They are plugged into customer owned windows computers. They aren't batting an eye at these developments, as they trust their supply chain. They would rather have any fakes identified and replaced all at once by a mechanism like this as it is more cost effective than replacing them over time as they prematurely fail. Now I haven't heard of any of their customers reporting issues yet, but be sure if cables did come back clones, the supplier would have hell to pay.
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 06, 2016, 07:27:25 pm
Here is this irony. You guys are so sure of fdti having commtted a crime, and yih are so sure yiy will prevail.

Yet, you are so afraid of suing fdti. What are you waiting for? Mortgage your house, let go of your job, concentrate on winning a lawsuit vs fdti. Since you are so right and they so wrong, I'm sure your winning will be big.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 06, 2016, 07:30:43 pm
I think there is a differentiation of Crime vs Breaking the Law.
Perhaps English is not your first language?   A crime is synonymous with breaking the law. (https://www.google.com/search?q=definition+of+a+crime&ie=utf-8&oe=utf-8A)

But you were just trolling with your question to Madires weren't you?  I don't believe you or any sane person believes that not reporting a crime is just as bad as committing the crime itself.

Crime in the US is a misdemeanor or a felony, both carry imprisonment. Then you have a Violation which also carries imprisonment but of under 15 days but doesn't go into a criminal record.
Then you have infractions and offences.

But you are right, in the US is not a crime to not report a crime:
https://en.wikipedia.org/wiki/Misprision_of_felony (https://en.wikipedia.org/wiki/Misprision_of_felony)

It's still an offence in the US, but it's a misdemeanor in other countries including England. So failure to report can get you imprisonment.

So I guess I exaggerated a lot, let's say that it's illegal not to report a crime unless you are a close family member. I guess for a company it might include employees of that company, but not officers of such company.

Edit: correction, I guess it's still a misdemeanor in Virginia and can land you in jail.
http://crimlaw.blogspot.com/2009/04/misprision-of-felony-failing-to-report.html (http://crimlaw.blogspot.com/2009/04/misprision-of-felony-failing-to-report.html)

Edit2: another correction, since 1997 is not a misdemeanor (which fall under crime) not to report a felony (which also fall under crime) in the UK.
There might be exceptions if the crime is of a terrorist act or a hate crime but I'm not going to dig more into it.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 06, 2016, 07:32:20 pm
Here is this irony. You guys are so sure of fdti having commtted a crime, and yih are so sure yiy will prevail.

Yet, you are so afraid of suing fdti. What are you waiting for? Mortgage your house, let go of your job, concentrate on winning a lawsuit vs fdti. Since you are so right and they so wrong, I'm sure your winning will be big.


Why? Not everything has to drag lawyers in. In fact, the fewer lawyers, the better. Personally, I don't care whether they committed a crime or not, that doesn't factor into my judgment of whether someone is a dickhead at all. I never imagined they had done something criminal. They're just dicks.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 07:37:21 pm

1)  One side believes they should be able to use clones or counterfeit devices even if they are aware of them. 'If it works, it works, who cares if it's not authentic, right?' They are pissed that FTDI is taking their toys away, or that's what if feels like to them. They are using the 'poor end user who has no idea' as an example of why allowing clones to work should be a burden on FTDI.


No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...

I and many others do not have any particular desire to use clones or counterfeits. I've seen no one here who claims they do. As far as i know, I have no devices with cloned/counterfeited chips.  Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips. It's easy since there are several other good choices.

The issue - once again - is that there is no way for the end user to know for sure they are getting a device with authentic chip. Furthermore, even if there was - the majority of consumers would likely not know about it - since most will know nothing about FTDI, usb-serial conversion, etc.  IOW - people with no knowledge or intention to buy a device with a cloned chip (or make a device with a cloned chip) are being adversly affected.

Since FTDI clearly knows this is the case - their actions reveal their motives and ethics - that is what is driving people away from them.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 07:40:23 pm
Personally, I don't care whether they committed a crime or not, that doesn't factor into my judgment of whether someone is a dickhead at all. I never imagined they had done something criminal. They're just dicks.
Yep, absolutely. I feel the same. Crime, no crime - who cares as far as I'm concerned.  All I know is they are acting like incompetent dickheads. Who wants to buy or use products from such a company? I certainly don't.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 06, 2016, 08:24:30 pm

No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...


No need to be rude. I could say the same to you, as you seem to be missing my point even though it's been repeated.

Quote

 Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips. It's easy since there are several other good choices.


Don't have that option? You don't have an option to buy from trusted dealers? Why? Yes you do.  Buy from trusted dealers and if you can test incoming stock, do that too. (which we now can!)

None of us can be 100.000000000% sure we get real parts, but we can be 99.999999% sure if we buy from certified suppliers, and feel better that they should cover any costs of replacing any fakes we do get from them. As we pay them to get the real deal.

Again, You want to understand us? It's easy, clones or counterfeits are never acceptable to us, even if they work. I'd rather have them deactivated (even in our customers hands) so we can find and replace them, and berate the supplier into paying costs or lose our business.

Does anyone have a Digikey order# that ended up being fake FTDIs? OR have we all spent 555 posts arguing about a hypothetical that never happened?
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 06, 2016, 08:36:37 pm
This kind of discussion always gets so emotional. Nobody would have complained if FTDI would implement their drivers and tools in a way that they only work with their own products. That's their right and if they did so from the very beginning, this whole problem would have never existed.
On the other hand bricking ICs (and thus devices) or potentially damaging devices by sending out garbage is a no-go. Even though admittedly the chances that an identified fake chip doesn't have an FTDI logo is about as unlikely as people being killed or injured by the "non genuine" string, the mere fact that both is not 100% impossible should be more than enough reason never to do such a thing. Obviously nobody of us has the juridical knowledge to judge the legal implications exactly, but it must be clear that even potentially damaging other people's property is nothing you can do without at least expecting to get legal trouble.
To talk in pictures as this was done so many times before in this thread: if someone stole your car, you should call the police, but setting his house on fire would be considered a crime in most civilized countries. Now to make the picture even more accurate, this is like setting the house of someone on fire who bought your stolen car unknowingly. Who could claim this was just or reasonable?
People here are too kind in answering and treating seriously the FDTI PR rubbish replies, and so ended up getting emotion with all the rubbish logic.  I don't think FDTI is so stupid not to know the problems they are going to create to their past supporters.  They decided to abandon these people as they think they can legally shift any contanmination of their supply chains downwards, and can do so safely for all past sale.  Legally, likely they are at the upper hand, it is almost impossible to trace back for the end-customers.  Most likely people do not have the time and resources to go after them.  And likely FDTI have accepted the lost of the "cable" business.  So why the recent moves, they must know about Prolific saga and likely got a windfall from their mis-step.  Either they are very desperate now, or they are going after the only big variant in the market now:  the movement of hobbyist, maker, pi amd arduino communities.   Developers here, must not throw your good money and good effort after FDTI, no sane people doing integration can accept the uncertainty of using FDTI.  The cost of correcting a field problem is VERY huge, many many factors of a FDTI chip. 
In my view, they are NOT going to get the market of the maker communities either.  These people know too much, have plenty of time, too price sensitive, changing and redeveloping is not chore but fun.  This market is and will never be the taking for FDTI.  FDTI by trying to screws your old market and your preceived new market, you shall ended up been screwed.   FDTI has abandoned its own brand.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 09:27:52 pm

No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...


No need to be rude.
I was not being rude

Quote
I could say the same to you, as you seem to be missing my point even though it's been repeated.
I have not misrepresented your position as you have done of others.
Quote

Don't have that option? You don't have an option to buy from trusted dealers? Why? Yes you do.  Buy from trusted dealers and if you can test incoming stock, do that too. (which we now can!) 

Once again you're ignoring the issue. I am not manufacturing boards - I am an end user. Please tell  me which  of these products  (http://www.ebay.com/sch/i.html?_nkw=usb%20serial%20converter%20ftdi&ssPageName=GSTL) contain fake chips and which do not.  How about these (https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=usb+serial+converter+ftdi&rh=i%3Aaps%2Ck%3Ausb+serial+converter+ftdi)?

As for buying chips. For my projects I usually buy from Digikey - but not always. Some people don't have that option. But more importantly - someone who uses a contract manufacturer may have no control of where the chips in their product comes from.  And it's already has been shown that fake chips have infiltrated usually reliable supply chains.

Title: Re: FTDIgate 2.0?
Post by: nctnico on February 06, 2016, 09:38:14 pm
No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...
No need to be rude. I could say the same to you, as you seem to be missing my point even though it's been repeated.
Quote
Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips. It's easy since there are several other good choices.
Don't have that option? You don't have an option to buy from trusted dealers? Why? Yes you do.  Buy from trusted dealers and if you can test incoming stock, do that too. (which we now can!)
No you can't test your incoming stock because you don't know what the cloners and FTDI come up with next. Besides that I don't want to test incoming stock if I can avoid it because it costs me time & money which doesn't add value to my product. Using a different UART to USB is much easier especially since Windows 10 supports a whole range of serial port products out of the box (about 15 years after Linux but hey they finally got it).
FTDI has a conflict with the cloners and the best thing to do in case of a conflict is run away from it as far as you can or you might get hurt. When the shit hits the fan you better not be around!
Title: Re: FTDIgate 2.0?
Post by: Someone on February 06, 2016, 09:54:38 pm

No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...


No need to be rude.
I was not being rude

Quote
I could say the same to you, as you seem to be missing my point even though it's been repeated.
I have not misrepresented your position as you have done of others.
Quote

Don't have that option? You don't have an option to buy from trusted dealers? Why? Yes you do.  Buy from trusted dealers and if you can test incoming stock, do that too. (which we now can!) 

Once again you're ignoring the issue. I am not manufacturing boards - I am an end user. Please tell  me which  of these products  (http://www.ebay.com/sch/i.html?_nkw=usb%20serial%20converter%20ftdi&ssPageName=GSTL) contain fake chips and which do not.  How about these (https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=usb+serial+converter+ftdi&rh=i%3Aaps%2Ck%3Ausb+serial+converter+ftdi)?

As for buying chips. For my projects I usually buy from Digikey - but not always. Some people don't have that option. But more importantly - someone who uses a contract manufacturer may have no control of where the chips in their product comes from.  And it's already has been shown that fake chips have infiltrated usually reliable supply chains.
Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

Wha wha wha, why can't I buy genuine handbags from the sunday market stalls, wha wha wha.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 10:04:09 pm
Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

So your answer is to buy from the most expensive place possible? 

If that is FTDIs answer then once again - it would demonstrate their incompetence and complete disregard for their customers since very few would do that. Why would anyone do that when there are numerous - perfectly functional alternatives available that use other manufacturers chips for much lower prices?

You've just demonstrated the point perfectly: FTDI is insensitive to customer needs and their current efforts to combat cloners is hurting themselves more than the cloners.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 06, 2016, 10:07:34 pm
Please tell  me which  of these products  (http://www.ebay.com/sch/i.html?_nkw=usb%20serial%20converter%20ftdi&ssPageName=GSTL) contain fake chips and which do not.  How about these (https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=usb+serial+converter+ftdi&rh=i%3Aaps%2Ck%3Ausb+serial+converter+ftdi)?

I can't tell you, the seller does. I can guarantee (or really Sparkfun guarantees) that this is a real FTDI product (https://www.sparkfun.com/products/9716). And if it's not, they will replace it for one that is.

If you buy from eBay plug it into your computer and get garbage data, it's because you are using a product with the wrong driver. Complain to your seller, as it's their fault. They don't respond? Then it's your fault from buying from a seller without good support channels.

Do you not realize when you buy a product, you have to pay for more than just the cost of the BOM of that product? You don't have to buy from the most expensive source, but you have to itemize what you are paying for. When you buy from eBay, you are not paying for reliable real products nor customer support. 
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 10:14:40 pm
If you buy from eBay plug it into your computer and get garbage data, it's because you are using a product with the wrong driver. Complain to your seller, as it's their fault. They don't respond? Then it's your fault from buying from a seller without good support channels.

If you think that is the answer, you clearly don't understand the world of the electronics hobbyist. In the real world the answer is to avoid FTDI products as I and many others are doing. How's that gonna work for FTDI?

What's your answer to the designer using a contract manufacturer for their product? Once their large order has been made with a chip that later no longer works - how are they supposed to address that without a large loss to their business?  Again - the answer - don't risk it - design with one of the alternatives. How's that good for FTDI?
Title: Re: FTDIgate 2.0?
Post by: Someone on February 06, 2016, 10:18:27 pm
Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

So your answer is to buy from the most expensive place possible? 

If that is FTDIs answer then once again - it would demonstrate their incompetence and complete disregard for their customers since very few would do that. Why would anyone do that when there are numerous - perfectly functional alternatives available that use other manufacturers chips for much lower prices?
Free market, so if you like the alternatives so much buy them instead and stop complaining, if you want authentic FTDI parts you need to buy through their channels not your arbitrary choice of lowest cost supplier.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 06, 2016, 10:23:08 pm

If you think that is the answer, you clearly don't understand the world of the electronics hobbyist. In the real world the answer is to avoid FTDI products as I and many others are doing. How's that gonna work for FTDI?


LOL, they will laugh? I doubt even 1% of their sales are ultimately for hobbyist and even small business selling to hobbyist. And no one that I have spoken to that deals with FTDI orders in 5 figures has batted an eye at this issue, because, again, trusted supply chains at trusted for a reason.

Quote
What's your answer to the designer using a contract manufacturer for their product? Once their large order has been made with a chip that later no longer works - how are they supposed to address that without a large loss to their business?  Again - the answer - don't risk it - design with one of the alternatives. How's that good for FTDI?

Write better contracts that include support and guarantee authenticity and reliability estimates? When the contract isn't met, sue. There's always a chance a counterfeit part fails and ruins an entire product line. Clauses against such events aren't new.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 10:25:24 pm
Free market, so if you like the alternatives so much buy them instead and stop complaining, if you want authentic FTDI parts you need to buy through their channels not your arbitrary choice of lowest cost supplier.

I'm not complaining at all and I'm not put out by FTDIs actions personally at all. This is a forum for discussion.  FTDIs actions are a topic of discussion.  If that's your tact then you've run out of arguments.

 I and others just find it remarkably boneheaded of FTDI to do the things they've done. They could dissapear tomorrow from the USB-serial converter business and it would barely cause a hiccup - I suspect that is what will happen eventually.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 06, 2016, 10:26:06 pm
Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

So your answer is to buy from the most expensive place possible? 

If that is FTDIs answer then once again - it would demonstrate their incompetence and complete disregard for their customers since very few would do that. Why would anyone do that when there are numerous - perfectly functional alternatives available that use other manufacturers chips for much lower prices?
Free market, so if you like the alternatives so much buy them instead and stop complaining, if you want authentic FTDI parts you need to buy through their channels not your arbitrary choice of lowest cost supplier.
The problem is that in every supply chain there is a been counter which thinks he/she is smarter than the rest and buys parts from a shady source to save a few pennies. How do you think those Nigerians scam even very smart people into giving them their money?
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 10:28:22 pm
I doubt even 1% of their sales are ultimately for hobbyist and even small business selling to hobbyist.  And no one that I have spoken to that deals with FTDI orders in 5 figures has batted an eye at this issue, because, again, trusted supply chains at trusted for a reason.

Then why did they backtrack on their initial approach to bricking clones?  Why is their CEO going to be interviewed by Adafruit?

Quote
Write better contracts that include support and guarantee authenticity and reliability estimates? When the contract isn't met, sue. There's always a chance a counterfeit part fails and ruins an entire product line. Clauses against such events aren't new.

Why go to the trouble and expense of doing that when it is just easier to specify a non-FTDI chip?

Again - FTDI's actions are hurting themselves at least as much as the cloners.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 06, 2016, 10:31:27 pm
They could dissapear tomorrow from the USB-serial converter business and it would barely cause a hiccup

You must not have experience in industry if you think this is the case. There's a reason why FTDI can charge what they charge and why so many people want to counterfeit them instead of compete with them.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 06, 2016, 10:33:05 pm

Then why did they backtrack on their initial approach to bricking clones?  Why is their CEO going to be interviewed by Adafruit?


The power of the vocal minority.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 06, 2016, 10:42:10 pm
Write better contracts that include support and guarantee authenticity and reliability estimates? When the contract isn't met, sue. There's always a chance a counterfeit part fails and ruins an entire product line. Clauses against such events aren't new.
Why go to the trouble and expense of doing that when it is just easier to specify a non-FTDI chip?
I agree. When confronted with large claims companies easy go bankcrupt or tie you up in legal procedings for decades especially if there is a long chain of companies to iterate through. The easiest solution is to avoid potentially cloned devices all together so the production lines of customers keep working as they should and everybody is happy so the repeat orders keep coming in.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 10:48:12 pm

The power of the vocal minority.

So on the one hand the argument is that the cloners are causing them real harm but then you claim that it is only a small minority being impacted.

Whatever the case,  it is a real issue for them and it is impacting their business - otherwise they would not be doing this. 

The bottom line is their brand is being tarnished - not by the cloners but by their own actions.

Dave has a significant audience - the fact that he has pointed this out and they felt the need to ban him on Twitter - also demonstrates that it is a significant issue for them. And it's not just EEVBlog. There has been similar sentiment on Hack a Day and other forums. These forums are not just used by hobbyists.
Title: Re: FTDIgate 2.0?
Post by: onlooker on February 06, 2016, 11:31:31 pm
Quote
LOL, they will laugh? I doubt even 1% of their sales are ultimately for hobbyist and even small business selling to hobbyist. And no one that I have spoken to that deals with FTDI orders in 5 figures has batted an eye at this issue, because, again, trusted supply chains at trusted for a reason.

There are some other similar arguments throughout the threads. Other the other hand, as already mentioned, hobbyists are price sensitive; without clones they are not likely to adapt real FTDI. 

It seems all these boil down to imply clones did not and will not really have impact to the sales of real FTDI in the past, now or in the future. Then, why FTDI is bothered to fight clones? It does not make too much business sense or logical sense?
Title: Re: FTDIgate 2.0?
Post by: Someone on February 06, 2016, 11:44:43 pm
Quote
LOL, they will laugh? I doubt even 1% of their sales are ultimately for hobbyist and even small business selling to hobbyist. And no one that I have spoken to that deals with FTDI orders in 5 figures has batted an eye at this issue, because, again, trusted supply chains at trusted for a reason.

There are some other similar arguments throughout the threads. Other the other hand, as already mentioned, hobbyists are price sensitive; without clones they are not likely to adapt real FTDI. 

It seems all these boil down to imply clones did not and will not really have impact to the sales of real FTDI in the past, now or in the future. Then, why FTDI is bothered to fight clones? It does not make too much business sense or logical sense?
Nip it in the bud, with trademarks you need to show that you were actively defending it, and here they continue sending out clear messages that they will not support clones on their drivers. Ignore it and the clones become a viable option, but while their reliability is poor buyers wont want to risk it.
Title: Re: FTDIgate 2.0?
Post by: Someone on February 06, 2016, 11:49:35 pm
Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

So your answer is to buy from the most expensive place possible? 

If that is FTDIs answer then once again - it would demonstrate their incompetence and complete disregard for their customers since very few would do that. Why would anyone do that when there are numerous - perfectly functional alternatives available that use other manufacturers chips for much lower prices?
Free market, so if you like the alternatives so much buy them instead and stop complaining, if you want authentic FTDI parts you need to buy through their channels not your arbitrary choice of lowest cost supplier.
The problem is that in every supply chain there is a been counter which thinks he/she is smarter than the rest and buys parts from a shady source to save a few pennies. How do you think those Nigerians scam even very smart people into giving them their money?
Nigerian scams? what does that have to do with anything? If your buyers are taking off-channel parts where compatibility is important then you've got a problem with your buyers, serious companies setup a real supply chain with assurances of supply, delivery, support, lifespan, price, and authenticity. Serial and batch numbers are traceable back to the manufacturer so its quick to confirm the chain if you have any worries.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 06, 2016, 11:55:21 pm
Nip it in the bud, with trademarks you need to show that you were actively defending it,
Absolutely - but the question is how to best do it?

Quote
and here they continue sending out clear messages that they will not support clones on their drivers.
And the message that they don't care about the end users or the small manufacturers.

 
Quote
but while their reliability is poor buyers wont want to risk it.
Exactly - and since buyers in most cases have no reasonable way be sure they are not getting clones - and have viable alternatives- they will choose to avoid FTDI products to avoid that risk.

Not a good business strategy IMO.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 06, 2016, 11:56:21 pm
@Someone:
People are people and there will be always one who -despite all the rules and regulations set forth in the procurement department- will be gullible to buy a batch of shady devices because the price is very cheap or they are in dire need for the parts which makes them look good to the bosses. There is no reason to be naive about that.
Title: Re: FTDIgate 2.0?
Post by: dannyf on February 07, 2016, 12:13:22 am
Quote
It seems all these boil down to imply clones did not and will not really have impact to the sales of real FTDI in the past, now or in the future. Then, why FTDI is bothered to fight clones? It does not make too much business sense or logical sense?

I can think a few. For example, reputational risk: what if some clones didn't quite work right and as a result, tragedy follows. FTDI's name shows up in the press ....

Also, the original observations are subject to "selection bias": the fact that there exist FTDI buyers who aren't price sensitive does not mean that FTDI has not lost (substantial) sales to the cloners.

End of the day, this boils down to property rights: is FTDI obligated to support clones? I think most reasonable people can agree to that.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 07, 2016, 12:16:00 am
buyers in most cases have no reasonable way be sure they are not getting clones

Sure they do.  Stop spending a dollar on a board from china with a BOM cost 5x that high (which SHOULD be a clear indicator that you're buying a fake, but people are apparently idiots), and instead buy from legitimate sources.  If you're interested in buying genuine parts, the first thing you need to do is stop shopping on eBay/Ali and from cheap 3rd party resellers on Amazon.  The second you do that, you'll find that the number of fakes you inadvertently purchase falls essentially to zero.  Some can still make their way into legitimate distribution channels, but if that happens you contact the distributor so they can investigate it.

If you don't want to spend the money for a real FTDI product, then don't be pissed off when your counterfeit goes tits up.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 12:30:15 am
buyers in most cases have no reasonable way be sure they are not getting clones

Sure they do.  Stop spending a dollar on a board from china with a BOM cost 5x that high (which SHOULD be a clear indicator that you're buying a fake, but people are apparently idiots), and instead buy from legitimate sources.  If you're interested in buying genuine parts, the first thing you need to do is stop shopping on eBay/Ali and from cheap 3rd party resellers on Amazon.  The second you do that, you'll find that the number of fakes you inadvertently purchase falls essentially to zero.  Some can still make their way into legitimate distribution channels, but if that happens you contact the distributor so they can investigate it.

If you don't want to spend the money for a real FTDI product, then don't be pissed off when your counterfeit goes tits up.

Nope. Sorry - that line of reasoning does not hold up. You can get a genuine FTDI chip with a cheap eBay device and probably usually do. I bought a cheap $2 USB-serial converter a few years ago and it turns out it has a genuine chip. As I posted before: Please tell  me which  of these products  (http://www.ebay.com/sch/i.html?_nkw=usb%20serial%20converter%20ftdi&ssPageName=GSTL) contain fake chips and which do not.  How about these (https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=usb+serial+converter+ftdi&rh=i%3Aaps%2Ck%3Ausb+serial+converter+ftdi)?

If your argument is - just buy from Digikey, Mouser, etc then FTDI has already lost. Why ? because the prices are much higher and the average consumer doesn't even know what Digikey or Mouser is.   And if the only way to ensure a device will work is to buy the most expensive one - everyone will just choose to buy one of the reliable inexpensive devices using a different manufacturer's chip.

Either way. FTDI has lost customers.
Title: Re: FTDIgate 2.0?
Post by: Someone on February 07, 2016, 12:32:05 am
@Someone:
People are people and there will be always one who -despite all the rules and regulations set forth in the procurement department- will be gullible to buy a batch of shady devices because the price is very cheap or they are in dire need for the parts which makes them look good to the bosses. There is no reason to be naive about that.
Which is nothing to do with FTDI, fake or just incorrect alloys are a problem in the automotive and construction industries, again buyers trying to shave some cents. Going through unapproved channels can be a problem for all sorts of reasons and exists in many industries, but thats a specific problem with procurement and the purchasing chain, not the manufacturer of the originally specified parts.
Title: Re: FTDIgate 2.0?
Post by: Someone on February 07, 2016, 12:33:34 am
buyers in most cases have no reasonable way be sure they are not getting clones

Sure they do.  Stop spending a dollar on a board from china with a BOM cost 5x that high (which SHOULD be a clear indicator that you're buying a fake, but people are apparently idiots), and instead buy from legitimate sources.  If you're interested in buying genuine parts, the first thing you need to do is stop shopping on eBay/Ali and from cheap 3rd party resellers on Amazon.  The second you do that, you'll find that the number of fakes you inadvertently purchase falls essentially to zero.  Some can still make their way into legitimate distribution channels, but if that happens you contact the distributor so they can investigate it.

If you don't want to spend the money for a real FTDI product, then don't be pissed off when your counterfeit goes tits up.

Nope. Sorry - that line of reasoning does not hold up. You can get a genuine FTDI chip with a cheap eBay device and probably usually do. I bought a cheap $2 USB-serial converter a few years ago and it turns out it has a genuine chip. As I posted before: Please tell  me which  of these products  (http://www.ebay.com/sch/i.html?_nkw=usb%20serial%20converter%20ftdi&ssPageName=GSTL) contain fake chips and which do not.  How about these (https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=usb+serial+converter+ftdi&rh=i%3Aaps%2Ck%3Ausb+serial+converter+ftdi)?

If your argument is - just buy from Digikey, Mouser, etc then FTDI has already lost. Why ? because the prices are much higher and the average consumer doesn't even know what Digikey or Mouser is.   And if the only way to ensure a device will work is to buy the most expensive one - everyone will just choose to buy one of the reliable inexpensive devices using a different manufacturer's chip.

Either way. FTDI has lost customers.
You pay for assurance one way or another, get over yourself.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 12:44:50 am
You pay for assurance one way or another,

No - you just choose a different companies equivalent inexpensive chip.

Quote
get over yourself.
 
Nice! Not sure what that is about. 

Personally I just find this discussion interesting - exploring how one can justify a companies seemingly self-destructive actions.  If you're not interested in the debate just move along- no reason for personal attacks.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 07, 2016, 12:47:14 am
Nope. Sorry - that line of reasoning does not hold up. You can get a genuine FTDI chip with a cheap eBay device and probably usually do. I bought a cheap $2 USB-serial converter a few years ago and it turns out it has a genuine chip.

Good for you.  How many fakes have people received doing the same thing through the same distribution channels?  How much is your time worth to you?  Apparently not a lot.  I'd happily pay a dollar more to have a 99.9999999% chance I'm getting a legitimate part (instead of what, 50%?) with the backing of a real supplier than waste time and effort wading through crap.

Please tell  me which  of these products  (http://www.ebay.com/sch/i.html?_nkw=usb%20serial%20converter%20ftdi&ssPageName=GSTL) contain fake chips and which do not.  How about these (https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=usb+serial+converter+ftdi&rh=i%3Aaps%2Ck%3Ausb+serial+converter+ftdi)?
I don't know, and don't really care.  The chances are too high for me to even waste two seconds looking through them.  Same goes for all cheap chinese boards on both sites, not just ones with FTDI chips.  I don't even waste my time, and if you care about getting genuine parts (again, not just FTDI, anything), you shouldn't either.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 12:59:44 am
Nope. Sorry - that line of reasoning does not hold up. You can get a genuine FTDI chip with a cheap eBay device and probably usually do. I bought a cheap $2 USB-serial converter a few years ago and it turns out it has a genuine chip.

Good for you.  How many fakes have people received doing the same thing through the same distribution channels?  How much is your time worth to you?  Apparently not a lot.  I'd happily pay a dollar more to have a 99.9999999% chance I'm getting a legitimate part (instead of what, 50%?) with the backing of a real supplier than waste time and effort wading through crap.

So would I if I needed to - as I stated previously. Problem is I can't do that since the only way I have to get that assurance is to pay much more than $1 more to buy from someplace like Digikey. And again - it's not about me - it's about the masses of people who only know eBay or Amazon.

In either case, you've still provided no good argument as to why I or anyone else shouldn't just buy an inexpensive device using another manufacturer's chip.

That's the market that exists - not some imaginary market where manufacturers or end users have to chose between reliability and higher price.

Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 07, 2016, 01:23:33 am
In either case, you've still provided no good argument as to why I or anyone else shouldn't just buy an inexpensive device using another manufacturer's chip.

That is certainly a valid option, but it's never-ending.  Switch to the next "hot" manufacturer, they start getting counterfeited, they implement protections, stop working with knockoff products, then you move to the next.  It's the approach that pickle mentioned earlier, never spec devices that are being counterfeited in your designs (or as an end-user, never purchase devices that contain chips that are being counterfeited.

It's a valid approach for design and for end-user purchasing, but it's a moving target that you have to keep tabs on, and what do you do when you develop a product, then 6 months later one of the critical parts in it starts being counterfeited?  Redesign the board to move to a new one, or tighten up your distribution chain so you're not affected?  If it's the latter, then what's the point in that approach in the first place?  I prefer to simply buy products that I know work, from reliable distributors, and not worry about it.

Users who simply want to scrape the bottom of the barrel in price should probably move to another manufacturer, and then another, and then another, and so on...

edit: typo
Title: Re: FTDIgate 2.0?
Post by: Someone on February 07, 2016, 01:29:23 am
Nope. Sorry - that line of reasoning does not hold up. You can get a genuine FTDI chip with a cheap eBay device and probably usually do. I bought a cheap $2 USB-serial converter a few years ago and it turns out it has a genuine chip.

Good for you.  How many fakes have people received doing the same thing through the same distribution channels?  How much is your time worth to you?  Apparently not a lot.  I'd happily pay a dollar more to have a 99.9999999% chance I'm getting a legitimate part (instead of what, 50%?) with the backing of a real supplier than waste time and effort wading through crap.

So would I if I needed to - as I stated previously. Problem is I can't do that since the only way I have to get that assurance is to pay much more than $1 more to buy from someplace like Digikey. And again - it's not about me - it's about the masses of people who only know eBay or Amazon.

In either case, you've still provided no good argument as to why I or anyone else shouldn't just buy an inexpensive device using another manufacturer's chip.

That's the market that exists - not some imaginary market where manufacturers or end users have to chose between reliability and higher price.
As said before, pull you head in and buy another manufacturers product if you dont want to pay the price for a known authentic part from FTDI. The masses arent buying the cheapest possible convertor cables and modules on ebay, the volume for these chips in embedded into products where the end user never knows whats inside, if it doesnt work they take it back to the retailer.

You have some problem with this and we dont care. Stop making out like its the end of the world for FTDI, or that you should be entitled to buy any random part you like and have it work.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 01:30:13 am
In either case, you've still provided no good argument as to why I or anyone else shouldn't just buy an inexpensive device using another manufacturer's chip.

That is certainly a valid option, but it's never-ending.  Switch to the next "hot" manufacturer, they start getting counterfeited, they implement protections, stop working with knockoff products, then you move to the next.  It's the approach that pickle mentioned earlier, never spec devices that are being counterfeited in your designs (or as an end-user, never purchased devices that contain chips that are being counterfeited).

It's a valid approach for design and for end-user purchasing, but it's a moving target that you have to keep tabs on, and what do you do when you develop a product, then 6 months later one of the critical parts in it starts being counterfeited?  Redesign the board to move to a new one, or tighten up your distribution chain so you're not affected?  If it's the latter, then what's the point in that approach in the first place?  I prefer to simply buy products that I know work, from reliable distributors, and not worry about it.

Users who simply want to scrap the bottom of the barrel in price should probably move to another manufacturer, and then another, and then another, and so on...

Those are all valid point and a reasonable approach.  To me, the interesting thing about this whole mess is why FTDI chose the approach they did. It seems obvious to me and many others that it is pissing people off - people who never intentionally buy clones  - and it is doing damage to their brand.

It will be interesting to see how this all plays out.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 01:41:53 am
The masses arent buying the cheapest possible convertor cables and modules on ebay, the volume for these chips in embedded into products where the end user never knows whats inside, if it doesnt work they take it back to the retailer.
And what impact does that have on the manufacturer of those products who did not knowingly put a fake chip in their product?  How does that help FTDI maintain customers when those manufacturers can choose a difterent companies product to avoid the risk? How does it impact those manufacturers opinion about FTDI going forward? Those are the important questions IMO.

Quote
You have some problem with this and we dont care.
I didn't realize you spoke for so many! Clearly many people care about the topic given the extensive discussion here and elsewhere.  BTW - I have no "problem" with it - I just think its interesting to look at  FTDI's bonehead moves and how others defend them. It's a fun topic to discuss - don't you agree? If not why are you here?.   :-//

Quote
Stop making out like its the end of the world for FTDI, or that you should be entitled to buy any random part you like and have it work.
  Now you're just making stuff up.  I don't endorse either of those ideas.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 07, 2016, 01:47:20 am
To me, the interesting thing about this whole mess is why FTDI chose the approach they did. It seems obvious to me and many others that it is pissing people off - people who never intentionally buy clones  - and it is doing damage to their brand.
They probably assumed (perhaps wrongly?  That's not for me to say) that most people wouldn't blame them, they would blame the manufacturer who built the device.  If the manufacturer was the one responsible, they had it coming (charging people for real devices and putting in fakes to increase profits), otherwise the manufacturer would blame their build house or distributor.  If the build house/distributor was the one responsible, they had it coming (again, charging customers for real devices and supplying them with fakes), and so on up the chain.  Maybe they thought this unfolding of events and the resulting tightening of supply chains would outweigh the backlash from end-users.  I imagine they had discussions on the topic and came to this conclusion, but I don't have any inside information.

It will be interesting to see how this all plays out.
I agree.  Whether this helps or hurts FTDI in the long run, they made this decision, and they will ultimately be the ones dealing with the results.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 07, 2016, 01:53:13 am
I guess the bonehead move is in your opinion, apparently some don't share that opinion including FTDI themselves.

The driver has been out for 7 months, you'll think that if it was costing them sales they would have reverted it by now like they did  when they decided to brick devices.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 07, 2016, 01:55:15 am
Whether this helps or hurts FTDI in the long run, they made this decision, and they will ultimately be the ones dealing with the results.
I don't think the impact on FTDI will be that big as they are likely to keep most of the business they have. The biggest question is how many design-ins and new business they will miss due to people not using FTDI USB-UART bridges anymore for various reasons. Also note that WIndows 10 comes with drivers for almost every USB UART bridge out there so the advantage (unique selling point of FTDI) of having the drivers delivered with Windows and only FTDI's products working out of the box diminishes quickly.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 01:56:57 am
Whether this helps or hurts FTDI in the long run, they made this decision, and they will ultimately be the ones dealing with the results.
I don't think the impact on FTDI will be that big as they are likely to keep most of the business they have. The biggest question is how many design-ins they will miss due to people not using FTDI USB-UART bridges anymore for various reasons. Also note that WIndows 10 comes with drivers for almost every USB UART bridge out there so the advantage of having the drivers delivered with Windows and only FTDI's products working out of the box diminishes quickly.

Does anyone know what percentage of FTDI's business comes from this chip?
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 07, 2016, 02:32:21 am
I don't think the impact on FTDI will be that big as they are likely to keep most of the business they have. The biggest question is how many design-ins and new business they will miss due to people not using FTDI USB-UART bridges anymore for various reasons. Also note that WIndows 10 comes with drivers for almost every USB UART bridge out there so the advantage (unique selling point of FTDI) of having the drivers delivered with Windows and only FTDI's products working out of the box diminishes quickly.
The win10 thing makes the FDTI moves look so comical.  I didn't know win10 shall eliminate FDTI previous advantage, and also didn't know that some compatibles are actually better than FDTI.  If they didn't pull these silly moves, they can charge their premium price and people like me shall always be paying and recommending.  We just could not afford to play these childish games, and we do not run the security services of all the FDTI supply chain and can never be sure of what containmination may happen.  For nothing, they have thrown away their brand advantage. 
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 07, 2016, 03:15:09 am

They probably assumed (perhaps wrongly?  That's not for me to say) that most people wouldn't blame them, they would blame the manufacturer who built the device.  If the manufacturer was the one responsible, they had it coming (charging people for real devices and putting in fakes to increase profits), otherwise the manufacturer would blame their build house or distributor.  If the build house/distributor was the one responsible, they had it coming (again, charging customers for real devices and supplying them with fakes), and so on up the chain.  Maybe they thought this unfolding of events and the resulting tightening of supply chains would outweigh the backlash from end-users.  I imagine they had discussions on the topic and came to this conclusion, but I don't have any inside information.

Exactly. The companies who chose to use risky supply channels are the ones that are going to have angry customers. This is how you force the issue and identify bad supply channels.

To me, the interesting thing about this whole mess is why FTDI chose the approach they did.

I'm still waiting for an alternative to be suggested and not defeated. To recap, so there's no more spinning in circles in this thread, here's what's been suggested and defeated.

Use the laws to go after counterfeiters and cloners
Ineffective and prohibitively expensive, intentional trade law is useless.

Pop-up a message
Can't; driver runs outside user-space

Then just log a message in the system log
Really? Who reads their system log all the time?

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI.

Design a new chip with security features
Extremely expensive to redesign silicon. Not to mention any security/encryption features in the communications would mean there could be no Linux support. At least without binary blobs and we all know how linux people feel about binary blobs.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 03:25:59 am

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI..

How does that not happen with their current approach?

Also you left out Dave's suggestion (from the AmpHour) about some sort of holographic on the chip surface. Or to paraphrase him "they're the geniuses they need to figure it out".

Even if there is no perfect benign way to do it - it still doesn't justify their current approach IMO. 2 wrongs don't make a right, etc.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 07, 2016, 03:29:06 am
There is one option missing:
Do the FUD dance like Microsoft does: yell loud and hard illegal copies are unreliable and likely to cause damage but do nothing to disable illegal copies effectively because god forbid people start using a different OS. Better have people locked into your solution even if they can't afford than having them use someone else's solution they might be able to afford in the future.

Translated to FTDI's situation: let the driver work with any chip and spend money on a FUD campaign. Much more effective because in the end nobody wants fake chips in their circuit.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 07, 2016, 03:30:04 am

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI..

How does that not happen with their current approach?

Because it sorta works, with odd results any decent engineer will pull up the serial stream to debug. And hey look, it says what's going on right there.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 03:31:34 am

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI..

How does that not happen with their current approach?

Because it sorta works, with odd results any decent engineer will pull up the serial stream to debug. And hey look, it says what's going on right there.

Yeah, but it's not the design engineers who are going to discover it in most cases.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 03:33:35 am
Translated to FTDI's situation: let the driver work with any chip and spend money on a FUD campaign. Much more effective because in the end nobody wants fake chips in their circuit.

Bingo! More effective and preserves good will with users.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 07, 2016, 03:34:31 am
Pop-up a message
Can't; driver runs outside user-space

ExRaiseHardError() sends a message to csrss, then csrss will pop up a message box.

I'm not a driver devloper so I asked a few i know before I made that suggestion. From a quick google of ExRaiseHardError() I can only find a social.msdn thread that says it's undocumented and a stack exchange one that says it wont work, and is only a message queue scheme for admins.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 07, 2016, 03:35:46 am
Translated to FTDI's situation: let the driver work with any chip and spend money on a FUD campaign. Much more effective because in the end nobody wants fake chips in their circuit.

Bingo! More effective and preserves good will with users.

Wait wait wait, isn't the point of your last 10 pages that users have no idea what FTDI is or care about if it's a real chip or not? What in the hell is an ad campaign going to do if that is true?
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 03:40:37 am

Wait wait wait, isn't the point of your last 10 pages that users have no idea what FTDI is or care about if it's a real chip or not?
No. ::)

Quote
What in the hell is an ad campaign going to do if that is true?

The ad campaign may be able to do what you and others keep claiming their recent practices will do: That is convince manufacturers to carefully check and secure their supply chains.  No, it will not impact what the average consumer does -but neither does their current approach (other than in a negative way).
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 07, 2016, 03:43:53 am

Showing message to Admins is not a bad idea. Most users, even with UAC enabled, are logged in as admins, except for enterprise environments.

Do you know if this call works the way you think it does? (I don't) By just with experience using Windows workstations and Windows server versions, I would guess messages made by this call would never be seen by a windows workstation, even if logged in as admin. Windows Servers versions have mandatory click through when you bootup or shutdown that has messages like driver failures. And the stack exchange mentions when the 'admin logs in next time' so I assume it's that mechanism. You don't have that in non-server version.

But I can be dead wrong on this. Not a driver developer.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 07, 2016, 03:47:56 am
Actually the campaign could also target the electronics designers and makers so they are more careful with buying stuff from Ebay.
What triggered FTDI gate 1.0 here was me buying some boards (intended for one of my customers) from Ebay with fake chips which where then bricked by the new driver and me creating a posting. Had I known there where fake chips circulating I would have been more careful with selecting the boards. Now my customer is using boards with a Silabs chip.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 07, 2016, 03:48:38 am

Wait wait wait, isn't the point of your last 10 pages that users have no idea what FTDI is or care about if it's a real chip or not?
No. ::)

Really?

the majority of consumers would likely not know about it - since most will know nothing about FTDI, usb-serial conversion, etc.  IOW - people with no knowledge or intention to buy a device with a cloned chip (or make a device with a cloned chip) are being adversly affected.

Hmmmmm....
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 03:57:19 am

Wait wait wait, isn't the point of your last 10 pages that users have no idea what FTDI is or care about if it's a real chip or not?
No. ::)

Really?

the majority of consumers would likely not know about it - since most will know nothing about FTDI, usb-serial conversion, etc.  IOW - people with no knowledge or intention to buy a device with a cloned chip (or make a device with a cloned chip) are being adversly affected.

Hmmmmm....

Oh get over it.  I didn't say that was never an issue I raised I said it was not the point of my posts.  So once again - since you seem to want to troll -  here is the summary of mine and others main points:

1) FTDIs actions have/will adversely affect end users and some manufacturers who had/have no intention of buying fake chips.
2) Those consumers have other inexpensive options with equal or better function they will choose.
3) FTDIs actions are causing distrust of their brand name and causing people to design products with different chips or in the case of  informed end users avoid products with FTDI chips
4) FTDI's actions with it's drivers and social media demonstrate poor judgement (IMO of course) and will only hurt them.
5) There are other actions they could take that would likely be equally effective but not have the same adverse effects.

BTW - since you seem to be trying to personalize it. Let me ask you a question:  You seemed to have joined this forum only to defend FTDI - all of your posts are in this thread. Do you have any financial relationship with FTDI to disclose?  If not, fine - but it's a question that needs to be asked since a similar thing happened during the first FTDI gate thread.
Title: Re: FTDIgate 2.0?
Post by: station240 on February 07, 2016, 04:03:07 am
Despite releasing another round of "screw you" drivers, FTDI still have a problem.
The clone/fake/alternative USB to comms are both cheaper and don't have hardware bugs.

So given the choice of:
a) Spin new silicon.
b) Discount FTDI parts.
c) Sabotage clones by rewriting the driver (again).
They went with C because they are cheap bastards, the other two options cost real money.
Now new silicon could resolve the issues their customers have with bugs, and likely result in a cheaper product (eg use smaller process)

Perhaps FTDI know they have little time left as a company, this is a last ditch attempt to keep them from going broke.
Title: Re: FTDIgate 2.0?
Post by: madsci1016 on February 07, 2016, 04:13:29 am
BTW - since you seem to be trying to personalize it. Let me ask you a question:  You seemed to have joined this forum only to defend FTDI - all of your posts are in this thread. Do you have any financial relationship with FTDI to disclose?  If not, fine - but it's a question that needs to be asked since a similar thing happened during the first FTDI gate thread.

Well, does working with companies that have millions of $ and years in development invested in selling products that have FTDI in them count? I joined to try and give alot of the people here, which are mostly hobbyists and a few small product producers another view. One where we don't blame manufactures for breakdowns in supply chains. One where we can't easily switch to another serial chip without halting production for months of development and regression testing. One of the companies is in the industry a lot of people are citing as a metaphorical case for bad stuff happening,  as far as I heard, no bad stuff happened.


Quote
Oh get over it. 


Well subtle insults escalating to this I can tell you don't have interest in keeping this civil anymore. Let me summarize my opinion for you and call it done. (Notice these are opinions of yours and mine, not facts.)

1) FTDIs actions have/will adversely affected end users and some manufacturers who had/have no intention of buying fake chips.
Yep, much like issues that arise with use of any counterfeit chip, end users usually are affected.

2) Those consumers have other inexpensive options that with equal or better function.
Go ahead, we aren't arguing to stop you. Us on the other hand can't change like that, nor do we want to. See above.

3) FTDIs actions are causing distrust of their brand name and causing people to design products with different chips or in the case of  informed end users avoid products with FTDI chips.
Count me as a product designer that doesn't agree. We trust FTDI for many reasons, and trust our supply lines to give us real chips.

4) FTDI's actions with it's drivers and social media demonstrate poor judgement (IMO of course) and will only hurt them.
Social media tends to always be handles poor in this day in age. But I don't disagree, blocking everyone was silly.

5) There are other actions they could take that would likely be equally effective but not have the same advers effects.
I disagree. All the other suggested actions are marginal at best, in my opinion.

Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 04:25:26 am
By just with experience using Windows workstations and Windows server versions, I would guess messages made by this call would never be seen by a windows workstation, even if logged in as admin. Windows Servers versions have mandatory click through when you bootup or shutdown that has messages like driver failures. And the stack exchange mentions when the 'admin logs in next time' so I assume it's that mechanism. You don't have that in non-server version.

If true, is that really relevant?  What percentage of end users of FTDI chips are using them on windows workstations?  My guess is very low. You seem to be trying to sidestep blueskull's point

One where we don't blame manufactures for breakdowns in supply chains.

I've seen no one here do that.  The blame is being placed on FTDI for their destructive choices in how they deal with clones.
Title: Re: FTDIgate 2.0?
Post by: cdev on February 07, 2016, 04:50:12 am
Could the offending devices be used with generic open source drivers if they had different USB IDs?


The alternative is diving into a black hole that we all know will then be used as another rationale to create a whole new surveillance and metadata providing infrastructure.



Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 07, 2016, 05:13:05 am
I've seen no one here do that.  The blame is being placed on FTDI for their destructive choices in how they deal with clones.
Their first choice was impairing the fake chip, pretty aggressive but not destructive.
Their 2nd choice was obfuscating the fake chip, less aggressive but not destructive either.

We haven't seen a single example that something got destroyed in the literal sense of the word.

destroyed hopes and reputations, maybe but not the hardware.
Title: Re: FTDIgate 2.0?
Post by: cdev on February 07, 2016, 07:37:33 am
Every component of a system has its own microcomputer with its own ethernet and wifi embedded in it, because silicon is cheap and network bandwidth is cheap.

Internal to the device, they all communicate via a tamper proof bus that has internet connectivity, so if any component discovers another component thats not interacting properly, it phones home about it. Then a signal is sent to query it and if it cannot identify itself adequately, the signal is sent to deactivate it while a special squad is dispatched to bring it and whatever is attached to it in. All parts will have a globally unique ID and IPv6 address.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 07, 2016, 08:00:44 am
It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.
Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577) from the first FTDIgate.

I followed your links but I couldn't find any real information about those chips like where I can buy them, and where to find
the datasheet. Can you please provide links with some real useful info?

You can find the Integral IZ232R datasheet here http://www.bms.by/eng/spec/index.php?pass=inf1 (http://www.bms.by/eng/spec/index.php?pass=inf1)

Thanks. Unfortunately, I'm not able to find any info regarding the USB VID & PID.
Also, they don't provide any information about which driver to use.

Please let me know if you know where to find this info.

So, if this IZ232R isn't using the USB VID of FTDI, that's completely fine to me.
And if that's the case,  it will not be harmed by FTDI's driver.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 07, 2016, 08:08:59 am
Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.
But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips..

So, when you buy a car and it brakes down, you don't go back to the place where you bougth it but
buy another brand instead?
When I buy a device and it stops working, I go back to the seller and he will fix it, no matter what the cause is.
Title: Re: FTDIgate 2.0?
Post by: janekm on February 07, 2016, 08:10:51 am

They probably assumed (perhaps wrongly?  That's not for me to say) that most people wouldn't blame them, they would blame the manufacturer who built the device.  If the manufacturer was the one responsible, they had it coming (charging people for real devices and putting in fakes to increase profits), otherwise the manufacturer would blame their build house or distributor.  If the build house/distributor was the one responsible, they had it coming (again, charging customers for real devices and supplying them with fakes), and so on up the chain.  Maybe they thought this unfolding of events and the resulting tightening of supply chains would outweigh the backlash from end-users.  I imagine they had discussions on the topic and came to this conclusion, but I don't have any inside information.

Exactly. The companies who chose to use risky supply channels are the ones that are going to have angry customers. This is how you force the issue and identify bad supply channels.

To me, the interesting thing about this whole mess is why FTDI chose the approach they did.

I'm still waiting for an alternative to be suggested and not defeated. To recap, so there's no more spinning in circles in this thread, here's what's been suggested and defeated.

Use the laws to go after counterfeiters and cloners
Ineffective and prohibitively expensive, intentional trade law is useless.

Pop-up a message
Can't; driver runs outside user-space

Then just log a message in the system log
Really? Who reads their system log all the time?

Just refuse to work
Ineffective, people will just role back driver and think nothing of it. Would create misplaced distrust of FTDI.

Design a new chip with security features
Extremely expensive to redesign silicon. Not to mention any security/encryption features in the communications would mean there could be no Linux support. At least without binary blobs and we all know how linux people feel about binary blobs.

I made several completely sensible suggestions that would actually protect their business:


Instead, they're doing the opposite in both cases, "forcing the issue" indeed but towards alternative ICs.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 07, 2016, 11:24:07 am
Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.
But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips..
So, when you buy a car and it brakes down, you don't go back to the place where you bougth it but
buy another brand instead?
When I buy a device and it stops working, I go back to the seller and he will fix it, no matter what the cause is.
You are being naive again. In many cases it turns out a seller is incapable of providing a fix it because the manufacturer doesn't respond. The only alternative is to take your loss/get a refund and buy something else. Yes, this happens with cars too!
Title: Re: FTDIgate 2.0?
Post by: Karel on February 07, 2016, 11:38:12 am
Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.
But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips..
So, when you buy a car and it brakes down, you don't go back to the place where you bougth it but
buy another brand instead?
When I buy a device and it stops working, I go back to the seller and he will fix it, no matter what the cause is.
You are being naive again. In many cases it turns out a seller is incapable of providing a fix it because the manufacturer doesn't respond. The only alternative is to take your loss/get a refund and buy something else. Yes, this happens with cars too!

In that case he has to take back the product or compensate you financially or otherwise.
In most countries, the seller is responsible for the product, not another person or company or factory where
the seller bought the product from.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 07, 2016, 11:46:11 am
Again there is a difference between 'should do' and 'actually do'. In many cases the cost to involve lawyers is more than the product is worth. For example: the dealer I bought a total crap Siglent scope from didn't want to take it back after I had given him more than enough time to pressure Siglent into fixing it. However getting lawyers involved would be wasting of time & money than the oscilloscope was worth.
Title: Re: FTDIgate 2.0?
Post by: ion on February 07, 2016, 12:07:33 pm
I've seen no one here do that.  The blame is being placed on FTDI for their destructive choices in how they deal with clones.
Their first choice was impairing the fake chip, pretty aggressive but not destructive.

For most end users, having a device essentially bricked would probably be seen as destructive.

Their 2nd choice was obfuscating the fake chip, less aggressive but not destructive either.

Less agressive, sure, but if you don't know what the chip is used in who knows what the garbage data will do to the device?

And can the average user even see the non-genuine message?  If not, how is it any different to just not working from their perspective?
Title: Re: FTDIgate 2.0?
Post by: Karel on February 07, 2016, 03:42:19 pm
Again there is a difference between 'should do' and 'actually do'. In many cases the cost to involve lawyers is more than the product is worth.

That's not the fault of FTDI. Refrain from buying from shady sources.

Title: Re: FTDIgate 2.0?
Post by: nctnico on February 07, 2016, 03:56:49 pm
Again there is a difference between 'should do' and 'actually do'. In many cases the cost to involve lawyers is more than the product is worth.
That's not the fault of FTDI. Refrain from buying from shady sources.
The scope I bought came from an official Siglent dealer in the NL (the one with the eu domain). Unfortunately you don't know what a company's customer service is worth until you need it for the first time.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 07, 2016, 04:54:53 pm
Again there is a difference between 'should do' and 'actually do'. In many cases the cost to involve lawyers is more than the product is worth.
That's not the fault of FTDI. Refrain from buying from shady sources.
The scope I bought came from an official Siglent dealer in the NL (the one with the eu domain). Unfortunately you don't know what a company's customer service is worth until you need it for the first time.

I know that the world is far from ideal and sometimes it's difficult to get what you paid for.
But FTDI can not be held responsible for the actions of some shop that sells devices with counterfeit chips.
Aim your anger to the shop, not to FTDI.

Title: Re: FTDIgate 2.0?
Post by: Simon on February 07, 2016, 04:58:56 pm
If the new FTDI driver simply refuses to talk to the fake chips then I see no problem. But personally I'd never trust them. Their attitude is childish at best. If you look for the driver on their website there is now a long paragraph in red text that goes all around the houses to tell you that they accept no liability for any damage caused by use of their drivers (on fake chips).

Anyways, I thought arduino boards used an AVR as the UART/USB bridge ?
Title: Re: FTDIgate 2.0?
Post by: C on February 07, 2016, 05:36:08 pm

No harm?

Nice old serial printer that was converted to USB with FTDI chip.
That rugged work horse is now printing,

"NON GENUINE DEVICE FOUND!"

but only if that string causes the printer to print.
Remember some printers only print when the printer receives a CR, LF or FF.

If printer maker added FTDI's the blame hits the printer brand and is increased by fact that the printer was never a problem in the years before.

After a lot of wasted time the end user that is using the USB to RS-232 adapter might figure out that it is the adapter.

Look at that message

"NON GENUINE DEVICE FOUND!"

It should say

" WINDOWS DRIVER CREATED BY FTDI TALKING TO NON GENUINE FTDI DEVICE"

or

" FTDI WINDOWS DRIVER TALKING TO NON GENUINE FTDI DEVICE"

Is "FTDIgate 3.0" any hardware using a FTDI's windows driver.
Any VID/PID where the driver thinks it's not FTDI hardware.

What is the end user telling people?

The end user gets a better device if the device is not using a USB to serial converter chip.


Simon
I think you will find three different interfaces used.
The old arduino using serial port.
The step using a USB to serial bridge.
And the latest using a USB micro controller.
Title: Re: FTDIgate 2.0?
Post by: amyk on February 07, 2016, 05:42:43 pm
It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.
Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577) from the first FTDIgate.

I followed your links but I couldn't find any real information about those chips like where I can buy them, and where to find
the datasheet. Can you please provide links with some real useful info?

You can find the Integral IZ232R datasheet here http://www.bms.by/eng/spec/index.php?pass=inf1 (http://www.bms.by/eng/spec/index.php?pass=inf1)

Thanks. Unfortunately, I'm not able to find any info regarding the USB VID & PID.
Also, they don't provide any information about which driver to use.

Please let me know if you know where to find this info.

So, if this IZ232R isn't using the USB VID of FTDI, that's completely fine to me.
And if that's the case,  it will not be harmed by FTDI's driver.
|O Apparently reading comprehension isn't your strong point? Follow the links I gave in my posts and read some more... these are directly compatible with FT232 and use the same driver, so must use same VID:PID. Ditto for Supereal SR1107/RD232A, the one that's most likely being remarked by someone else with FTDI logo.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 06:49:03 pm
Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.
But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips..

So, when you buy a car and it brakes down, you don't go back to the place where you bougth it but
buy another brand instead?

Sure, I'd bring it back and likely demand a refund - as with any product. But I would never trust or buy that brand again.  Same goes here.  I am not going to buy the "FTDI brand" because their reliability cannot be trusted.  That is, once again, one of the main points being made here - FTDI's actions are just harming themselves.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 07, 2016, 07:12:44 pm
It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.
Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577) from the first FTDIgate.

I followed your links but I couldn't find any real information about those chips like where I can buy them, and where to find
the datasheet. Can you please provide links with some real useful info?

You can find the Integral IZ232R datasheet here http://www.bms.by/eng/spec/index.php?pass=inf1 (http://www.bms.by/eng/spec/index.php?pass=inf1)

Thanks. Unfortunately, I'm not able to find any info regarding the USB VID & PID.
Also, they don't provide any information about which driver to use.

Please let me know if you know where to find this info.

So, if this IZ232R isn't using the USB VID of FTDI, that's completely fine to me.
And if that's the case,  it will not be harmed by FTDI's driver.
|O Apparently reading comprehension isn't your strong point? Follow the links I gave in my posts and read some more... these are directly compatible with FT232 and use the same driver, so must use same VID:PID. Ditto for Supereal SR1107/RD232A, the one that's most likely being remarked by someone else with FTDI logo.

I checked the datasheet and there's no mention about which VID & PID or which driver it uses.
The website says it's pin-compatible. It doesn't say it's compatibel with FTDI's driver.

Please tell me on which page of the datasheet is written that this chip is using FTDI's USB VID?

Could it be that they don't mention it because they don't have an agreement with FTDI about using FTDI's driver?

Could it be that they do use the FTDI driver without the permission of FTDI? That should be really stupid to make your
product dependent to a driver of your competitor. If this is really the case, those morons (the cloners) deserve to be punished.
It also means that those cloners don't care shit about their customers. I really don't get it why people want to buy cheap
clones that doesn't come with their own driver.

Title: Re: FTDIgate 2.0?
Post by: Karel on February 07, 2016, 07:17:35 pm
No harm?

Nice old serial printer that was converted to USB with FTDI chip.
That rugged work horse is now printing,

"NON GENUINE DEVICE FOUND!"

Just replace the fake conversion cable with this one and you are fine:

http://shop.clickandbuild.com/cnb/shop/ftdichip/cnb/shop/ftdichip/cnb/shop/ftdichip?productID=55&op=catalogue-product_info-null&prodCategoryID=84 (http://shop.clickandbuild.com/cnb/shop/ftdichip/cnb/shop/ftdichip/cnb/shop/ftdichip?productID=55&op=catalogue-product_info-null&prodCategoryID=84)
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 07, 2016, 09:45:01 pm
Again there is a difference between 'should do' and 'actually do'. In many cases the cost to involve lawyers is more than the product is worth.
That's not the fault of FTDI. Refrain from buying from shady sources.
The scope I bought came from an official Siglent dealer in the NL (the one with the eu domain). Unfortunately you don't know what a company's customer service is worth until you need it for the first time.

I know that the world is far from ideal and sometimes it's difficult to get what you paid for.
But FTDI can not be held responsible for the actions of some shop that sells devices with counterfeit chips.
That wasn't the point which started this sub-thread. The point is that you can't be sure a seller is shady until it is too late.
Reflected back to 'FTDI gate': don't buy any FTDI products from any seller because that is the only 100% sure way to not get burned.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 07, 2016, 10:31:38 pm
It's funny how much the Yay FTDI side keeps getting back on "counterfeiters are bad" every few comments, as if that addresses the other side's points at all...
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 07, 2016, 10:42:16 pm
What is funny is that you think FTDI is loosing customers, we have no evidence to this either way.

Other than the few here that keep on saying they won't, easy, then don't!

Adafruit has not dropped them, and that's heavily a hobbyist shop.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 07, 2016, 10:51:18 pm
I don't see anybody in the recent few comments saying they've lost a significant number of customers.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 07, 2016, 10:57:32 pm
Only things like Dont buy FTDI, or FTDI is harming themselves. Well it's their company and I'm sure they'll prevail.

As mentioned before, that driver has been active for seven months, nothing new other than this thread and of course the media thirsty for stories, specially if they are scandalous, but that's not new either.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 07, 2016, 11:09:09 pm
"Don't buy FTDI" is a recommendation not to be their customer, not a statement that they've lost customers. "FTDI is harming themselves" is possibly a statement that they've damaged their reputation, not lost customers - something that could expand into lost customers in the future, perhaps - or not, it's possible to damage your reputation but still seem a better choice than the other guys. (You've lost safety margin, though.)

Personally, I'm done with them. I forgave them after "FTDIgate 1.0", as they seemed to have learned their lesson, but now have demonstrated that they don't learn. I'm not under any misconception that the loss of my business is going to hurt them in any way, though. I'm not trying to injure them.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 07, 2016, 11:17:58 pm
Their customers are probably happy, that they don't have to compete with cheap clones.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 07, 2016, 11:23:06 pm
Personally, I'm done with them. I forgave them after "FTDIgate 1.0", as they seemed to have learned their lesson, but now have demonstrated that they don't learn. I'm not under any misconception that the loss of my business is going to hurt them in any way, though. I'm not trying to injure them.

That's how I feel as well. I'll admit that based on the number of "I'm done with FTDI" comments I've seen on this and other forums, I've presume they've lost or are going to be losing business.  I have no way of knowing how much and I don't know how big a percentage of their overall business that USB-serial converter chips are for them.  My admittedly complete outsider guess is that their behavior means that it's not a trivial part of their business and that they have been losing customers - A loss they are attributing to the clones.  As others have pointed out and I agree, I think it's more likely mostly due to their lack of innovation in this area and the availability of less expensive chips of equal or better functionality from other manufacturers.  I just think they're making it worse with their actions.  This is all IMHO of course..
Title: Re: FTDIgate 2.0?
Post by: westfw on February 08, 2016, 04:35:35 am
You know, I'm pretty much done with Nth party products claiming to contain FT232s (Arduino Nano, USB/Serial adaptors and cables) because of FTDIgate, and I'm pretty much done with "probably genuine" FTDI cables/etc from trusted distributors because of price, but I think I'd still be willing to put FTDI chips in my hypothetical product (yeah, the newer, cheaper ones.)
Title: Re: FTDIgate 2.0?
Post by: all_repair on February 08, 2016, 04:38:57 am
It is almost certain that the reasons of FDTI moves are either: FDTI is desperate now, or they are aiming at the makers community, or they are both.  I just noticed a link from the post here that FDTI are selling cable directly now, but I was paying for more.  My cable was better shielded and with better interlocking mechanism.  Now my cables physically need to be the same, but just cannot have a FDTI inside. Who care what is going to happen to FDTI sale, I just care my installation don't come and report sick in the future for unknown reason.   Can a body by adopting a spirit that is the reverse of the maker community sell to the community?  People in the maker community sometime are too generous beyond words can describe, I can't match them but I do respect them.   By being a bit more magnificent, go for a softer approach and a bit of FUD would have scored a much longer distance for FDTI.  FDTI apparently could not afford any additional physcial scheme for people to identity or verify their purchase. Don't bet too much on them if you are trapped with their chips now.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 08, 2016, 06:38:31 am
Personally, I'm done with them. I forgave them after "FTDIgate 1.0", as they seemed to have learned their lesson, but now have demonstrated that they don't learn. I'm not under any misconception that the loss of my business is going to hurt them in any way, though. I'm not trying to injure them.
I think the best way is to use a microcontroller, which shouldn't be too difficult on the PC/Mac side either with libusb (they have digitally signed drivers now as well). Any ideas for a good USB high speed microcontroller? Most are only full speed. The FT2232HL, with high speed USB and the useful 245 FIFO mode, costs only EUR 4.93 for 100 at Digikey. I think I'll try the PIC32MZ0512. Costs EUR 5.99 for 100, but has a lot of nice features, like 512 kB flash, 128 kB RAM, ethernet, 200 MHz MIPS core, 12 bit ADC with 18 (!) Msps etc.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 08, 2016, 07:03:09 am
I can get all FT232's functions emulated with a SRM32F030, costs $1 at 1kpcs, plus 12 bit ADC and a shitload of timers.
Is this high speed USB? Where can I get it? The only website I can find looks like a Chinese forum, which links to a Taobao article which looks broken (some anime in tears).
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 08, 2016, 07:36:56 am
You wrote SRM32F030. Yes, the STM32 parts are nice, if you don't need high speed USB.
Title: Re: FTDIgate 2.0?
Post by: madires on February 08, 2016, 03:02:00 pm
It's funny how much the Yay FTDI side keeps getting back on "counterfeiters are bad" every few comments, as if that addresses the other side's points at all...

It's not funny, it's what they are paid for. Keep trolling with the same lame arguments while ignoring valid points of others until any critic gives up out of frustration. Actually we could do the same and increase FTDI's PR costs  >:D

For example, I can't remember that any of the Yays agreed to the suggestion that the FTDI's driver simply could stop working without any modification (USB ID, data sent) when it detects a non genuine FTDI chip. That would be a perfectly legal way, but not good enough for the Yays. Of course not, since they have to defend FTDI's illegal (in several countries) bricking and modifying data. And by doing so, they make it worse for FTDI. Anyone following this topic can easily see what's happening. It's always the same story. A company does something bad, a shit storm starts, company hires social media experts for damage control, forums are trolled until nobody says anything bad anymore about the company. Thank you very much bad company! We can play this until the cows come home  :popcorn:
Title: Re: FTDIgate 2.0?
Post by: C on February 08, 2016, 11:18:21 pm

Karel
You sure like to pick what you want to read and ignore the rest.

1. Nice old serial printer with end user using a USB to serial adapter.

2. Nice old serial printer with MFR selling a USB to serial adapter with printer.

3. Nice old serial printer with MFR using a USB to serial adapter cable inside printer.

4. Nice old serial printer with MFR using a USB to serial chip on PC board in printer.

All valid ways before using a USB controller and giving the end user something better that uses USB.

The costs of FTDI bad acts is costing everyone time and money that get hit with FTDI's actions.

FTDI's Bad acts.
1. Changing the windows driver to detect or try to detect non FTDI's chips.
2. FTDI driver changing settings on a device.
3. FTDI's current "NON GENUINE DEVICE FOUND!"

These acts have cost end users time and money.
The acts have cost MFR's that are not a member of the USB-IF time and money.
How much has it cost the counterfeiters?

Think about #1, may not take much time to do but when you add up the numbers the cost in time lost world wide is huge. This is a cost to everyone using this driver. 

The final blow is that one test of a device identified  by FTDI's driver is better then FTDI at meeting FTDI's data specifications. This proves it's not a clone, but a better part using same USB packets.

"No FTDI parts used!" is now an important statement to see where their parts could be used.

I have no FTDI parts, I will not knowingly buy something that has FTDI parts.
I see MFR's that continue to use FTDI parts as now supporting FTDI's bad acts.

Title: Re: FTDIgate 2.0?
Post by: Muxr on February 09, 2016, 12:55:34 am
AdaFruit did an interview with the CEO of FTDI, it's interesting to hear from him directly:

https://blog.adafruit.com/2016/02/08/exclusive-interview-with-fred-dart-ceo-of-ftdi-ftdichip-ftdi-adafruit/

Quote
Exclusive interview with Fred Dart – CEO of FTDI @FTDIChip #FTDI @adafruit

(https://blog.adafruit.com/wp-content/uploads/2016/02/51RShc6x-1.jpg)

Hey folks, we sent some questions over to Fred Dart the CEO of FTDI (website, twitter, personal twitter)… Here they are!

What is the history of FTDI? You’re the founder and CEO for 25 years, that is impressive! It would be interesting to go into some details around how FTDI started, what your motivation was for starting it, how it grew and what kind of challenges you had to overcome over its ~25 year history, etc.
Before FTDI, I ran a one-man consultancy designing PC motherboards and peripherals mainly for companies in Asia. Early designs were based on programmable logic ( PALS ) and discrete TTL, but then the focus changed to integrating much of this logic into “chipsets” which mopped up all the logic into a few ASIC devices. So, I took my existing skills and learned how to design in silicon as opposed to discrete logic. After designing a few chips for others, I decided to design and sell own branded chips and so FTDI was born.
In the early ( pre-USB ) days we designed and sold 286/386/486 PC chipsets but we were reliant on a customer base of just 2 or 3 customers including IBM at one point. This was very hard business for a small relatively unknown company of 5 people based in Scotland. When USB came along, I realised there would be a sea change in the peripheral market so I decided to move out of PC chipsets and into USB peripheral interface chips. After a false start ( USB keyboard, mice and joysticks ), we found our niche in designing legacy USB converter chips, like the USB UART bridge chips we are famous for today.

Our main challenge in the early days was lack of funding and consequentially lack of manpower resource which often resulted in time-to-market delays. The other challenge was building up a brand name as few people had heard about FTDI at that time. We were entirely self-funded and still are to this day.. It took 10 years before we finally achieved “critical mass” where we could afford to properly grow the company.

?Can you describe the product lines at FTDI and goals for the company. What would you say your mission and cause is?
We are best known for our USB interface bridge solutions such as the popular FT232R USB-UART chips + drivers. These allow an engineer to interface technologies such as USB to a UART interface without having to understand the underlying technology, USB in this case and develop and support drivers for various platforms. This methodology works well – for instance a product developed 15 years ago using our FT232B chips can run on Windows 10 as can our more modern family – same drivers. More recently we’ve been looking at innovative TFT display interfacing with our EVE object orientated ( FT8xx ) family and are moving into mass production with our brand new FT9xx 32-bit MCU family which is capable of interfacing many different technologies together.

Our common mission in all these I would say is “Bridging Technologies” aimed at providing quality solutions for engineers (and Makers) to help bring their product development to market faster and with less ongoing technical support required.

How many people do you have? How many locations, how many products sold, etc?
Currently, we employ around 130 folks worldwide in R&D, technical support, sales, purchasing, logistics, finance and admin roles. We have 5 offices worldwide in Glasgow UK, Portland US, Taipei Taiwan, Shanghai China and Singapore. Singapore is not listed on our website as it’s an R&D centre only. We sell tens of millions of chips annually, mainly USB bridge products, though we hope to grow other areas as well.

To jump right to what everyone wants to know, what happened before and currently with the FTDI drivers from Windows update regarding counterfeit chips?
The problem first appeared some time back when we were sent some samples of a Chinese made “FTDI” USB-RS232 cable that seemed to be behaving in a way we couldn’t reproduce in our lab. On testing these cables, they seemed to work and install with our drivers, however the throughput was well below what we expected and usage was not very stable. We were puzzled at first, then suspicious. The markings on the”FT232RL” chip looked correct **but** on close scrutiny not exactly so and the date code did not match our records. Desoldering the chip and looking at the markings on the bottom of the chip confirmed our suspicions –it was marked as been Made In China! Contrary to rumours I’ve seen on the internet, FTDI neither fabricate nor assemble ANY of our chips in China. We had the chips de-capped and photographed and the die inside was totally different – seemed like a MCU programmed to emulate an FT232R, whilst the real device uses interlocked state machines – hard to design but gives superior real-time performance.

We seem to have caught it early, before it spread like a cancer so, an action plan was needed starting with containment and information gathering. The counterfeit chip was totally different design to the real FT232R and basically an imperfect copy, therefore it can be caught by our drivers in several ways which you’ll understand me keeping to myself. So, action number one was to detect counterfeit chips and stop them illegally using our drivers ( they steal our USB VID and PID in order to masquerade as an FTDI chip). This in no way affects the millions of genuine FTDI users and allowed us to analyse the situation a lot better.

Why do this instead of a notice on the web page or driver?
?Genuine customers are not affected so it doesn’t help by causing a panic. We needed to analyse the situation and decide on a plan of action. Basically, what we discovered was that 90% of the problem were Arduino “bargain” copy/clone related, mainly sold on EBay, Alibaba, Amazon Marketplace by anonymous sellers. The rest was cheap “FTDI” USB RS232 cables sold likewise. I’m sure it occurs to most reasonable folks that a bargain bought in the internet version of a flea market may be cheap for a reason.

Do you see a lot of counterfeiting of your products?
Not really – it’s largely restricted to the FT232RL ( SSOP only ) and occasionally the older FT232BL.

Do you have an estimate of how many companies are using the FTDI trademark for counterfeits?

Just one or two only.

Do you have an estimate of how much business you’ve lost due to counterfeiting?

It’s really hard to put an estimate on this – I’d guess in the hundreds of thousands of dollars.

Is FTDI feeling more business/financial pressure due to counterfeiters or from competing companies?
We are ALWAYS under pressure from competitors who would love to “eat our breakfast” and we realise this. However, our reputation for providing robust USB bridge solutions help us maintain market share amongst genuine customers even though some of our competitors are large corporations. Financially, we are independent and debt-free, so we don’t worry too much on that front. Our main concern with counterfeit parts which are passed off as genuine FTDI chips is that their substandard performance and total disregard to quality will damage our hard-won reputation as people mistake these fakes for the genuine article. It’s our duty to protect ourselves and our much valued customers.

Do counterfeit chips ever make it into the ‘big disti’ network, e.g. arrow, digikey, mouser, element 14, RS etc. or is it purely gray market?
I can only speak for FTDI but in our case, the answer is definitely not. We’ve not had one single instance of a fake chip being sold by our listed sales distributor chains, most of whom we supply directly to avoid supply chain corruption. We don’t approve of the gray market as they sell fakes and real chips indiscriminately. A lot of these fakes are supplied through the infamous Shenzhen component market to the local Chinese manufacturers. Some are resold by anonymous sellers though EBay, Alibaba, BangGood etc. in small lots usually though China Post. You complain, send them cease to desist letters , but they disappear and re-appear shortly afterwards with a new identity.

How much support do you have to do for counterfeit products, do companies and customers call you with support problems due to counterfeits?
Yes, it causes a big headache for our support department – not from genuine FTDI customers of course. We’ve now made it easy to spot this by getting our latest drivers to flag any counterfeits by issuing a “Non Genuine Device” string which makes the issue obvious and saves time all round. The counterfeit device does not get harmed or re-programmed in any way – the drivers simply refuse to work with recognised counterfeit chips. Following our previous driver release, I’ve had many helpful suggestions on how the driver should respond when it finds a counterfeit chip. We can’t please everyone but the vast majority voted for this approach and that’s what we did.

What can chip companies do to stop counterfeiting? What are the issues with that?
Firstly, trademark your logo – not just the fancy one you put on your web site **but** the one you use on your chips too. We’ve worked very closely with the US customs teaching them how to identify counterfeit FTDI components and this has resulted in several shipments of fake ships to gray market re-sellers in the US being impounded and destroyed. ?Secondly, keep a tight control of your distribution chain and discourage them from supplying to gray market re-sellers.
Thirdly, should it happen, take action as soon as possible. Doing nothing makes the problem worse and harder to control.

Have you considered legal action against the counterfeiters?
?Yes, we’ve appointed a legal firm in China to represent us there and we do our best. However, you should realise that we are dealing with a professional criminal gang here who counterfeit a lot more than just one or two chips. I’m pretty sure it’s the same gang that flooded the market with fake Prolific PL2303 chips a few years ago. They are very good at covering their tracks – in order to bring them to justice you would need an inside informer or an FBI style sting operation. Chinese law leaves a lot to be desired when it comes to counterfeiting.

The new FT231 series has the same essential functionality as the FT232, but is nearly half the cost – (the older chips costs more, how does that work?).
When you have a success like the venerable FT232R, don’t sit on your laurels and let your competiton eat away at your market share. Be your own competition! The FT232R uses a older large geometry 5V process – but the great thing is, it can drive out at full 5V levels. Our X series family of which the FT231X is just one, uses a much smaller geometry process, which combined with smaller packages reduces the cost of the X series substantially. The downside – it can only drive out at 3.3V max though it has 5V tolerant inputs. We recommend the X series for new designs, but despite this, many folks prefer to stick with the tried and trusted R series. Either way, I don’t mind – it’s good to offer customers the choice. ?

Anything you’d like to tell the maker community out there?
I started off as an electronic hobbyist, what you would term a maker today, as a teenager in the early 1970’s and it’s great to see this tradition revived by the Maker community today.
The best form of education is self-education where you lean by wanting to learn as opposed to being force-fed boring facts in a classroom. I would credit Arduino in particular as instrumental in reviving the interest in DIY electronics. They generously allows derivatives of the platform to be produced under an open-source hardware licence, though sadly a few rotten apples do not keep to the spirit of the agreement. When looking for a supplier, choose one that contributes to the community in the form of extensive tutorials, drivers and examples. Our good friends at Adafruit ( and Sparkfun too ) especially come to mind – buying from them helps reward their time and effort spent to improve our education. Lastly, if you’re tempted by an internet bargain from an anonymous supplier, well ok, but don’t be disappointed if it’s not what it seems.

Title: Re: FTDIgate 2.0?
Post by: nctnico on February 09, 2016, 01:14:00 am
He basically admits FTDI can't keep the lid on the fakes and they will continue to tune their driver to detect fakes even if they get better. All in all there is no guarantee false positives will be avoided or that a fake chip can end up in the supply line (judging from batches being imported into the US this is a real threat). Still reason enough to avoid USB-UART bridges from FTDI to be absolutely sure you won't get burned.

Oh, and Fred is playing the underdog card nicely even though FTDI is a multi-million dollar company!
Title: Re: FTDIgate 2.0?
Post by: amyk on February 09, 2016, 01:18:32 am
(https://mrcn.st/t/ftdi_bitbang_vs_fake.png)
:o Are you sure you didn't get the two mixed up? Or perhaps they're both actually clones, but one passes the test enough to identify as genuine?

AFAIK the clones use a microcontroller whereas the genuine ones are a full ASIC. If true, funny to see the former beating the latter in timing stability... it's usually the other way around.
Totally sure. It's a documented errata (http://www.ftdichip.com/Support/Documents/TechnicalNotes/TN_120_FT232R%20Errata%20Technical%20Note.pdf) of the FT232R that was never fixed as far as I can tell, and there is no usable workaround (the workaround in that PDF is total bullshit, because you can't actually feed it data fast enough through USB to keep up with the max bitbang clockrate). The clone chip got it right. The errata PDF actually goes out of its way to be misleading and imply that the bug is fixed in Rev B, while it isn't - of the 3 issues documented, two say "fixed in rev B", but not the timing issue, and the Revision B section says "There are no known new functional issues specific to revision B.". I can confirm that genuine revision C chips are still bugged in bitbang mode. So, two silicon revisions later FTDI still hasn't fixed their broken bitbang mode, while the cloners got it right on the first try (as far as I can tell).

Quote from: Fred Dart - CEO of FTDI
We had the chips de-capped and photographed and the die inside was totally different – seemed like a MCU programmed to emulate an FT232R, whilst the real device uses interlocked state machines – hard to design but gives superior real-time performance.
:-DD :-DD :-DD :-DD
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 09, 2016, 01:22:46 am
He basically admits FTDI can't keep the lid on the fakes and they will continue to tune their driver to detect fakes even if they get better. All in all there is no guarantee false positives will be avoided or that a fake chip can end up in the supply line (judging from batches being imported into the US this is a real threat). Still reason enough to avoid USB-UART bridges from FTDI to be absolutely sure you won't get burned.

Oh, and Fred is playing the underdog card nicely even though FTDI is a multi-million dollar company!

I guess 10 million dollars is multi-million by definition, Fake clones cost of hundreds of thousands is just around 1% + not sure what his problem is.

Not a single fake chip on your standard distribution chains is a good thing and that does bring customer confidence.

And as for underdog, well, they are the underdog on that business.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 09, 2016, 01:24:38 am
Too bad Adafruit didn't ask him about the impact of their actions on end users and companies using Chinese contract manufacturers or about their actions on twitter...

Also he references Arduino clones being the main problem.  I didn't think any Arduino clones are using "FTDI" chips - are they?
Title: Re: FTDIgate 2.0?
Post by: Muxr on February 09, 2016, 01:34:09 am
Also he references Arduino clones being the main problem.  I didn't think any Arduino clones are using "FTDI" chips - are they?
Pretty sure most of the Arduino UNO clones use FTDI clones.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 09, 2016, 01:43:52 am
Also he references Arduino clones being the main problem.  I didn't think any Arduino clones are using "FTDI" chips - are they?
Pretty sure most of the Arduino UNO clones use FTDI clones.

None of the ones I use have FTDI or clones. A quick search of eBay shows that they all seem to be using the CH340 chip.

Also - the "genuine" Unos do not use an FTDI chip either. Me thinks this guy is a bit out of touch with that market...
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 09, 2016, 01:47:39 am
Quote
Do you see a lot of counterfeiting of your products?
Not really – it’s largely restricted to the FT232RL ( SSOP only ) and occasionally the older FT232BL.

Do you have an estimate of how much business you’ve lost due to counterfeiting?

It’s really hard to put an estimate on this – I’d guess in the hundreds of thousands of dollars.

Huh. Only hundreds of thousands? Their business is waaaay bigger than that. Seems they're taking an awful lot of risk for rather low gain.

Quote

Do you have an estimate of how many companies are using the FTDI trademark for counterfeits?

Just one or two only.

Mr. Dart lives in an alternate reality if he thinks compatibles not using the FTDI name are counterfeits rather than just, well, compatibles... Hint, he probably typed this on a descendant of an "IBM PC compatible" |O
Title: Re: FTDIgate 2.0?
Post by: Muxr on February 09, 2016, 01:50:36 am
Also he references Arduino clones being the main problem.  I didn't think any Arduino clones are using "FTDI" chips - are they?
Pretty sure most of the Arduino UNO clones use FTDI clones.

None of the ones I use have FTDI or clones. A quick search of eBay shows that they all seem to be using the CH340 chip
Hmm I checked one of mine and you're right it is a CH chip. I was just going by the first FTDI Clone Gate where it seemed the complaints mostly came from the Arduino users. I don't use Windows so I thought I wasn't impacted because of that.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 09, 2016, 01:50:55 am
(https://mrcn.st/t/ftdi_bitbang_vs_fake.png)
:o Are you sure you didn't get the two mixed up? Or perhaps they're both actually clones, but one passes the test enough to identify as genuine?

AFAIK the clones use a microcontroller whereas the genuine ones are a full ASIC. If true, funny to see the former beating the latter in timing stability... it's usually the other way around.
Totally sure. It's a documented errata (http://www.ftdichip.com/Support/Documents/TechnicalNotes/TN_120_FT232R%20Errata%20Technical%20Note.pdf) of the FT232R that was never fixed as far as I can tell, and there is no usable workaround (the workaround in that PDF is total bullshit, because you can't actually feed it data fast enough through USB to keep up with the max bitbang clockrate). The clone chip got it right. The errata PDF actually goes out of its way to be misleading and imply that the bug is fixed in Rev B, while it isn't - of the 3 issues documented, two say "fixed in rev B", but not the timing issue, and the Revision B section says "There are no known new functional issues specific to revision B.". I can confirm that genuine revision C chips are still bugged in bitbang mode. So, two silicon revisions later FTDI still hasn't fixed their broken bitbang mode, while the cloners got it right on the first try (as far as I can tell).

Quote from: Fred Dart - CEO of FTDI
We had the chips de-capped and photographed and the die inside was totally different – seemed like a MCU programmed to emulate an FT232R, whilst the real device uses interlocked state machines – hard to design but gives superior real-time performance.
:-DD :-DD :-DD :-DD

Yeah, that's an amusing one. Looks like the clones are not only better, but more intelligently designed (seriously? interlocking state machines?)! I'd take a clone any day if not for the malicious drivers...
Title: Re: FTDIgate 2.0?
Post by: Muxr on February 09, 2016, 01:53:03 am
(https://mrcn.st/t/ftdi_bitbang_vs_fake.png)
:o Are you sure you didn't get the two mixed up? Or perhaps they're both actually clones, but one passes the test enough to identify as genuine?

AFAIK the clones use a microcontroller whereas the genuine ones are a full ASIC. If true, funny to see the former beating the latter in timing stability... it's usually the other way around.
Totally sure. It's a documented errata (http://www.ftdichip.com/Support/Documents/TechnicalNotes/TN_120_FT232R%20Errata%20Technical%20Note.pdf) of the FT232R that was never fixed as far as I can tell, and there is no usable workaround (the workaround in that PDF is total bullshit, because you can't actually feed it data fast enough through USB to keep up with the max bitbang clockrate). The clone chip got it right. The errata PDF actually goes out of its way to be misleading and imply that the bug is fixed in Rev B, while it isn't - of the 3 issues documented, two say "fixed in rev B", but not the timing issue, and the Revision B section says "There are no known new functional issues specific to revision B.". I can confirm that genuine revision C chips are still bugged in bitbang mode. So, two silicon revisions later FTDI still hasn't fixed their broken bitbang mode, while the cloners got it right on the first try (as far as I can tell).

Quote from: Fred Dart - CEO of FTDI
We had the chips de-capped and photographed and the die inside was totally different – seemed like a MCU programmed to emulate an FT232R, whilst the real device uses interlocked state machines – hard to design but gives superior real-time performance.
:-DD :-DD :-DD :-DD

Yeah, that's an amusing one. Looks like the clones are not only better, but more intelligently designed (seriously? interlocking state machines?)! I'd take a clone any day if not for the malicious drivers...
Of course this also means that they might have a different set of bugs, plus, I would like to see the side by side performance and power usage measurements.

edit: also they can't be that clever if they can be perma bricked
Title: Re: FTDIgate 2.0?
Post by: retrolefty on February 09, 2016, 01:58:57 am
I think Fred made his case pretty well.  :-+

 For FTDI I think the whole thing will work out in time. I've tracked Asian Arduino clones for some years now and the solution for the Asians seem to be a CH340 chip which must be very cheap as modules like the cloned arduino nano have never been cheaper:

http://www.ebay.com/itm/USB-Nano-V3-0-ATmega328-CH340G-5V-16M-Micro-controller-board-For-Arduino-/391380712780?hash=item5b201bbd4c:g:5pwAAOSwy4hUTv2u (http://www.ebay.com/itm/USB-Nano-V3-0-ATmega328-CH340G-5V-16M-Micro-controller-board-For-Arduino-/391380712780?hash=item5b201bbd4c:g:5pwAAOSwy4hUTv2u)

 My question is, is the AVR 328P a non-fake? How cheap can they buy real 328P chips and a CH340 USB serial convertor and still be able to sell the module for $2.20 with free shipment. Amazing.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 09, 2016, 02:00:15 am
Of course, any new implementation has its own bugs, I was being mostly facetious. As for bricking, wasn't "FTDIgate 1.0" exploiting a feature of all FT232 chips (customizable VID/PID) to "brick" them?
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 09, 2016, 02:01:35 am
Fake AVRs is an interesting question. Chips like FT232 are usually faked by programming a microcontroller to emulate them, as seen here, but that's not exactly going to work for an AVR, is it? I wonder how they manage to efficiently counterfeit actual microcontrollers (and really, in what sort of volume that goes on...)
Title: Re: FTDIgate 2.0?
Post by: Muxr on February 09, 2016, 02:05:38 am
I think Fred made his case pretty well.  :-+

 For FTDI I think the whole thing will work out in time. I've tracked Asian Arduino clones for some years now and the solution for the Asians seem to be a CH340 chip which must be very cheap as modules like the cloned arduino nano have never been cheaper:

http://www.ebay.com/itm/USB-Nano-V3-0-ATmega328-CH340G-5V-16M-Micro-controller-board-For-Arduino-/391380712780?hash=item5b201bbd4c:g:5pwAAOSwy4hUTv2u (http://www.ebay.com/itm/USB-Nano-V3-0-ATmega328-CH340G-5V-16M-Micro-controller-board-For-Arduino-/391380712780?hash=item5b201bbd4c:g:5pwAAOSwy4hUTv2u)

 My question is, is the AVR 328P a non-fake? How cheap can they buy real 328P chips and a CH340 USB serial convertor and still be able to sell the module for $2.20 with free shipment. Amazing.
Yeah that price is unbelievable. I always wonder about that. I think recently though I found out that the shipping is subsidized by the Chinese government. Which explains the shipping part, but the chip must be fake, although in 2500 quantity on Mouser it's only $1.60. So it is possible that they are getting them for half that on the secondary market.

edit: wait that's an auction though, the going price on Ebay is more like $7.25, so quite plausible: http://www.ebay.com/itm/MINI-USB-Nano-V3-0-ATmega328P-CH340G-5V-16M-Micro-controller-board-Arduino-/191759577435?hash=item2ca5c2f15b:g:Be4AAOSwp5JWbiLn (http://www.ebay.com/itm/MINI-USB-Nano-V3-0-ATmega328P-CH340G-5V-16M-Micro-controller-board-Arduino-/191759577435?hash=item2ca5c2f15b:g:Be4AAOSwp5JWbiLn)
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 09, 2016, 02:08:18 am
I think Fred made his case pretty well.  :-+

He made the case for why counterfeit chips are bad - which I don't think anyone here disputes. Unfortunately he didn't address any of the issues and criticisms that their method of combating clones has raised.


Quote
I've tracked Asian Arduino clones for some years now and the solution for the Asians seem to be a CH340 chip which must be very cheap as modules like the cloned arduino nano have never been cheaper:

Were Arduino clones using "FTDI" chips in the past?  The oldest ones I have are 3-4 years old and they don't.


Quote
My question is, is the AVR 328P a non-fake? How cheap can they buy real 328P chips and a CH340 USB serial convertor and still be able to sell the module for $2.20 with free shipment. Amazing.

Yeah, I agree - it's truly amazing.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 09, 2016, 02:10:31 am
Mr. Dart lives in an alternate reality if he thinks compatibles not using the FTDI name are counterfeits rather than just, well, compatibles... Hint, he probably typed this on a descendant of an "IBM PC compatible" |O
Actually he started his business by making chips for IBM clones. Oh the irony!
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 09, 2016, 02:17:52 am
Oh that's hilarious.
Title: Re: FTDIgate 2.0?
Post by: Muxr on February 09, 2016, 02:17:57 am
When people say Arduino they usually mean Arduino One R3. While this one doesn't actually use the AtMega328PU DIP part the original uses, it is certainly the most popular:

http://www.ebay.com/itm/NEW-UNO-R3-ATmega328P-CH340-Mini-USB-Board-for-Compatible-Arduino-/311155383820?hash=item48724e5e0c:g:QKMAAOSwdpxUU0UP (http://www.ebay.com/itm/NEW-UNO-R3-ATmega328P-CH340-Mini-USB-Board-for-Compatible-Arduino-/311155383820?hash=item48724e5e0c:g:QKMAAOSwdpxUU0UP)

16,566 sold holy cow, and it uses the CH340 chip. Still though at $3.50 it is still amazing. The $2.80 shipping fee doesn't get charged multiple times if you order multiple.
Title: Re: FTDIgate 2.0?
Post by: station240 on February 09, 2016, 08:19:29 am
AdaFruit did an interview with the CEO of FTDI, it's interesting to hear from him directly:

https://blog.adafruit.com/2016/02/08/exclusive-interview-with-fred-dart-ceo-of-ftdi-ftdichip-ftdi-adafruit/

Quote
Exclusive interview with Fred Dart – CEO of FTDI @FTDIChip #FTDI @adafruit


Do you have an estimate of how much business you’ve lost due to counterfeiting?

It’s really hard to put an estimate on this – I’d guess in the hundreds of thousands of dollars.

Hahaha, he screwed his company's repulation over hundreds of thousands of dollars.
Most companies wouldn't go to this much trouble for sums less than a million.

Anyone want to do an educated guess to work out how many chips that could be ?
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 09, 2016, 08:56:53 am
Hahaha, he screwed his company's repulation over hundreds of thousands of dollars.
Most companies wouldn't go to this much trouble for sums less than a million.

Anyone want to do an educated guess to work out how many chips that could be ?

They sell tens of millions and have a profit of 10 million or so. So about 100 thousand fake chips plus support costs.

Or 1% which I was joking on being small, because it's pretty big.
Title: Re: FTDIgate 2.0?
Post by: westfw on February 09, 2016, 09:11:33 am
Quote
I didn't think any Arduino clones are using "FTDI" chips - are they?
For quite a while Arduino Nano clones used FTDI (or counterfeit FTDI) chips.   The official Nanos were rather overpriced (IMO), so the clones were very popular. It's even possible that some of the "genuine" Nanos had fake FTDIs; during FTDUGate1, most of the complaints I heard were from people with Nanos, and some of them had purchased their boards through reputable distributors.  (Note that the Nano was originally manufactured by a separate company: Gravitech.)   Nowadays, Genuine Nano's are apparently being made by Arduino SRL, and most of the clones have move to CH340g chips (incidentally making them derivatives rather than clones.)
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 09, 2016, 03:38:55 pm
Also he references Arduino clones being the main problem.  I didn't think any Arduino clones are using "FTDI" chips - are they?
Pretty sure most of the Arduino UNO clones use FTDI clones.

Wrong. Not a single one. The clones use either an  Atmel 16U2 or the CH340G. I have NEVER seen an UNO using a  FTDI, real or fake.

Title: Re: FTDIgate 2.0?
Post by: Muxr on February 09, 2016, 04:02:53 pm
Also he references Arduino clones being the main problem.  I didn't think any Arduino clones are using "FTDI" chips - are they?
Pretty sure most of the Arduino UNO clones use FTDI clones.

Wrong. Not a single one. The clones use either an  Atmel 16U2 or the CH340G. I have NEVER seen an UNO using a  FTDI, real or fake.
You're probably right, but I've definitely seen Uno clones using FTDI. Like freeduino for instance: http://www.freeduino.org/freeduino_open_designs.html (http://www.freeduino.org/freeduino_open_designs.html)
This one as well:
http://osepp.com/wp-content/uploads/2012/06/unor3plus_new.jpg (http://osepp.com/wp-content/uploads/2012/06/unor3plus_new.jpg)
http://www.ebay.com/itm/Olimex-olimexino-328-Industrial-Arduino-Uno-R3-Compatible-Arduinos-con-Ftdi-/271124265959?_ul=BO&nma=true&si=D7IjNuwkE3IhdFLgSeHlXuMdhAY%253D&orig_cvip=true&rt=nc&_trksid=p2047675.l2557 (http://www.ebay.com/itm/Olimex-olimexino-328-Industrial-Arduino-Uno-R3-Compatible-Arduinos-con-Ftdi-/271124265959?_ul=BO&nma=true&si=D7IjNuwkE3IhdFLgSeHlXuMdhAY%253D&orig_cvip=true&rt=nc&_trksid=p2047675.l2557)
Title: Re: FTDIgate 2.0?
Post by: Seekonk on February 09, 2016, 04:20:32 pm
I just bought a few items and made a conscious effort to make sure it didn't contain FTDI, real or fake.  Not outraged, just don't want to have to deal with it now or in the future.  That feeling will stick with me.  Just like I don't care for any 555 circuits from 40 years ago.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 09, 2016, 05:36:17 pm
Mr. Dart lives in an alternate reality if he thinks compatibles not using the FTDI name are counterfeits rather than just, well, compatibles... Hint, he probably typed this on a descendant of an "IBM PC compatible" |O
Actually he started his business by making chips for IBM clones. Oh the irony!

Did he start his business as a counterfeiter?
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 09, 2016, 06:00:51 pm
Just like the FT232 clones he didn't copy the chips themselves but made functional equivalents and he must have put '100% IBM' compatible on his PC chipset products for them to sell.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 09, 2016, 06:44:10 pm
Mr. Dart lives in an alternate reality if he thinks compatibles not using the FTDI name are counterfeits rather than just, well, compatibles... Hint, he probably typed this on a descendant of an "IBM PC compatible" |O
Actually he started his business by making chips for IBM clones. Oh the irony!

Did he start his business as a counterfeiter?

You don't read, do you? He clearly considers chips that are compatible with FT232 to be "counterfeits", whether or not they claim to be FTDI.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 09, 2016, 06:45:41 pm
Just like the FT232 clones he didn't copy the chips themselves but made functional equivalents and he must have put '100% IBM' compatible on his PC chipset products for them to sell.

True, but...
Quote
In the early( pre-USB ) days we designed and sold 286/386/486 PC chipsets but we were reliant on a customer base of just 2 or 3 customers including IBM at one point.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 09, 2016, 07:08:43 pm
I guess IBM counted their losses at some point because you better run when confronted with a tsunami. By the time the 80286 came out IBM wasn't a big player on the PC market anyway and who says FTDI made PC chips for IBM?
Title: Re: FTDIgate 2.0?
Post by: timb on February 09, 2016, 10:04:14 pm

I guess IBM counted their losses at some point because you better run when confronted with a tsunami. By the time the 80286 came out IBM wasn't a big player on the PC market anyway and who says FTDI made PC chips for IBM?

The CEO said it in the interview. It's at the start of it. He talks about how he started out designing PC Motherboard chips using PALs (basically combining a bunch of discrete TTL logic into a single chip). This was at a time when motherboards were just transitioning from all discrete to single purpose chipsets.

He says they had about 3 main customers, IBM being one of them. I think Compaq was another, as the Compaq Portable III (a 286 class machine) has PAL chips with FTDI markings on them.

Either way, it's very ironic that they started out selling chips to PC Compatible manufacturers and now they're loosing their shit over FTDI compatible chips.
Title: Re: FTDIgate 2.0?
Post by: marcan on February 10, 2016, 04:38:35 am
Quote
The counterfeit chip was totally different design to the real FT232R and basically an imperfect copy, therefore it can be caught by our drivers in several ways which you’ll understand me keeping to myself.
LOL, he still thinks their detection logic is some kind of secret.

Quote
So, action number one was to detect counterfeit chips and stop them illegally using our drivers ( they steal our USB VID and PID in order to masquerade as an FTDI chip).
Except using your driver (and your VID/PID) is not illegal. Just because you don't like it doesn't make it illegal.

Quote
We’ve worked very closely with the US customs teaching them how to identify counterfeit FTDI components and this has resulted in several shipments of fake ships to gray market re-sellers in the US being impounded and destroyed.
Now if only you'd stuck to that instead of playing games with your driver!

Quote
When you have a success like the venerable FT232R, don’t sit on your laurels and let your competiton eat away at your market share.
... but apparently you go through two silicon revisions without fixing a major errata. A major errata which the "counterfeit" chips fix.
Title: Re: FTDIgate 2.0?
Post by: westfw on February 10, 2016, 06:51:42 am
Quote
Pretty sure most of the Arduino UNO clones use FTDI clones.
Quote
  Wrong. Not a single one.
http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/ (http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/) Used (uses?) an FTDI.  I think a fake one too.  They weren't particularly cheap, and were sold via some retail chains (Fry's Electronics, in particular), indicating a substantial marketing effort, rather than a mom&pop eBay store.
http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/ (http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/)
Title: Re: FTDIgate 2.0?
Post by: westfw on February 10, 2016, 06:55:42 am
Quote
Except using your driver (and your VID/PID) is not illegal.
I'm pretty sure that this is in violation of assorted pieces of business, contract, and Intellectual property law.  The license terms of the FTDI driver only allow it to be used with FTDI chips.
Title: Re: FTDIgate 2.0?
Post by: filssavi on February 10, 2016, 07:16:15 am
Quote
Except using your driver (and your VID/PID) is not illegal.
I'm pretty sure that this is in violation of assorted pieces of business, contract, and Intellectual property law.  The license terms of the FTDI driver only allow it to be used with FTDI chips.

Well that depends in the country you are in, in the US i dont know but i'm prine to think you are right, in other countries (like Italy) which have a totally differenti legale system producer's can't put  anything they want in EULA's but most of if holds no legal value whatsoever, since if it goes against a right garanted by law it's the eula to be moot, not the law


And i'm sure that once you give me the driver i can di whatever the hell pleases me with that, it's even legal to decompile and reverse engineer if it's for compatibility purposes
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 10, 2016, 07:30:40 am
Well that depends in the country you are in, in the US i dont know but i'm prine to think you are right, in other countries (like Italy) which have a totally differenti legale system producer's can't put  anything they want in EULA's but most of if holds no legal value whatsoever, since if it goes against a right garanted by law it's the eula to be moot, not the law


And i'm sure that once you give me the driver i can di whatever the hell pleases me with that, it's even legal to decompile and reverse engineer if it's for compatibility purposes

Italy is probably the #1 country in counterfeit enforcement, regardless on reverse engineering of software.

But granted, they probably focus more on other things than counterfeit electronic chips. But the law makes it pretty illegal to import any kind of counterfeit goods (electronic or not)


Title: Re: FTDIgate 2.0?
Post by: ve7xen on February 10, 2016, 07:34:33 am
Quote
Except using your driver (and your VID/PID) is not illegal.
I'm pretty sure that this is in violation of assorted pieces of business, contract, and Intellectual property law.  The license terms of the FTDI driver only allow it to be used with FTDI chips.

Business/contract law:

I don't think it's ever been tested, but I find it hard to believe that a sane legal system would grant a fiat monopoly on a 16-bit integer (VID) to an organization. USB-IF is self-proclaimed and has no legal authority over the use of VIDs other than contracts their members may have signed and their USB trademarks. I don't know if the cloners are infringing on the USB trademarks, but I think that is an entirely unrelated matter to the use of VIDs they did not register with a standards body. IP law has gone sort of insane in North America in the past couple of decades, but reverse engineering and interoperability are still somewhat protected. IANAL, but in the spirit of the IP law and other judgements about protocol reversing and the like, I would think that VID use for interop purposes is probably allowed, and my personal opinion is that it should be. Reverse engineering and compatible products are an important part of a healthy competitive market IMHO.

Copyright:

The license terms of the FTDI driver are irrelevant to the cloners, even if EULAs were worth the bits they were stored with. The chip makers don't need to ever agree to them, in principle. It is the end user that uses the driver (though they don't need to agree to them either, since it's silently installed by Windows). Nor do the clone companies need to "copy" the driver such that copyright would be invoked, since the user can get it directly from FTDI, who is obviously licensed to copy their own code.


Legally my take is that both sides are mostly in the clear. If there are counterfeit chips with FTDI markings there might be a trademark case, but that doesn't mean the existence of clones is not allowed. I do not believe there would be a strong copyright or trade secret case. There may be patents involved, but since the CEO himself admits they have implemented the design in a completely different way, I doubt they are in play.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 10, 2016, 07:37:00 am
Just like the FT232 clones he didn't copy the chips themselves but made functional equivalents and he must have put '100% IBM' compatible on his PC chipset products for them to sell.

That's not counterfeiting.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 10, 2016, 07:38:38 am
Either way, it's very ironic that they started out selling chips to PC Compatible manufacturers and now they're loosing their shit over FTDI compatible chips.

Nope, he's talking about counterfeiting. You know, the fake chips that carries the FDTI logo.
Title: Re: FTDIgate 2.0?
Post by: marcan on February 10, 2016, 07:39:12 am
Quote
Except using your driver (and your VID/PID) is not illegal.
I'm pretty sure that this is in violation of assorted pieces of business, contract, and Intellectual property law.  The license terms of the FTDI driver only allow it to be used with FTDI chips.
The FTDI driver EULA has zero legal validity, because it is distributed for free with Windows Update and there is no click-through agreement. EULAs apply to the end user. The end user doesn't get to see the FTDI driver's EULA when Windows installs it for them automatically - in fact, I think that version of the driver bundle doesn't have an EULA attached to it at all (even invisibly), it would just be the .inf and .sys files. The EULA has absolutely no bearing whatsoever on a manufacturer of silicon that just happens to share the same interface and VID/PID. Absent an EULA that is actually visible and agreed to, the FTDI driver is only protected by copyright - and copyright says absolutely nothing about what you can use software for, only how you can distribute it. And it's Microsoft doing the distributing here.

If FTDI only distributed their driver with an installer with a click-through EULA, then they might have a case against users who use the driver with non-FTDI hardware (not the manufacturer! the users!). Maybe. In some countries. The legal standing of EULAs is extremely variable. But since it is distributed through Windows Update, this doesn't apply.

USB VIDs and PIDs are not intellectual property. They are not trade secrets. They have absolutely zero inherent legal protection. They are just numbers. The only legal protection they have is granted by the USB-IF's logo usage agreement, that says that you can't put the official USB logo on a piece of hardware that doesn't have a legitimately acquired and used VID/PID (roughly speaking). Therefore, as long as the clones, and products using the clones, do not use the official USB logo (and of course don't use the FTDI logo either), there is absolutely nothing legally wrong with them, and nothing legally wrong with using them with the FTDI driver supplied via Windows Update.

FTDI can kick and scream all they want, but the law doesn't guarantee anyone a market, a monopoly, or exclusivity and control over your products. There is copyright protection, there is trademark protection, there are patents (not discussed here), and there is contract law. Without a contract (EULA), with no trademark infringement (FTDI and USB logos), and with no copying done by anyone other than Microsoft, they have nothing else to stand on.
Title: Re: FTDIgate 2.0?
Post by: Ian.M on February 10, 2016, 07:52:28 am
^ *THIS* ^

FTDI's only internationally accepted universal legal remedy is to 'take their ball and go home' i.e. to make their driver refuse to work with non-FTDI chips.  Its the fact that they've additionally deliberately tampered with 3rd party hardware (original FTDIgate) without seeking permission from the user, and now tampered with the user's data on the wire that has resulted in the mass outrage.

Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 10, 2016, 08:16:08 am
A google search for

ftdi "non genuine device found"

returns 10 pages of results, hardly a mass outrage.

Edit: 22 pages if you include all languages around the planet.
Title: Re: FTDIgate 2.0?
Post by: Boomerang on February 10, 2016, 08:21:21 am
the updated driver is only on Windows 10 or also on W8 and W7 ?
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 10, 2016, 09:45:16 am
A google search for

ftdi "non genuine device found"

returns 10 pages of results, hardly a mass outrage.

Edit: 22 pages if you include all languages around the planet.
1,400 results, but if you search for "serial port not working" it is 24 million results. How many people know it is a serial port, but not that a FTDI driver sends this specific message which causes the problem? But right, FTDI gate 1.0 was worse, 37,800 results for "FTDI brick".
Title: Re: FTDIgate 2.0?
Post by: janoc on February 10, 2016, 09:59:46 am
Quote
Pretty sure most of the Arduino UNO clones use FTDI clones.
Quote
  Wrong. Not a single one.
http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/ (http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/) Used (uses?) an FTDI.  I think a fake one too.  They weren't particularly cheap, and were sold via some retail chains (Fry's Electronics, in particular), indicating a substantial marketing effort, rather than a mom&pop eBay store.
http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/ (http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/)

That is not a genuine Arduino, but a clone/compatible board.

The old Arduinos did use FTDI chips, though:
(http://i.imgur.com/dgd5wFi.jpg)

That is a genuine Arduino NG I bought directly from Italy, years ago. It is the first board that had USB (the original Arduino had an RS232 serial port). The FTDI chip is well recognizable. The Dueminalove and Diecimila that followed had FTDI as well:

https://www.arduino.cc/en/Main/Boards (https://www.arduino.cc/en/Main/Boards)

Uno an onwards had the ATMega8u2.

They have also sold USB-UART adapters for the boards without them (Pro Mini, for ex.) using the FTDI chips :
https://www.arduino.cc/en/Main/MiniUSB (https://www.arduino.cc/en/Main/MiniUSB)

Title: Re: FTDIgate 2.0?
Post by: filssavi on February 10, 2016, 11:02:18 am

Italy is probably the #1 country in counterfeit enforcement, regardless on reverse engineering of software.

But granted, they probably focus more on other things than counterfeit electronic chips. But the law makes it pretty illegal to import any kind of counterfeit goods (electronic or not)

you are mixing 2 things here

counterfeit enforcement is one thing, and it applies only if some kind of logo is used improperly (and here it might as well be the case)

usb's VID/PID are not a logo, they arent trademarked, they aren't trade secret they just are 2 numbers, of a well known and used protocol, as souch you cant ask the police to raid a wharehouse only because the IC's in there use that PIC/VID pair, (if they have your logo on them it's different) if you get them right bingo!! you talk with wathever driver you like, whether or not the driver responds is another can of worms (as stated 10 milion times FTDI can just refuse to talk to counterfeits)


if this problem is so bad for them, why don't they put a crypto hash based challenge/response authentication mechanism in their IC's? and discontinue the old one that doesn't have that (engineering wise is not that difficoult, you could even use C-to-HDL ans use a standard sha2 implementation, since it need not to be that fast)
Title: Re: FTDIgate 2.0?
Post by: amyk on February 10, 2016, 12:22:43 pm
Quote
Except using your driver (and your VID/PID) is not illegal.
I'm pretty sure that this is in violation of assorted pieces of business, contract, and Intellectual property law.  The license terms of the FTDI driver only allow it to be used with FTDI chips.

Business/contract law:

I don't think it's ever been tested, but I find it hard to believe that a sane legal system would grant a fiat monopoly on a 16-bit integer (VID) to an organization. USB-IF is self-proclaimed and has no legal authority over the use of VIDs other than contracts their members may have signed and their USB trademarks. I don't know if the cloners are infringing on the USB trademarks, but I think that is an entirely unrelated matter to the use of VIDs they did not register with a standards body. IP law has gone sort of insane in North America in the past couple of decades, but reverse engineering and interoperability are still somewhat protected. IANAL, but in the spirit of the IP law and other judgements about protocol reversing and the like, I would think that VID use for interop purposes is probably allowed, and my personal opinion is that it should be. Reverse engineering and compatible products are an important part of a healthy competitive market IMHO.

Copyright:

The license terms of the FTDI driver are irrelevant to the cloners, even if EULAs were worth the bits they were stored with. The chip makers don't need to ever agree to them, in principle. It is the end user that uses the driver (though they don't need to agree to them either, since it's silently installed by Windows). Nor do the clone companies need to "copy" the driver such that copyright would be invoked, since the user can get it directly from FTDI, who is obviously licensed to copy their own code.


Legally my take is that both sides are mostly in the clear. If there are counterfeit chips with FTDI markings there might be a trademark case, but that doesn't mean the existence of clones is not allowed. I do not believe there would be a strong copyright or trade secret case. There may be patents involved, but since the CEO himself admits they have implemented the design in a completely different way, I doubt they are in play.
Further reading... I posted these links before but they may have gotten lost in all the posts:

https://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984
https://en.wikipedia.org/wiki/Lexmark_International,_Inc._v._Static_Control_Components,_Inc.
https://en.wikipedia.org/wiki/Sega_v._Accolade
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 10, 2016, 01:20:01 pm
Quote
Pretty sure most of the Arduino UNO clones use FTDI clones.
Quote
  Wrong. Not a single one.
http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/ (http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/) Used (uses?) an FTDI.  I think a fake one too.  They weren't particularly cheap, and were sold via some retail chains (Fry's Electronics, in particular), indicating a substantial marketing effort, rather than a mom&pop eBay store.
http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/ (http://osepp.com/products/arduino-compatible-boards/uno-r3-plus/)

That is not a genuine Arduino, but a clone/compatible board.

The old Arduinos did use FTDI chips, though:
(http://i.imgur.com/dgd5wFi.jpg)

That is a genuine Arduino NG I bought directly from Italy, years ago. It is the first board that had USB (the original Arduino had an RS232 serial port). The FTDI chip is well recognizable. The Dueminalove and Diecimila that followed had FTDI as well:

https://www.arduino.cc/en/Main/Boards (https://www.arduino.cc/en/Main/Boards)

Uno an onwards had the ATMega8u2.

They have also sold USB-UART adapters for the boards without them (Pro Mini, for ex.) using the FTDI chips :
https://www.arduino.cc/en/Main/MiniUSB (https://www.arduino.cc/en/Main/MiniUSB)

That's not an UNO.  That's a NG. There are no UNO clones using an FTDI, and my previous statement was directed specifically at the UNOs.

The UNO necessarily uses a 16U2. If it features anything other than that, it's not a clone, but a derivative.

I have a clone of the UNO, with a 16U2. It has all the right silk screens, except for the "Made In Italy". That's what gives away the fact that it's not a genuine Arduino.
Title: Re: FTDIgate 2.0?
Post by: rrinker on February 10, 2016, 05:48:03 pm
 The Uno clone I have uses a CH340g. I was surprised to see that. That makes it not a total clone, as there would be some things that can't be done without that second Atmel. But it so far works with anything I've tried, including serial comms.

Title: Re: FTDIgate 2.0?
Post by: janoc on February 10, 2016, 07:39:40 pm
That's not an UNO.  That's a NG. There are no UNO clones using an FTDI, and my previous statement was directed specifically at the UNOs.

The UNO necessarily uses a 16U2. If it features anything other than that, it's not a clone, but a derivative.

Clones (as in exact copies) no, because there cannot be such a thing without using the Atmega16u2/8u2. Code needing that wouldn't work (like the various USB HID hacks).

However, that is pretty much nitpicking, IMO. When people speak about "UNO", they are usually referring to anything from NG, Leonardo to real UNO and their copies/derivatives - i.e. the form factor (as opposed to e.g. Mega, Pro mini, Nano, etc), not the exact parts on the boards.



Title: Re: FTDIgate 2.0?
Post by: C on February 10, 2016, 08:53:42 pm

Unless there is some new tech that I have not seen

Software drivers do not have EYEs, they can not read what is written on a chip.

Marcan found one chip that works better than FTDI in bitbang mode?

Anyone find a Fred Dart bad chip?
How chip is labeled does not count as driver can not see that.
One that acts in a bad way on the outputs of chip for example?
 
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 10, 2016, 09:27:18 pm
It's pretty clear that while there may have been some early Arduino's using FTDI chips, currently (and in the past few years I believe) the vast majority have not.  In fact I think one would be hard pressed to find an Arduino clone or derivative on eBay or AliExpress using an "FTDI" chip - though as others have pointed out there are still a few around.

Therefore I find Mr. Dart's statement very curious:
Quote
Basically, what we discovered was that 90% of the problem were Arduino “bargain” copy/clone related, mainly sold on EBay, Alibaba, Amazon Marketplace by anonymous sellers.
.
Is he just out of touch with the end user market for his chips or what?
Title: Re: FTDIgate 2.0?
Post by: dadler on February 10, 2016, 09:27:37 pm
Here is a nano clone with a fake FTDI chip:

http://axotron.se/blog/non-functional-arduinos-from-banggood-com/ (http://axotron.se/blog/non-functional-arduinos-from-banggood-com/)
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 15, 2016, 01:13:07 pm
That's not an UNO.  That's a NG.

 There are no UNO clones using an FTDI, and my previous statement was directed specifically at the UNOs.

The UNO necessarily uses a 16U2. If it features anything other than that, it's not a clone, but a derivative.

Clones (as in exact copies) no, because there cannot be such a thing without using the Atmega16u2/8u2. Code needing that wouldn't work (like the various USB HID hacks).

However, that is pretty much nitpicking, IMO. When people speak about "UNO", they are usually referring to anything from NG, Leonardo to real UNO and their copies/derivatives - i.e. the form factor (as opposed to e.g. Mega, Pro mini, Nano, etc), not the exact parts on the boards.

Really? People say UNO when they mean a Leonardo ? Ouch. That is like saying I have a Fiat 500 when in reality I have a Mini Cooper.

An UNO is one thing (uses a 16U2, has 3V3 regulator), and a NG is an entirely different thing (uses FTDI, only 5V). They were even shipped with different bootloaders.

C'mon, people, "UNO" is not a generic name for an Arduino. It is a specific model. 
Title: Re: FTDIgate 2.0?
Post by: retrolefty on February 15, 2016, 02:21:06 pm
That's not an UNO.  That's a NG.

 There are no UNO clones using an FTDI, and my previous statement was directed specifically at the UNOs.

The UNO necessarily uses a 16U2. If it features anything other than that, it's not a clone, but a derivative.

Clones (as in exact copies) no, because there cannot be such a thing without using the Atmega16u2/8u2. Code needing that wouldn't work (like the various USB HID hacks).

However, that is pretty much nitpicking, IMO. When people speak about "UNO", they are usually referring to anything from NG, Leonardo to real UNO and their copies/derivatives - i.e. the form factor (as opposed to e.g. Mega, Pro mini, Nano, etc), not the exact parts on the boards.

Really? People say UNO when they mean a Leonardo ? Ouch. That is like saying I have a Fiat 500 when in reality I have a Mini Cooper.

An UNO is one thing (uses a 16U2, has 3V3 regulator), and a NG is an entirely different thing (uses FTDI, only 5V). They were even shipped with different bootloaders.

C'mon, people, "UNO" is not a generic name for an Arduino. It is a specific model.

 Well not totally specific. Even the 'UNO' model is currently at hardware revision 3. My first arduino was a 'cloned bare PCB with RS-232 nine pin connector model with a 168 chip but could be upgraded to the 328 when they first were released. But the need to be specific to many questions one has to keep in mind that the term arduino board can even be a 32 bit ARM based board that the IDE supports.
Title: Re: FTDIgate 2.0?
Post by: Kilrah on February 15, 2016, 02:30:13 pm
C'mon, people, "UNO" is not a generic name for an Arduino. It is a specific model.

The UNO necessarily uses a 16U2. If it features anything other than that, it's not a clone, but a derivative.
No the "UNO" uses an atmega328 ;)
The "UNO R3" uses a 16u2.

They sure haven't helped make it less confusing when reusing model names.
Title: Re: FTDIgate 2.0?
Post by: AlxDroidDev on February 15, 2016, 04:13:32 pm
No the "UNO" uses an atmega328 ;)
The "UNO R3" uses a 16u2.

I think you're mixing the chips.

Both use the Atmega328 as the main microcontroller.

The original UNO uses the Atmel  8U2 as the USB-to-UART brigdge. The current version of the UNO, R3, uses the Atmel 16U2 as the USB-to-UART bridge.

This is the reason the UNO has 2 ICSP pots: one for the 328 microcontroller, and one for the 8U2/16U2 microcontroller being used for USB bridge.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 15, 2016, 05:01:50 pm
And now this thread has turned into discussing what should be on a pepperoni pizza...  :palm:
Title: Re: FTDIgate 2.0?
Post by: Kilrah on February 15, 2016, 05:28:55 pm
Oh yep, sorry...
Title: Re: FTDIgate 2.0?
Post by: os40la on February 15, 2016, 10:57:48 pm
cheese and pepperoni at least...  ;D  Sorry I couldn't resist.

Why don't we start a open source crowd/fund for a nice driver from the clones. If we put as much effort into writing the driver as we spend talking about it then this could top the FTDI driver..   >:D
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 16, 2016, 10:47:13 pm
And how much do you have to pay microsoft for the right to install it on production PCs ? (get a cert)
Title: Re: FTDIgate 2.0?
Post by: janoc on February 16, 2016, 10:55:46 pm
And how much do you have to pay microsoft for the right to install it on production PCs ? (get a cert)

A driver signing cert is AFAIK few hundred USD.
https://www.digicert.com/code-signing/driver-signing-certificates.htm (https://www.digicert.com/code-signing/driver-signing-certificates.htm)

$178/year, the signed code remains valid even after the year - you just can't sign any more code until you pay the fee again. They aren't exactly making a killing on these - the prices are similar for other types of certs elsewhere (e.g. for SSL for a website).

Title: Re: FTDIgate 2.0?
Post by: marcan on February 17, 2016, 06:43:48 am
Starting with Windows 10 you need an EV certificate for code signing drivers, which is more expensive (https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates/) (and a bureaucratic hassle - needs real identity/address verification, private key is on a USB token, etc).

They aren't exactly making a killing on these - the prices are similar for other types of certs elsewhere (e.g. for SSL for a website).
SSL certificates for websites (or any other kind of Internet server) are free (https://letsencrypt.org) for everybody.
Title: Re: FTDIgate 2.0?
Post by: amyk on February 17, 2016, 11:12:16 am
I believe it's actually much easier to install unsigned drivers on the newer versions of Windows - just boot into "unsigned driver mode" by pressing a key at the boot screen, install the driver, then reboot and it'll keep working.
Title: Re: FTDIgate 2.0?
Post by: gmb42 on February 17, 2016, 12:21:25 pm
Starting with Windows 10 you need an EV certificate for code signing drivers, which is more expensive (https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates/) (and a bureaucratic hassle - needs real identity/address verification, private key is on a USB token, etc).

OT, but needs to be clarified.

This isn't exactly correct, although MS haven't been as precise as possible when enumerating what you do need and when.

If your driver isn't required for boot, i.e. actually need to boot the OS so some sort of filesystem driver, then you don't need an EV cert, even for Windows 10.

What you do need is a code-signing cert that has a valid cross signing chain back to the MS Code Verification Root (MS CVR) certificate, which has always been the case for signing kernel mode drivers for XP x64 onwards.

Signatures with such certificates will be valid until the MS CVR certs expire, which for my companies cert (issued in Nov 2015) is Nov 1st 2025 for the MS CVR, and Apr 15th 2021 for the corresponding CA cert.

This is assuming is that MS don't revoke the MS CVR and they don't change the rules to enforce use of an EV certificate and attestation signing for non-boot drivers.
Title: Re: FTDIgate 2.0?
Post by: timb on February 17, 2016, 10:58:24 pm

Starting with Windows 10 you need an EV certificate for code signing drivers, which is more expensive (https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates/) (and a bureaucratic hassle - needs real identity/address verification, private key is on a USB token, etc).

OT, but needs to be clarified.

This isn't exactly correct, although MS haven't been as precise as possible when enumerating what you do need and when.

If your driver isn't required for boot, i.e. actually need to boot the OS so some sort of filesystem driver, then you don't need an EV cert, even for Windows 10.

What you do need is a code-signing cert that has a valid cross signing chain back to the MS Code Verification Root (MS CVR) certificate, which has always been the case for signing kernel mode drivers for XP x64 onwards.

Signatures with such certificates will be valid until the MS CVR certs expire, which for my companies cert (issued in Nov 2015) is Nov 1st 2025 for the MS CVR, and Apr 15th 2021 for the corresponding CA cert.

This is assuming is that MS don't revoke the MS CVR and they don't change the rules to enforce use of an EV certificate and attestation signing for non-boot drivers.

Jesus... And people say OS X is a "Walled Garden"!
Title: Re: FTDIgate 2.0?
Post by: gmb42 on February 18, 2016, 12:20:40 am

Starting with Windows 10 you need an EV certificate for code signing drivers, which is more expensive (https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates/) (and a bureaucratic hassle - needs real identity/address verification, private key is on a USB token, etc).

OT, but needs to be clarified.

This isn't exactly correct, although MS haven't been as precise as possible when enumerating what you do need and when.

If your driver isn't required for boot, i.e. actually need to boot the OS so some sort of filesystem driver, then you don't need an EV cert, even for Windows 10.

What you do need is a code-signing cert that has a valid cross signing chain back to the MS Code Verification Root (MS CVR) certificate, which has always been the case for signing kernel mode drivers for XP x64 onwards.

Signatures with such certificates will be valid until the MS CVR certs expire, which for my companies cert (issued in Nov 2015) is Nov 1st 2025 for the MS CVR, and Apr 15th 2021 for the corresponding CA cert.

This is assuming is that MS don't revoke the MS CVR and they don't change the rules to enforce use of an EV certificate and attestation signing for non-boot drivers.

Jesus... And people say OS X is a "Walled Garden"!

On the contrary, what's wrong with having drivers signed by a method that can be validated by the kernel loader that they are the same files that the vendor released?  Anyone can create them, the price of entry (for a non-boot driver) is the cost of a code signing cert as above.  A code signing cert is "High assurance", i.e. the issuing CA checks that the company exists and will answer questions about the cert request.
Title: Re: FTDIgate 2.0?
Post by: ve7xen on February 18, 2016, 02:50:52 am

Starting with Windows 10 you need an EV certificate for code signing drivers, which is more expensive (https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates/) (and a bureaucratic hassle - needs real identity/address verification, private key is on a USB token, etc).

OT, but needs to be clarified.

This isn't exactly correct, although MS haven't been as precise as possible when enumerating what you do need and when.

If your driver isn't required for boot, i.e. actually need to boot the OS so some sort of filesystem driver, then you don't need an EV cert, even for Windows 10.

What you do need is a code-signing cert that has a valid cross signing chain back to the MS Code Verification Root (MS CVR) certificate, which has always been the case for signing kernel mode drivers for XP x64 onwards.

Signatures with such certificates will be valid until the MS CVR certs expire, which for my companies cert (issued in Nov 2015) is Nov 1st 2025 for the MS CVR, and Apr 15th 2021 for the corresponding CA cert.

This is assuming is that MS don't revoke the MS CVR and they don't change the rules to enforce use of an EV certificate and attestation signing for non-boot drivers.

Jesus... And people say OS X is a "Walled Garden"!

On the contrary, what's wrong with having drivers signed by a method that can be validated by the kernel loader that they are the same files that the vendor released?  Anyone can create them, the price of entry (for a non-boot driver) is the cost of a code signing cert as above.  A code signing cert is "High assurance", i.e. the issuing CA checks that the company exists and will answer questions about the cert request.
This is getting wildly off-topic, but the problem with most of these code-signing is required things is that 'can be validated' is actually 'must be validated', and what 'validated' means is not under the end user's (ie machine owner's) control. I have no issue with cryptographically validating the entire boot process, and all code that runs subsequently, but I have a major problem with not being in control of the trust chain, which most such schemes require. Why the hell does Microsoft or Apple get to decide what code runs on my machine  :bullshit: :bullshit:? It's bad enough not being able to control the trust chain, but not even being able to disable the signature checks is unacceptable IMO.
Title: Re: FTDIgate 2.0?
Post by: FrankBuss on February 18, 2016, 07:20:09 am
A code signing cert is "High assurance", i.e. the issuing CA checks that the company exists and will answer questions about the cert request.
I bought a code signing cert from Comodo and all they required was that your name is in (the German equivalent) of Yellow pages or even White pages (in my case) and then their system calls your phone number and says a number which you have to enter on their website.
Title: Re: FTDIgate 2.0?
Post by: janoc on February 19, 2016, 09:55:28 am
Starting with Windows 10 you need an EV certificate for code signing drivers, which is more expensive (https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates/) (and a bureaucratic hassle - needs real identity/address verification, private key is on a USB token, etc).

So they are now bad for actually enforcing good security practices?

Yes, it is a hassle. But a compromised signing key for a driver that has elevated privileges in Windows would be worth a lot of money on the black market. And private keys were compromised in the past - e.g. that joke of a Dutch certification authority that was used to issue bogus (but valid!) certs for major websites used in attacks and malware later.

If one is going to do it, then it should be at least done right, otherwise it is a pointless waste of time.

They aren't exactly making a killing on these - the prices are similar for other types of certs elsewhere (e.g. for SSL for a website).
SSL certificates for websites (or any other kind of Internet server) are free (https://letsencrypt.org) for everybody.

Right. Try to use one of those certs for corporate website. You know, the cert is not only about encryption but also establishing trust. A cert from an obscure CA and changing every few weeks is not helpful there. But you get what you pay for. (that the "real" CAs often don't do due diligence and don't actually check that you are who you claim you are is another issue).

I don't see webshops and others exactly running replace their existing (paid for) certs with these.

On the other hand, it is a great service for a personal website or a small comunity forum or something like that.
Title: Re: FTDIgate 2.0?
Post by: amyk on February 19, 2016, 11:37:06 am
Not everyone wants security over freedom... especially when it's their own computer they're being "secured" against.
Title: Re: FTDIgate 2.0?
Post by: gmb42 on February 19, 2016, 12:16:33 pm
You can control the CA certs that are download to a Windows machine, you even run the process manually if you wish, so that you're totally in control of what is "trusted" via certs. See here (https://technet.microsoft.com/en-gb/library/cc754841.aspx) for more info.

Of course I fully expect those that have "trust issues" to manually inspect every byte of code (including the BIOS and the CPU firmware) that runs on their precious machines.
Title: Re: FTDIgate 2.0?
Post by: janoc on February 19, 2016, 01:56:51 pm
You can control the CA certs that are download to a Windows machine, you even run the process manually if you wish, so that you're totally in control of what is "trusted" via certs. See here (https://technet.microsoft.com/en-gb/library/cc754841.aspx) for more info.

Of course I fully expect those that have "trust issues" to manually inspect every byte of code (including the BIOS and the CPU firmware) that runs on their precious machines.

That isn't what I meant when I spoke about trust. I meant that if a cert is issued by someone like Verizon, Symantec or Comodo, you can have some confidence that at least some checks on the identity of the person applying were done and that it is likely that whoever is showing you that certificate is who they claim they are.

If you get a cert issued by a random CA from Eastern Bananistan that nobody has heard about before, it doesn't exactly inspire confidence that the rules were followed, even if their cryptographic chain of trust traces back to one of the major CAs.

Title: Re: FTDIgate 2.0?
Post by: janoc on February 19, 2016, 02:27:18 pm
Not everyone wants security over freedom... especially when it's their own computer they're being "secured" against.

I think that for Microsoft their major target are locked down corporate markets, where the "security over freedom" is a valid thing to strive for.

The home PCs laden with DRM so that Holywood doesn't get their precious blurays stolen was something relevant 10 years ago, but not with the pervasive streaming and mobile devices anymore.



Title: Re: FTDIgate 2.0?
Post by: rch on February 19, 2016, 03:13:06 pm
You can control the CA certs that are download to a Windows machine, you even run the process manually if you wish, so that you're totally in control of what is "trusted" via certs. See here (https://technet.microsoft.com/en-gb/library/cc754841.aspx) for more info.

Of course I fully expect those that have "trust issues" to manually inspect every byte of code (including the BIOS and the CPU firmware) that runs on their precious machines.

That isn't what I meant when I spoke about trust. I meant that if a cert is issued by someone like Verizon, Symantec or Comodo, you can have some confidence that at least some checks on the identity of the person applying were done and that it is likely that whoever is showing you that certificate is who they claim they are.

If you get a cert issued by a random CA from Eastern Bananistan that nobody has heard about before, it doesn't exactly inspire confidence that the rules were followed, even if their cryptographic chain of trust traces back to one of the major CAs.


Even with said dubious sources, they have probably checked the ownership of the domain the cert. is granted for, so it does provide some reassurance against man in the middle attacks.  Granted, it doesn't say much about the virtues of the website you are communication with, just that it probably is the site you think it is.
Title: Re: FTDIgate 2.0?
Post by: ve7xen on February 19, 2016, 05:47:54 pm
You can control the CA certs that are download to a Windows machine, you even run the process manually if you wish, so that you're totally in control of what is "trusted" via certs. See here (https://technet.microsoft.com/en-gb/library/cc754841.aspx) for more info.

Of course I fully expect those that have "trust issues" to manually inspect every byte of code (including the BIOS and the CPU firmware) that runs on their precious machines.
Correct me if I'm wrong, but I don't think this applies to driver signing keys.
Title: FTDIgate 2.0?
Post by: timb on February 19, 2016, 08:25:47 pm
You can control the CA certs that are download to a Windows machine, you even run the process manually if you wish, so that you're totally in control of what is "trusted" via certs. See here (https://technet.microsoft.com/en-gb/library/cc754841.aspx) for more info.

Of course I fully expect those that have "trust issues" to manually inspect every byte of code (including the BIOS and the CPU firmware) that runs on their precious machines.

That isn't what I meant when I spoke about trust. I meant that if a cert is issued by someone like Verizon, Symantec or Comodo, you can have some confidence that at least some checks on the identity of the person applying were done and that it is likely that whoever is showing you that certificate is who they claim they are.

If you get a cert issued by a random CA from Eastern Bananistan that nobody has heard about before, it doesn't exactly inspire confidence that the rules were followed, even if their cryptographic chain of trust traces back to one of the major CAs.

Let's Encrypt is propagating its own root, but in the mean time their Authority cert is cross signed by IdenTrust, which is a major root known by all browsers.

As for "trust" well, in the old days when you paid hundreds of dollars for an SSL cert, they "verified" you by phone. It was automated, too. You'd get a call asking to state your full name and company (if applicable) which was recorded and (I assume) stored for the duration of the cert's validity. This was how VeriSign did it 10 years ago. That was literally all there was to it.

Now, Let's Encrypt uses the ACME protocol to actually verify you have control of the domain in question. You run the Let's Encrypt client *on your server* which uses Apache or DNS to perform a challenge response with *their server* for verification. Then the cert is issued.

That seems like much more verification than a 5 second automated phone call from VeriSign, to me. (Seriously, the $$$ SSL certs of old were mostly smoke and mirrors. I ran a big web hosting company from 2002 to 2008, so I know alllll about it.)
Title: Re: FTDIgate 2.0?
Post by: gmb42 on February 20, 2016, 01:27:02 pm
You can control the CA certs that are download to a Windows machine, you even run the process manually if you wish, so that you're totally in control of what is "trusted" via certs. See here (https://technet.microsoft.com/en-gb/library/cc754841.aspx) for more info.

Of course I fully expect those that have "trust issues" to manually inspect every byte of code (including the BIOS and the CPU firmware) that runs on their precious machines.
Correct me if I'm wrong, but I don't think this applies to driver signing keys.

I believe it does.  If you disable auto downloads and manually control CA trust certs, then you can control (all but MS) driver certs as well.  They still go through the same trust process as say website TLS certs.  For boot drivers I believe the situation is slightly different as the kernel boot process doesn't have access to the trusted cert store so relies on the MS CVR cross cert and the integrity checks of the digital signature.  In my mind this is slightly weaker hence the move to EV certs and attestation signing for boot drivers for Win 10.
Title: Re: FTDIgate 2.0?
Post by: justanothercanuck on February 21, 2016, 08:55:18 pm
methinks ftdi isn't the only company with this problem...

http://webcache.googleusercontent.com/search?q=cache:TYC9IThct9YJ:store.steampowered.com/hwsurvey/processormfg/%3Fsort%3Dname+&cd=1&hl=en&ct=clnk&gl=ca (http://webcache.googleusercontent.com/search?q=cache:TYC9IThct9YJ:store.steampowered.com/hwsurvey/processormfg/%3Fsort%3Dname+&cd=1&hl=en&ct=clnk&gl=ca)
http://valid.x86.fr/top-cpu/47656e75696e65496f74656c2050726f636573736f72 (http://valid.x86.fr/top-cpu/47656e75696e65496f74656c2050726f636573736f72)

i've seen cpu-z shots of the "authentid" amd chips as well, but sadly my google-fu is failing.  i also had to use google cache for the steam listings because the amd chips seem to be slipping out of circulation.
Title: Re: FTDIgate 2.0?
Post by: f4eru on February 27, 2016, 08:45:58 am
Yep, true. Other companies also alienate their (future ex) customers
Title: Re: FTDIgate 2.0?
Post by: MSO on February 27, 2016, 08:21:11 pm
So FTDI who has lost millions of dollars in lost sales are suppose to keep losing more millions of dollars in lost sales so the guys who stole from them can continue to have eager customers?

Yeah, a lot of us were screwed over by the scammers too, just as FTDI was.  FTDI will never get their lost sales back, but they can prevent future lost sales.  They are more than right to do so, they have an obligation to do so in my opinion.  Their shareholders and employees deserve an honest shot at making a future for themselves.

Those of us who bought products containing counterfeit chips ought to return those products to have the chips replaced or demand a working driver instead.  There's going to be plenty of cases where sending the device back is uneconomical or the vender is unresponsive. In such situations, we'll need to buy and replace the counterfeit chips ourselves or replace the offending product.

Insisting that FTDI make us whole by continuing to lose additional sales just doesn't make sense. It's as if you've been stolen from once so you should continue to be stolen from so nobody else has to be victimized.

Title: Re: FTDIgate 2.0?
Post by: c4757p on February 27, 2016, 08:31:51 pm
You seem to be under the impression that because someone did something bad to you, you automatically get to do whatever you like in retaliation - that you no longer have an obligation to remain ethical. Shit I hope you don't vote.

You also didn't read the thread, as that point has been made and addressed multiple times by now.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 27, 2016, 08:46:07 pm
Very recently I visited a company which has proprietary USB-UART cables made so their customers can connect to their products with the right connector, protection, etc. They used FTDI in the past but since they got a batch which didn't work due to fake chips they are now moving to a different brand USB-UART chip. They simply don't want to deal with / waste their energy on the fall-out of a mud fight between FTDI and creators of functional equivalents. Since Windows 10 has drivers for most USB-UART chips build in (finally after almost 2 decades) there is no advantage of using FTDI compared to most other popular chips anyway.
Title: Re: FTDIgate 2.0?
Post by: Koen on February 27, 2016, 09:51:15 pm
nctnico > What is the name of this company ?
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 27, 2016, 10:00:13 pm
nctnico > What is the name of this company ?
I can't divulge that information but I didn't start the conversation about the FTDI chip; they where just asking me what to use instead.
Title: Re: FTDIgate 2.0?
Post by: Koen on February 27, 2016, 10:02:03 pm
Of course you can't.
Title: Re: FTDIgate 2.0?
Post by: timb on February 28, 2016, 12:56:26 am

Of course you can't.

I wouldn't give out my customer's names on a public forum, either.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 12:58:28 am
Indeed, you can hardly judge someone for not naming someone in public with whom he has/had a business relation. That could end very poorly.
Title: Re: FTDIgate 2.0?
Post by: MSO on February 28, 2016, 04:17:49 am
You seem to be under the impression that because someone did something bad to you, you automatically get to do whatever you like in retaliation - that you no longer have an obligation to remain ethical. Shit I hope you don't vote.

You also didn't read the thread, as that point has been made and addressed multiple times by now.

I've read the majority of this thread (most of which is sickening) and repeatedly found people who did not buy FTDI products complaining that FTDI owes them something for nothing. FTDI has no ethical or moral responsibility to support those who have not purchased their products or services. If you want FTDI to do something for you, pay for it.

The vendors from whom the defective products were purchased are responsible for the products that no longer work, not FTDI.  It is those vendors who have harmed us and FTDI. It is those vendors who have been paid to provide the products and services that we all seek and it is they who have failed to deliver said products and services and it is they who have the ethical and moral responsibility to correct their failures.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 04:27:32 am
What does any of that drivel have to do with whether FTDI's response was ethical? Yes, counterfeiters are doing a bad thing. That doesn't make any response to it inherently acceptable. FTDI isn't just 'not supporting' counterfeit chips, they're actively trying to prevent them from working.

I'm not even saying that what they did was unethical. I'm just saying that your argument doesn't do anything to prove it's ethical. It adds absolutely nothing to the conversation.
Title: Re: FTDIgate 2.0?
Post by: technix on February 28, 2016, 06:03:57 am
Well long have I switched over to CH340G - even selling my CH340-based adapter here: https://www.tindie.com/products/maxtch/fused-usb-to-uart-adapter-33v-and-5v-m1801v4/ (https://www.tindie.com/products/maxtch/fused-usb-to-uart-adapter-33v-and-5v-m1801v4/)
Title: Re: FTDIgate 2.0?
Post by: MSO on February 28, 2016, 06:52:49 am
What does any of that drivel have to do with whether FTDI's response was ethical? Yes, counterfeiters are doing a bad thing. That doesn't make any response to it inherently acceptable. FTDI isn't just 'not supporting' counterfeit chips, they're actively trying to prevent them from working.

I'm not even saying that what they did was unethical. I'm just saying that your argument doesn't do anything to prove it's ethical. It adds absolutely nothing to the conversation.

So if I were to list my old beater on Craig's list and then meet the guy at Walmart's parking lot where he pays me cash for the car. I take the cash to the bank and the bank tells me the cash is counterfeit, that they won't credit my account and then calls the BATF who takes the counterfeit cash to hold as evidence. I'm out my old beater and there isn't too much I can do about it unless the counterfeiter can be apprehended and somehow get my beater back from him.  I can't hold the bank responsible for the counterfeit money.

FTDI did in the first instance make a mistake. They bricked the counterfeit devices.  They made an about face on that decision and stopped bricking the counterfeit chips.  In the present case however, they did not brick any devices, they simply refused to service them, just like the bank with my counterfeit cash.  The only difference is that FTDI carried most of us for several years at their own expense; the bank would never do that and we would never expect that they would.

Your position seems to be that FTDI should continue to support the counterfeit chips while I think they are doing the ethical thing by not supporting them.  Those knockoff chips still work fine, they just won't work with FTDI drivers. The technology in those fake chips was stolen from FTDI and then used to reduce FTDI's profits by undercutting FTDI's pricing.  FTDI actions to bring these thieves to heel is the only ethical action they can take. Yes, FTDI helps themselves financially, but they also help the entire industry to the extent they can inhibit the profits that can be made through the theft of Intellectual Property and counterfeiting.

Title: Re: FTDIgate 2.0?
Post by: technix on February 28, 2016, 07:29:01 am
What does any of that drivel have to do with whether FTDI's response was ethical? Yes, counterfeiters are doing a bad thing. That doesn't make any response to it inherently acceptable. FTDI isn't just 'not supporting' counterfeit chips, they're actively trying to prevent them from working.

I'm not even saying that what they did was unethical. I'm just saying that your argument doesn't do anything to prove it's ethical. It adds absolutely nothing to the conversation.

So if I were to list my old beater on Craig's list and then meet the guy at Walmart's parking lot where he pays me cash for the car. I take the cash to the bank and the bank tells me the cash is counterfeit, that they won't credit my account and then calls the BATF who takes the counterfeit cash to hold as evidence. I'm out my old beater and there isn't too much I can do about it unless the counterfeiter can be apprehended and somehow get my beater back from him.  I can't hold the bank responsible for the counterfeit money.

FTDI did in the first instance make a mistake. They bricked the counterfeit devices.  They made an about face on that decision and stopped bricking the counterfeit chips.  In the present case however, they did not brick any devices, they simply refused to service them, just like the bank with my counterfeit cash.  The only difference is that FTDI carried most of us for several years at their own expense; the bank would never do that and we would never expect that they would.

Your position seems to be that FTDI should continue to support the counterfeit chips while I think they are doing the ethical thing by not supporting them.  Those knockoff chips still work fine, they just won't work with FTDI drivers. The technology in those fake chips was stolen from FTDI and then used to reduce FTDI's profits by undercutting FTDI's pricing.  FTDI actions to bring these thieves to heel is the only ethical action they can take. Yes, FTDI helps themselves financially, but they also help the entire industry to the extent they can inhibit the profits that can be made through the theft of Intellectual Property and counterfeiting.

Now you hijack end users' equipment. End users are usually unsuspecting and they will find their equipment suddenly stopped working, causing a surge of complaints and RMA to the manufacturers of their equipment (who is the actual customers of FTDI.)
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 08:27:52 am
FTDI isn't just 'not supporting' counterfeit chips, they're actively trying to prevent them from working.

Nothing wrong with that. People shouldn't use counterfeit chips. As soon as they discover that their device stops working,
blame the seller of the device. Not FTDI.




Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 08:33:32 am
You also didn't read the thread, as that point has been made and addressed multiple times by now.

"It has been addressed" in many ways based on different opinions of different people.
Pick one you like. There's no consensus.



Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 08:37:13 am
FTDI did in the first instance make a mistake. They bricked the counterfeit devices.

Nothing wrong with that. It's illegal to use/sell or import counterfeit products.
Blame the seller. Not FTDI.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 08:39:16 am
Now you hijack end users' equipment. End users are usually unsuspecting and they will find their equipment suddenly stopped working, causing a surge of complaints and RMA to the manufacturers of their equipment (who is the actual customers of FTDI.)

No, they are not the actual customers of FTDI. They are the actual customers of counterfeit chips.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 28, 2016, 08:45:20 am
FTDI isn't just 'not supporting' counterfeit chips, they're actively trying to prevent them from working.

Nothing wrong with that. People shouldn't use counterfeit chips. As soon as they discover that their device stops working,
blame the seller of the device. Not FTDI.
And yet that is not happening. People can keep yabbering on about managing their supply lines, complaining to suppliers, etc but the fact is that is taking extra effort one way or another so companies are going for non-FTDI chips because it is easier and thus cheaper for them. It is all about the economics of doing business. Companies don't care whether FTDI is right or wrong; they just want to order a bunch of USB-UART cables from their supplier in China and be done with it. These kind of cables are usually not their core business anyway so less hassle it better.
Title: Re: FTDIgate 2.0?
Post by: pickle9000 on February 28, 2016, 08:57:16 am
Hassle factor can not be underrated.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 08:59:51 am
..., etc but the fact is that is taking extra effort one way or another so companies are going for non-FTDI chips because it is easier and thus cheaper for them. It is all about the economics of doing business.

Correction, it's not a fact. It's just your opinion.

Don't you think that FTDI has thought about this as well? Maybe they decided that their damage is less this way.

So far, most of the complains are coming from hobbyists and semi-profs. I haven't heard from any big problems in the industry
with FTDI. Looks like most problems occurred with devices bought at shady places. Not a big deal for the business of FTDI.
The reason that it looks like a big deal for some people, is because hobbyists tend to be very vocal.
They scream and whine a lot on different forums.



Title: Re: FTDIgate 2.0?
Post by: nctnico on February 28, 2016, 09:15:36 am
..., etc but the fact is that is taking extra effort one way or another so companies are going for non-FTDI chips because it is easier and thus cheaper for them. It is all about the economics of doing business.

Correction, it's not a fact. It's just your opinion.
It is a fact! You can read the details in my previous posting about a company which is in this exact situation and just changes to a different USB-UART bridge chip because they don't want the hassle.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 09:22:24 am
..., etc but the fact is that is taking extra effort one way or another so companies are going for non-FTDI chips because it is easier and thus cheaper for them. It is all about the economics of doing business.

Correction, it's not a fact. It's just your opinion.
It is a fact! You can read the details in my previous posting about a company which is in this exact situation and just changes to a different USB-UART bridge chip because they don't want the hassle.

For you it's a fact. For me it's just something you wrote which can not be checked so we just have to believe you.

Also, you extrapolate one company to multiple companies. That's not correct.
Title: Re: FTDIgate 2.0?
Post by: rsjsouza on February 28, 2016, 12:24:00 pm
FTDI isn't just 'not supporting' counterfeit chips, they're actively trying to prevent them from working.
Nothing wrong with that. People shouldn't use counterfeit chips. As soon as they discover that their device stops working,
blame the seller of the device. Not FTDI.
And yet that is not happening. People can keep yabbering on about managing their supply lines, complaining to suppliers, etc but the fact is that is taking extra effort one way or another so companies are going for non-FTDI chips because it is easier and thus cheaper for them. It is all about the economics of doing business. Companies don't care whether FTDI is right or wrong; they just want to order a bunch of USB-UART cables from their supplier in China and be done with it. These kind of cables are usually not their core business anyway so less hassle it better.
In the short term it is easier and cheaper. However, with the grown popularity of alternate solutions such as the CH340, it is only a matter of time this will be counterfeit as well, which imposes an unknown scenario - i.e., this device can fail in yet unforeseeable scenarios.

Therefore, in this case the scale goes back towards FTDI: counterfeits (or most of them) now fail in a deterministic way, which raises the accountability of the supply chain.

For companies that are actual semiconductor company customers - i.e., use their devices in their products - the early detection of fakes is taken into consideration very highly across the industry, either via visual inspection or, in this particular case, functional inspection. Just as anecdotal evidence, I know companies that use FTDI devices in their products and will not do a redesign for this factor alone but instead take into consideration the whole solution such as availability, OS drivers, support, etc. 

Obviously that, for companies that need accessories or purchase finished board through third parties, this can become a nuisance that can be worked around in several ways, including but not limited to the proposed change in specs (imposing a specific device supplier). 
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 12:35:59 pm
FTDI did in the first instance make a mistake. They bricked the counterfeit devices.

Nothing wrong with that. It's illegal to use/sell or import counterfeit products.
Blame the seller. Not FTDI.

Again, you seem to be suggesting that because one wrong thing was done, something FTDI does in retaliation is automatically considered ethical, regardless of what it is. You keep repeating this "it's not FTDI's fault, because a bad thing happened to them".

Are you ignoring it to make yourself look better? Or can you just not think of a rebuttal?
Title: Re: FTDIgate 2.0?
Post by: janoc on February 28, 2016, 12:47:34 pm
In the short term it is easier and cheaper. However, with the grown popularity of alternate solutions such as the CH340, it is only a matter of time this will be counterfeit as well, which imposes an unknown scenario - i.e., this device can fail in yet unforeseeable scenarios.

Therefore, in this case the scale goes back towards FTDI: counterfeits (or most of them) now fail in a deterministic way, which raises the accountability of the supply chain.

Wow. So basically it is a choice between putting in a chip that could fail because of someone deciding to counterfeit a $0.1 Chinese part (didn't happen so far, so this is just unsubstantiated FUD) or a known to be counterfeited and known to fail part that the vendor is actively sabotaging. Apparently the latter is preferable somehow.  :palm:

I have always thought that the manufacturer wants to build a product that works and that doesn't cause support nightmares and will thus choose components accordingly. A component with a "predictable failure mode" (= aka batshit crazy component vendor that can decide to make my gizmo stop working with the next driver release just because) is not something any sane person would use.



Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 01:03:51 pm
FTDI did in the first instance make a mistake. They bricked the counterfeit devices.

Nothing wrong with that. It's illegal to use/sell or import counterfeit products.
Blame the seller. Not FTDI.
Again, you seem to be suggesting that because one wrong thing was done, something FTDI does in retaliation is automatically considered ethical, regardless of what it is.

No, I'm not. It's my opinion that, in this particular case, it's completely ethical to brick counterfeit chips.
I sympathize both with FTDI and the victims (FTDI is a victim as well in this case) and you should aim your anger to
the counterfeiters.


Title: Re: FTDIgate 2.0?
Post by: donotdespisethesnake on February 28, 2016, 01:06:25 pm
Recently we hard to recall a bunch of products because many batches of a certain chip were faulty - this is a legit component bought through official channels. We worked with the manufacturer to identify the problem and the faulty batches. The issue had affected components for many months, fortunately the failure mode is not too common. Nevertheless, it is a very expensive and time consuming recall and attracted the close attention of senior management - not in a good way.

We really want to avoid issues in the field, regardless of how they are caused. We also try to avoid relying on single suppliers. So the good thing that has come from the FTDI debacle is that I have evaluated competing products to FTDI, and am in a position to recommend an alternative design, something I wouldn't have bothered to do before.

There are several good alternatives to FTDI.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 01:08:09 pm
FTDI did in the first instance make a mistake. They bricked the counterfeit devices.

Nothing wrong with that. It's illegal to use/sell or import counterfeit products.
Blame the seller. Not FTDI.
Again, you seem to be suggesting that because one wrong thing was done, something FTDI does in retaliation is automatically considered ethical, regardless of what it is.

No, I'm not. It's my opinion that, in this particular case, it's completely ethical to brick counterfeit chips.
I sympathize both with FTDI and the victims (FTDI is a victim as well in this case) and you should aim your anger to
the counterfeiters.

Then why do you keep trying to make that "point"?
Title: Re: FTDIgate 2.0?
Post by: madires on February 28, 2016, 02:17:56 pm
FTDI did in the first instance make a mistake. They bricked the counterfeit devices.

Nothing wrong with that. It's illegal to use/sell or import counterfeit products.
Blame the seller. Not FTDI.

Sorry, but you're are stil totally wrong. The legal and proper way is to let law enforcement handle the counterfeit chips. Because some chip seems to be a counterfeit doesn't give FTDI the right to fix the problem themselves. Doing that is a crime also. And using or owning a counterfeit product is perfectly legal in most countries.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 03:27:21 pm
Sorry, but you're are stil totally wrong. The legal and proper way is to let law enforcement handle the counterfeit chips. Because some chip seems to be a counterfeit doesn't give FTDI the right to fix the problem themselves. Doing that is a crime also. And using or owning a counterfeit product is perfectly legal in most countries.

No,  you're are stil totally wrong.

The legal and proper way is to let law enforcement handle the counterfeit chips. Because some chip seems to be a counterfeit doesn't give FTDI the right to fix the problem themselves.

I believe they have the right to do so. At least till a judge proves that what FTDI did is wrong.

Doing that is a crime also.

So, you are a laywer now?

And using or owning a counterfeit product is perfectly legal in most countries.

In most western countries, importing, producing and/or selling counterfeit chips (or devices that contain them),
is illegal.


Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 03:28:47 pm
Who cares whether it's illegal? You can decide whether it's ethical or not without consulting the law books.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 03:34:40 pm
Who cares whether it's illegal? You can decide whether it's ethical or not without consulting the law books.

I believe it's unethical to import, sell or distribute counterfeit chips.
I believe it's also unethical to demand from FTDI that they should support counterfeit chips with their drivers.

So, aim your anger to the counterfeiters.
Title: Re: FTDIgate 2.0?
Post by: madires on February 28, 2016, 03:46:21 pm
Doing that is a crime also.

So, you are a laywer now?

No, I've written that already.

Quote
In most western countries, importing, producing and/or selling counterfeit chips (or devices that contain them),
is illegal.

:palm: selling/importing/producing != owning/using

Please learn some basics of law instead of keeping on trolling.
Title: Re: FTDIgate 2.0?
Post by: madires on February 28, 2016, 03:48:33 pm
Who cares whether it's illegal? You can decide whether it's ethical or not without consulting the law books.

I fully agree, but vigilantism isn't ethical.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 28, 2016, 03:51:12 pm
Who cares whether it's illegal? You can decide whether it's ethical or not without consulting the law books.
I fully agree, but vigilantism isn't ethical.
And legal!
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 04:03:02 pm
... instead of keeping on trolling.

Troll: somebody who doesn't agree with my opinion.

Usually used when out of arguments.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 04:11:23 pm
Who cares whether it's illegal? You can decide whether it's ethical or not without consulting the law books.

I believe it's unethical to import, sell or distribute counterfeit chips.
I believe it's also unethical to demand from FTDI that they should support counterfeit chips with their drivers.

So, aim your anger to the counterfeiters.

None of that has anything to do with whether FTDI acted ethically, unless you think that they get to do whatever they want because someone did something bad to them. I don't care what the counterfeiters are doing. We've established that it's not good. I've moved on from that. The question now is whether FTDI are behaving ethically. This no longer has anything to do with the counterfeiters.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 28, 2016, 04:18:27 pm
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 04:35:15 pm
The question now is whether FTDI are behaving ethically.

I believe it is ethical.

This no longer has anything to do with the counterfeiters.

Wrong. It has everything to do with counterfeiters. You can't look at one part without looking at the other part.
They are connected. Oversimplifying the case is not helping it at all.

Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 04:36:36 pm
You have yet to give any reason why you believe it is ethical other than various claims that two wrongs make right. Do you really believe that?
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 04:39:03 pm
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.

There are no two wrongs. Just one. The counterfeiters.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 04:41:25 pm
You have yet to give any reason why you believe it is ethical ...

Start reading again this thread from the beginning.

... other than various claims that two wrongs make right.

There are no two wrongs. Just one. The counterfeiters.
Title: Re: FTDIgate 2.0?
Post by: madires on February 28, 2016, 04:47:19 pm
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.

There are no two wrongs. Just one. The counterfeiters.

So it's ok for you, when you've got some counterfeit part in you car, let's say a scew, and the manufacturer of the genuine screw smashes all windows and lights of your car?
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 04:59:04 pm
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.

There are no two wrongs. Just one. The counterfeiters.

So it's ok for you, when you've got some counterfeit part in you car, let's say a scew, and the manufacturer of the genuine screw smashes all windows and lights of your car?

Not a valid comparison. Physically, FTDI didn't brake anything. What FTDI did is preventing the counterfeit chips from working
with the FTDI driver. It's still possible to use the bricked counterfeit chips with another (yet to be made) driver.


Title: Re: FTDIgate 2.0?
Post by: madires on February 28, 2016, 05:06:13 pm
So it's ok for you, when you've got some counterfeit part in you car, let's say a scew, and the manufacturer of the genuine screw smashes all windows and lights of your car?

Not a valid comparison. Physically, FTDI didn't brake anything. What FTDI did is preventing the counterfeit chips from working
with the FTDI driver. It's still possible to use the bricked counterfeit chips with another (yet to be made) driver.

Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 05:12:52 pm
So it's ok for you, when you've got some counterfeit part in you car, let's say a scew, and the manufacturer of the genuine screw smashes all windows and lights of your car?

Not a valid comparison. Physically, FTDI didn't brake anything. What FTDI did is preventing the counterfeit chips from working
with the FTDI driver. It's still possible to use the bricked counterfeit chips with another (yet to be made) driver.

Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?

That's a problem for the garage and/or the car manufacturer. Not mine.
Title: Re: FTDIgate 2.0?
Post by: madires on February 28, 2016, 05:58:48 pm
Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?

That's a problem for the garage and/or the car manufacturer. Not mine.

The same for any shop selling or any manufacturer producing some electronics with a possible counterfeit FTDI chip. And how would they reduce the risk? More stringent checks of supply chains? Or simply go for another chip, possible less expensive? Anyway, FTDI's actions are very stupid.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 28, 2016, 06:10:18 pm
Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?

That's a problem for the garage and/or the car manufacturer. Not mine.

The same for any shop selling or any manufacturer producing some electronics with a possible counterfeit FTDI chip. And how would they reduce the risk? More stringent checks of supply chains? Or simply go for another chip, possible less expensive? Anyway, FTDI's actions are very stupid.

That's up to them.  If there's a reasonable chance they're getting counterfeits of ANY chip in their supply chain, they're doing something wrong.  Yes sometimes they slip through and you unknowingly end up with one, but that's a problem regardless of what it's a counterfeit of.  Freaking out because FTDI is actually doing something about it is completely backwards.  You shouldn't want ANY counterfeits, at all.  At least with FTDI you know you've got one and can address the issue directly, instead of spending weeks/months investigating irregular and sporadic failure modes until you manage to track it down (IF you manage to track it down).

More stringent supply chain checking is always the right answer.  Moving to another manufacturer that isn't currently being counterfeited, while continuing to use shady, under-the-table distributors is a lazy way out that just kicks the can down the road and invites counterfeits into all other parts of your product.
Title: Re: FTDIgate 2.0?
Post by: retrolefty on February 28, 2016, 06:18:14 pm
Ok, then let's go for an ECU. There's a counterfeit chip in you car's ECU and the menufacturer of the genuine chip disables the counterfeit chip from working via a firmware upgrade in the garage, as you just said. And your car won't start anymore. Better?

That's a problem for the garage and/or the car manufacturer. Not mine.

The same for any shop selling or any manufacturer producing some electronics with a possible counterfeit FTDI chip. And how would they reduce the risk? More stringent checks of supply chains? Or simply go for another chip, possible less expensive? Anyway, FTDI's actions are very stupid.

 Stupid in your (and others of course) estimation but perhaps not stupid in FTDI's estimation. Their business, their IP, their market, they should be and apparently are free to try and deal with counterfeiters the best they can within the rule of law they are subject to. It's not like any other governments, companies, or users are going to 'fix' the problem for them.

 Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?
Title: Re: FTDIgate 2.0?
Post by: Gyro on February 28, 2016, 06:37:47 pm
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread) - make their drivers simply refuse to work with the fake chips, don't brick them, don't send out garbage text, just don't work with them. It's that simple!  :palm:
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 06:42:14 pm
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread) - make their drivers simply refuse to work with the fake chips, don't brick them, don't send out garbage text, just don't work with them. It's that simple!  :palm:

This.

I really don't understand why they went the frankly very puerile route of spitting out garbage data. They can just not work. Very few of us would have a problem with that. I certainly wouldn't.

We've also said this many times in this thread, so "people could suggest better constructive steps" is yet another case of speaking before reading. |O
Title: Re: FTDIgate 2.0?
Post by: Ian.M on February 28, 2016, 06:51:32 pm
Exactly.  Simply not working with non-FTDI chips is reasonable and expected, but tampering with stored or streamed customer data is on a similar ethical level as the actions of a typical cracker.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 06:53:23 pm
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread)

No, it has not.

- make their drivers simply refuse to work with the fake chips, don't brick them, don't send out garbage text, just don't work with them.

Why not? The effect is the same. Counterfeit chips can not be used with FTDI drivers.
Generating the string "not a genuine chip" is just done as a courtesy to inform what the cause is.
For the enduser who has no clue, it makes no difference at all. He needs to get his device returned to the seller to let
it repaired or replaced. Whether or not there's this string does not going to make any difference, isn't it?


Title: Re: FTDIgate 2.0?
Post by: Gyro on February 28, 2016, 06:59:05 pm
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread)

No, it has not.

many, many, Many, Many, MANY, MANY MANY TIMES  |O

Did you get beaten up much when you were at school? Just curious  :-\
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 07:00:57 pm
Exactly.  Simply not working with non-FTDI chips is reasonable and expected, but tampering with stored or streamed customer data is on a similar ethical level as the actions of a typical cracker.

You say that but can you explain why? As far is I understood, there's no data at all apart from the string "not a genuine chip".
I prefer this instead of a non working driver that causes hours, maybe days to debug what is going on.
Thanks to this string, an engineer sees immediately what's going on and can act accordingly.

For the enduser there's no difference. His device is not working. He has to return it anyway, with or without this string.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 07:04:37 pm
many, many, Many, Many, MANY, MANY MANY TIMES  |O

Did you get beaten up much when you were at school? Just curious  :-\

You convinced me with your very intelligent reply.
Title: Re: FTDIgate 2.0?
Post by: Gyro on February 28, 2016, 07:07:29 pm
Well that's good then. The thread can finally be closed.  :)
Title: Re: FTDIgate 2.0?
Post by: CatalinaWOW on February 28, 2016, 07:23:37 pm
I will just say to Karel that if the device fails when not doing a critical test or being used for something you actually needed to do it is perhaps acceptable to force the innocent end user to return their device for repair.  No very comforting if you actually were planning to use it during the days, weeks or months required to resolve the issue.

You would suggest that this experience will encourage people to choose vendors who are more careful in controlling their supply chain.  Valid point.  This would reduce the risk of problems of this nature, although it is impossible to eliminate them totally.  But choosing avoid FTDI parts and devices incorporating them is also a valid choice, in that there is potentially less risk of negative consequences from a mistake.

Hopefully FTDI thought of this when they evaluated their response to those counterfeiting their devices.  Only time will tell if their revenue is sustained or improved by their actions, or if they are financially hurt by them.  I can say that if I were them I would be nervous about the outcome, and as an investor I would be cautious.  The answer is not obvious to me.
Title: Re: FTDIgate 2.0?
Post by: Ian.M on February 28, 2016, 07:26:58 pm
Exactly.  Simply not working with non-FTDI chips is reasonable and expected, but tampering with stored or streamed customer data is on a similar ethical level as the actions of a typical cracker.

You say that but can you explain why? As far is I understood, there's no data at all apart from the string "not a genuine chip".
I prefer this instead of a non working driver that causes hours, maybe days to debug what is going on.
Thanks to this string, an engineer sees immediately what's going on and can act accordingly.
Incorrect.  See post #161 (https://www.eevblog.com/forum/microcontrollers/ftdi-gate-2-0/msg855853/#msg855853) of this topic.


As you were active in the topic at the time, I can only conclude that you are being deliberately obtuse.

By tampering with the datastream, FTDI made serial activity LEDs look normal, and by failing to identify the driver responsible in their message, FTDI wasted a lot of support technicians time.  A driver that simply rejected the device would have shown up in Device Manager, and the COM port would have been missing.  That would in most cases be far far easier to debug, as Microsoft dropped bundling a terminal program when they released Windows 7 so a lot of end users don't even have the tools to see the message.

Title: Re: FTDIgate 2.0?
Post by: Karel on February 28, 2016, 07:28:52 pm
... to force the innocent end user to return their device for repair. ...

Please, don't confuse cause and effect. It's not FTDI's fault that they have to return their device.
Blame the counterfeiters.
Title: Re: FTDIgate 2.0?
Post by: zapta on February 28, 2016, 07:34:01 pm
Well that's good then. The thread can finally be closed.  :)

Impossible.

https://en.wikipedia.org/wiki/Infinite_loop
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 28, 2016, 07:47:45 pm
Exactly.  Simply not working with non-FTDI chips is reasonable and expected, but tampering with stored or streamed customer data is on a similar ethical level as the actions of a typical cracker.

You say that but can you explain why? As far is I understood, there's no data at all apart from the string "not a genuine chip".
I prefer this instead of a non working driver that causes hours, maybe days to debug what is going on.
Thanks to this string, an engineer sees immediately what's going on and can act accordingly.

For the enduser there's no difference. His device is not working. He has to return it anyway, with or without this string.

Send the message to the system error log, that's how drivers are supposed to report problems. Or do you have an issue with doing things the right way?

For christ's sake, as engineers we should be condemning this just for being poorly engineered! There's a defined place for messages like this, send it there.
Title: Re: FTDIgate 2.0?
Post by: TheSteve on February 28, 2016, 07:51:17 pm
I assume it has been mentioned before in this thread but how is this any different then how Prolific handled the counterfeit PL2303 chips? They updated the driver so it doesn't start if the chip is detected to not be genuine.
I am not convinced FTDI is handling this the best way possible but long term I think it is probably there only solution(assuming it doesn't kill the company). We're still using FT232RL's at work, they are the best solution for our product and buying from Digikey we aren't too concerned about fakes.
Title: Re: FTDIgate 2.0?
Post by: Gyro on February 28, 2016, 08:29:15 pm
Well that's good then. The thread can finally be closed.  :)

Impossible.

https://en.wikipedia.org/wiki/Infinite_loop

Well it was a good try - there was even a brief pause.

Maybe I should have tried:

========= END OF THREAD LINE, DO NOT CROSS ==========
                          TROLLS ONLY BEYOND THIS POINT

 :-DD
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 28, 2016, 09:21:03 pm
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.
There are no two wrongs. Just one. The counterfeiters.
I'd like you to show court cases where a company or people got away with damaging third party property because they want to settle a dispute on their own (bypassing the legal system).
Title: Re: FTDIgate 2.0?
Post by: CatalinaWOW on February 29, 2016, 12:10:55 am
... to force the innocent end user to return their device for repair. ...

Please, don't confuse cause and effect. It's not FTDI's fault that they have to return their device.
Blame the counterfeiters.


I agree.  The blame goes to the counterfeiters.  But my response of avoiding the risk of FTDI does not assign blame, it merely assesses the risk to me.

A similar analogy.  All of the blame for terrorism in airline travel belongs to the terrorists.  But my decision to avoid airline travel because I dislike all of the restrictions and examinations has an economic impact on the airlines.  Others will make different decisions.  I know people who would not fly if all of these protections were not in place.  The airlines have bet (with government assistance and apparently correctly) that more people of the latter type exist than people who feel like me.  The only group at fault is the terrorists, but airlines and passengers acting in their own perceived best interests have impacts on each other.

In a perfect world none of the wrongdoers would exist.  In the real world, the people who are trying to behave ethically have to make imperfect choices.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 07:39:28 am
Send the message to the system error log, that's how drivers are supposed to report problems.

And what exactly is the gain for the "innocent" enduser? He still needs to return his device for repair.
For the enduser, there's no difference between bricking, replacing the data with a string or simply refusing to work.
The endresult is the same. The device needs to be repaired.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 10:51:03 am
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.
There are no two wrongs. Just one. The counterfeiters.
I'd like you to show court cases where a company or people got away with damaging third party property because they want to settle a dispute on their own (bypassing the legal system).

Please, show me an example where FTDI physically damaged chips. As far as I know, the first time they reprogrammed the counterfeit chip and set the VID and PID to 0.
To me, that is not damage because this can be undone. The chips can still be reprogrammed via a software tool to use another driver.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 11:04:35 am
But my response of avoiding the risk of FTDI does not assign blame, it merely assesses the risk to me.

This whole thing has been blown out of proportions. The only devices affected are the ones bought or produced in shady places
where low cost is more important than quality. Those devices are mainly for hobbyists and semi-profs.
FTDI chips are used a lot in the industry and there are no incidents reported so far.
The chance that end-users of devices, produced for the mass consumer market by the big industry, is extremely low.

But because the hobbyist scene is very vocal and tend to scream and whine a lot on internet fora, it looks like it's a big deal
but in reality, it isn't.
Title: Re: FTDIgate 2.0?
Post by: nctnico on February 29, 2016, 11:17:05 am
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.
There are no two wrongs. Just one. The counterfeiters.
I'd like you to show court cases where a company or people got away with damaging third party property because they want to settle a dispute on their own (bypassing the legal system).

Please, show me an example where FTDI physically damaged chips. As far as I know, the first time they reprogrammed the counterfeit chip and set the VID and PID to 0.
To me, that is not damage because this can be undone. The chips can still be reprogrammed via a software tool to use another driver.
Don't try to talk your way out of it; just put your money where your mouth is! Ofcourse most damages can be repaired one way or the other but who is liable to pay for the repairs? So again: come up with a court case where a company or people got away with damaging third party property without having to pay for the damages/repairs.

Quote
But because the hobbyist scene is very vocal and tend to scream and whine a lot on internet fora, it looks like it's a big deal
but in reality, it isn't.
Still totally oblivious for the fact people and companies are using alternative USB UART chips as many already pointed out in this thread.  :palm:  Even I'm about to ship out a batch of units to one of my customers which would have an FTDI USB-UART chip inside if FTDI didn't intoduce so much uncertainty in their drivers.
Title: Re: FTDIgate 2.0?
Post by: madires on February 29, 2016, 11:25:46 am
I assume it has been mentioned before in this thread but how is this any different then how Prolific handled the counterfeit PL2303 chips? They updated the driver so it doesn't start if the chip is detected to not be genuine.

Prolific: driver doesn't work with counterfeit chip
FTDI #1: driver bricks deliberately counterfeit/compatible chips by setting USB IDs to zero.
FTDI #2: driver sends "NON GENUINE DEVICE FOUND!" to the ounterfeit/compatible chip regardless of input

FTDI should have simply done the same like Prolific. But bricking chips or sending modified data is an absolute no-go. Neither ethical nor legal (willful damage to property, computer sabotage, vigilantism).

And a lesson for Karel in law basics: There's the principle of keeping damages as low as possible. If someone smashes your car's windscreen, you can't demand more money than a reasonable new windscreen including mounting would cost. If the garage's invoice is higher than that, the bad boy has just to pay for the reasonable replacement. This means for FTDI, as a victim of counterfeit chips, they must not increase the damage to other by bricking chips or sending modified data which could cause havoc, besides this being already illegal anyway. But I'm sure you'll ignore this fact also, still claiming the lack of arguments and also ignoring what's written many times about the proper way to deal with counterfeit products.
Title: Re: FTDIgate 2.0?
Post by: madires on February 29, 2016, 11:31:24 am
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread)

No, it has not.

I've written several times:
- FTDI should have simply make their driver stop working with counterfeit chips
- FTDI should have let law enforcement do their job by confiscating counterfeit chips

But you're ignoring this and many posts of other forum members.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 11:52:17 am
Civilized societies already have established that two wrongs don't make a right and that punishments should serve to undo damages and as an educational tool / incentive to prevent repeating the undesired (bad) behaviour.
There are no two wrongs. Just one. The counterfeiters.
I'd like you to show court cases where a company or people got away with damaging third party property because they want to settle a dispute on their own (bypassing the legal system).

Please, show me an example where FTDI physically damaged chips. As far as I know, the first time they reprogrammed the counterfeit chip and set the VID and PID to 0.
To me, that is not damage because this can be undone. The chips can still be reprogrammed via a software tool to use another driver.
Don't try to talk your way out of it; just put your money where your mouth is! Ofcourse most damages can be repaired one way or the other but who is liable to pay for the repairs? So again: come up with a court case where a company or people got away with damaging third party property without having to pay for the damages/repairs.

The counterfeiters are liable for the damages/repairs/whatever.

Quote
But because the hobbyist scene is very vocal and tend to scream and whine a lot on internet fora, it looks like it's a big deal
but in reality, it isn't.
Still totally oblivious for the fact people and companies are using alternative USB UART chips as many already pointed out in this thread.

I don't think that a group of screaming and whining hobbyists on forums is representative for what is going on in the industry.
There have always been hobbyists and engineers who have used alternatives. The question is, how much does it affect the business of FTDI.
I don't have this data. Do you? But based on what I see, it's only a (relatively) small group of hobbyists and semi-profs who are trying to make it look like
it's a big deal. When I talk to colleagues in the industry, I still haven't met somebody that has problems with FTDI.

Even I'm about to ship out a batch of units to one of my customers which would have an FTDI USB-UART chip inside if FTDI didn't intoduce so much uncertainty in their drivers.

We still use FTDI chips. We use whats best for our customers. We will not let affect our decisions by some sentiment on internet fora, mainly caused by hobbyists who buy their stuf
in shady places.




Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 11:57:53 am
I assume it has been mentioned before in this thread but how is this any different then how Prolific handled the counterfeit PL2303 chips? They updated the driver so it doesn't start if the chip is detected to not be genuine.

Prolific: driver doesn't work with counterfeit chip
FTDI #1: driver bricks deliberately counterfeit/compatible chips by setting USB IDs to zero.
FTDI #2: driver sends "NON GENUINE DEVICE FOUND!" to the ounterfeit/compatible chip regardless of input

FTDI should have simply done the same like Prolific.

I why should they do that? Because you say so?

But bricking chips or sending modified data is an absolute no-go.

Bricking counterfeit chips or sending the string "not a genuine chip" seems completely fine to me.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 11:59:51 am
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread)

No, it has not.

I've written several times:
- FTDI should have simply make their driver stop working with counterfeit chips
- FTDI should have let law enforcement do their job by confiscating counterfeit chips

But you're ignoring this and many posts of other forum members.

No, I'm not ignoring it. I just don't believe that your writings are more constructive.

Title: Re: FTDIgate 2.0?
Post by: nctnico on February 29, 2016, 12:01:36 pm
I don't think that a group of screaming and whining hobbyists on forums is representative for what is going on in the industry.
:palm: So now we are all hobbyists here?  :palm:
Any luck finding a court case backing your statements yet? Come back when you do and we'll have something serious to talk about instead of going around in circles.
Title: Re: FTDIgate 2.0?
Post by: Boomerang on February 29, 2016, 02:22:47 pm
Karel,
hobbyists are small customers individually, but they are many and collectively influence the industry a lot. Most of the people who hear about this (and previous) story are very disappointed from the FTDI actions and will reduce significantly their interactions with the company's products. This negative feeling will spread among the people in the industry (hobbyists and professionals) like a domino row.

FTDI chips are used a lot in the industry and there are no incidents reported so far.
You seem to have inside information, so you can report this to the FTDI management: the long term effect after the two FTDI-gates will be negative for the company finances. People who make one error twice I can call simply stupid and irresponsible. They are irresponsible in front of their employer and/or investors.

No matter how hard you try to defend them and no matter how many times you repeat "aim your anger at the counterfeiters" - you won't change anything. The anger will be pointed to FTDI and the counterfeiters (we don't even know who they are) will either switch to other "model" chips or will start to make better copies that will pass the genuine test. Whatever they do - they will not buy more than few 10s of original chips and they will not stimulate the increase of FTDI sales.

In short: you are wasting your time.
Title: Re: FTDIgate 2.0?
Post by: Gyro on February 29, 2016, 02:44:21 pm
Quote
Perhaps instead of just calling FTDI stupid, people could suggest better constructive steps FTDI should have taken?

I think that more constructive step has been stated many, many times in this (and the previous FTDI thread)

No, it has not.

I've written several times:
- FTDI should have simply make their driver stop working with counterfeit chips
- FTDI should have let law enforcement do their job by confiscating counterfeit chips

But you're ignoring this and many posts of other forum members.

No, I'm not ignoring it. I just don't believe that your writings are more constructive.

Talk a lot, don't you!  :popcorn:
Title: Re: FTDIgate 2.0?
Post by: zapta on February 29, 2016, 03:06:24 pm
I'd like you to show court cases where a company or people got away with damaging third party property because they want to settle a dispute on their own (bypassing the legal system).

Like this?

(http://www.secure-lane.com/publishImages/Traffic-Spikes~~element117.jpg)


(this is not an opinion about FTDI actions, already did it many posts ago)
Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 03:10:31 pm
... the long term effect after the two FTDI-gates will be negative for the company finances.

Maybe, maybe not. That has still to be determined. Maybe FTDI concluded that other approaches should be more negative for the company finances.
Some people here seem to forget that FTDI is a victim here as well. They can't allow counterfeiting. They have to do something.
And bricking the chips is the best approach to prevent that people continue to use the counterfeit chips by using an older driver.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 29, 2016, 05:04:04 pm
It doesn't matter what anyone says in this forum. FTDI made a decision five months ago and if it was hurting their bottom line, they surely would have reverted their decision but they have not.

They are not publicly traded, but I wonder how their financial statement from 2015 compares to 2014, since the new driver was released at the end of September it would only account for 3 months which is not enough to account for their customer base reactions, so I guess we'll have to see how it affects their 2016 bottom line.

Use it or don't use it, stating that they are crap or not has about the same weight as any other this vs that discussion.
Myself I prefer Cypress anyways for my USB-UART needs, but that was the case even before the Oct 2014 original FTDIgate 1.0

Edit: I just noticed that even Wikipedia has the dates wrong. The "NON GENUINE DEVICE FOUND!" driver was not released or discovered on Feb 2016. But you know how new media is and they picked up the story probably based on this thread, so now the facts are all distorted. If you search for that string you can find that it pre-dates February and was discovered shortly after it was released (Sept 29th 2015) around Oct 2nd 2015.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 29, 2016, 05:23:00 pm
What makes me hard to understand is, FTDI already plans to phase out the old FT232, as this can be seen from their new alternative products, cheaper, smaller and more power efficient.
FT232 serves only legacy compatibility purpose, IMHO. Why a company is willing to ruin its reputation for a model that is being phased out?

Some see it as they are ruining their reputation, others see it as they are strengthening their position. To some it seems its enough to switch manufacturers and re-spinning their boards, while for others they are happy that they don't have to compete with cheap clones.

No matter how many times people post their opinions here they are not based on the actual numbers, FTDI is the only one that has the answer to how their decision did affect them positively or negatively in the long run.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 29, 2016, 06:05:04 pm
It's apparent from reading this forum and others that FTDI has ruined it's reputation among at least some in the electronics community (both hobbyists and designers).  What percentage is an open question. It's a good question regarding how this will affect their bottom line - particularly if they are phasing out the 232 chip anyway.  But that is a question that will only be answered over a longer time period.

Listening to the most recent embedded.fm podcast (http://embedded.fm/episodes/140) which featured an interview with Bunnie Huang - I found his take on Chinese cloning of electronics very interesting. It is a cultural thing- that is how the value of designing and producing a cheaper compatible alternative to an existing product is perceived.

IMO there is no excuse for outright counterfeiting - that is in this case stamping chips with a fake FTDI logo and trying to pass them off as real FTDI chips. But, there are also many FTDI compatible clone chips out there - that have no FTDI logo and are only sold as FTDI compatible - they are not "counterfeit - they are clones.   As far as I know there is nothing illegal about those and after hearing Bunnie's take on why the Chinese often do this kind of thing I'm not so sure I would even consider it unethical. It's a complicated topic with distinct cultural factors.


Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 29, 2016, 06:14:54 pm
Apparent to some, only the people voicing their opinions usually are the ones that have something to complain about, while the silent majority seats on the sideline unfazed.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on February 29, 2016, 06:20:02 pm
But, there are also many FTDI compatible clone chips out there - that have no FTDI logo and are only sold as FTDI compatible - they are not "counterfeit - they are clones.   As far as I know there is nothing illegal about those and after hearing Bunnie's take on why the Chinese often do this kind of thing I'm not so sure I would even consider it unethical. It's a complicated topic with distinct cultural factors.

If they're piggy-backing off of a driver that another company developed, distributed, signed, and supports, after that company has made it ABUNDANTLY clear that they do not appreciate that kind of behavior, then yes it is unethical in any culture.  Those "compatible" chip makers are MORE than welcome to use their own VID, and write, distribute, and maintain their own drivers.
Title: Re: FTDIgate 2.0?
Post by: mtdoc on February 29, 2016, 06:37:11 pm
But, there are also many FTDI compatible clone chips out there - that have no FTDI logo and are only sold as FTDI compatible - they are not "counterfeit - they are clones.   As far as I know there is nothing illegal about those and after hearing Bunnie's take on why the Chinese often do this kind of thing I'm not so sure I would even consider it unethical. It's a complicated topic with distinct cultural factors.

If they're piggy-backing off of a driver that another company developed, distributed, signed, and supports, after that company has made it ABUNDANTLY clear that they do not appreciate that kind of behavior, then yes it is unethical in any culture.  Those "compatible" chip makers are MORE than welcome to use their own VID, and write, distribute, and maintain their own drivers.

A valid opinion for sure - but just an opinion as all responses to ethical questions are.  Many have questioned FTDIs ethics in their response - again - only opinions.
 
FTDI's concerns are not relevant to that question IMHO since of course no company wants competition -  from legal cloners or otherwise. I'm sure FTDI would appreciate it if no other chips makers made competing products - but they don't get to determine that.
   
Were the IBM PC cloners unethical?  Is it always unethical to "clone" an existing product if done legally?  IMHO these are not black and white questions.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 29, 2016, 06:40:56 pm
But, there are also many FTDI compatible clone chips out there - that have no FTDI logo and are only sold as FTDI compatible - they are not "counterfeit - they are clones.   As far as I know there is nothing illegal about those and after hearing Bunnie's take on why the Chinese often do this kind of thing I'm not so sure I would even consider it unethical. It's a complicated topic with distinct cultural factors.

If they're piggy-backing off of a driver that another company developed, distributed, signed, and supports, after that company has made it ABUNDANTLY clear that they do not appreciate that kind of behavior, then yes it is unethical in any culture.  Those "compatible" chip makers are MORE than welcome to use their own VID, and write, distribute, and maintain their own drivers.

Who cares how clear they made it? If they put the software on my computer I'm going to use it however the hell I want. At no point did I ever agree to only do things FTDI likes.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on February 29, 2016, 06:43:14 pm
Regarding PC clones, they did have to write their own compatible BIOS. It's not like they did the clone and tell people to use unmodified IBM ROMs.

Edit: I do recall some IBM software that actually checked the BIOS to make sure it was running on IBM hardware. It was a paint program but I bet that BIOS check was in some of their offerings.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 06:50:06 pm
Were the IBM PC cloners unethical?

Probably not, as long as the PC-clone doesn't use a copy of IBM's PC-DOS without a valid licence.
Title: Re: FTDIgate 2.0?
Post by: Karel on February 29, 2016, 06:59:06 pm
Who cares how clear they made it? If they put the software on my computer I'm going to use it however the hell I want. At no point did I ever agree to only do things FTDI likes.

You do whatever you like. Just as FTDI does.
You can stamp your feet as much as you want but I don't think it's going to help you.

Title: Re: FTDIgate 2.0?
Post by: Gyro on February 29, 2016, 08:19:15 pm
I'm really curious, 34 pages on, what excuse do the rest of you have to keep feeding this guy?  :-// You can't really be enjoying or getting any benefit from it by now, surely? Life just seems too short.
Title: Re: FTDIgate 2.0?
Post by: timb on February 29, 2016, 09:59:05 pm

Regarding PC clones, they did have to write their own compatible BIOS. It's not like they did the clone and tell people to use unmodified IBM ROMs.

Edit: I do recall some IBM software that actually checked the BIOS to make sure it was running on IBM hardware. It was a paint program but I bet that BIOS check was in some of their offerings.

These so called "counterfeit" and "clone" chips aren't actually mask copies of FTDI's die. In most cases, they're small MCU's that have been programmed to emulate the FTDI command set. So, the only difference between this and Compaq cloning IBM's bios is that *some* of these chips are being remarked as FTDI chips, which is wrong.

The fact that a non-FTDI chip uses FTDI's driver is fine in my book. There is a long history of third parties making hardware that works with an existing driver. Take the Sound Blaster 16 for example.
Title: Re: FTDIgate 2.0?
Post by: c4757p on February 29, 2016, 10:04:39 pm
You do whatever you like. Just as FTDI does.

Yup, and I get to have an opinion on what they've done, just like they do on what I've done...

I'm really curious, 34 pages on, what excuse do the rest of you have to keep feeding this guy?  :-// You can't really be enjoying or getting any benefit from it by now, surely? Life just seems too short.

Because I'm an idiot and this godforsaken thread isn't in one of the boards I was smart enough to block...
Title: Re: FTDIgate 2.0?
Post by: CatalinaWOW on February 29, 2016, 10:14:34 pm
I support Karel's efforts to support his own interests.  He (or she) is only doing what every one else here is doing.  I can't tell whether those interests are employment or maintaining a viable supplier for the designs he has implemented and supports, or perhaps a future bricking effort on some other unrelated product line, or something else but as a point of view they all are as good as any expressed here. 

Despite his dismissive comments about "hobbiests and semi-professionals" he feels their comments are worth the effort of debating.  That is validation of sorts for those involved.
Title: Re: FTDIgate 2.0?
Post by: Gyro on February 29, 2016, 10:36:15 pm
Well that's a couple of good takes on the 'Why' at least :)

I just wanted to try to insert a sanity breakpoint in case you were truly trapped in an infinite loop from which you were now incapable of escaping (still not entirely convinced on that one though!).

I shall try very much harder to avoid noticing this thread in future and worse still, opening it. It's just a bit like fingernails scratching down a blackboard every time I do.  :D

Good luck with it.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on March 01, 2016, 12:02:34 am
Intel does the same thing with their compiler, when caught they didn't change the compiler but they offered the following statement regarding using the C++ Intel compiler on non-Intel chips:

https://software.intel.com/en-us/articles/optimization-notice

As far as I know, the code generated still runs slower on AMD processors even if they support SSE2 or SSE3. Pretty much they look at the CPU ID and if it says GenuineIntel then the optimized code path runs, otherwise optimization flags are totally ignored.

Not clear if this is a runtime or compile time issue, but Intel doesn't want to support non-Intel architectures on their compiler.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on March 01, 2016, 12:53:14 am
The fact that a non-FTDI chip uses FTDI's driver is fine in my book. There is a long history of third parties making hardware that works with an existing driver. Take the Sound Blaster 16 for example.

And the next time you develop a driver, you are welcome to let everybody under the sun, including your competition, use it for free.  But this is not your driver, this is FTDI's driver, and they've made it abundantly clear that they don't want other manufacturers using it.  It's their call to make, and they made it.

These "legitimate" manufacturers of compatible devices are welcome to distribute a tool to allow their end-users to change the VID/PID to their own, and then write, sign, distribute, and maintain their own driver to interface with it.
Title: Re: FTDIgate 2.0?
Post by: c4757p on March 01, 2016, 01:56:26 am
Why does FTDI get to say who can use their driver, once it's on someone else's computer? I don't understand why some of you just assume that.
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on March 01, 2016, 02:18:55 am
It's their driver, of course they get to decide which devices it can talk to.  Just like Xilinx can decide whether or not their tools will program Altera FPGAs.  Even if the protocol was the same and technically it could, it's perfectly within their rights to design it so that it doesn't.
Title: Re: FTDIgate 2.0?
Post by: c4757p on March 01, 2016, 02:33:10 am
That's not what I meant.
Title: Re: FTDIgate 2.0?
Post by: zapta on March 01, 2016, 05:34:02 am
I just wanted to try to insert a sanity breakpoint in case you were truly trapped in an infinite loop from which you were now incapable of escaping (still not entirely convinced on that one though!).

Here is a visualization of this thread

https://www.youtube.com/watch?v=6QkGp2qBbn4 (https://www.youtube.com/watch?v=6QkGp2qBbn4)
Title: Re: FTDIgate 2.0?
Post by: timb on March 01, 2016, 08:35:33 am

It's their driver, of course they get to decide which devices it can talk to.  Just like Xilinx can decide whether or not their tools will program Altera FPGAs.  Even if the protocol was the same and technically it could, it's perfectly within their rights to design it so that it doesn't.

Apples to oranges, and you know it.

Actually, this brings up a good point. I want you to explain to me exactly what you think FTDI is accomplishing by making their driver not work with/brick/spit bad data out in the first place. 

The way I see it, the only thing FTDI is accomplishing here (besides alienating their customers) is making better clones.

Why? Well, the clone maker fixed the original vulnerability that allowed FTDI to tell the difference. So, FTDI wasn't really stopping future clones. Instead, they just annoyed everyone with a product that happened to have a clone chip in it. But, it's not like those customers can't just roll back to the older version of the driver and still use the clones.

So, aside from ending up with better clones and egg on their face, what was the point? Now, if these were *actual* counterfeit (mask copies) FTDI's driver wouldn't be able to tell the difference anyway.

This is no different than IBM vs Compaq. You're right, FTDI has every right to do whatever they want with their driver. However, just like with DRM, they will never win; in fact they've already lost. All it does is serve to inconvenience end users.

If it were *my* driver, I would see the writing on the wall and move on, instead of doubling down on a losing strategy. (In this case, both their driver *and* production of basic USB-UART chips is that losing strategy.)
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 09:08:53 am
I want you to explain to me exactly what you think FTDI is accomplishing by making their driver not work with/brick/spit bad data out in the first place. 

To encourage cheap-ass companies not to use counterfeit products?

Well, the clone maker fixed the original vulnerability that allowed FTDI to tell the difference. So, FTDI wasn't really stopping future clones.

FTDI was stopping present counterfeit chips. It could be very well that FTDI has more ways to check for counterfeit chips. Ways that could be used in future driver updates
when new counterfeit chips have been found that have circumvented the old way of detection.

So, aside from ending up with better clones and egg on their face, what was the point?
This is no different than IBM vs Compaq. You're right, FTDI has every right to do whatever they want with their driver. However, just like with DRM, they will never win; in fact they've already lost. All it does is serve to inconvenience end users.

Probably FTDI believes that they will loose more money with other approaches. It's their choice, not yours.

If it were *my* driver, ...

But it isn't, is it?

Title: Re: FTDIgate 2.0?
Post by: nctnico on March 01, 2016, 10:38:30 am
If it were *my* driver, I would see the writing on the wall and move on, instead of doubling down on a losing strategy. (In this case, both their driver *and* production of basic USB-UART chips is that losing strategy.)
If think this touches the core of the problem. In order to stay ahead you have to create new products and get into new markets all the time. IBM has been mentioned and even though IBM was forced out of the PC market they still exist today. Or look at Dyson. Dyson succesfully hyped bag-less vacuum cleaners and soon after that others followed with similar products. No problem for Dyson because they have a whole line of products and they even succesfully entered the hand-dryer market.

Now look at FTDI: the only products they are really known for are their USB-UART bridge chips and in a lesser extend their USB FIFO chips.
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 01:06:10 pm
In order to stay ahead you have to create new products and get into new markets all the time. IBM has been mentioned and even though IBM was forced out of the PC market they still exist today. Or look at Dyson. Dyson succesfully hyped bag-less vacuum cleaners and soon after that others followed with similar products. No problem for Dyson because they have a whole line of products and they even succesfully entered the hand-dryer market.

Now look at FTDI: the only products they are really known for are their USB-UART bridge chips and in a lesser extend their USB FIFO chips.

Ok, let's assume for a moment that FTDI isn't  innovative anymore and maybe, because of that, they will vanish in 5 to 10 years.
If they can extend that period with a couple of years by protecting their IP, why not? They have the right to use their IP as a cash cow as long as possible.
Ethically, there's nothing wrong with that.

Title: Re: FTDIgate 2.0?
Post by: nctnico on March 01, 2016, 01:22:32 pm
In theory yes but what FTDI did to protect their IP is borderline criminal so they must be very desperate to milk their existing IP any way they can for as long as they can. Appearantly plan B isn't working for FTDI otherwise they would have moved on a long time ago. Another good reason to not use FTDI parts: they may be gone in a few years!
Title: Re: FTDIgate 2.0?
Post by: suicidaleggroll on March 01, 2016, 03:43:33 pm

It's their driver, of course they get to decide which devices it can talk to.  Just like Xilinx can decide whether or not their tools will program Altera FPGAs.  Even if the protocol was the same and technically it could, it's perfectly within their rights to design it so that it doesn't.

Apples to oranges, and you know it.
You're right, it's not a good comparison, because in my example the Altera device just happened to be compatible.  A better comparison would be if Altera intentionally designed their products to impersonate Xilinx devices, so they could piggy-back off of Xilinx's toolchain and not have to develop or maintain one of their own.  You can bet your ass if they tried to pull something like that, Xilinx would try to find a way to block it, and nobody would be surprised (well, I would think so, but after reading this thread I'm not so sure there wouldn't be a group of people asking for the Xilinx CEO's head on a platter).

Actually, this brings up a good point. I want you to explain to me exactly what you think FTDI is accomplishing by making their driver not work with/brick/spit bad data out in the first place.
Easy, and I've already said it many times before.
Q: Why are they trying to make their driver not work with counterfeit chips?
A: To discourage cheap manufacturers from using counterfeit chips, and ultimately, to discourage the counterfeiters.  Do you really think the counterfeiters are going to just keep up this cat and mouse game?  Why on earth would they do that when they can just start counterfeiting a different manufacturer who doesn't try to restrict the use of their driver?  As you and others have said many times, FTDI USB-UART bridges are nothing special these days, so why are you so insistent that the counterfeiters would keep dumping time and money into running around driver restrictions when they could just move to somebody else?  That's FTDI's goal, discourage counterfeiters enough that they move to another target.

Q: Why are they throwing out "bad" or "garbage" data?
A: First, it's not "bad data", "bad data" would be if they made random changes and spit out nonsense.  It's not bad data, it's a message, a very clear message explaining why it's not working.  The alternative would be to send nothing and bury an error code or message deep in the bowels of the system logs where it will never see the light of day.  It's a valid alternative, but FTDI must have weighed the options and made the decision that it's better to send out a very clear message where anybody using the device will see, risking the fallout from a few devices that might misbehave when it receives data it doesn't expect, but significantly reducing debugging time by affected manufacturers.  They probably made the assumption that affected manufacturers WANT TO KNOW that they have a counterfeit device in their product, and the easier they can make that discovery the better.  It doesn't really matter for the end-user, because the device has to go back to the manufacturer anyway.
Title: Re: FTDIgate 2.0?
Post by: CatalinaWOW on March 01, 2016, 04:39:34 pm
It would have been relatively easy for FTDI to make a chip test tool and distribute it to vendors and distributors. This would allow them to test for genuine parts before incorporating them in their sales stream.  Even a lot sample test of this sort would have been highly effective.

FTDI apparently did not think of this, or had some motive for not doing it.  At this point in time people can use the driver to perform this test, but do not have the manufacturers assurance that passing this test will be good enough in the future.

Still seems to me that FTDI is either not handling this well, or is motivated by something not identified on this forum.
Title: Re: FTDIgate 2.0?
Post by: nctnico on March 01, 2016, 04:44:39 pm
Q: Why are they throwing out "bad" or "garbage" data?
A: First, it's not "bad data", "bad data" would be if they made random changes and spit out nonsense.  It's not bad data, it's a message, a very clear message explaining why it's not working.  The alternative would be to send nothing and bury an error code or message deep in the bowels of the system logs where it will never see the light of day.
Sorry but that is just plain wrong! Windows will show a message when an USB device cannot load it's driver properly. Also the device manager will show a device was attached for which the driver isn't working. From there it is a small step to look into the log files. Either way there are enough ways to show the user something is wrong without bricking devices or sending random data (from the perspective of any device attached).
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 04:47:39 pm
It would have been relatively easy for FTDI to make a chip test tool and distribute it to vendors and distributors. This would allow them to test for genuine parts before incorporating them in their sales stream.  Even a lot sample test of this sort would have been highly effective.

FTDI apparently did not think of this, or had some motive for not doing it.  At this point in time people can use the driver to perform this test, but do not have the manufacturers assurance that passing this test will be good enough in the future.

Still seems to me that FTDI is either not handling this well, or is motivated by something not identified on this forum.

The problem with such a tool is, what do you want it to do.

1. Do you want it to check only for the actual way of checking for counterfeit chips, than you can simply use the latest driver. No need for a tool.

2. If you want a tool that checks for all possible ways to check for counterfeit chips, also methods of detecting which FTDI hasn't been used yet but keep them for future use,
well, then they should be stupid if they provide such a tool because that tool will be used by counterfeiters to check and circumvent all present and future methods of FTDI to check for counterfeit chips.
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 04:50:03 pm
... or sending random data (from the perspective of any device attached).

So far, in this whole thread, nobody has made a valid point why it's wrong to send a string that contains "not a genuine chip".
Title: Re: FTDIgate 2.0?
Post by: nctnico on March 01, 2016, 04:55:11 pm
... or sending random data (from the perspective of any device attached).
So far, in this whole thread, nobody has made a valid point why it's wrong to send a string that contains "not a genuine chip".
You are a real engineer aren't you? If you are a real engineer then you should know it is very bad to send random data to a device. I have come across several devices which lock up when confronted with data the device didn't expect. One of those was actually performing a safety critical function so yes, it is very bad to send random data to a device. I also start to doubt you can read because this has been discusses at length in this same thread so you are trying to create a new infinite loop here so lets leave this subject alone right here. You can read all about it in the previous pages.
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 05:01:52 pm
... or sending random data (from the perspective of any device attached).
So far, in this whole thread, nobody has made a valid point why it's wrong to send a string that contains "not a genuine chip".
You are a real engineer aren't you? If you are a real engineer then you should know it is very bad to send random data to a device. I have come across several devices which lock up when confronted with data the device didn't expect. One of those was actually performing a safety critical function so yes, it is very bad to send random data to a device. I also start to doubt you can read because this has been discusses at length in this same thread so you are trying to create a new infinite loop here so lets leave this subject alone right here. You can read all about it in the previous pages.

Yes, I am. Apparently you aren't otherwise you should know that a safety critical device that can cause seriouse injury because of a glitch on a serial port,
should be taken out of service immediately. There's simply no excuse for that.

Title: Re: FTDIgate 2.0?
Post by: CatalinaWOW on March 01, 2016, 05:06:00 pm
It would have been relatively easy for FTDI to make a chip test tool and distribute it to vendors and distributors. This would allow them to test for genuine parts before incorporating them in their sales stream.  Even a lot sample test of this sort would have been highly effective.

FTDI apparently did not think of this, or had some motive for not doing it.  At this point in time people can use the driver to perform this test, but do not have the manufacturers assurance that passing this test will be good enough in the future.

Still seems to me that FTDI is either not handling this well, or is motivated by something not identified on this forum.

The problem with such a tool is, what do you want it to do.

1. Do you want it to check only for the actual way of checking for counterfeit chips, than you can simply use the latest driver. No need for a tool.

2. If you want a tool that checks for all possible ways to check for counterfeit chips, also methods of detecting which FTDI hasn't been used yet but keep them for future use,
well, then they should be stupid if they provide such a tool because that tool will be used by counterfeiters to check and circumvent all present and future methods of FTDI to check for counterfeit chips.

You have missed the whole point.  You have often expressed that manufacturers should do due diligence in getting genuine FTDI chips.  Nowhere is due diligence defined.  By your own definition using the current driver is inadequate, because FTDI either does or may have withheld future clone detection techniques.  So you are saying that legitimate vendors must assume all of the risk of being stuck with a clone chip while FTDI assumes none.

There are demonstrated cases where buying direct from the vendor does not assure genuine chips.  Employees of the vendor were making money on the side by buying clones and selling them, or in other cases selling non-spec parts from the scrap bin.  Due diligence in the supply chain cannot go further than buying direct from the manufacturer.  While I am not aware of this occurring at FTDI, I see no reason they are immune from this problem.

Issuing a certified test program is a way of sharing risk.  If FTDI is concerned enough about the problem there are encryption techniques (which would involve both the parts and the test program) which could make the approach difficult to use the test as a design tool for getting around the test program.
Title: Re: FTDIgate 2.0?
Post by: c4757p on March 01, 2016, 05:07:58 pm
Yes, I am. Apparently you aren't otherwise you should know that a safety critical device that can cause seriouse injury because of a glitch on a serial port,
should be taken out of service immediately. There's simply no excuse for that.

Yes, it should. That is a dangerous machine. But how does that mean that it's okay to screw around with it?

I'm starting to think you just have a problem with logic. You make an awful lot of non sequitur arguments. "This machine is too dangerous and shouldn't be used, therefore FTDI should fuck with it" makes about as much sense as "the sky is blue, therefore broccoli tastes bad"... |O
Title: Re: FTDIgate 2.0?
Post by: madires on March 01, 2016, 05:09:43 pm
You are a real engineer aren't you? If you are a real engineer then you should know it is very bad to send random data to a device. I have come across several devices which lock up when confronted with data the device didn't expect. One of those was actually performing a safety critical function so yes, it is very bad to send random data to a device. I also start to doubt you can read because this has been discusses at length in this same thread so you are trying to create a new infinite loop here so lets leave this subject alone right here. You can read all about it in the previous pages.

Yes, I am. Apparently you aren't otherwise you should know that a safety critical device that can cause seriouse injury because of a glitch on a serial port,
should be taken out of service immediately. There's simply no excuse for that.

In a perfect world :) But if there's no budget for that, the poorly designed device has to stay. Mr. Manager will tell you that.
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 05:11:50 pm
So you are saying that legitimate vendors must assume all of the risk of being stuck with a clone chip while FTDI assumes none.

No, I'm not saying that. In the rare case that they are affected by this problem, they can put a claim at the seller of the counterfeit chips.


Title: Re: FTDIgate 2.0?
Post by: c4757p on March 01, 2016, 05:12:55 pm
So you're okay with causing harm as long as the people affected can blame someone else? WTF dude?
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 05:13:10 pm
You are a real engineer aren't you? If you are a real engineer then you should know it is very bad to send random data to a device. I have come across several devices which lock up when confronted with data the device didn't expect. One of those was actually performing a safety critical function so yes, it is very bad to send random data to a device. I also start to doubt you can read because this has been discusses at length in this same thread so you are trying to create a new infinite loop here so lets leave this subject alone right here. You can read all about it in the previous pages.

Yes, I am. Apparently you aren't otherwise you should know that a safety critical device that can cause seriouse injury because of a glitch on a serial port,
should be taken out of service immediately. There's simply no excuse for that.

In a perfect world :) But if there's no budget for that, the poorly designed device has to stay. Mr. Manager will tell you that.

So, aim your anger to Mr. Manager. Not to FTDI.
Title: Re: FTDIgate 2.0?
Post by: Bud on March 01, 2016, 05:14:08 pm
Not that it is wrong but it is useless and will do no job in many use cases where devices use proprietary application level protocols. This message will simply be ignored as noise. FTDI what, thinks that every single use case involves someone stairing at the display and reading the bytestream?
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 05:15:13 pm
So you're okay with causing harm as long as the people affected can blame someone else? WTF dude?

Show me a documented example where the behaviour of FTDI's driver caused serious injury.
Title: Re: FTDIgate 2.0?
Post by: nctnico on March 01, 2016, 05:20:59 pm
So you're okay with causing harm as long as the people affected can blame someone else? WTF dude?
Show me a documented example where the behaviour of FTDI's driver caused serious injury.
So people should get hurt or killed before you are convinced?  :wtf:
Title: Re: FTDIgate 2.0?
Post by: c4757p on March 01, 2016, 05:31:47 pm
Probably a good idea to just stop now. We're clearly at the "I'll say anything that sounds like it proves my point" stage of the argument.
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 06:11:53 pm
So you're okay with causing harm as long as the people affected can blame someone else? WTF dude?
Show me a documented example where the behaviour of FTDI's driver caused serious injury.
So people should get hurt or killed before you are convinced?  :wtf:

No, people shouldn't get hurt, those are your words.

If you really know about a safety critical device that can cause serious injury because of a glitch on the serial port,
than I assume you took the device out of service or at least reported it to the authorities and made sure that they
took it out of service. No risk anymore that something goes wrong.

If not, then you are a hypocrite that wines about FTDI but don't really care about safety.


Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 06:14:19 pm
FTDI what, thinks that every single use case involves someone stairing at the display and reading the bytestream?

The engineer that is investigating the defect device will.
Title: Re: FTDIgate 2.0?
Post by: Karel on March 01, 2016, 06:18:24 pm
Yes, I am. Apparently you aren't otherwise you should know that a safety critical device that can cause seriouse injury because of a glitch on a serial port,
should be taken out of service immediately. There's simply no excuse for that.

Yes, it should. That is a dangerous machine. But how does that mean that it's okay to screw around with it?

How many dangerous machines have stopped working because of FTDI's driver?

Title: Re: FTDIgate 2.0?
Post by: timb on March 01, 2016, 08:03:27 pm

Yes, I am. Apparently you aren't otherwise you should know that a safety critical device that can cause seriouse injury because of a glitch on a serial port,
should be taken out of service immediately. There's simply no excuse for that.

Yes, it should. That is a dangerous machine. But how does that mean that it's okay to screw around with it?

How many dangerous machines have stopped working because of FTDI's driver?

Wow. Just wow.

Stop the train. This is where I get off.
Title: Re: FTDIgate 2.0?
Post by: Koen on March 01, 2016, 11:54:19 pm
So far over 35 pages we've had "what ifs", unsubstantiated claims about counterfeit FTDI chips in regular distribution, unsubstantiated claims about major corporations discontinuing their use of FTDI chips and unsubstantiated claims about safety-critical systems compromised by random serial strings. Should people take your word for it ? Is linking to the related press releases impossible ? Or is it so obscure you can't name the distributor/company/product impacted without being found out ?

How can you try to prove your point without providing any evidence for your claims. This is debating 101.
Title: Re: FTDIgate 2.0?
Post by: nctnico on March 02, 2016, 12:50:05 am
So far over 35 pages we've had "what ifs", unsubstantiated claims about counterfeit FTDI chips in regular distribution, unsubstantiated claims about major corporations discontinuing their use of FTDI chips and unsubstantiated claims about safety-critical systems compromised by random serial strings. Should people take your word for it ? Is linking to the related press releases impossible ? Or is it so obscure you can't name the distributor/company/product impacted without being found out ?

How can you try to prove your point without providing any evidence for your claims. This is debating 101.
There are documented cases that counterfeit components found their way into military devices. Google that. Also a simple data conversion problem can cause a rocket intended for launching satellites into space to fail ( http://sunnyday.mit.edu/accidents/Ariane5accidentreport.html (http://sunnyday.mit.edu/accidents/Ariane5accidentreport.html) ) due to feeding random data into a system which doesn't suspect it. It shouldn't need much thinking to understand that it is a bad idea in general to feed random data into any system.

Quote from the report:
Part of these data at that time did not contain proper flight data, but showed a diagnostic bit pattern of the computer of the SRI 2, which was interpreted as flight data.

IOW: The 'what ifs' aren't about pinpointing existing cases but doing solid engineering and the steps to take / processes to follow in order to minimize the risk on designing a (potential) problem into a product which can cause a customer problems at some point. I have been dealing with customers for over 25 years already and I have learned that a simple problem from an engineering perspective can be perceived as a huge problem by a customer. So by all means: get rid of any potential source of problems!
Title: Re: FTDIgate 2.0?
Post by: Karel on March 02, 2016, 07:33:10 am
There are documented cases that counterfeit components found their way into military devices.

Lets say, it's better that a (militairy) device doesn't want to start because of a driver update,
than starting fine and during it's service it malfunctions unexpectedly because the counterfeit chip is a bit out of spec.

Title: Re: FTDIgate 2.0?
Post by: f4eru on March 02, 2016, 09:32:25 pm
So far, in this whole thread, nobody has made a valid point why it's wrong to send a string that contains "not a genuine chip".
Bullshit. It's injecting corrupt data in a data stream you know nothing about.

Tampering for any reason a random data stream is  simply dangerous. it's not acceptable from every point of view.
it's Malware.
Title: Re: FTDIgate 2.0?
Post by: Koen on March 02, 2016, 10:30:05 pm
I'll take your point about Ariane 5 first launch but for future readers, I'll add this quote from the report :

Quote
f) Approx. 0.05 seconds later the active inertial reference system, identical to the back-up system in hardware and software, failed for the same reason. Since the back-up inertial system was already inoperative, correct guidance and attitude information could no longer be obtained and loss of the mission was inevitable.

It isn't solely unexpected data but irrecoverable instruments.
Title: Re: FTDIgate 2.0?
Post by: dadler on March 02, 2016, 11:43:57 pm
My favorite (uh, wrong word here) story like this is the Therac-25:

https://en.m.wikipedia.org/wiki/Therac-25
Title: Re: FTDIgate 2.0?
Post by: Karel on March 03, 2016, 07:36:37 am
It's injecting corrupt data in a data stream you know nothing about.

As far as I know, it isn't. The original data never arrives. The host will only receive the string "not a genuine chip".
Title: Re: FTDIgate 2.0?
Post by: cdev on March 18, 2016, 02:52:44 pm
there should be a generic fallback mode where all usb-uart or usb-serial converters maintain basic functionality, using some generic fallback code thats community developed.
Title: Re: FTDIgate 2.0?
Post by: bingo600 on March 18, 2016, 03:03:21 pm
Just use Linux  :-+
FTDI got the finger  :-- when trying to implement their "changes" to the linux ftdi driver.

And ear/eye plugs against Mr. K
We should be able to select a "hide posts" from  , in our settings.

/Bingo
Title: Re: FTDIgate 2.0?
Post by: edavid on March 18, 2016, 03:28:19 pm
And ear/eye plugs against Mr. K
We should be able to select a "hide posts" from  , in our settings.

The forum does have an ignore list feature:

https://www.eevblog.com/forum/profile/?area=lists;sa=ignore; (https://www.eevblog.com/forum/profile/?area=lists;sa=ignore;)
Title: Re: FTDIgate 2.0?
Post by: CJay on March 18, 2016, 04:33:34 pm
Out of all the unsubstantiated what if scenarios and other such in this thread, I take the following:

1. Good system design should preclude malfunction from 'random' or corrupted (intentionally or not) data.

I agree wholeheartedly, a no brainer, but we all know there's that one in a million, billion, whatever, combination of input that can cause an issue. Sadly software is rarely 100% verifiably bug free.

2. No system can be entirely fault free unless it's so simple it's possible to prove operation for every single possible instance of presented data along with every possible environmental influence.

My take on this:

The nature of my job means that I can be many miles from home at stupid times of day and night, thus I have been in situations many times where I've needed to buy random pieces of computer hardware from vendors I would not normally use to perform job function, on at least a couple of occasions I've had to buy USB-Serial adapters (things go faulty, get mechanically damaged, lost, etc.).

When I'm two hundred miles from home at three AM in the morning with people in positions of genuine, government mandated, authority asking me how long something is going to take to repair, I do not want to explain that my serial dongle doesn't work because of someone acting like a 2 year old and having a hissy fit which may or may not render the USB dongle bought from their local 24 hour supermarket unusable.

So, I avoid FTDI unless it's absolutely unavoidable (I.E. built in to a larger product).

Not a huge loss for FTDI, not even the price of a sandwich at lunch time but the tiny drip drip of water erodes much larger mountains than FTDI.

Shortsighted and childish of them.
Title: Re: FTDIgate 2.0?
Post by: Gyro on March 18, 2016, 06:29:53 pm
Noooh!  :palm:  After two weeks of peace too!  |O

EDIT: I suggest reading through all 36 pages of this thread to check that anything you're planning to say hasn't been said several times already!
Title: Re: FTDIgate 2.0?
Post by: janoc on March 18, 2016, 08:34:47 pm
Perhaps I am blind but I really do miss the possibility to hide/ignore certain thread from the unread posts ...

 :palm:
Title: Re: FTDIgate 2.0?
Post by: edavid on March 18, 2016, 11:44:07 pm
Perhaps I am blind but I really do miss the possibility to hide/ignore certain thread from the unread posts ...

You have to enable the feature:

https://www.eevblog.com/forum/chat/forum-update-new-ignore-topics-feature/msg651768/#msg651768 (https://www.eevblog.com/forum/chat/forum-update-new-ignore-topics-feature/msg651768/#msg651768)
Title: Re: FTDIgate 2.0?
Post by: rsjsouza on March 19, 2016, 02:34:50 am
Perhaps I am blind but I really do miss the possibility to hide/ignore certain thread from the unread posts ...

You have to enable the feature:

https://www.eevblog.com/forum/chat/forum-update-new-ignore-topics-feature/msg651768/#msg651768 (https://www.eevblog.com/forum/chat/forum-update-new-ignore-topics-feature/msg651768/#msg651768)
Thanks a bunch for this! I have been meaning to ignore several threads for a while.
Title: Re: FTDIgate 2.0?
Post by: miguelvp on March 19, 2016, 03:46:52 am
At least they didn't include control characters in the infamous string. You know the 0-31 values that include things like AKC.

If a serial protocol is not robust enough then any cross talk on the wire will be more dangerous than the canned string FTDI decided to use.

I don't even think they use carriage return or line feed for that matter.

As for using an USB-UART cable when you are on a bind, how do you know it even has the FTDI chip? I guess you can research it, but if it's the only one available on the store, will you forgo and just delay the diagnosis?

"What if" someone open a putty terminal and pasted some random things to the serial port? You'll think whoever designed the protocol would not just talk to a plain port without verifying the system talking to the device is using  the right format and protocol.
Title: Re: FTDIgate 2.0?
Post by: janoc on March 19, 2016, 12:43:42 pm
Perhaps I am blind but I really do miss the possibility to hide/ignore certain thread from the unread posts ...

You have to enable the feature:

https://www.eevblog.com/forum/chat/forum-update-new-ignore-topics-feature/msg651768/#msg651768 (https://www.eevblog.com/forum/chat/forum-update-new-ignore-topics-feature/msg651768/#msg651768)

Oh dear, you are my savior! Thanks a lot!
Title: Re: FTDIgate 2.0?
Post by: nctnico on March 22, 2016, 01:34:41 pm
For all those still convinced you are safe when buying from a reputable source or FTDI's driver can't fail:
https://www.eevblog.com/forum/microcontrollers/ftdi-chip-only-outputs-00's-has-anybody-also-seen-this/ (https://www.eevblog.com/forum/microcontrollers/ftdi-chip-only-outputs-00's-has-anybody-also-seen-this/)
Title: Re: FTDIgate 2.0?
Post by: all_repair on March 22, 2016, 01:52:06 pm

At this time, and on this forum, with so many pages on this thread, who can blame FTDI anymore?  The blame goes squarely and totally on the one who still chooses FTDI .    :palm::palm:
Title: Re: FTDIgate 2.0?
Post by: Ian.M on March 22, 2016, 01:58:56 pm
This thread is 95% FUD. However the remaining 5% doesn't inspire confidence in FTDI.
Its just another nail in their coffin . . . . .
Title: Re: FTDIgate 2.0?
Post by: Kilrah on March 22, 2016, 02:06:40 pm
Didn't have courage to follow the thread, but it's obvious that their decision of breaking their driver was equivalent to shooting themselves in the foot and going from "selling chips to the big ones and having to put up with some counterfeits for the other markets" with "nobody wants anything from you anymore".
Title: Re: FTDIgate 2.0?
Post by: cdwijs on March 22, 2016, 02:10:30 pm
For all those still convinced you are safe when buying from a reputable source or FTDI's driver can't fail:
https://www.eevblog.com/forum/microcontrollers/ftdi-chip-only-outputs-00's-has-anybody-also-seen-this/ (https://www.eevblog.com/forum/microcontrollers/ftdi-chip-only-outputs-00's-has-anybody-also-seen-this/)

Hey cool, I'm famous :-)
Kind regards,
Cedric
Title: Re: FTDIgate 2.0?
Post by: Koen on March 22, 2016, 06:08:47 pm
We could wait for it to be confirmed and for the answer of Farnell/FTDI before taking it as gospel.
Title: Re: FTDIgate 2.0?
Post by: wraper on March 22, 2016, 06:39:03 pm
Unless cdwijs checks the event log for counterfeit device event while using some of the newer driver versions, it is a red herring at least for me. As stated in that tread, zeroes were transmitted with a very old driver version.
Also there were utility download link somewhere in the tread for checking for being counterfeit.
Title: Re: FTDIgate 2.0?
Post by: r3bers on April 01, 2016, 10:49:41 pm
I have adapters with counterfeit chips for testing purposes. And I tested them about month ago. And they send&receive "NOT GENUINE DEVICE FOUND!" on drivers version 2.12.14.0 (22.01.2016)
Today they works fine. I noticed new version drivers 2.12.16.0 (09.03.2016)

FTDI catch us next time...

Photo for guessing: who is not genuine.
Title: Re: FTDIgate 2.0?
Post by: elgonzo on April 02, 2016, 09:13:50 am
Photo for guessing: who is not genuine.
The one on the lower left. It says "CN480661". CN is the ISO 3166-1 country code of China. And we all know where all the crap and the fakes are coming from, right? (<insert more China bashing here>)   >:D

(edit: I am joking. I have no clue which one is fake. Probably all of them... ;) )
Title: Re: FTDIgate 2.0?
Post by: nctnico on April 02, 2016, 10:18:14 am
The bottom-right one is real.
Title: Re: FTDIgate 2.0?
Post by: madires on April 02, 2016, 01:06:25 pm
I have adapters with counterfeit chips for testing purposes. And I tested them about month ago. And they send&receive "NOT GENUINE DEVICE FOUND!" on drivers version 2.12.14.0 (22.01.2016)
Today they works fine. I noticed new version drivers 2.12.16.0 (09.03.2016)

Interesting! So someone from FTDI has a close eye on this forum? In this case: Thanks for doing the sensible!
Title: Re: FTDIgate 2.0?
Post by: janoc on April 02, 2016, 07:39:47 pm
Quote from: r3bers on Yesterday at 09:49:41 AM (https://www.eevblog.com/forum/index.php?topic=62118.msg909607#msg909607)
I have adapters with counterfeit chips for testing purposes. And I tested them about month ago. And they send&receive "NOT GENUINE DEVICE FOUND!" on drivers version 2.12.14.0 (22.01.2016)
Today they works fine. I noticed new version drivers 2.12.16.0 (09.03.2016)

Interesting! So someone from FTDI has a close eye on this forum? In this case: Thanks for doing the sensible!

My bet would be more on the 800 pound gorilla from Redmond doing some behind the scenes arm twisting. Whichever way it is, if the drivers were really fixed, kudos!
Title: Re: FTDIgate 2.0?
Post by: Rolo on April 03, 2016, 04:59:10 am
I can confirm that after installing the new version drivers 2.12.16.0 (09.03.2016) on my windows 10 system the Arduino Nano clone works. I have been avoiding FTDI's for some time but had this Nano laying arround. It did not work on windows and after reading this post I got it working.

Title: Re: FTDIgate 2.0?
Post by: Chipguy on June 30, 2016, 12:39:11 pm
Hi !

Today I received an email from my board assembler that driver version 2.12.12 will yield a "NON GENUINE DEVICE FOUND" string on genuine chips that have certain date codes  :palm:  :palm:  :palm:

It also says that you should install version 2.12.16 in order to get around it.
I am now very pissed with that company to say the least. That attitude towards their customers is disgusting  >:( >:( >:(  :rant:  :rant:  :rant:

I leave a quote of the mail below, it's in german but you will get the idea:

Quote:
Bei der Inbetriebnahme des IC FT232R QFN-32 an einem USB Port, kann es unter Windows mit dem original  FTDI-Treiber (Version 2.12.12) zu Problemen kommen. FTDI hat in dieser Treiber Version eine Software Erkennung  für gefälschte Chips implementiert, die dafür sorgt, dass der Chip nicht mehr funktioniert bzw. in einem Terminal Programm die Meldung „NON GENUINE DEVICE FOUND“ erscheint (über COM Port / VCP-Driver). Leider verhalten sich auch originale FTDI-Chips auf die gleiche Weise.  Beheben lässt sich das Problem durch Installation der FTDI Treiberversion 2.12.16.
Betroffen sind die Date Codes 1549, 1550, 1551, 1552, 1601, 1604, 1606, 1608 .
Die o.g. Probleme treten nur unter folgenden windows-basierenden Betriebssysteme auf (nicht Linux oder MAC):

•             Windows 10 / Windows 10 x64
•             Windows 8.1 / Windows 8.1 x64
•             Windows Server 2012
•             Windows 8 / Windows 8 x64
•             Windows Server 2008 R2
•             Windows 7 / Windows 7 x64
•             Windows Server 2008 / Windows Server 2008 x64
•             Windows Vista / Windows Vista x64
•             Windows Server 2003 / Windows Server 2003 x64
•             Windows XP / Windows XP x64

Quote end.
Title: Re: FTDIgate 2.0?
Post by: nctnico on June 30, 2016, 01:20:51 pm
I vaguely recall being ridiculed when I proposed the situation (genuine chips being detected as fakes) described above could happen  :box:
Title: Re: FTDIgate 2.0?
Post by: Chipguy on June 30, 2016, 02:19:28 pm
Yay, I am "lucky" and got date codes 1549 and 1550  |O  |O  |O  |O  |O
That's the reason I have been informed in the first place.

And I also had 2.12.12 installed. Device really does not work  >:(
Other computer 2.12.10, works ok.
Updated the non working one to 2.12.18 and no problems anymore.

But I need to update the driver CD next week. DOH
That is still too much hassle.....
At least I can let others do the work this week  ^-^
Title: Re: FTDIgate 2.0?
Post by: Chipguy on June 30, 2016, 02:21:11 pm
I vaguely recall being ridiculed when I proposed the situation (genuine chips being detected as fakes) described above could happen  :box:

Well, you were right at the end.
That's why it is always a bad idea to do what they did.
Title: Re: FTDIgate 2.0?
Post by: janoc on June 30, 2016, 04:06:55 pm
I wonder where are the trolls who were furiously defending FTDI's actions now ...

Title: Re: FTDIgate 2.0?
Post by: imidis on June 30, 2016, 04:58:01 pm
Well, their plan works smoothly  :palm:
Title: Re: FTDIgate 2.0?
Post by: metrologist on June 30, 2016, 07:51:45 pm
What's happening now? Is my chinese arduino clone just not going to work one day because I'm using a Windows PC and it updates itself?
Title: Re: FTDIgate 2.0?
Post by: Chipguy on June 30, 2016, 10:17:34 pm
What's happening now? Is my chinese arduino clone just not going to work one day because I'm using a Windows PC and it updates itself?

Not exactly. Your stuff could indeed stop working due to automated updates. You will then need to install the latest driver manually to make it work again. I depends on what exact version your driver is being updated to, automatically.
2.12.10 works ok (I have tested that)
2.12.11 Unknown
2.12.12 does not work with the ICs that have that date code mentioned in my post from yesterday. (I can confirm for 1549 and 1550)
2.12.13 - 2.12.15: Unknown
2.12.16 should work fine, according to FTDI
2.12.17 shoud also work, since previous driver works, according to FTDI
2.12.18 (current driver at 01. July 2016) works ok again (I am currently using that one)

Title: Re: FTDIgate 2.0?
Post by: metrologist on June 30, 2016, 10:28:33 pm
OK, so version 2.12.12 won't brick my chip, but it will at least tell me if I have fake chips, unless I happen to have the lucky date codes of the genuine chip? I'm half tempted to try it, just so I might know if my chips are fake (or just lucky), cause they look genuine to me, but who knows?


p.s., my last arduino buys intentially had genuine chinese chip CH0whatever replacement for the FT232rl.
Title: Re: FTDIgate 2.0?
Post by: Chipguy on June 30, 2016, 10:35:24 pm
If the date codes of your chips match one in the list, you can try.
Title: Re: FTDIgate 2.0?
Post by: metrologist on July 01, 2016, 01:29:59 am
Thanks for the info. If anything is amiss, I'll buy http://www.ebay.com/itm/10PCS-IC-FT232RL-100-ORIGINAL-FTDI-SSOP-28-NEW-DATE-CODE-/351494343433? (http://www.ebay.com/itm/10PCS-IC-FT232RL-100-ORIGINAL-FTDI-SSOP-28-NEW-DATE-CODE-/351494343433?) an solve all my worries ;)
Title: Re: FTDIgate 2.0?
Post by: westfw on July 01, 2016, 03:22:07 am
Heh.  Buying new FTDI chips from eBay to fix counterfeit problems is like using random bottles of liquid from your garage to try to extinguish a fire...

(Most Chinese Arduino clone vendors have abandoned FTDI (counterfeit OR real) in favor of the CH340g USB/Serial converters.  An interesting change, since it shows that SOMEONE is capable of doing more than just stealing the original design.)

(I would love to here the inside story of how FTDI managed to decide their own chips were "not genuine."   Sigh.)
Title: Re: FTDIgate 2.0?
Post by: technix on July 15, 2016, 06:35:50 pm
Heh.  Buying new FTDI chips from eBay to fix counterfeit problems is like using random bottles of liquid from your garage to try to extinguish a fire...

(Most Chinese Arduino clone vendors have abandoned FTDI (counterfeit OR real) in favor of the CH340g USB/Serial converters.  An interesting change, since it shows that SOMEONE is capable of doing more than just stealing the original design.)

(I would love to here the inside story of how FTDI managed to decide their own chips were "not genuine."   Sigh.)
I have moved almost all my Arduino-compatibles to CH340G. Easier than FT232 to solder, much cheaper, and the company that makes those chips is two hour drive from my city.
Title: Re: FTDIgate 2.0?
Post by: edavid on July 15, 2016, 07:23:46 pm
(Most Chinese Arduino clone vendors have abandoned FTDI (counterfeit OR real) in favor of the CH340g USB/Serial converters.  An interesting change, since it shows that SOMEONE is capable of doing more than just stealing the original design.)

There was no "stealing".  The Supereal IC is just as much an original design as the CH340g.  It implements the FT232R interface, but the design is totally different.  (It even fixes some of the bugs in the FTDI part.)