Author Topic: FTDIgate 2.0?  (Read 382588 times)

0 Members and 3 Guests are viewing this topic.

Offline donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1093
  • Country: gb
  • Embedded stuff
Re: FTDIgate 2.0?
« Reply #25 on: January 30, 2016, 05:06:42 am »
I am kind of on the fence on this one. Companies making clones is one thing, but counterfeit devices is just not something to be encouraged. I have no idea of the state of FTDI sales figures, and whether counterfeits pose an existential threat. Creating a bad name with customers seems like a bad idea, but I guess FTDI have looked at their sales since the last fiasco and decided that while there may be a lot of noise among small users, it doesn't affect the main buyers.

Certainly, if it was my product, I would be very pissed off with the counterfeiters and their apparent immunity from criminal behaviour.

I think a lot could have been different with better communication. If they started out saying "the counterfeits are a real threat to our company, we need to do something", they might have got more understanding. Coming out of the blue bricking devices is a really bad way to communicate with customers.

The counterfeiters are the real criminals, the unfortunate customer gets caught in the crossfire. Making consumers push back on possibly innocent manufacturers is painful, but may be the only way to deter the counterfeiters (I guess they go counterfeit some other chip instead).

An example of consumer push back : http://www.amazon.com/Blue3D-Ft232rl-Serial-Adapter-Arduino/dp/B012YUANZK/ref=cm_rdp_product (see one star review).
« Last Edit: January 30, 2016, 05:10:21 am by donotdespisethesnake »
Bob
"All you said is just a bunch of opinions."
 

Offline Boomerang

  • Regular Contributor
  • *
  • Posts: 52
Re: FTDIgate 2.0?
« Reply #26 on: January 30, 2016, 08:50:18 am »
For a year after the first "FTDIgate" I think they did nothing to educate the suppliers and designers about how to be sure they are buying genuine parts. Refusing to work with counterfeits or sending some warnings through the chips must be THE FINAL STEP of a long educational/certification process - not the first step!

I also think that this attitude will turn people away from using FTDI.
« Last Edit: January 30, 2016, 08:59:30 am by Boomerang »
 

Online nctnico

  • Super Contributor
  • ***
  • Posts: 26754
  • Country: nl
    • NCT Developments
Re: FTDIgate 2.0?
« Reply #27 on: January 30, 2016, 09:03:11 am »
all makes sense in a perfect world, in the real world people will just stop buying things that says FTDI on it

If by "people" you mean "people who buy counterfeit devices", then sure, but since they were never supporting FTDI to begin with, it doesn't matter.  I don't buy counterfeit devices (as far as I can help it). 
The problem is in the as far as I can help it part. There just isn't any guarantee that the devices you buy for your production run are real or not. Now imagine you sold 1000 units to a customer which are installed all over the world and a new FTDI driver causes all of them to fail? In how much shit are you in that case? What would that cost you? Do you want to take that risk? I don't so I quit using FTDI USB to serial devices. They aren't that good either so in a way it is good riddance.
There are small lies, big lies and then there is what is on the screen of your oscilloscope.
 

Offline rs20

  • Super Contributor
  • ***
  • Posts: 2317
  • Country: au
Re: FTDIgate 2.0?
« Reply #28 on: January 30, 2016, 09:23:30 am »
The issue comes when an engineer, purchasing person or distributor has a hiccup with an order and ends up with counterfeit chips, and FTDI responds to this by choosing to deliberately brick the end-user's chip. If you think that is either moral or remotely logical, then  :wtf:

Remember, if FTDI's customer base is primarily hobbyists, they're out of business -- no semi company can stay afloat on hobbyist purchasing alone. So focussing on hobbyists who buy FTDI chips from eBay is completely missing the point. The issue is the far larger number of customers who don't even know who FTDI is, and are sitting very confused with a broken device in front of them.
 

Offline pickle9000

  • Super Contributor
  • ***
  • Posts: 2438
  • Country: ca
Re: FTDIgate 2.0?
« Reply #29 on: January 30, 2016, 09:37:58 am »
The real damage to FTDI is at the early development stage of a product. A designer will simply not use a particular chip or class of chip. it's just another part of the design to consider.

As for blame, not an issue. Get the design done and out the door.
 

Offline andersm

  • Super Contributor
  • ***
  • Posts: 1198
  • Country: fi
Re: FTDIgate 2.0?
« Reply #30 on: January 30, 2016, 10:50:43 am »
Nobody is out there looking to save a few pennies buying counterfeit FTDI chips.
Obviously someone is, or the problem wouldn't exist. Where and how did the counterfeits enter the supply chain?

Offline electr_peter

  • Supporter
  • ****
  • Posts: 1300
  • Country: lt
Re: FTDIgate 2.0?
« Reply #31 on: January 30, 2016, 11:38:44 am »
First FTDI gate greatly diminished my trust in FTDI. This thread shattered all the remains. How can you trust FTDI chips in your products when they can randomly be bricked or start sending false signals for no apparent reason? I am talking as a buyer of original or "maybe original" (How would I now?) IC chips with no intention to buy fakes.

I understand that FTDI faces a problem of counterfeits and they are trying to address it. But the way they do it are just completely backwards and childish. At first, they decided to brick fake device, rendering embedded/consumer/other products and equipment for no apparent reason with no indication to consumer. From final user perspective, "device just stopped working, connection was lost, FTDI failed, ...". In this case the send false communications - that is possibly even worse.
And all this was done by sneaky automatic Windows updates with no indication whatsoever what is going on. I am certain these campaigns were done on purpose by same managers (they just found another barely legal way to screw up their costumers this time).

PC drivers/SW and HW are supposed to either work or not work. Making it work intermittently or making false Rx/Tx is just pure evil - somebody will get hurt from this.

Why don't FTDI drivers simply refuse to work with fake devices and display some warning message? That would be 100% fine and clear to everyone. Remember that FTDI drivers have SW capability to detect fakes by SW means - end user/supplier/vendor do not have this capability.
But bricking devices or sending false signals...

The message I get from all of this - if you design or buy a product with FTDI IC, you are screwed from the beginning because FTDI is not trustworthy company. Why would anybody trust FTDI after all this is beyond me.
 

Offline donotdespisethesnake

  • Super Contributor
  • ***
  • Posts: 1093
  • Country: gb
  • Embedded stuff
Re: FTDIgate 2.0?
« Reply #32 on: January 30, 2016, 12:41:56 pm »
According to the Wikipedia page https://en.wikipedia.org/wiki/FTDI the new NON GENUINE DEVICE driver has been around since July 2015. That page also has a big chunk on "driver controversy", probably not the sort of publicity you want on a wiki page.

Glassdoor reviews don't read well for FTDI either. They give the impression of a small company with very little money to spend.
Bob
"All you said is just a bunch of opinions."
 

Offline dannyf

  • Super Contributor
  • ***
  • Posts: 8221
  • Country: 00
Re: FTDIgate 2.0?
« Reply #33 on: January 30, 2016, 12:51:41 pm »
I have a hard time understanding why there is such a pissy contest here: FTD is under no obligation to produce a driver that supports counterfeit parts. All you need to do is to make sure a) there is a driver for your counterfeit parts; or b) buy the real thing.

For a group that seems to denounce other people based on the slightest infringement of your moral high moral standard, you seem to have a very low moral standard for yourself.
================================
https://dannyelectronics.wordpress.com/
 

Offline RFZTopic starter

  • Regular Contributor
  • *
  • Posts: 52
  • Country: de
Re: FTDIgate 2.0?
« Reply #34 on: January 30, 2016, 01:02:16 pm »
I have a hard time understanding why there is such a pissy contest here: FTD is under no obligation to produce a driver that supports counterfeit parts. All you need to do is to make sure a) there is a driver for your counterfeit parts; or b) buy the real thing.

For a group that seems to denounce other people based on the slightest infringement of your moral high moral standard, you seem to have a very low moral standard for yourself.

If you haven't watched Daves video back then, I suggest you to watch it now:


I would be fine with the driver not supporting the Product and popping up a message that tells me so. But FTDI doesn't do that, they instead send garbage over the line, risking devices causing damage by unexpected behavior AND causing developers and hobbyists like me spending hours on investigating what might be wrong...
How should a normal customer know that a fake chip is causing the device not to work anymore? Probably, if the devices are cheap, customers just buy another one, again supporting the fake chip manufacturer  |O
 

Offline dannyf

  • Super Contributor
  • ***
  • Posts: 8221
  • Country: 00
Re: FTDIgate 2.0?
« Reply #35 on: January 30, 2016, 01:21:46 pm »
Quote
But FTDI doesn't do that, they instead send garbage over the line,

What's wrong with that? It is their driver and they can do whatever they want. If you don't like that, buy a real thing or use your own driver.

Quote
risking devices causing damage by unexpected behavior

On the real thing or counterfeit part?

Quote
AND causing developers and hobbyists like me spending hours on investigating what might be wrong...

If a "developer" who uses counterfeit part is stupid enough to hope for ftdi support, run away from him/her as fast as you can.

Quote
How should a normal customer know that a fake chip is causing the device not to work anymore?

Ignorance is no defense. That's people always tell you to do your "homework" before your purchase.

The choice seems to be crystal clear to me:

1) buy the real thing and get ftdi support; or
2) buy counterfeit and you are on your own.
================================
https://dannyelectronics.wordpress.com/
 

Offline 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1570
  • Country: de
Re: FTDIgate 2.0?
« Reply #36 on: January 30, 2016, 01:22:59 pm »
I think this page sums up everything you need to know about this "non-invasive" fake detection:
http://electropit.com/index.php/2015/09/06/arduino-nano-v3-0-clones/
Trying is the first step towards failure - Homer J. Simpson
 

Offline RFZTopic starter

  • Regular Contributor
  • *
  • Posts: 52
  • Country: de
Re: FTDIgate 2.0?
« Reply #37 on: January 30, 2016, 01:29:30 pm »
If Dave says it is impossible for him to make sure he buys real FTDI chips, then how should I make sure that I buy a product containing a real FTDI chip? I even might not know what an FTDI chip is or if my product I buy uses one?!

Do you know if you Satellite receivers RS232 debug interface is powered by a FTDI chip and if it is actually genuine? Have you done your research on that right?

Also, not by any means do they have the right to destroy or manipulate users products even if they know they use a fake chip. This is called self justice and usually not legal.
« Last Edit: January 30, 2016, 01:34:20 pm by RFZ »
 

Offline dannyf

  • Super Contributor
  • ***
  • Posts: 8221
  • Country: 00
Re: FTDIgate 2.0?
« Reply #38 on: January 30, 2016, 01:41:10 pm »
Quote
If Dave says it is impossible for him to make sure he buys real FTDI chips, then how should I make sure that I buy a product containing a real FTDI chip?

Ignorance is no defense. The fact that someone else cannot do something, or can do something, is no valid defense for your not doing it, or doing it.

Quote
Do you know if you Satellite receivers RS232 debug interface is powered by a FTDI chip and if it is actually genuine? Have you done your research on that right?

I don't. But I also don't buy from unproven vendors either.

Quote
Also, not by any means do they have the right to destroy or manipulate users products even if they know they use a fake chip.

If you don't think they do, sue them.
================================
https://dannyelectronics.wordpress.com/
 

Offline 0xdeadbeef

  • Super Contributor
  • ***
  • Posts: 1570
  • Country: de
Re: FTDIgate 2.0?
« Reply #39 on: January 30, 2016, 01:58:50 pm »
If Dave says it is impossible for him to make sure he buys real FTDI chips, then how should I make sure that I buy a product containing a real FTDI chip? I even might not know what an FTDI chip is or if my product I buy uses one?!
This is exactly the problem.
If I buy cheap $3 FTDI UART converters from eBay, there is a risk they are fake and get bricked. Same is true if you buy FT232R ICs on eBay.
Anyway, if they are detected as fake and bricked, I agree this is partly my fault and usually you're refunded anyway if you complain -> no sweat.

Then again, some time ago I funded a Indiegogo project which used an FT232R as UART/USB interface. I'm sure the guy who ran the campaign was not aware that fake FT232R were used. Probably/maybe not even the Chinese fab where the PCBs were produced and placed did this willingly. Still, I ended up with a fake chip that would render the whole device useless if bricked. This is an issue of course.
Well, I could replace the chip as last resort, but the typical customer can't. So from his view a product bought and owned legally is intentionally destroyed. Even though FTDI's reasons are understandable, this is hard to explain to the customer with the destroyed product.

Even worse, this (not so) "non-invasive" approach is actually worse than bricking. From a legal point of view, it seems crazy to alter the data sent as it's kinda unpredictable what could happen because of this.
Trying is the first step towards failure - Homer J. Simpson
 

Offline filssavi

  • Frequent Contributor
  • **
  • Posts: 433
Re: FTDIgate 2.0?
« Reply #40 on: January 30, 2016, 02:28:38 pm »
What's wrong with that? It is their driver and they can do whatever they want. If you don't like that, buy a real thing or use your own driver.

No they can't, what they are doing is far worse than just bricking devices, if the device si bricked it will just stop working, it might cause some delays and stuff but that's all

but picture this situation:

you have a big machine, industrial stuff, working with high pressure fluid or moving parts (like a saw blade or a milling machine cutter), the tecnician sends a debug comand via usb cable (which is connected to a FTDI chip at the other end) and the IC spits out garbage on the serial side...
that garbage might be interpreted by the machine as a comand to start up the saw or open a valve, leading to an accident and to the death of the tecnician or of his colegue...
well guess who's getting charged for murder, a hint not the counterfaiter, the machine owner or the machine producer...

what they are doing is not just fine...

IT'S CRIMINAL

Instead of harrassing their customers why they don't just get their shit together and fix the fucking supply chain, they can just make the driver stop working with fake IC's (which would be totally fine) and just let people know that you set up some safe purchasing channel (either direct or working in really close contact with one or two well known  global distributors)

as other said this driver update is just a legal bomb waiting to go off dragging down the entire company if they are found guilty they might have to recall the software update, which would require them uninstalling it from every PC  at least in europe (probably even on the whole planet) non internet connected machines also...
 

Offline timb

  • Super Contributor
  • ***
  • Posts: 2536
  • Country: us
  • Pretentiously Posting Polysyllabic Prose
    • timb.us
Re: FTDIgate 2.0?
« Reply #41 on: January 30, 2016, 02:39:02 pm »

Quote
If Dave says it is impossible for him to make sure he buys real FTDI chips, then how should I make sure that I buy a product containing a real FTDI chip?

Ignorance is no defense. The fact that someone else cannot do something, or can do something, is no valid defense for your not doing it, or doing it.

Quote
Do you know if you Satellite receivers RS232 debug interface is powered by a FTDI chip and if it is actually genuine? Have you done your research on that right?

I don't. But I also don't buy from unproven vendors either.

Quote
Also, not by any means do they have the right to destroy or manipulate users products even if they know they use a fake chip.

If you don't think they do, sue them.

If I buy chips on DigiKey, I expect them to be real. However, they have ended up with counterfeit stock on various occasions, as have all the other big sellers (Mouser, E-4, etc.)

So, this is how the handling chain now looks:

Chip Maker -> Distribution Channel -> Parts Supplier -> Product Designer -> Product Manufacturer -> Retailer -> End User

Now, as the Product Designer, I wholly intend to use legitimate parts. However, the Parts Supplier could have been sold counterfeits, which gets passed onto me and up the chain. Or, I could send the real parts to my Manufacturer who swaps them out with fakes and sells the real ones.

At any rate, the real problem is this: The unknowledgeable end user plugs his shiny new widget into his PC and FTDI's driver bricks it, without so much as a message. He thinks my product is crap and returns it to the Retailer. Or he contacts me and I have to send him a replacement and recall all my products to replace the fake chips with real ones. I lose money either way. (My Parts Supplier might replace the chips, but they won't cover the cost to have the boards fixed; if my Chinese Manufacturer was to blame, I'll be out of pocket for the chips and fixing the board.)

So, in the end, FTDI is punishing designers and end users for problems in the supply chain, beyond their control. It's especially evil as FTDI's answer to this is simply, "Buy the chips direct from us." Which is not feasible in a lot of cases, especially as factory orders from them are regularly out of stock and have 3+ month waits.

They don't even provide a software tool to verify the authenticity of chips, so you can check before you ship. Not even a PDF with tips on spotting fakes. Nothing.

Pushing a driver through Windows Update that intentionally bricks working devices is beyond devious. I could totally live with it popping up a message saying: "This driver has detected a potentially counterfeit FTDI USB to Serial chip on this device. Please contact the device manufacturer for information." That would be fine.

If I were FTDI, here's what I'd do: I'd show a message like that and refuse to work with the device. I'd then offer to sell a version of the driver that worked with the counterfeit chip to the product designers affected, who would then pass it on to their end users. This way, I still make money for the time I put into the driver and the designer doesn't have to lose money recalling or replacing all the boards with counterfeit chips on them. (I'd sell the driver for perhaps 1/4 of what the chip sells for.)

Or, as an alternative, and I'm just throwing this out there: They could not alienate their user base by simply not being complete and utter dickheads. You know, try educating their customer base about the problem and provide tools and solutions to combat it. You know, do that instead of spending time and money making another shitty fucking Arduino clone, which is literally their current high profile project, complete with crowdfunding.

Instead of the educating and the tools, they went all out heavy metal thermonuclear scorched earth. It's like they went full retard. They used a Varon-T Disrupter when they should have started with a Taser.

Furthermore, I
Any sufficiently advanced technology is indistinguishable from magic; e.g., Cheez Whiz, Hot Dogs and RF.
 
The following users thanked this post: Coldblackice

Offline wraper

  • Supporter
  • ****
  • Posts: 16794
  • Country: lv
Re: FTDIgate 2.0?
« Reply #42 on: January 30, 2016, 02:41:04 pm »
you have a big machine, industrial stuff, working with high pressure fluid or moving parts (like a saw blade or a milling machine cutter), the tecnician sends a debug comand via usb cable (which is connected to a FTDI chip at the other end) and the IC spits out garbage on the serial side...
that garbage might be interpreted by the machine as a comand to start up the saw or open a valve, leading to an accident and to the death of the tecnician or of his colegue...
well guess who's getting charged for murder, a hint not the counterfaiter, the machine owner or the machine producer...

what they are doing is not just fine...

IT'S CRIMINAL
And then manufacturer of this equipment must be rightfully sued for this accident. For not controlling the source of the parts for mission critical equipment. Moreover for the inferior design in the first place, lacking safety interlocks. RS-232 converter must not be able to cause a disaster like this, if it can, it's your own fault designing some shit like this.
 

Offline wraper

  • Supporter
  • ****
  • Posts: 16794
  • Country: lv
Re: FTDIgate 2.0?
« Reply #43 on: January 30, 2016, 02:43:22 pm »
Quote
Instead of harrassing their customers why they don't just get their shit together and fix the fucking supply chain
How if most of the smartasses are buying in some garage where the prices are cheaper?
Quote
Instead of the educating and the tools, they went all out heavy metal thermonuclear scorched earth. It's like they went full retard. They used a Varon-T Disrupter when they should have started with a Taser.
No one cares unless get burned.
« Last Edit: January 30, 2016, 02:49:36 pm by wraper »
 

Offline amyk

  • Super Contributor
  • ***
  • Posts: 8240
Re: FTDIgate 2.0?
« Reply #44 on: January 30, 2016, 02:44:09 pm »
If you use Windows 10 then the computer isn't really yours anymore, they can force "updates" like this any time they want. Since FTDI decided to actually write a message out, they've just made it easier to identify where in the code the check is done. It should be pretty easy to patch that out.

Could someone upload or point me to a copy of the latest driver that does this? I'd like to do a little investigation... ;)
 

Offline dannyf

  • Super Contributor
  • ***
  • Posts: 8221
  • Country: 00
Re: FTDIgate 2.0?
« Reply #45 on: January 30, 2016, 02:56:10 pm »
Quote
No they can't,

Why?


Quote
IT'S CRIMINAL

Saying so, even in capital letters, doesn't make it so.
================================
https://dannyelectronics.wordpress.com/
 

Offline RFZTopic starter

  • Regular Contributor
  • *
  • Posts: 52
  • Country: de
Re: FTDIgate 2.0?
« Reply #46 on: January 30, 2016, 02:56:51 pm »
Could someone upload or point me to a copy of the latest driver that does this? I'd like to do a little investigation... ;)
Pretty sure the latest driver from http://www.ftdichip.com/Drivers/VCP.htm does the same... It's the same version 2.12.12
 

Offline filssavi

  • Frequent Contributor
  • **
  • Posts: 433
Re: FTDIgate 2.0?
« Reply #47 on: January 30, 2016, 03:16:56 pm »
Quote
And then manufacturer of this equipment must be rightfully sued for this accident. For not controlling the source of the parts for mission critical equipment. Moreover for the inferior design in the first place, lacking safety interlocks. RS-232 converter must not be able to cause a disaster like this, if it can, it's your own fault designing some shit like this.



whoa whoa whoa, not so fast..

1) my example was intentionally exagerated, for sake of simplicity and time (i cant be here all day thinking and writing about some convoluted chain of events), i agree with you that in that case would be also a manifacturer's problem (note the also not only), but there might be some more complicated going on, like the fake message sent not on a debug port but on an always on connection to some scada device, said connection might breaks but the equipment still works ok (thing not too unexpected if the connection was for example an optional feature, or on a machine which can't stop suddenly in case of a comm's fault), let assume that for a bug (because all firmware is bug free right, even in wierd unexpected and normally not attainable circumstances) a configuration is changed on the machine, and then the machine (maybe after some time) breaks and kills someone (i don't know some speed setpoint in a PID loop is raised or something), in that case the manifacturer can't be blamed, if they show they took all the precautions and that the bug was really obscure and difficoult to predict

2) again you talk about controlling the source what can they do more than to buy from a well known distributor, the source of fakes might not be the direct distributor (farnell mouser or alike) but it might be in china, maybe there is been some problems (read someone at the manifacturing plant has been bribed and has mixed fake IC's with real ones in the reeling machine so that they could sell fakes as real and get a lot more money)...

even if the customer sued the manifacturer, all they have to do is prove they bought IC's from a reputable distributor that they were presumed real and even in the case it the manifacuter had ben found guilty FTDI would not be free, they still caused the death of someone it might not be first degree murder, but it is still Involuntary manslaughter and it's still a pretty bad fellony...
 

Offline nowlan

  • Frequent Contributor
  • **
  • Posts: 649
  • Country: au
Re: FTDIgate 2.0?
« Reply #48 on: January 30, 2016, 03:24:00 pm »
Don't think you can patch a signed driver, without all sort of grief booting windows.
 

Offline filssavi

  • Frequent Contributor
  • **
  • Posts: 433
Re: FTDIgate 2.0?
« Reply #49 on: January 30, 2016, 03:50:52 pm »
Why?


well I cant talk for every country in the world, but where i live (italy) we have laws such as Articlo 575 Codice Penale (for murder) or Articolo 185 Codice Penale (for generic damages) which state that if someone kills a man he will be prosecuted and sentenced to jail (in normal cases),if to kill it's a company as in this case, there will be one of the dirigents (CEO probably) which will be charged of murder, the second one says that if someone ( either natural or legal person) causes damages to someone else they will have to be refunded for that, goodwill or not who caused the damages will be held responsible, and it's not a mutually exclusive thing, if two different persona's have contributed to the damages being made they will all be guilty, it's like Conspiracy to murder, if my i tie up someone with ropes and a friend of mine kills them, i am also charged with murder, i don't get away with it just because the physical killer was the friend of mine...
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf