EEVblog Electronics Community Forum
Products => Other Equipment & Products => Topic started by: nctnico on October 21, 2014, 11:59:23 pm
-
I bought some RS485 boards from Ebay with an FTDI FT232 chip on them. Appearantly the chips are fake. I used them with Linux and they work fine. After plugging them into a Windows PC with the latest drivers they quit working (even with Linux). I think the FTDI driver somehow kills the fake FTDI chip. Not nice if you got a lot of these boards in the field :palm:
-
Are they dead altogether (fail to enumerate on the USB bus) or have they just stopped working with the FTDI driver? I wonder if there is an eeprom or similar in there that the windows driver messes with?
-
The driver reprograms the product ID so it won't work.
Price of buying fake chips.
-
The driver reprograms the product ID so it won't work.
Price of buying fake chips.
If that is the case you can easily bind the new VID/PID to the correct driver in Linux and it should still work:
A vid/pid pair can be added dynamically using sysfs, for example:
echo 0403 1234 >/sys/bus/usb-serial/drivers/ftdi_sio/new_id
Again, if that is the only "damage" done, lsusb should help you find the device, or just monitoring dmesg as you attach it.
-
The new Windows driver reprograms the PID to 0.
More info here:
http://forum.arduino.cc/index.php?topic=270175.0 (http://forum.arduino.cc/index.php?topic=270175.0)
-
Funny, the clone devices used to use counterfeit Prolific chips, and Prolific did something very similar, though not quite as nasty. The driver would just BSOD the machine constantly when used with a counterfeit chip.
I'm not sure this strategy is actually to their advantage, or frankly, even legal.
Anyway the workaround will likely still work in Linux.
-
FT232 allow you to change IDs to anything you want using config tool from FTDI website. If you change IDs default FTDI driver will stop recognizing the chip - I think they warn you about it in their documentation.
What does FTDIconfig say in windows? screenshot?
-
FT232 allow you to change IDs to anything you want using config tool from FTDI website. If you change IDs default FTDI driver will stop recognizing the chip - I think they warn you about it in their documentation.
Read the discussion - it's not so simple.
The new Windows driver changes the PID to 0, and then the driver won't recognize the device (even if you edit the INF file), and you can't use the config tool.
The workaround is to use a Windows XP or Linux system to change the PID back, and then don't use the new driver.
-
Thats awfull Nico did you have many of these fake boards?
I would take my loss remove the fake ics and replace with real ones from trustworthy dealer, they cost around €4.- , it could be worse.
I'm not sure this strategy is actually to their advantage, or frankly, even legal.
So who is going to sue them, not the manfacturer of the illegal copied devices who is the real villain in this story ;)
If only there was a good way to tell which is fake and which not, in front. Till then no ebay buys.
-
Funny, the clone devices used to use counterfeit Prolific chips, and Prolific did something very similar, though not quite as nasty. The driver would just BSOD the machine constantly when used with a counterfeit chip.
Seriously?
lol, i was wondering why i kept getting a BSOD randomly when using this prolific usb-uart adapter that came with some china RC model gear.
-
Funny, the clone devices used to use counterfeit Prolific chips, and Prolific did something very similar, though not quite as nasty. The driver would just BSOD the machine constantly when used with a counterfeit chip.
Seriously?
lol, i was wondering why i kept getting a BSOD randomly when using this prolific usb-uart adapter that came with some china RC model gear.
Yep, apparently if you get an old enough driver it should work fine for you. It might be "legitimate" breakage due to missing features or something in the counterfeits, but it appears it was common after a certain driver version. Or just use Linux and they all work fine...
Edit: Some discussion here: https://www.eevblog.com/forum/reviews/note-how-to-not-get-scammed-with-prolific-%28pl2303%29-usb-serial-adapters/ (https://www.eevblog.com/forum/reviews/note-how-to-not-get-scammed-with-prolific-%28pl2303%29-usb-serial-adapters/) including identifying working version numbers.
Has anyone tried the Microchip USB to RS232 converter ICs? They are cheap and the one I tested seems to be quite good. Basically just a PIC with the right firmware programmed at the factory.
I have some in the parts bin but haven't actually tried them yet. They're implemented using the USB CDC though so should be no drivers required on most OSs and no opportunity or need to do stuff like this ;). Not sure why this isn't more widely used, but it does seem like the right way to do things to me.
-
Thats awfull Nico did you have many of these fake boards?
From Ebay. http://www.ebay.nl/itm/201116513817?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649 (http://www.ebay.nl/itm/201116513817?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1497.l2649) I'll provide some negative feedback. >:D
I would take my loss remove the fake ics and replace with real ones from trustworthy dealer, they cost around €4.- , it could be worse.
I have about 12 but I also have a bunch of real FT232s lying around for another product so I just replaced the chips. Reworking the boards is easy. Looking closer at the dmesg output from Linux it seems the Windows driver has reprogrammed the Pid indeed.
-
Has anyone tried the Microchip USB to RS232 converter ICs? They are cheap and the one I tested seems to be quite good. Basically just a PIC with the right firmware programmed at the factory.
For this purpose it would be ok i guess, might try it in the near future.
For a lot of other applications such as any I2C bridge or I/O peripheral I personally do not trust a standard PIC with software. I rather have a hardware statemachine solution for that. But thats just my 2 cents.
-
Actively damaging a "fake" device is overkill, and possibly illegal - just refusing to work and showing a message would be more than enough.
IANAL but I'm not sure this statement on their website (linked from, not actually on the driver download page) would be enough to avoid legal liability
The licence only allows use of the Software with, and the Software will only work with Genuine FTDI Components (as defined in the Licence Terms). Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.
An obvious issue is that a user may well not know than a device containing a component is non-genuine, and damaging it without warning would seem to be way beyond the bounds of what is reasonable.
-
interesting. a week ago, I bought some ftdi dongles from ebay and most were ok but one of them had a PID of all 0's (as seen on linux). I reported it to ebay, the vendor contacted me and sent me 2 new ones which were ok.
I did report the first one as fake and that's what got the vendor (sunfounder) to step in.
now, was the chip tried on windows and then returned? maybe that's what happened. or they tried it on windows at the factory and it zero'd out the pid before they shipped it.
I did try patching the linux driver to accept 0 as the pid but was not successful (the module wouldn't load, so maybe I had the wrong kernel version and was not about to spend a lot of time tracking down the exact kernel tree for my running system).
-
The licence only allows use of the Software with, and the Software will only work with Genuine FTDI Components (as defined in the Licence Terms). Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.
An obvious issue is that a user may well not know than a device containing a component is non-genuine, and damaging it without warning would seem to be way beyond the bounds of what is reasonable.
I think I'll re-design my boards that use the FTDI FT232. What if the driver makes a mistake and renders a genuine FT232 useless? I don't want to take that chance. Like you said it would be much better if the driver just refuses to load or shows a warning. It would take unplugging/inserting to fix such a temporary hickup on a genuine device.
-
I acknowledge that people and companies have the right to defend their copyrights. I can't however condone destroying counterfeit products which where purchased in good faith. The proper way is taking legal action against entities selling counterfeit chips.
The problem is that you can't know if a product contains counterfeit chips or not. After all you buy a black box. Secondly I really don't want to use software which has a self destruct mechanism. I'll take the FT232 out of all my designs because I don't want to be in the middle of an argument between a chip maker and counterfeiters.
-
I acknowledge that people and companies have the right to defend their copyrights. I can't however condone destroying counterfeit products which where purchased in good faith. The proper way is taking legal action against entities selling counterfeit chips.
The problem is that you can't know if a product contains counterfeit chips or not. After all you buy a black box. Secondly I really don't want to use software which has a self destruct mechanism. I'll take the FT232 out of all my designs because I don't want to be in the middle of an argument between a chip maker and counterfeiters.
Fwiw, as a long time ftdi user (in my designs, and in purchased devices), I completely agree. Error message, fine. Driver doesn't load, fine. But brick the device? Not ok. It's a shame, because I really like the chips. Oh well, have to vote with your wallet I suppose. :-//
Luckily I have recently discovered the cypress fx2/3, what a brilliant idea. Cypress here I come!
-
I've never encountered one but are the chips actually counterfeit or just driver-compatible?
If the latter, then seems to me FTDI are on very dangerous ground.
Are these drivers going to be included in distributions of Windows etc. as previous ones have been ?
A user could upgrade Windows , not see any warnings about this, and find their hardware has been broken.
It is not a crime to own a counterfeit item. However I'd be surprised if there aren't any jurisdictions where destroying counterfeit items was illegal.
As FTDI provide no way for the user to tell if a device is genuine or not, the warning in the license agreement (even supposing anyone reads it) is probably not a good defence.
Maybe I own a device with a fake FTDI device inside and installed drivers back when the license conditions didn't include this warning.
I then buy a new, genuine device that needs the newer driver - will installing the newer driver kill the old device as well?
-
I completely agree. If I buy a USB-to-serial cable in good faith, it's because I have a need for that functionality, not because I have any interest in what's inside the box or what IP disputes there might be between IC manufacturers over its contents.
The FTDI driver doesn't need to be compatible with chips which it identifies as possible counterfeits, but actively disabling access to them is a malicious act, and not acceptable.
This reminds me of the software that Sony shipped on music CDs some years ago, which tried to disable features on a user's CD drive in an attempt to prevent copying. That particular idiotic decision backfired, spectacularly, and quite rightly so.
-
Luckily I have recently discovered the cypress fx2/3, what a brilliant idea. Cypress here I come!
The FX2/LP is not really cheaper than an FT232 and has far more functionality, but Cypress do make the cheaper CY7C65213 which is pin-compatible (http://www.cypress.com/?rID=83118) and doesn't require proprietary drivers.
An obvious issue is that a user may well not know than a device containing a component is non-genuine, and damaging it without warning would seem to be way beyond the bounds of what is reasonable.
Definitely agreed. All these extra checks are doing is providing incentive for the cloners to make their product even closer to the real one, or just provide patched drivers that bypass this "bomb" (if they're already making fakes, do you think they care at all about what your license agreement says?) Or someone else will... that is, if they haven't already.
It's not like a USB-UART bridge is super-secret new technology anyway - there's plenty of other companies making them so vote with your wallet: http://www.microchip.com/forums/m376186.aspx (http://www.microchip.com/forums/m376186.aspx)
Much better if we move to ICs that work with the standard CDC drivers - and there are plenty of them.
-
I've never encountered one but are the chips actually counterfeit or just driver-compatible?
Counterfeit: http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal)
Are these drivers going to be included in distributions of Windows etc. as previous ones have been ?
Yes, they pushed the killer driver out in Windows Update, which is why the issue has come up now.
I then buy a new, genuine device that needs the newer driver - will installing the newer driver kill the old device as well?
I don't think there are any new features in the driver, so no one actually needs it.
-
We recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. Please follow this link to locate your local distributor: http://www.ftdichip.com/FTSalesNetwork.htm (http://www.ftdichip.com/FTSalesNetwork.htm)
That's all very fine for people buying chips but in most cases people are buying devices with chips inside. How do they know?
Why don't FTDI post info on devices known to contain fake chips?
-
We recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. Please follow this link to locate your local distributor: http://www.ftdichip.com/FTSalesNetwork.htm (http://www.ftdichip.com/FTSalesNetwork.htm)
For more information please refer to FTDI`s counterfeit statement and driver license agreement.
http://www.ftdichip.com/Support/Documents/QualityDocuments/Counterfeit (http://www.ftdichip.com/Support/Documents/QualityDocuments/Counterfeit) statement.pdf
http://www.ftdichip.com/Drivers/FTDriverLicenceTerms.htm (http://www.ftdichip.com/Drivers/FTDriverLicenceTerms.htm)
When the FTDI driver is installed you are agreeing the terms of use of FTDI`s device. Please note that FTDI`s driver licence agreement will be broken if used with counterfeit devices.
:)
you guys could have a meltdown (public relations wise) if you don't control this new 'driver' of yours, and very quickly, too!
I used to be a big fan of ftdi. but given your current hostility towards innocent end-users, I may have to rethink my choice of uart chips.
I also now know NEVER to accept windows updates or YOUR updates and use only the previous version of the driver, for when I have no choice but to use your chips.
if you want to go after people, go after SELLERS. punishing USERS is borderline illegal. if you brick a chip in a product that people depend on, I think you'll find some lawyers hungry to fight you in a class-action suit.
do you REALLY want that hassle, mr. ftdi?
you better rethink this before its too late. we understand your position, but you have taken a hostile action toward end users and this will Not End Well(tm), mark my words.
-
Are these drivers going to be included in distributions of Windows etc. as previous ones have been ?
Yes, they pushed the killer driver out in Windows Update, which is why the issue has come up now.
And how were users warned that it might kill their stuff?
If it was buried in a ton of other legalese crap I'd imagine there would be good grounds for legal action
I then buy a new, genuine device that needs the newer driver - will installing the newer driver kill the old device as well?
I don't think there are any new features in the driver, so no one actually needs it.
Unless the new device contains, say, a newer chip like the FT232H and my old driver pre-dated this chip.
-
if you want to go after people, go after SELLERS. punishing USERS is borderline illegal. if you brick a chip in a product that people depend on, I think you'll find some lawyers hungry to fight you in a class-action suit.
Especially if it affects kit necessary for a business - could be some major consequential losses involved
-
The more I think about this, the more ridiculous it sounds.
Suppose I use my iPhone to browse to, say, Samsung's web site. Would it be OK for the site to contain code that bricks my phone, just because there's some ongoing patent dispute between the two companies?
I have an urgent and important job coming up in a couple of days which will require my serial cable. It had f**king better work.
[edit]: To FTDI, you do realise that the correct response, for a user of an affected product, is to buy a replacement that doesn't even claim to contain an FTDI chip, right?
-
I acknowledge that people and companies have the right to defend their copyrights. I can't however condone destroying counterfeit products which where purchased in good faith.
Containing a stolen VID the device isn't USB standard compliant so you should not have expectations of it working in the first place. Possessors of stolen property generally have few rights regardless of their knowledge of it being stolen.
FTDI should have 'reclaimed' their VID, presumably not and option, I can't blame them for trashing the PID instead.
-
We recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. Please follow this link to locate your local distributor: http://www.ftdichip.com/FTSalesNetwork.htm (http://www.ftdichip.com/FTSalesNetwork.htm)
For more information please refer to FTDI`s counterfeit statement and driver license agreement.
http://www.ftdichip.com/Support/Documents/QualityDocuments/Counterfeit (http://www.ftdichip.com/Support/Documents/QualityDocuments/Counterfeit) statement.pdf
http://www.ftdichip.com/Drivers/FTDriverLicenceTerms.htm (http://www.ftdichip.com/Drivers/FTDriverLicenceTerms.htm)
When the FTDI driver is installed you are agreeing the terms of use of FTDI`s device. Please note that FTDI`s driver licence agreement will be broken if used with counterfeit devices.
:)
Terrible behaviour by FTDI, stuff like this can cause people no end of trouble and hassle. Man up and go after the counterfeiters not consumers.
-
When the FTDI driver is installed you are agreeing the terms of use of FTDI`s device. Please note that FTDI`s driver licence agreement will be broken if used with counterfeit devices.
:)
At what point when Windows automatically installs drivers have I agreed to anything? You explicitly changed the agreement and there is no point where I was required to agree to anything on any of the agreements. It is interesting timing. I am designing a product currently that is using USB to Serial. I had your chipset in the design. It is now gone.
I don't plan on getting counterfeit chips, but that you are actively changing chips rather than denying in the driver world, means I can't trust you. If you have an error in your driver detection, it can't be fixed with a driver update. I can't take that risk and have to sue FTDI, because I'm being sued by my customers.
-
I recently did a windows update and saw the ftdi update. I stupidly accepted it, but there was no notice or warning - it just updated like the millions of other nameless and opaque windows updates. (damn, I really do hate windows; this is yet another reason to hate it).
now, on linux, we will NEVER see this kind of driver hostility. no kernel dev worth his salt would submit a 'kill bit' patch like this. even if he did, we could easily roll it back (at the source level); but with windows, its not quite as easy.
this is going to cost me time, now. I should send ftdi a bill for my time - having to go thru all my windows installs and remove the bad driver and find the last good copy and lock it down.
dammit, ftdi!!
-
I acknowledge that people and companies have the right to defend their copyrights. I can't however condone destroying counterfeit products which where purchased in good faith.
Containing a stolen VID the device isn't USB standard compliant so you should not have expectations of it working in the first place. Possessors of stolen property generally have few rights regardless of their knowledge of it being stolen.
FTDI should have 'reclaimed' their VID, presumably not and option, I can't blame them for trashing the PID instead.
You can't "steal" integers. It is not illegal to make a USB compatible interface and provide whatever ints you want. If the device maker wants it to be a secured link, they have to make it so. It would be illegal to use a USB logo without certification, but not illegal to make a compatible interface.
However, on the flip side, it is IMPOSSIBLE for a hobbiest or anyone else making open hardware supporting USB to get a VID. USB group actually made it against the agreement for someone who licenses VIDs to even give them away to projects. In other words, because the USB consortium doesn't care about USB use by non-large companies, the only option of some is to pick a PID/VID and run with it.
If serial communication is all you need, then using a chip like FTDI is an option, but that doesn't fit all uses.
-
Suppose I use my iPhone to browse to, say, Samsung's web site. Would it be OK for the site to contain code that bricks my phone, just because there's some ongoing patent dispute between the two companies?
That's an excellent analogy. If microsoft pushes these drivers they may also be liable, I wonder if they are aware of FTDI's practices.
Does windows come with CDC installed by default?
-
And how were users warned that it might kill their stuff?
It didn't kill their stuff - their stuff didn't have any drivers. Supereal Microelectronics or whoever makes this shitty clone could produce drivers and their stuff would work fine - well as fine as it can when you are using a VID belonging to someone else.
Suppose I use my iPhone to browse to, say, Samsung's web site. Would it be OK for the site to contain code that bricks my phone, just because there's some ongoing patent dispute between the two companies?
That's an excellent analogy.
It is a poor analogy. FTDI have produced a new driver version which only work with their chips. They detect chips with stolen VIDs and trash the PID so their older drivers won't work with those chips either. They haven't bricked anything the chips always were bricks. If there were some legitimate drivers for the clone chips you could argue that something has been bricked but still blame the clone for using a stolen VID which is telling the computer to use the wrong drivers.
-
Does windows come with CDC installed by default?
usbser.sys, all you need is a .inf to use it.
-
And how were users warned that it might kill their stuff?
It didn't kill their stuff - their stuff didn't have any drivers. Supereal Microelectronics or whoever makes this shitty clone could produce drivers and their stuff would work fine - well as fine as it can when you are using a VID belonging to someone else.
I have an old fake device that worked before, updating FTDI driver kills it in a way the stops it working even if I revert all the software. It killed my stuff.
-
One question - after it has killed your fake device, does it give any meaningful message to explain ?
-
I have an old fake device that worked before, updating FTDI driver kills it in a way the stops it working even if I revert all the software. It killed my stuff.
Nope now it just needs the correct driver which never existed.
-
Suppose I use my iPhone to browse to, say, Samsung's web site. Would it be OK for the site to contain code that bricks my phone, just because there's some ongoing patent dispute between the two companies?
That's an excellent analogy. If microsoft pushes these drivers they may also be liable, I wonder if they are aware of FTDI's practices.
Does windows come with CDC installed by default?
Unfortunately not. On Mac OS and Linux a CDC device works out of the box but on Windows you need a .inf file to tell Windows which driver to use :palm:
One question - after it has killed your fake device, does it give any meaningful message to explain ?
No. It just doesn't work.
-
The driver reprograms the product ID so it won't work.
Price of buying fake chips.
If that is the case you can easily bind the new VID/PID to the correct driver in Linux and it should still work:
A vid/pid pair can be added dynamically using sysfs, for example:
echo 0403 1234 >/sys/bus/usb-serial/drivers/ftdi_sio/new_id
Again, if that is the only "damage" done, lsusb should help you find the device, or just monitoring dmesg as you attach it.
this did not work for me, I just tried it. 1234 should be 6001, of course (for people who will just mouse it in..)
one of my chips JUST got bricked. FUCK FTDI! dammit, you guys now suck so badly. what was once a functional board is now dead unless I can re-rewrite the pid.
even when I uninstalled the windows driver, the pid still got zeroed out.
if there are lawyers here, please consider starting a class-action. I'll gladly contribute. this is pure bullshit!
-
this did not work for me, I just tried it. 1234 should be 6001, of course (for people who will just mouse it in..)
No. It should be 0, since that's what the PID got set to by the killer driver. Then I think you can either use the device that way, or use FTDI's tool to reprogram the PID to e.g. 6001. (Sorry I don't know all the details, maybe someone else can fill that in.)
-
if there are lawyers here, please consider starting a class-action. I'll gladly contribute. this is pure bullshit!
Somehow I don't think you are going to find much sympathy complaining about counterfeit goods not working.
How far do you think you would get trying to sue Rolex because the cheap Chinese copy you bought stopped keeping good time?
I have an old fake device that worked before, updating FTDI driver kills it in a way the stops it working even if I revert all the software. It killed my stuff.
Nope now it just needs the correct driver which never existed.
Nope nope. Windows 7/8 USB stack doesn't like a PID of 0. Once the PID has been zapped, it won't work with any driver on Windows 7/8.
There is no legitimate driver for the chip so being able to work or not with a driver that doesn't exist is irrelevant.
-
I have an old fake device that worked before, updating FTDI driver kills it in a way the stops it working even if I revert all the software. It killed my stuff.
Nope now it just needs the correct driver which never existed.
It worked before, using an old FTDI driver ( which contains no restrictions in the distribution package on only using it with only FTDI chips).
Even after reverting, it's still broken. If the Windows update did not explicitly warn me, then I suspect this is a deliberate act of unlawful damage to my property.
(Hypothetical situation, I've only ever bought FTDI stuff from FTDI, Easysync or Farnell)
-
This is going to impact the end user. This is the person who bought a device and has no clue what is in it. It is amazing to me that FTDI doesn't pop up a window and say, the device you are using is counterfeit and will not work with this driver. I have no issues with that. When we get into killing devices, this is an issue. Let alone, killing them WITHOUT LETTING THE USER KNOW ANYTHING. They assume it died. So they buy another one, because it worked for a long while before it died. And now this one immediately dies.
This doesn't nothing to hurt the counterfeit using manufacturers for a while, but completely and utterly screws over the end consumers who knew nothing of this fight WITHOUT ANY EXPLANATION AT ALL.
If FTDI thinks this is an OK way to do business, I can't trust their judgment on other things. Why would I choose to include their products in mine? I really think this is a PR killer for them. Handled very poorly.
-
there will be lawyers on this. just a matter of time.
what wrong did I do by buying a device on amazon, fully believing that the items there won't be ebay-style fakes?
how is it right, in your view, to punish ME for this?
I can see which side you are on, but you are so wrong about this. so terribly wrong. go after the vendors. NEVER GO AFTER END USERS. they are not at fault. if you think they are, then we now know what kind of person YOU are...
taking ftdi's side is not going to win you any friends, here.
-
Well aside from the legality, this is a pretty poor move and it makes me a little sad because I had a very high opinion of ftdi. If I put counterfeit parts in my Toyota, it doesn't explode. Sure, if it causes a crash I am on my own, and if Toyota refuses to service it that is fine, but I feel like this is like me checking my car in for a service and coming back to find that it has been neatly compacted into a cube.
I hope this is a catalyst to move to CDC for everything usb serial. The world could do with one less vendor-locked protocol.
-
I think it's fairly obvious what the general opinion is, from both end-users and professional design engineers. Both are likely to avoid FTDI in future, just in case their products end up containing chips that, through no fault of their own, are deemed as infringing by some piece of driver code.
At least if I design a Cypress, or Prolific, or Microchip part into my product, it's less likely to get wrecked by malware. It's a great shame, because as a general rule I like(d) FTDI products, but now I can't take the risk. FTDI might gain a short-term victory against counterfeiters, but it'll emerge from the battle with its brand in tatters and a suite of updated, more accurate copies to deal with.
Nobody wins here, and I won't be a pawn in someone else's IP dispute.
-
If FTDI thinks this is an OK way to do business,
Supporting poor clones of their chips with drivers isn't doing business. I think that is rather their point.
-
If FTDI thinks this is an OK way to do business,
Supporting poor clones of their chips with drivers isn't doing business. I think that is rather their point.
That is a typical American point of view. Shoot first, ask questions later. In this case FTDI is killing their entire customer base to get to one counterfeiter which operates in a market FTDI can't penetrate to begin with.
-
how many times do we have to explain this?
detect a bad chip: fine! display a popup and inform the user.
destroy the chip? NOT SO FINE.
you've just destroyed property of mine. if you think that's ok, post your name and company so I can avoid you in the future, as well as any products your company makes.
-
If FTDI thinks this is an OK way to do business,
Supporting poor clones of their chips with drivers isn't doing business. I think that is rather their point.
That is a typical American point of view. Shoot first, ask questions later. In this case FTDI is killing their entire customer base to get to one counterfeiter which operates in a market FTDI can't penetrate to begin with.
sorry, but its not 'typical american'. you are believing the minority (a tiny tiny percent of americans) who think that 'intellectual property' trumps all other rights.
MOST americans are not this hostile. please revise your view; I find it highly offensive that you lump so many of us in with the bad apples. this is NOT an american concept and you watch too many movies, I think...
-
If FTDI thinks this is an OK way to do business,
Supporting poor clones of their chips with drivers isn't doing business. I think that is rather their point.
That is a typical American point of view. Shoot first, ask questions later. In this case FTDI is killing their entire customer base to get to one counterfeiter which operates in a market FTDI can't penetrate to begin with.
FTDI are a British company
-
how many times do we have to explain this?
destroy the chip? NOT SO FINE.
How many times to I have to explain - they are not destroying the chip. The chip will work fine if you have drivers for it. When the chip manufacture writes drivers (and gets them certified and signed) I'm sure they will provide a tool to restore the PID. Maybe they could set the VID to something not stolen from FTDI but probably not because that is what FTDI would have done if it were possible.
-
you're a hopeless case. I won't waste any more time with you on this or any other thread.
-
btw, this is exactly the reason why I refuse to install any blueray devices or play any of those discs on my system or on my network. they also think (via their drm) that they have the right to DISABLE (brick) any device that is not hdcp compliant along the chain. I've read about one guy who had his dvd player bricked when the bd disc 'updated' the blacklist, just by inserting and playing a disc.
he was able to undo it (very clever and with MUCH effort) but most people would be left with dead hardware, should that happen to them.
this behavior needs to stop. vendors who think they have a right to ruin your hardware because of IP disputes should be sued to oblivion. and customers should actively boycott any companies that subscribe to this kind of belief or policy.
every so often, I think about buying a bd burner; but I always stop myself.
-
how many times do we have to explain this?
destroy the chip? NOT SO FINE.
How many times to I have to explain - they are not destroying the chip. The chip will work fine if you have drivers for it. When the chip manufacture writes drivers (and gets them certified and signed) I'm sure they will provide a tool to restore the PID. Maybe they could set the VID to something not stolen from FTDI but probably not because that is what FTDI would have done if it were possible.
As far as the vast majority of end-users are concerned, the chip is dead.
-
How many times to I have to explain - they are not destroying the chip.
Bullshit.
If a device meant for average users is disabled beyond what the average user can fix, the device is fucked. Don't be disingenuous - we're mostly engineers and hobbyists here, we can fix almost anything - that doesn't mean it's not broken. When Joe Sixpack's doohickey stops working because its VID has been reprogrammed, he's up a creek without a paddle.
-
I am seriously curious - I want to buy one of those counterfeit FT232s and play with it. How/where do I buy one which is definitely NOT the original?
-
I've designed several products in the past where I need a USB-to-UART solution. The choice has been primarily between FTDI and Silicon Labs chips. This situation has just made my vendor selection much simpler. AFAIK, SiLabs does not punish end users if our contract manufacturer in China does an unauthorized part substitution.
-
End users that bought FTDI, supported the brand FTDI. Of course, they wanted the real stuff but they would not know. They have done their part in buying FTDI. Instead of going after the faker, FTDI chose the easiest option and screwed the people that supported FTDI. FTDI has killed their own brand.
How does one know the FTDI cable he is going to buy is not going to be killed by FTDI driver? Don't risk buying one.
-
i remember several years ago i really had huge problem with prolific USB to Serial chips and BSOD.... so i simply never used any prolific product again..... some years later i found out that it was because of fake chips.... but i never used them again because of bad that bad taste....
so i think it's time to switch to CH340 or something similar.
-
so i think it's time to switch to CH340 or something similar.
... don't go there. Those things are shocking.
-
Okay nice. I don't think there are only hobbyists affected of this thing....
So, why should I ever use FTDI chips again when I must control the complete delivery chain for this chips ? That sounds to expensive and risky for me. There are good alternatives...
-
Okay nice. I don't think there are only hobbyists affected of this thing....
So, why should I ever use FTDI chips again when I must control the complete delivery chain for this chips ? That sounds to expensive and risky for me. There are good alternatives...
As if you didn't need before driver update. Or are you OK with using fake parts in your product?
-
I am seriously curious - I want to buy one of those counterfeit FT232s and play with it. How/where do I buy one which is definitely NOT the original?
Probably eBay.
Disclaimer: I'm not condoning FTDI's decision.
"Don't go after the customers, go after the theiving vendors!"
Have you ever tried to pursue property rights claims to unscrupulous cloning vendors in China? If not, I can summarize it for you: "HA HAHAHAHAHAHAHAHAHAH"
My place of employment has concerns about counterfeit devices too. Our way of "trapping" the bad parts? We require a paper trail for authenticity of parts bough in order to provide support. "You bought a bad part? Terribly sorry, but that was not a part sold through authorized channels. If you can replace them with genuine parts, and still have the same problem, we would be glad to help!"
I'm not a lawyer. But as an engineer, this violates good faith (and to the person bagging on "Americans Shoot First..." I'm one of those). I suspect that FTDI will have to demonstrate how this "update" was an integral part of driver maintenance and not a deliberately malicious act. I.e. does changing the PID to 0 have a functional value to the existing parts? This will be the first question the lawyer on the opposition will be asking. If the answer is not yes, then there is going to be some trouble - likely on the ground similar to creators of Computer Viruses (virii?).
Now, I personally, have an FT232R on a controller I am about to push to major release - something that will be going to quantity production - and I have to keep in mind my company's corporate image and have to wonder what (if any) fall out will land on our shoulders with the part.
I'm unclear on one thing though: Is this driver update something that Microsoft pushes without consent or something the end customer downloads from FTDI? (Not that it changes the situation). If it's a MS push, that makes this much, much worse.
-
Okay nice. I don't think there are only hobbyists affected of this thing....
So, why should I ever use FTDI chips again when I must control the complete delivery chain for this chips ? That sounds to expensive and risky for me. There are good alternatives...
As if you didn't need before driver update. Or are you OK with using fake parts in your product?
I'm not OK using fake parts in my product. However, if it were to happen, FTDI is making sure that my customer assumes my product just broke. There will be no feedback from the customer for me to even determine that I've been duped by a supplier. My customer will just never be my customer again.
It could have been handled in quite a few ways and FTDI chose the worse way possible. What I don't know is how robust the driver code is. Will FTDI accidentally kill their legit chips? It is possible. Someone misses a check in the test suite and it does a kill all of an older model. Now legitimate chips are dead.
Firmware updates are easy to get very wrong. When your firmware update is a bullet to the head, it is also hard to fix it. Were this to complain about counterfeit and not work, that would be perfectly fine. A false positive is fixed with an updated driver. Hard to scrape off the cranial matter and put it back in your skull after you shot yourself in the head, though.
-
i remember several years ago i really had huge problem with prolific USB to Serial chips and BSOD.... so i simply never used any prolific product again..... some years later i found out that it was because of fake chips.... but i never used them again because of bad that bad taste....
I had the same experience and I bet the same will happen with FTDI.
Has anyone tried the Microchip USB to RS232 converter ICs? They are cheap and the one I tested seems to be quite good. Basically just a PIC with the right firmware programmed at the factory.
I tried them, they're ok. I actually went for them at one point because I could re-write the firmware and I was able to lock the baudrate this way. You can obviously buy the real MCU and do that, but the USB to Serial chip is cheaper than the actual MCU for some reason :)
Has anyone tried the Microchip USB to RS232 converter ICs? They are cheap and the one I tested seems to be quite good. Basically just a PIC with the right firmware programmed at the factory.
For this purpose it would be ok i guess, might try it in the near future.
For a lot of other applications such as any I2C bridge or I/O peripheral I personally do not trust a standard PIC with software. I rather have a hardware statemachine solution for that. But thats just my 2 cents.
Should work fine, if the MCU has a peripheral for I2C, it means it's implemented in hardware, with the software only doing the glue logic between the USB peripheral and the I2C one.
-
How can I prevent the killing?
Check all my beloved USB China toys with an older XP machine.
If a FTDI chip is present, change the VID/PID with FTDI tools.
Modify an older driver to work with the new VID/PID.
Use the toy on an updated Windows system, but with the modified driver.
Is all of above doable and is this modified driver safe not to be updated?
-
fwiw, hackaday now has this on their front page. linked to this forum's post, too.
let the shitstorm begin.
I hope ftdi gets tons of emails and phonecalls about this.
-
Put yourself in FTDI's shoes... It's a bold move, but I understand exactly why they did it.
What makes you think FTDI haven't already been trying to fight the cloners from the supplying end already?
FTDI enjoys a decent premium over the knockoffs and similar products due to brand recognition. Do you think they are going to piss away all that potential money just because some chinese cloners started selling counterfeit product?
Buying fake chips has ALWAYS been a bad deal for everybody involved.
-
I acknowledge that people and companies have the right to defend their copyrights. I can't however condone destroying counterfeit products which where purchased in good faith.
Containing a stolen VID the device isn't USB standard compliant so you should not have expectations of it working in the first place. Possessors of stolen property generally have few rights regardless of their knowledge of it being stolen.
FTDI should have 'reclaimed' their VID, presumably not and option, I can't blame them for trashing the PID instead.
Does it only kill devices with FTDI's VID? (Can the fakes have the VID reprogrammed?)
-
Okay nice. I don't think there are only hobbyists affected of this thing....
So, why should I ever use FTDI chips again when I must control the complete delivery chain for this chips ? That sounds to expensive and risky for me. There are good alternatives...
As if you didn't need before driver update. Or are you OK with using fake parts in your product?
No, but it can happen. It happened many big manufacturers without there liability. Most time the chip-manifacturer then loses a little bit of money because the not selled chips. Now that shall be my risk, but I don't just lose some non existent profit. I lose costs of manufactoring, shipping, time to rebuild, reputation of customers, etc,etc....
So why just eat this toad whitout the need ?
-
Put yourself in FTDI's shoes... It's a bold move, but I understand exactly why they did it.
What makes you think FTDI haven't already been trying to fight the cloners from the supplying end already?
FTDI enjoys a decent premium over the knockoffs and similar products due to brand recognition. Do you think they are going to piss away all that potential money just because some chinese cloners started selling counterfeit product?
Buying fake chips has ALWAYS been a bad deal for everybody involved.
It's the same naive approach the music industry tried, and failed, to use against piracy. Punishing the "pirates" doesn't accomplish anything. Clones will always exist, and this is a market they are not directly competing with, as the people buying the cloned chips are mostly not, and never will be, FTDI customers. Yes, this will hurt the market for cheap FTDI cables, but rather than move to expensive legitimate cables, they are destroying their brand and making them un-purchaseable for anyone, including design engineers, due to the risk of their device or product randomly failing in the future.
If FTDI were an end user products company I might see them have a bit more success, as those purchasing fake FTDI gadgets would likely know they're fake, like the Gucci handbags you buy in Bangkok. However they're not. They sell chips to integrators and many other vendors. Now they've burned their direct customer, the integrator, as well as the end user. It's a stupid response and will get them no goodwill from anyone, including their legitimate customers, who weren't harmed by the clones in the first place.
They could have done a few different things to reinforce their brand and undermine the clone's reputation without pulling the trigger on millions of devices. Microsoft learned this years ago.
I mean I understand they're butthurt about this, but taking it out on the end user, when they don't even sell to the end user, is not a productive response and will certainly hurt their image, while it never stood any chance of helping it.
-
Put yourself in FTDI's shoes... It's a bold move, but I understand exactly why they did it.
What makes you think FTDI haven't already been trying to fight the cloners from the supplying end already?
FTDI enjoys a decent premium over the knockoffs and similar products due to brand recognition. Do you think they are going to piss away all that potential money just because some chinese cloners started selling counterfeit product?
Buying fake chips has ALWAYS been a bad deal for everybody involved.
It's the same naive approach the music industry tried, and failed, to use against piracy. Punishing the "pirates" doesn't accomplish anything. Clones will always exist, and this is a market they are not directly competing with, as the people buying the cloned chips are mostly not, and never will be, FTDI customers. Yes, this will hurt the market for cheap FTDI cables, but rather than move to expensive legitimate cables, they are destroying their brand and making them un-purchaseable for anyone, including design engineers, due to the risk of their device or product randomly failing in the future.
I'm not sure this even has the desired effect for them, I would be incredibly surprised if anybody can tell the difference between a clone and a real one without decapping it. The end result is just tainting their own brand and pissing off millions of clueless, unconnected people when their hardware suddenly stops working.
-
Okay nice. I don't think there are only hobbyists affected of this thing....
So, why should I ever use FTDI chips again when I must control the complete delivery chain for this chips ? That sounds to expensive and risky for me. There are good alternatives...
As if you didn't need before driver update. Or are you OK with using fake parts in your product?
No, but it can happen. It happened many big manufacturers without there liability. Most time the chip-manifacturer then loses a little bit of money because the not selled chips. Now that shall be my risk, but I don't just lose some non existent profit. I lose costs of manufactoring, shipping, time to rebuild, reputation of customers, etc,etc....
So why just eat this toad whitout the need ?
But now you have a great tool how to check to be genuine right away :-DD. However fakers likely will fix them soon.
-
So, the drivers just changes the PID:VID to something else? On Linux, I guess, someone could just end a patch to the kernel tree for the driver adding the new VID:PID. :P :P :P
drivers/usb/serial/ftdi_sio_ids.h
Alexander.
-
Okay nice. I don't think there are only hobbyists affected of this thing....
So, why should I ever use FTDI chips again when I must control the complete delivery chain for this chips ? That sounds to expensive and risky for me. There are good alternatives...
As if you didn't need before driver update. Or are you OK with using fake parts in your product?
No, but it can happen. It happened many big manufacturers without there liability. Most time the chip-manifacturer then loses a little bit of money because the not selled chips. Now that shall be my risk, but I don't just lose some non existent profit. I lose costs of manufactoring, shipping, time to rebuild, reputation of customers, etc,etc....
So why just eat this toad whitout the need ?
But now you have a great tool how to check to be genuine right away :-DD. However fakers likely will fix them soon.
Hehe, yes now I can :D But just after the manufacturing.
Yes, thats the joke on this, FTDI loses reputation and the faker will fix their chips...
-
Does it only kill devices with FTDI's VID? (Can the fakes have the VID reprogrammed?)
If you have your own VID/PID, then you should supply your own device drivers - even if they redistribute the FTDI binaries under the hood (most of them do).
In this case, perhaps you will be shielded if you don't update the binaries in your own device driver support package.
-
Put yourself in FTDI's shoes... It's a bold move, but I understand exactly why they did it.
What makes you think FTDI haven't already been trying to fight the cloners from the supplying end already?
FTDI enjoys a decent premium over the knockoffs and similar products due to brand recognition. Do you think they are going to piss away all that potential money just because some chinese cloners started selling counterfeit product?
Buying fake chips has ALWAYS been a bad deal for everybody involved.
I can understand why FTDI would implement a block on counterfeit chips. But to silently break them, it is doing them no good. Inform the user that their device is using an counterfeit chip. This does nothing to educate people about the problem, it just makes engineers never use an FTDI part ever again.
-
Containing a stolen VID the device isn't USB standard compliant so you should not have expectations of it working in the first place. Possessors of stolen property generally have few rights regardless of their knowledge of it being stolen.
FTDI should have 'reclaimed' their VID, presumably not and option, I can't blame them for trashing the PID instead.
Does it only kill devices with FTDI's VID? (Can the fakes have the VID reprogrammed?)
An FTDI driver wouldn't get installed or loaded if the device didn't have a matching VID/PID. I don't know if the VID can be reprogrammed. Removal of a VID owned by FTDI would be more justifiable but what would they replace it with? They couldn't really use someone else's VID or one that had not yet been sold. 0000 seems not to have been allocated but I don't know that 0000 is reserved for uninitialised or unknown like it appears to be for PIDs.
We don't even know how many types of FTDI clone there are. Maybe some are better clones and can't be detected by FTDI drivers.
-
So, the drivers just changes the PID:VID to something else? On Linux, I guess, someone could just end a patch to the kernel tree for the driver adding the new VID:PID. :P :P :P
drivers/usb/serial/ftdi_sio_ids.h
Alexander.
You don't even need to patch the kernel, you can add the new ID at runtime via sysfs.
-
For us, the circuit designers are the ones who decide which chip to use (or replace), and supply chain is a whole different department. If I had a lot of my products come back with broken FTDI chips, I'd probably conclude that the chips are crap and I'd better use something else.
-
For us, the circuit designers are the ones who decide which chip to use (or replace), and supply chain is a whole different department. If I had a lot of my products come back with broken FTDI chips, I'd probably conclude that the chips are crap and I'd better use something else.
Thats how it works in reallity :) Maybee FTDI doesn't know that...
-
For us, the circuit designers are the ones who decide which chip to use (or replace), and supply chain is a whole different department. If I had a lot of my products come back with broken FTDI chips, I'd probably conclude that the chips are crap and I'd better use something else.
You mean something like real FTDI chips instead of Supereal Microelectronics chips with FTDI written on them?
I had a bunch of boards manufactured in China with fake Fairchild MOSFETS that didn't work - from that I should have concluded that Fairchild makes crap MOSFETs?
-
You don't even need to patch the kernel, you can add the new ID at runtime via sysfs.
Yes. Such a patch to the official kernel tree would be nice though.
Alexander.
-
An FTDI driver wouldn't get installed or loaded if the device didn't have a matching VID/PID.
Not the default one, but one with a suitably tweaked .INF file will.
Anyone who ships a FTDI device other than a simple serial converter with the factory VID&PID should be shot as it can cause major compatibility issues.
-
This thread is currently going at ~100 views / minute.
I wonder if anyone from FTDI is following it, because it's the story of how people stopped using FTDI chips.
-
Please note that FTDI`s driver licence agreement will be broken if used with counterfeit devices.
It's your driver that decides to attach itself to the device, not the other way around. The user doesn't 'select' your driver to be used with that competing device.
-
This thread is currently going at ~100 views / minute.
I wonder if anyone from FTDI is following it, because it's the story of how people stopped using FTDI chips.
A new user called FTDI chip has already posted in this thread. FTDI don't care if people stop using clones of their chips.
It's your driver that decides to attach itself to the device, not the other way around. The user doesn't 'select' your driver to be used with that competing device.
The device decides what driver it wants to attach to it. The user decided to buy a device which asks for the wrong driver.
An FTDI driver wouldn't get installed or loaded if the device didn't have a matching VID/PID.
Anyone who ships a FTDI device other than a simple serial converter with the factory VID&PID should be shot as it can cause major compatibility issues.
The same as anyone who ships a non-FTDI device with and FTDI VID.
-
Made it to slashdot and hackaday. Well, they're boned. And rightfully so.
Make your drivers simply refuse to work with non-genuine ICs ... fair enough I suppose. :-+
Willfully brick devices from another vendor, just because you are having legal issues with that other vendor .... not very nice, and possibly illegal. :--
-
There is a very simple way to do this CORRECTLY.
1 - Windows uses device driver based on PID/VID codes.
2 - Driver detects counterfeit device.
3 - Driver informs users that device is counterfeit and does not allow it to function.
Same end result of not working, but the user actually can know why and they complain to the company the made it. Complains work up the line until we find out where the fake chip came into the mix. Of all the wrong ways this couldn't be done, I can't think of a better way to get no design engineer to want to risk using your product again.
The product doesn't work. How do we know if we had an ESD failure or a dishonest Chinese CM? This is just stupid.
A new user called FTDI chip has already posted in this thread. FTDI don't care if people stop using clones of their chips.
And they are too stupid to understand that people will stop using their chips as well.
-
I bought some RS485 boards from Ebay with an FTDI FT232 chip on them. Appearantly the chips are fake. I used them with Linux and they work fine. After plugging them into a Windows PC with the latest drivers they quit working (even with Linux). I think the FTDI driver somehow kills the fake FTDI chip. Not nice if you got a lot of these boards in the field :palm:
Another one bites the dust.
I encountered the same problem last week, https://www.eevblog.com/forum/microcontrollers/stm32f103c8tc6-usart-help/15/ (https://www.eevblog.com/forum/microcontrollers/stm32f103c8tc6-usart-help/15/) I am reworking the 3 boards I bought off ebay with the originals.
-
For us, the circuit designers are the ones who decide which chip to use (or replace), and supply chain is a whole different department. If I had a lot of my products come back with broken FTDI chips, I'd probably conclude that the chips are crap and I'd better use something else.
Thats how it works in reallity :) Maybee FTDI doesn't know that...
yeh, it used to be cp21xx that had a bad reputation because there were so many fakes and they constantly updated the drivers to break them so it seemed the they never worked
I can also imagine it could get FTDI in legal trouble, You can't just deliberately break other peoples stuff because you think they violate your IP
-
Damm .... FTDI :-- :--
I really liked your chips , and considered them the best (most ComPort compatible)
But killing the product , this is unacceptable.
I'll switch to Silabs , on my next designs.
/Bingo
-
Make your drivers simply refuse to work with non-genuine ICs ... fair enough I suppose. :-+
Willfully brick devices from another vendor, just because you are having legal issues with that other vendor .... not very nice, and possibly illegal. :--
They haven't bricked anything. They changed the PID so their older drivers will also simply refuse to work with non-genuine ICs. It would be an issue if there were any other legitimate drivers that worked with these non-genuine chips but there are not and FTDI know it because the non-genuine chips use FTDI's VID and FTDI are the only ones able to create a legitimate driver for something with their VID.
-
This is hilarious, so much heat and noise from so many unimportants:
-Try pursuing cloners in China, totally impossible
-If the FTDI drivers displayed a message box 99.9% of users will click cancel and carry on regardless. This way gets their attention
-FTDI don't give a monkey's about all this commotion, this move is aimed at mfrs that ship 10-100K devices. If devices start failing in the field then end users will complain to their supplier not FTDI - it's unlikely the end user will even know or care the USB UART is a fake FTDI. The supplier will notice/care when the RMAs start piling up (and then take action to control their supply chain - FTDI win)
-If you can't trust your mfr then buy the FTDI parts from Mouser/Dodgeykey/RS/Farnell and give them to the Chinese factory FOC. This forces you to control your supply chain, you should be doing that anyway
-Go ahead & use an alternate part, you will not benefit from the 'built-in' FTDI drivers in Windoze and have your end user suffer the inconvenience of downloading/installing a driver - 0/10 for ease of use
-Stop using Tarduino + FTDI USB UARTs, start designing with grown up ARM chips and implement your own USB CDC stacks - problem solved
I say good for FTDI, they invented the USB UART chip business and deserve to benefit financially, instead they are being ripped of by Chinese fakers facilitated by outfits that are too cheap/lazy to control their own supply chains
Flame away ;)
-
It would be an issue if there were any other legitimate drivers that worked with these non-genuine chips but there are not and FTDI know it because the non-genuine chips use FTDI's VID and FTDI are the only ones able to create a legitimate driver for something with their VID.
I beg to differ: http://lxr.free-electrons.com/source/drivers/usb/serial/ftdi_sio.c (http://lxr.free-electrons.com/source/drivers/usb/serial/ftdi_sio.c)
-
Make your drivers simply refuse to work with non-genuine ICs ... fair enough I suppose. :-+
Willfully brick devices from another vendor, just because you are having legal issues with that other vendor .... not very nice, and possibly illegal. :--
They haven't bricked anything. They changed the PID so their older drivers will also simply refuse to work with non-genuine ICs. It would be an issue if there were any other legitimate drivers that worked with these non-genuine chips but there are not and FTDI know it because the non-genuine chips use FTDI's VID and FTDI are the only ones able to create a legitimate driver for something with their VID.
And now the question is if they have any legal rights over the VID, which is just a number allocated by the USB Consortium at $5k a pop. As far as I know, this allocation is not backed by any law.
-
They haven't bricked anything. They changed the PID so their older drivers will also simply refuse to work with non-genuine ICs.
Sure they bricked it. They made changes to a device you paid for & own, without notifying you of these changes and the slight 100% chance of inoperability that might possibly occur. As for bricking semantics, these changes make this device inoperable for the average consumer who has no truck with popping in the debian rescue cd/stick/whatever.
So they don't want me to use their windoze drivers? Fair enough. But after I reboot to linux it'd be nice if that non-FTDI device still worked.
-
So, the drivers just changes the PID:VID to something else? On Linux, I guess, someone could just end a patch to the kernel tree for the driver adding the new VID:PID. :P :P :P
drivers/usb/serial/ftdi_sio_ids.h
Alexander.
You don't even need to patch the kernel, you can add the new ID at runtime via sysfs.
I tried. didn't work. what is the exact command? I have a 'bad' ftdi board (ruined just today) and so I'm willing to try the hot fix on linux. the one that was posted before (earlier today) did not work.
-
Sounds a lot like the BS from freeloaders using 'backups' in their modded XBoxes and then got banned from XBLive. 'We restored the original firmware & still banned - no fair'
-
Given that the terms & conditions aren't actively agreed to by the user due to it being automatic through Windows Update, I wonder if it is a violation of the UK Computer Misuse Act - "unauthorised modification of computer material"?
-
Make your drivers simply refuse to work with non-genuine ICs ... fair enough I suppose. :-+
Willfully brick devices from another vendor, just because you are having legal issues with that other vendor .... not very nice, and possibly illegal. :--
They haven't bricked anything. They changed the PID so their older drivers will also simply refuse to work with non-genuine ICs. It would be an issue if there were any other legitimate drivers that worked with these non-genuine chips but there are not and FTDI know it because the non-genuine chips use FTDI's VID and FTDI are the only ones able to create a legitimate driver for something with their VID.
Oh yes, like CIH. I doesn't bricked your motherboard, it just flashed your bios with new software....thats a totally other thing !
http://en.wikipedia.org/wiki/CIH_%28computer_virus%29 (http://en.wikipedia.org/wiki/CIH_%28computer_virus%29)
-
Quote:
This software is provided by Future Technology Devices International Limited ``as is'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall future technology devices international limited be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
FTDI drivers may be used only in conjunction with products based on FTDI parts.
FTDI drivers may be distributed in any form as long as license information is not modified.
If a custom vendor ID and/or product ID or description string are used, it is the responsibility of the product manufacturer to maintain any changes and subsequent WHCK re-certification as a result of making these changes.
I'm betting by plugging in an FTDI device you are accepting the license (you are getting the benefit). You did read the license right?
If Windoze updated your driver without telling you then take it up with MS, see how far that gets you ;)
-
does anyone have a link to the last GOOD driver from ftdi? I may have a cdrom with it, but will take me a while to find it. I'd like to blacklist the windows update and reinstall the driver from the last known good version. what IS the version string that was 'safe' and does anyone have a link to download that good version?
-
Quote:
This software is provided by Future Technology Devices International Limited ``as is'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall future technology devices international limited be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
FTDI drivers may be used only in conjunction with products based on FTDI parts.
FTDI drivers may be distributed in any form as long as license information is not modified.
If a custom vendor ID and/or product ID or description string are used, it is the responsibility of the product manufacturer to maintain any changes and subsequent WHCK re-certification as a result of making these changes.
I'm betting by plugging in an FTDI device you are accepting the license (you are getting the benefit). You did read the license right?
If Windoze updated your driver without telling you then take it up with MS, see how far that gets you ;)
That doesn't mean that if you violate the agreement they have the right to come in and kill your dog.
At worst, it should simply not work.
-
does anyone have a link to the last GOOD driver from ftdi? ...
And a copy of XP too so I can slowly go out of date & become irrelevant :)
That doesn't mean that if you violate the agreement they have the right to come in and kill your dog.
At worst, it should simply not work.
Erm, well, it doesn't work anymore, does it?
This is even funnier than when Sparkfun got spanked for importing dodgy Fluke clones and the 'maker' world erupted in butt hurt fury... Fluke played a blinder by giving SF a bunch of meters, SF couldn't sell them (had to 'donate' them) and they were still out 1000s of dollars. 100% Fluke win, pure marketing brilliance...
-
Ah, I don't have one of these dongles at hand, but the basic mechanism applies to any driver. You'll need the actual VID/PID combination (see lsusb), the mechanism is described here: http://www.ha19.no/usb/ (http://www.ha19.no/usb/)
-
FTDI wants us hobbieists to contact their business dealers instead of buying the few ic's from " dubious" sources as Ebay because they are too lazy to check all Ebay listings with "FTDI" in their advertisement.
Great let all hobbieists unite and email their official FTDI dealer tomorrow to give them an official quote for those one, two or few FTDI chips and if they don,t hear an answer or denial for such quote within one day keep on repeating those emails. I wonder how much they will loose on all that paperwork.
If FTDI wants to do something that really will hurt those counterfeiters they should open up an official ebay store where everyone can buy few pieces of official ic's for decent prices with free shipping, only then will something happen.
-
Sounds a lot like the BS from freeloaders using 'backups' in their modded XBoxes and then got banned from XBLive. 'We restored the original firmware & still banned - no fair'
Sorry but this has nothing to do with freeloading. It is as if you buy a PC with Windows but it turns out it has is no valid Windows license. Microsoft notifies you of this issue politely and allows a grace period instead of reformatting your hard drive immediately.
-
Guys we're all supposed to be techies in here. So far there has been debate as to whether FTDI did the right thing or not, talk of suing, very little talk of how to rectify the situation.
Unfortunately I don't have one of those problematic FTDI chips to play with but from past experience with FTDI, I doubt very much that the driver is able to actually kill the chip. Most of the feedback on this issue mentions that the VID/PID is reset to zero. This information is not held on the chip itself but on an attached EEPROM.
This means, and I'm only just guessing here, that the driver may try to update some EEPROM parameters and due to some incompatibility or difference between the real/fake FTDI chips, the fake ones fail to write the EEPROM correctly and it remains erased. This is just me guessing and giving FTDI the benefit of the doubt.
So continuing with my theory, since you can't kill the FTDI chip itself via software, this is just an issue of the EEPROM getting erased. The fix may simply be to disconnect the EEPROM SPI clock trace so that the fake chip cannot detect it, therefore reverting to the hard coded VID/PID which is the normal behaviour of a FTDI chip, whether real or fake.
-
Quote:
This software is provided by Future Technology Devices International Limited ``as is'' and any express or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall future technology devices international limited be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
FTDI drivers may be used only in conjunction with products based on FTDI parts.
FTDI drivers may be distributed in any form as long as license information is not modified.
If a custom vendor ID and/or product ID or description string are used, it is the responsibility of the product manufacturer to maintain any changes and subsequent WHCK re-certification as a result of making these changes.
I'm betting by plugging in an FTDI device you are accepting the license (you are getting the benefit). You did read the license right?
If Windoze updated your driver without telling you then take it up with MS, see how far that gets you ;)
Oh, sounds like "If you insert this dvd in your drive, you accept the license and we can format your harddrive". On a text file on the DVD.
really ?
-
Erm, well, it doesn't work anymore, does it?
I meant the driver, please stop being a troll.
Guys we're all supposed to be techies in here. So far there has been debate as to whether FTDI did the right thing or not, talk of suing, very little talk of how to rectify the situation.
Unfortunately I don't have one of those problematic FTDI chips to play with but from past experience with FTDI, I doubt very much that the driver is able to actually kill the chip. Most of the feedback on this issue mentions that the VID/PID is reset to zero. This information is not held on the chip itself but on an attached EEPROM.
This means, and I'm only just guessing here, that the driver may try to update some EEPROM parameters and due to some incompatibility or difference between the real/fake FTDI chips, the fake ones fail to write the EEPROM correctly and it remains erased. This is just me guessing and giving FTDI the benefit of the doubt.
So continuing with my theory, since you can't kill the FTDI chip itself via software, this is just an issue of the EEPROM getting erased. The fix may simply be to disconnect the EEPROM SPI clock trace so that the fake chip cannot detect it, therefore reverting to the hard coded VID/PID which is the normal behaviour of a FTDI chip, whether real or fake.
The chip has built in EEPROM, so there are no bus lines to be disconnected. Also, there is no reason why a driver would alter the VID/PID pair during normal operation.
-
This information is not held on the chip itself but on an attached EEPROM.
If you read above posts and links you would have seen that the eeprom is on the chip, it is a one chip design.
Only repair is to exchange the illegal chip with a real one which you now can order at the official ftdi dealer at one piece at a time.
-
FTDI wants us hobbieists to contact their business dealers instead of buying the few ic's from " dubious" sources as Ebay because they are too lazy to check all Ebay listings with "FTDI" in their advertisement.
Great let all hobbieists unite and email their official FTDI dealer tomorrow to give them an official quote for those one, two or few FTDI chips and if they don,t hear an answer or denial for such quote within one day keep on repeating those emails. I wonder how much they will loose on all that paperwork.
If FTDI wants to do something that really will hurt those counterfeiters they should open up an official ebay store where everyone can buy few pieces of official ic's for decent prices with free shipping, only then will something happen.
Right, coz who buys the official item when they can get it a dollar cheaper elsewhere? FTDI want you to pressure the suppliers who sell fakes. Eventually those suppliers will give up because of the noise and stock only the real deal - FTDI win
Sounds a lot like the BS from freeloaders using 'backups' in their modded XBoxes and then got banned from XBLive. 'We restored the original firmware & still banned - no fair'
Sorry but this has nothing to do with freeloading. It is as if you buy a PC with Windows but it turns out it has is no valid Windows license. Microsoft notifies you of this issue politely and allows a grace period instead of reformatting your hard drive immediately.
You have had many years of grace period but still buy the fakes coz they are a buck cheaper - M$ give you 30 days iirc. You did nothing because you didn't have to - that's freeloading on FTDIs goodwill in my book
Oh, sounds like "If you insert this dvd in your drive, you accept the license and we can format your harddrive". On a text file on the DVD.
really ?
Last M$ disk I looked at had the words "Do not make illegal copies of this disk" printed on it. Doesn't mention lawyers and going to jail but those are the consequences if you ignore the friendly warning. "Do not use our drivers with knock off chips" - doesn't mention dead HW if you do but, hey! guess what? pfft, freetards, buy the real chips and pay the implicit license fee, how hard is that to understand? Maybe you think quality Windoze drivers (and M$ tax on drivers) grow on trees?
-
Guys we're all supposed to be techies in here. So far there has been debate as to whether FTDI did the right thing or not, talk of suing, very little talk of how to rectify the situation.
Unfortunately I don't have one of those problematic FTDI chips to play with but from past experience with FTDI, I doubt very much that the driver is able to actually kill the chip. Most of the feedback on this issue mentions that the VID/PID is reset to zero. This information is not held on the chip itself but on an attached EEPROM.
This means, and I'm only just guessing here, that the driver may try to update some EEPROM parameters and due to some incompatibility or difference between the real/fake FTDI chips, the fake ones fail to write the EEPROM correctly and it remains erased. This is just me guessing and giving FTDI the benefit of the doubt.
So continuing with my theory, since you can't kill the FTDI chip itself via software, this is just an issue of the EEPROM getting erased. The fix may simply be to disconnect the EEPROM SPI clock trace so that the fake chip cannot detect it, therefore reverting to the hard coded VID/PID which is the normal behaviour of a FTDI chip, whether real or fake.
FT232R* have internal eeprom and supposedly counterfeits have it too.
-
Yeah, this is completely unacceptable. And I wouldn't be surprised for a second if their magical counterfeit-detection code made a mistake and bricked a legit part.
I would have no issue with the driver failing or refusing to install or whatever, but physically damaging a product, counterfeit or not? No. Just no. It is not FTDIs job to police what I plug into my computer, and no EULA on their part is going to change that.
Going to write an exceedingly angry e-mail to them.
-
You mean something like real FTDI chips instead of Supereal Microelectronics chips with FTDI written on them?
I had a bunch of boards manufactured in China with fake Fairchild MOSFETS that didn't work - from that I should have concluded that Fairchild makes crap MOSFETs?
When purchasing swaps sources for parts, because "it's the same thing" and you start getting Field Failures, I strongly doubt your first question will be "is this Fairchild FET legit?"
-
Right, coz who buys the official item when they can get it a dollar cheaper elsewhere? FTDI want you to pressure the suppliers who sell fakes. Eventually those suppliers will give up because of the noise and stock only the real deal - FTDI win
Stop being a dick. The only thing FTDI accomplished here is that I'm not going to design any FTDI chips into anything in the future, fake or otherwise.
-
Right, coz who buys the official item when they can get it a dollar cheaper elsewhere? FTDI want you to pressure the suppliers who sell fakes. Eventually those suppliers will give up because of the noise and stock only the real deal - FTDI win
An individual can not pressure the suppliers at ebay. We can argue that it was a fake and claim our money back then they ask the product back and the end user can pay the shipping which is more then the price of the product so not going to happen. Result will be that no one is ever going to bet his money on buying any product that has an ftdi chip on it since you can not know if it is a fake or not?
So FTDI will go belly up. If that is winning in your scenario :P
-
Right, coz who buys the official item when they can get it a dollar cheaper elsewhere? FTDI want you to pressure the suppliers who sell fakes. Eventually those suppliers will give up because of the noise and stock only the real deal - FTDI win
Stop being a dick. The only thing FTDI accomplished here is that I'm not going to design any FTDI chips into anything in the future, fake or otherwise.
Oooh, I bet the multi-million dollar FTDI are terrified, you might go use a poor substitute in your next 'maker' project :S
Right, coz who buys the official item when they can get it a dollar cheaper elsewhere? FTDI want you to pressure the suppliers who sell fakes. Eventually those suppliers will give up because of the noise and stock only the real deal - FTDI win
An individual can not pressure the suppliers at ebay. We can argue that it was a fake and claim our money back then they ask the product back and the end user can pay the shipping which is more then the price of the product so not going to happen. Result will be that no one is ever going to bet his money on buying any product that has an ftdi chip on it since you can not know if it is a fake or not?
So FTDI will go belly up. If that is winning in your scenario :P
No, you can't pressure an ebay seller but if enough ppl stop buying/start returning/reporting his cloned shit then he's going to have to take notice - that's the point. Sure, there will be fallout and innocent victims, for that you have to blame the cheap swine who accepted his garbage when they _could_ save a buck - but not anymore
-
Oooh, I bet the multi-million dollar FTDI are terrified, you might go use a poor substitute in your next 'maker' project :S
Is there a minimum number of thread participants you have to bait to qualify for your weekly 4chan achievement?
Stop being a dick.
-
@kpr8:
Do you have the new driver installed ?
-
Sounds a lot like the BS from freeloaders using 'backups' in their modded XBoxes and then got banned from XBLive. 'We restored the original firmware & still banned - no fair'
Sorry but this has nothing to do with freeloading. It is as if you buy a PC with Windows but it turns out it has is no valid Windows license. Microsoft notifies you of this issue politely and allows a grace period instead of reformatting your hard drive immediately.
You have had many years of grace period but still buy the fakes coz they are a buck cheaper - M$ give you 30 days iirc. You did nothing because you didn't have to - that's freeloading on FTDIs goodwill in my book
Not many years. I just got the boards a couple of weeks ago and the chips look like the genuine ones even under a magnifier. As I wrote before I have the genuine parts in stock so I put them side by side. Either way there is no freeloading by me. I bought a product in good faith and spend two hours figuring out why the boards (suddenly) didn't work after being used on a Windows machine. If the FTDI driver had prompted me that the chips on the board where fake and therefore could not be used I would not have needed to spend to hours trying to figure out what is wrong.
-
No, you can't pressure an ebay seller but if enough ppl stop buying/start returning/reporting his cloned shit then he's going to have to take notice
Oh they are going to take notice and so will FTDI because nobody will ever order anything on ebay with the name FTDI in it ever again.
-
@kpr8:
Do you have the new driver installed ?
Sure, and I use legitimate FTDI parts & so I have 0 issues (actually I use Linux so it's a non-issue)
To be clear, I am trolling you. BUT the fact remains this is a problem that the 'build it cheap in China' movement has brought on it's own head. A couple of dozen butt-hurt makers isn't going to make a fig of difference to FTDI and if you think otherwise then you're a fool
Yeah, this is a good old fashioned internet flame war - bring it! >:D
-
Sounds a lot like the BS from freeloaders using 'backups' in their modded XBoxes and then got banned from XBLive. 'We restored the original firmware & still banned - no fair'
Sorry but this has nothing to do with freeloading. It is as if you buy a PC with Windows but it turns out it has is no valid Windows license. Microsoft notifies you of this issue politely and allows a grace period instead of reformatting your hard drive immediately.
You have had many years of grace period but still buy the fakes coz they are a buck cheaper - M$ give you 30 days iirc. You did nothing because you didn't have to - that's freeloading on FTDIs goodwill in my book
Not many years. I just got the boards a couple of weeks ago and the chips look like the genuine ones even under a magnifier. As I wrote before I have the genuine parts in stock so I put them side by side. Either way there is no freeloading by me. I bought a product in good faith and spend two hours figuring out why the boards (suddenly) didn't work after being used on a Windows machine. If the FTDI driver had prompted me that the chips on the board where fake and therefore could not be used I would not have needed to spend to hours trying to figure out what is wrong.
You're a victiim of other peoples willingness to accept clones. Sorry dude, you have my sympathy
-
its not just 'makers'. I am seeing a lot of design (product) engineers steer away from ftdi just to avoid any RISK of having this hit them. unless you are a huge company, you cannot micromanage your offshore board builders. sure, you spec in a real ftdi part; but the pcb makers who stuff your board will do what they want and unless you have a man on the ground, there, 7x24, you cannot be sure some fakes won't slip into the supply.
so, what do you do? not take any risks. dont' design for ftdi and use another serial/usb chip.
hell, I would do that if I was in a large company. this will stay in my mind for years and if I am asked to do a design review (it happens..) and I see ftdi in there, I will certainly speak up. whether my voice is heard or respected, I can't say, but I will certainly raise the issue. why even take a chance that it will backfire and your own company will get blamed? who wants angry customers? best to just avoid ftdi in all designs, from now on. sure, they are great chips, but I would not want even one angry customer who blames ME for this.
would be interesting to see how this affects ftdi in the long run. wish we could get numbers on their sales and watch it over time ;) I'm very sure that their bottom line will suffer from this; they are just too pig-headed to get that fact; but they WILL see it, later on.
this forum has hobbiests and actual product engineers. from my read on the comments here, not one single product engineers WANTS to take risks on this subject. can you 100% be sure that your board stuffers won't go rogue and sub a fake chip? do you want to bet your company's rep on it?
-
You know what I would like to know? Up to what level in management of FTDI this "feature" in the driver software was sanctioned. For all we know this shitstorm ends up in the press and next monday the responsible FTDI engineer and supervisor who thought this was a clever idea are fired with a new software driver on the way. Reputation damage is already done.
-
Putting on a TFH, I would not be surprised if KRP8 is not a Social Media Damage Control expert/consultant. FTDI Chip makes an account and makes a single post; the board blasts them, so then comes in a new guy with no prior posts to call everyone who whines something along the lines of "negligible slime."
-
Not one profi 'product' engineer would accept the risk - instead they will get onto their sourcing team make damn sure the chips are legit.
That's the point
Go FTDI! It's about time someone made a stand. FTDI have been delivering innovative & quality products for years and deserve to be rewarded for their efforts. If they don't get paid then YOU don't get new parts to play with (have you checked out the FT800/1 parts? freaking awesome)
I say there should be a fair return on investment & IP companies should get paid for their work (even if it offends the freetards and 'makers' who are used to getting stuff for free)
The alternative is we end up stuck with shitty devices at high prices. Go figure
Love, your local neighbourhood troll
-
@kpr8:
Do you have the new driver installed ?
Sure, and I use legitimate FTDI parts & so I have 0 issues (actually I use Linux so it's a non-issue)
To be clear, I am trolling you. BUT the fact remains this is a problem that the 'build it cheap in China' movement has brought on it's own head. A couple of dozen butt-hurt makers isn't going to make a fig of difference to FTDI and if you think otherwise then you're a fool
Yeah, this is a good old fashioned internet flame war - bring it! >:D
Hehe, here is yout fish <°))))><
Maybee you're right, but who do you think is developing all this professional hardware shit ? Many of them are hobbyists that makes a job out of their hobby. And what will they use ? The parts that they know, the parts that they used at home too.
Who would use windows if there wasn't years where M$ never done anything against piracy on private pc's ?
-
You know what I would like to know? Up to what level in management of FTDI this "feature" in the driver software was sanctioned. For all we know this shitstorm ends up in the press and next monday the responsible FTDI engineer and supervisor who thought this was a clever idea are fired with a new software driver on the way. Reputation damage is already done.
It doesn't matter, the only time people up the top "Didn't know about this until I saw it on TV" get away with this is if they're government. If it's a corporation of any kind, the guys at the top will be taken to the ringer just the same (as they should).
-
Putting on a TFH, I would not be surprised if KRP8 is not a Social Media Damage Control expert/consultant. FTDI Chip makes an account and makes a single post; the board blasts them, so then comes in a new guy with no prior posts to call everyone who whines something along the lines of "negligible slime."
Nope, I'm an embedded engineer with 20+ years experience and a jaundiced view. You may even have heard of me in the hacking sceen
-
.. You may even have heard of me in the hacking sceen
First sign that someone is not, is when they make claims of what they are of this kind.
In your 20 years of embedded, was the end user Consumer or Sci/Ind?
-
Go FTDI! It's about time someone made a stand. FTDI have been delivering innovative & quality products for years and deserve to be rewarded for their efforts. If they don't get paid then YOU don't get new parts to play with (have you checked out the FT800/1 parts? freaking awesome)
Oh I must say, the chinese copies works very well too :D
-
Hehe, here is yout fish <°))))><
Maybee you're right, but who do you think is developing all this professional hardware shit ? Many of them are hobbyists that makes a job out of their hobby. And what will they use ? The parts that they know, the parts that they used at home too.
Who would use windows if there wasn't years where M$ never done anything against piracy on private pc's ?
And many thanks ofr the fish. The thing is, FTDI (and others) deliver quality parts for use by industry. They help out the hobbyist scene by delivering hobby friendly parts - When the FT232 was first released there was a a DIP adapter board for 10 - 20 GBP (cant remember the exact price) available to everyone direct from FTDI. I used a bunch of these for various projects
We, the community, have repaid FTDI by gleefully buying shitty clones from China (even if we 'didnt know') for a buck less, then we start a shitstorm because FTDi protect themselves? Piss poor IMHO
Want new, innovative, exciting devices? Pay the fricking price & be grateful.
Troll
-
.. You may even have heard of me in the hacking sceen
First sign that someone is not, is when they make claims of what they are of this kind.
In your 20 years of embedded, was the end user Consumer or Sci/Ind?
well, I sure havent heard of you
Your troll is eating - brb
-
And many thanks ofr the fish. The thing is, FTDI (and others) deliver quality parts for use by industry. They help out the hobbyist scene by delivering hobby friendly parts - When the FT232 was first released there was a a DIP adapter board for 10 - 20 GBP (cant remember the exact price) available to everyone direct from FTDI. I used a bunch of these for various projects
We, the community, have repaid FTDI by gleefully buying shitty clones from China (even if we 'didnt know') for a buck less, then we start a shitstorm because FTDi protect themselves? Piss poor IMHO
We don't start a shitstorm because FTDI protect themselves. They can't protect them in this way (Chinese are like the Borg, they will adapt). We start a shitstorm because we don't like the way how they try to protect themsselves. Maybee with a warning message and the move not to VID 0000 (i read that there are some issues to run a driver on some OS at 0000) but to FFFF, this could be another thing....
-
Again
-FTDI have no chance of combating Chinese cloners
-If the driver displayed a message box, 99.9% of users would click cancel and ignore it
FTDI have delivered innovative products that have enabled the maker community. You have your knickers in a bunch because they ar eprotecting their IP. If they didn't protect themsellves there would be NO MORE new FTDI products and that would SUCK FOR EVERYONE
Too bad if you got burned in the short term, in the long term you will win
Want to complain? Go after the cloners and resellers, tell them how pissed you are
-
If the driver recognizes that it is not a real ftdi chip it should not work plain and simple. Maybe a message ox why it does not work and contact your seller or something similar but i agree that the ftdi driver should not work with the fake chip.
-
If the driver recognizes that it is not a real ftdi chip it should not work plain and simple. Maybe a message ox why it does not work and contact your seller or something similar but i agree that the ftdi driver should not work with the fake chip.
And in the Chinglish instruction manual - step 3: click 'ignore' when whiny driver complains your product is a fake :S
If you guys really want to make a difference then why not start a white/blacklist of resellers?
10 pages of complaining and only 1 or 2 ppl posting who has fake/legit parts. sheesh
-
FTDI have delivered innovative products that have enabled the maker community.
Just admit you are hired by FTDI for social media damage control. You have repeated this marketing buzz-words collection several times now. It doesn't work on engineers.
-
I really think Dave should make a short video on this.
-
FTDI have delivered innovative products that have enabled the maker community.
Just admit you are hired by FTDI for social media damage control. You have repeated this marketing buzz-words collection several times now. It doesn't work on engineers.
Haha no this guy is just a troll as he already stated. If he was hired for damage control he would not have added so much oil on the fire.
Lets all just email our local official FTDI for an quote for two chips and keep continuing till they ship it or go belly up.
-
Again
-FTDI have no chance of combating Chinese cloners
-If the driver displayed a message box, 99.9% of users would click cancel and ignore it
FTDI have delivered innovative products that have enabled the maker community. You have your knickers in a bunch because they ar eprotecting their IP. If they didn't protect themsellves there would be NO MORE new FTDI products and that would SUCK FOR EVERYONE
Too bad if you got burned in the short term, in the long term you will win
Want to complain? Go after the cloners and resellers, tell them how pissed you are
Okay, its a good idea to destroy the reputation of a own product to destroy the market of clones. It's just like chemo therapie....
:-DD
-
its not just 'makers'. I am seeing a lot of design (product) engineers steer away from ftdi just to avoid any RISK of having this hit them. unless you are a huge company, you cannot micromanage your offshore board builders. sure, you spec in a real ftdi part; but the pcb makers who stuff your board will do what they want and unless you have a man on the ground, there, 7x24, you cannot be sure some fakes won't slip into the supply.
But any part in your design could be substituted with a fake. What makes the FTDI part so special, besides getting immediate and visiable feedback that it's broken?
-
It's not the first time. For example segger can damage counterfeit products of their own. You can get them to work again by reflashing.
-
When the FTDI driver is installed you are agreeing the terms of use of FTDI`s device. Please note that FTDI`s driver licence agreement will be broken if used with counterfeit devices.
:)
FTDI is violating German law by modifying clones to be unusable. It's an offence. It doesn't matter if that is stated in a licence agreement or whatever paper (it's simply invalid). You should have asked you lawyers first. :palm:
-
its not just 'makers'. I am seeing a lot of design (product) engineers steer away from ftdi just to avoid any RISK of having this hit them. unless you are a huge company, you cannot micromanage your offshore board builders. sure, you spec in a real ftdi part; but the pcb makers who stuff your board will do what they want and unless you have a man on the ground, there, 7x24, you cannot be sure some fakes won't slip into the supply.
But any part in your design could be substituted with a fake. What makes the FTDI part so special, besides getting immediate and visiable feedback that it's broken?
To me it is the possibility that even with a legit FTDI chip, an error in the driver can brick their own chips. I'm putting something in my product that won't get disabled if the checks pass. It is a risk, for zero gain for me. I'm not taking a risk just for FTDI's gain.
-
FTDI have delivered innovative products that have enabled the maker community.
Just admit you are hired by FTDI for social media damage control. You have repeated this marketing buzz-words collection several times now. It doesn't work on engineers.
If I was I imagine I would get fired for saying: "Fucking freetard, neckbeard, makers can't see beyond the end of their noses"
So, here it is: You fucking freetard, neckbeard, makers can't see beyond the end of your noses. Not seen any evidence you are engineers either. Will that convince you?
Troll x
AHAHAHAHAHHAA.....okay, I think we should add 10 more pages to this thread, then it looks like a real big discussion and maybee FTDI pays you and maybee they change their driver too....
-
But any part in your design could be substituted with a fake. What makes the FTDI part so special, besides getting immediate and visiable feedback that it's broken?
FTDI parts are especially attractive to cloners - relatively expensive and easy to clone with lots of brand recognition
-
Time to sell FTDI stock if you have any.
-
Time to sell FTDI stock if you have any.
Y, but let's face it, you don't (or any other asset - emphasis on the ass - for that matter).
-
Okay, its a good idea to destroy the reputation of a own product to destroy the market of clones. It's just like chemo therapie....
:-DD
Oooooh, the 'makers' are pissed :S
No, I'm amused. I like your trolling, its better than viewing TV this evening.
-
There is a strong flavour of 'the walking dead' in here....
-
its not just 'makers'. I am seeing a lot of design (product) engineers steer away from ftdi just to avoid any RISK of having this hit them. unless you are a huge company, you cannot micromanage your offshore board builders. sure, you spec in a real ftdi part; but the pcb makers who stuff your board will do what they want and unless you have a man on the ground, there, 7x24, you cannot be sure some fakes won't slip into the supply.
But any part in your design could be substituted with a fake. What makes the FTDI part so special, besides getting immediate and visiable feedback that it's broken?
my point is that ftdi has shown themselves to be TOO self-serving, to the point of being caustic and dangerous.
companies, once proven that they act irresponsibly (to this level) would get blacklisted and never trusted again. and if anyone else did this, their chips would also get blacklisted at the design level. why even chance using parts from a company who treats their CUSTOMERS as 'disposable'?
-
Oooooh, the 'makers' are pissed :S
Snooooore. ::) You keep recycling your inflamatory attempts. Come on, either troll properly or not at all. Not this haphazard faffing about.
Oh oh oh! An ass related ad hominem. Barely servicable, but I guess it'll have to do for now.
Alright, who's in charge of troll procurement? We seem to have gotten an inferior batch this week. :'(
-
No, I'm amused. I like your trolling, its better than viewing TV this evening.
Mmmh, okay-ish I suppose. I've seen better. But it's not the worst, I agree.
-
There is a strong flavour of 'the walking dead' in here....
Do you mean FTDI or the bricked clones ? :-DD
P.S.:F**k, I don't find the zombie-smiley...
-
I have read every message here. I have decided, as have others, to not buy anything that is or claims to be an FTDI product. I as an end use have no way of knowing if I am buying a genuine item embedded in a product. In some countries at least, I am sure that this activity by FTDI is illegal. Do I care about legality? Sometimes, but usually not as the legal system is set up to benefit those who have the most money to lobby the law makers.
Do I care about morality? Yes. Morality means doing no harm to others if at all possible and doing no harm to any innocent parties in any way. FTDI has stepped over that line. They harm those who are innocent and the guilty parties still get to sell their products. The counterfeiters are definitely in the wrong but effectively destroying the end user's device is just plain wrong. Disable the device driver? No problem. Inform the end user? No problem. You can't punish the end user just because the thieves are in a place where you can't punish them. If someone is knowingly using counterfeit parts or items, too bad for them.
But the end point is that FTDI has shot themselves in the foot. Legal and moral issues aside this is a disastrous move. The unwashed masses know nothing of what this really means and have no idea what they can do to fix any problems this might cause them. What will they do? They will do the only thing that is easy to understand. They will avoid all and any FTDI based or claimed products because NO ONE can be sure they will not buy a fake and then have a useless device. This is an example of lawyers being the usual idiots they are. I will make sure anything I buy is claimed to not have any FTDI products inside. It is just a matter of practicality, not legal nor moral at this point.
-
Damn, I am forced to admit it, I am a fake Chinese clone troll. But this just reinforces my argument. If you want new, innovative trolling then you should buy your trolls from the original manufacturer.
Edit: No, a driver update won't get rid of me :D
-
I have read every message here. I have decided, as have others, to not buy anything that is or claims to be an FTDI product. I as an end use have no way of knowing if I am buying a genuine item embedded in a product. Legall, in some countries at least, I am sur ehtta this activity by FTDI is illegal. Do I care about legality? Sometimes, but usually not as the legal system is set up to benefit those who have the most money to lobby the law makers.
Do I care about morality? Yes. Morality to means doing no harm to others if at all possible and doing no harm to any innocent parties in any way. FTDI has stepped over that line. They harm those who are innocent and the guilty parties still get to sell their products. The counterfeiters are definitely in the wrong but effectively destroying the end user's device is just plain wrong. Disable the device driver? No problem. Inform the end user? No problem. You can't punish the end user just because the thieves are in a place you can't punish them. If someone is knowingly using counterfeit parts or items, too bad for them.
But the end point is that FTDI has shot themselves in the foot. Legal and moral issues aside this is a disastrous move. The unwashed masses know nothing of what this really means and have no idea what they can do to fix any problems this might cause them. What will they do? They will do the only thing that is easy to understand. They will avoid all and any FTDI based or claimed products because NO ONE can be sure they will not buy a fake and then have a useless device. This is an example of lawyers being the usual idiots they are. Buy FTDI. I will make sure anything I buy is claimed to not have any FTDI products inside. It is just a matter of practicality, not legal nor moral at this point.
Another pissed off maker, no one's going to care if you don't by another 10 chips..... Blah, lawyers, blah, take my business elsewhere, blah, I want the benefit without rewarding the creators of the IP ....
Fake troll
This user has been banned - no more reports please
-
this forum needs a 'genuine troll' test and if the troll does not seem real, his ip addr gets set to all zeroes.
(#include "notsureifserious.jpg")
-
But any part in your design could be substituted with a fake. What makes the FTDI part so special, besides getting immediate and visiable feedback that it's broken?
FTDI parts are especially attractive to cloners - relatively expensive and easy to clone with lots of brand recognition
And part of their good reputation was that they always worked. Where chips like like the prolific pl2303
only worked half the time, because they kept changing drivers to combat fakes
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
-
Sort of like a Captcha for trolls.... "Enter your inflammatory opinion in this box"
-
The actions of issuing something that is labelled as a driver update which carries out
unauthorised modification of firmware on a computer device could well be a
violation of Section 3 of the Computer Misuse Act:
http://www.legislation.gov.uk/ukpga/1990/18/section/3 (http://www.legislation.gov.uk/ukpga/1990/18/section/3)
As FTDI are a UK based company, they could well be in the shit as they've
pretty much admitted to doing it willfully, on Twitter.
FTDI, I know you're monitoring, so sort out your shit out otherwise I'll have
to put different devices in my products. Yes, I buy direct from FTDI so I'm
not even complaining this is burning me but I'm just not interested in doing
business with a corporation who behaves this way.
-
Damn, I am forced to admit it, I am a fake Chinese clone troll. But this just reinforces my argument. If you want new, innovative trolling then you should buy your trolls from the original manufacturer.
Oh, I knew it all along ! You want to troll FTDI with claiming that you're payd from FTDI to troll us as a fake chinese clone troll....or fake FTDI troll clone ? Wait.....fuck...no I don't know what I shall think..... :D
hmm....okay I try the patched linux driver.... :P
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
Sure you do, buy them form a reputable reseller and not from 'dodgy chips r us' coz you want to save a buck - simples :D
Knock off troll
-
I'm looking forward to a video from Dave on this one! :D
No more FTDI-cables and chips from now on, I heard prolific and silabs among others has alternatives.
-
The actions of issuing something that is labelled as a driver update which carries out
unauthorised modification of firmware on a computer device could well be a
violation of Section 3 of the Computer Misuse Act:
http://www.legislation.gov.uk/ukpga/1990/18/section/3 (http://www.legislation.gov.uk/ukpga/1990/18/section/3)
Or Criminal damage - seems like there is a deliberate intent to cause damage. The lwarning-in-the-license argument is null & void if it came with a Windows Update.
Maybe someone should ask Microsoft for their view on this....
-
Time to sell FTDI stock if you have any.
And shares O0
-
The actions of issuing something that is labelled as a driver update which carries out
unauthorised modification of firmware on a computer device could well be a
violation of Section 3 of the Computer Misuse Act:
http://www.legislation.gov.uk/ukpga/1990/18/section/3 (http://www.legislation.gov.uk/ukpga/1990/18/section/3)
As FTDI are a UK based company, they could well be in the shit as they've
pretty much admitted to doing it willfully, on Twitter.
FTDI, I know you're monitoring, so sort out your shit out otherwise I'll have
to put different devices in my products. Yes, I buy direct from FTDI so I'm
not even complaining this is burning me but I'm just not interested in doing
business with a corporation who behaves this way.
Butt hurt maker with aspirations to be a lawyer! Woot, double troll points. No one cares, fuckwit
Oh, I knew it all along ! You want to troll FTDI with claiming that you're payd from FTDI to troll us as a fake chinese clone troll....or fake FTDI troll clone ? Wait.....fuck...no I don't know what I shall think..... :D
:D
-
Has anyone figured out what the driver does exactly? Does it do some magic to detect the fake chip, and then set the PID to 0? Or does it attempt to set the PID to 0, and that then fails on a real FTDI chip but works on a clone?
-
Hey,
why no one write a virus that sets the vids of all FTDI and clone chips to 0000 ??? :D
I'm sure that will be a giant chaos...MUAHAHHAAHAHAHAHAHAH.....
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
I think that oscilloscope on usb lines probably would do. As the fake chip might even not have a proper USB hardware, rise times might be quiet different. Also there could be a lot of jitter. Measuring current consumption would tell a lot too.
-
FTDI have just killed their own business, here is why.
It doesn't matter what a few makers think but suddenly thousands of consumers are going to end up with a duff device. If it is under warranty they will expect a replacement and if not they are likely to complain and be reluctant to buy that vendors products again.
The vendor is enraged that they have to pick up the tab here and it is clearly FTDI who is at fault fur pulling such a stunt. In order not to get burnt by such a stupid stunt the vendor avoids putting FTDI chips in future products.
Don't forget to switch the lights off when you leave FTDI
-
No more FTDI-cables and chips from now on, I heard prolific and silabs among others has alternatives.
Er, Prolific were up to similar tricks, albeit less destructive. Just bluescreens IIRC.
I think the way forward here might be an open source firmware for a USB equiped microcontroller.
-
Has anyone figured out what the driver does exactly? Does it do some magic to detect the fake chip, and then set the PID to 0? Or does it attempt to set the PID to 0, and that then fails on a real FTDI chip but works on a clone?
Hope he does a video about it.. perfect chance to use the USB protocol analyzer ;-)
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
But again, if your assembly house has a habit of slipping in parts sourced outside the supply chain, any part could be a fake. If you don't have the processes in place to either prevent it from happening, or catching it when it does, you're still screwed. Just hoping that the fakes perform close enough to the real thing is a terrible way of doing business.
On another note, I'm surprised the clone makers bothered to emulate the EEPROM functionality. Most products seem to use the default VID/PID.
I think the way forward here might be an open source firmware for a USB equiped microcontroller.
The usual USB vendor ID and driver signing requirements makes this a non-starter.
-
Hahahah, good luck proving cockup vs conspiracy. You did reverse the driver and found evidence of intent right?
I don't need to. They pretty much admitted to doing it willfully on Twitter.
Also, if you read the CMA, it doesn't need "Intent". It can also apply to "recklessness".
-
Okay, its a good idea to destroy the reputation of a own product to destroy the market of clones. It's just like chemo therapie....
:-DD
Sorry, in what way exactly is this like chemotherapy?
Lightages sums up my feelings well on the subject - I can honestly say that I will not now, knowingly, buy a product which claims to be an FTDI one because I cannot easily know whether I will get the genuine article. If the FTDI driver bricks it I can send it back and get (some of) my money back but why would I risk the hassle. I can see why they did this but it's totally a pyrrhic victory.
Oh and why is everyone assuming that the user would have the option of clicking "ignore" and the driver working anyway - surely you would inform the user "sorry the chip is not genuine" and just refuse to work after that.
OK, the savvy user will go back to an old version but to sabotage the hardware so that no driver will work with it - including the Linux ones - is just plain wrong.
This thread is currently going at ~100 views / minute.
I wonder if anyone from FTDI is following it, because it's the story of how people stopped using FTDI chips.
A new user called FTDI chip has already posted in this thread. FTDI don't care if people stop using clones of their chips.
They popped up and made one post, then disappeared (perhaps wisely).
-
People assume that only hobbyists read and post here.
I'm responsible for the hardware designs of a company that sells hundreds of thousands of units per year.
I weekly see distributors and the reps of various chip manufacturers.
And I can tell you, there is no f***** way I'm going to let any FTDI chip enter our new designs anytime soon.
Why ? Here's why :
- Assume a distributor sells us 100K chips. Turns out they are fake, but we don't notice it right away and we produce boards with them. Remember, counterfeit parts have been found even in military devices, so don't expect normal companies to have 100% sure supply chains !
- A few months later, FTDI updates it driver to brick the devices.
- We start getting RMAs and find out it's because of the FTDI driver
I can tell you our lawyers are going to have lots of fun in court if this is to happen.
FTDI cannot expect people to buy only from their "authorized" distributers. This is a free market.
So I'm not going to take the risk of this happening and I'll switch to another manufacturer. Simple as that.
I have absolutely no way to be absolutely sure I haven't been sold a fake. So I cannot take the risk.
I can also tell you I will send an e-mail tomorrow to our FTDI distributor asking for an explanation of the situation.
I hope this will be a nice example to others companies of what can happen if you engage in that sort of "fighting".
-
Hahahah, good luck proving cockup vs conspiracy. You did reverse the driver and found evidence of intent right?
I don't need to. They pretty much admitted to doing it willfully on Twitter.
Also, if you read the CMA, it doesn't need "Intent". It can also apply to "recklessness".
I guess the answer would be: We didn't test with clone XXX true, but guess what? It stopped working, who knew that would happen? Bummer and now all the cheap ass makers are pissed. Better issue a profit warning coz sales will be down by, oooohh, 100s of units next year
Good luck
-
Does anyone have more details on this - which driver versions zero out the PID, which ones don't?
Maybe some USB packet traces using http://wiki.wireshark.org/CaptureSetup/USB, (http://wiki.wireshark.org/CaptureSetup/USB,) to compare communications with counterfeit and genuine chips?
Thanks
-
FTDI have just killed their own business, here is why.
<snip>
The vendor is enraged that they have to pick up the tab here and it is clearly FTDI who is at fault fur pulling such a stunt. In order not to get burnt by such a stupid stunt the vendor avoids putting FTDI chips in future products.
Some of the logic in this thread is astounding. The only vendors going to be burnt by this are the ones that were already avoiding putting genuine FTDI chips in their products.
-
I'm responsible for the hardware designs of a company that sells hundreds of thousands of units per year.
I weekly see distributors and the reps of various chip manufacturers.
Seems unlikely
I can tell you our lawyers are going to have lots of fun in court if this is to happen.
Well, they will send you a big bill anyway
I have absolutely no way to be absolutely sure I haven't been sold a fake. So I cannot take the risk.
Erm, buy from FTDI China?
I can also tell you I will send an e-mail tomorrow to our FTDI distributor asking for an explanation of the situation.
Get help with the grammar
Trolley
-
Okay, its a good idea to destroy the reputation of a own product to destroy the market of clones. It's just like chemo therapie....
:-DD
Sorry, in what way exactly is this like chemotherapy?
Thats simple. Destroy a body with poison and hope that the cancer cells die before the rest of the body. Destroy the reputation of a manufacturer to the point never want to buy from it, and hope the clone makers don't are interested again....
Do I mentioned that chemo therapie isn't a really good method to fight cancer ?
-
I see a new meme coming out of this:
"it was working yesterday. hmmm. maybe the vendor FTDI'd me via a windows update..."
;)
FTDI (verb):
1) to willingly destroy end-user's hardware in an attempt to teach said user a lesson.
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
I think that oscilloscope on usb lines probably would do. As the fake chip might even not have a proper USB hardware, rise times might be quiet different. Also there could be a lot of jitter. Measuring current consumption would tell a lot too.
The fakes chip is probably use some kind of usb microcontroller, there will be no difference on the USB lines
Any difference in the current consumption could easily drown in what ever else is on the board, LEDs etc.
-
Hmmm, there might be a quick buck in this. I'll have to place an add in tomorrows paper "Has one of your USB devices suddenly stopped working?" >:D
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
I think that oscilloscope on usb lines probably would do. As the fake chip might even not have a proper USB hardware, rise times might be quiet different. Also there could be a lot of jitter. Measuring current consumption would tell a lot too.
The fakes chip is probably use some kind of usb microcontroller, there will be no difference on the USB lines
Any difference in the current consumption could easily drown in what ever else is on the board, LEDs etc.
Maybee we could wieght it. It worked with the chinese wlan equiped flatirons :D
-
"if this ftdi chip weighs as much as a duck ...."
(lol)
-
hey kpr8 !
Do you fear that FTDI can't pay you tomorrow because of lawyer problems ?
-
I have read every message here. I have decided, as have others, to not buy anything that is or claims to be an FTDI product. I as an end use have no way of knowing if I am buying a genuine item embedded in a product. Legall, in some countries at least, I am sur ehtta this activity by FTDI is illegal. Do I care about legality? Sometimes, but usually not as the legal system is set up to benefit those who have the most money to lobby the law makers.
Do I care about morality? Yes. Morality to means doing no harm to others if at all possible and doing no harm to any innocent parties in any way. FTDI has stepped over that line. They harm those who are innocent and the guilty parties still get to sell their products. The counterfeiters are definitely in the wrong but effectively destroying the end user's device is just plain wrong. Disable the device driver? No problem. Inform the end user? No problem. You can't punish the end user just because the thieves are in a place you can't punish them. If someone is knowingly using counterfeit parts or items, too bad for them.
But the end point is that FTDI has shot themselves in the foot. Legal and moral issues aside this is a disastrous move. The unwashed masses know nothing of what this really means and have no idea what they can do to fix any problems this might cause them. What will they do? They will do the only thing that is easy to understand. They will avoid all and any FTDI based or claimed products because NO ONE can be sure they will not buy a fake and then have a useless device. This is an example of lawyers being the usual idiots they are. Buy FTDI. I will make sure anything I buy is claimed to not have any FTDI products inside. It is just a matter of practicality, not legal nor moral at this point.
Another pissed off maker, no one's going to care if you don't by another 10 chips..... Blah, lawyers, blah, take my business elsewhere, blah, I want the benefit without rewarding the creators of the IP ....
Fake troll
I won't insult you if you don't insult me. Fake troll? WTF?
-
Dont know what you're talking about? Not sure what's going on? Don't let that stop you! Pop down to your local Internet forum and have a 'reckon'
USB hosts don't have anyway to measure current consumption. At the risk of being an idiot I am going to have a 'reckon' that there is a vendor specific command to set the VID and genuine FTDI parts (as approved by Jesus and Steve Jobs) ignore cmds with a VID of 0000
-
"if this ftdi chip weighs as much as a duck ...."
(lol)
"... then a little chineses people is puttet in."
-
hey kpr8 !
Do you fear that FTDI can't pay you tomorrow because of lawyer problems ?
I'm cheap, just like a good Chinese clone
I won't insult you if you don't insult me. Fake troll? WTF?
You insult my sense of fair play & justice. That is enough to make you the target of my fearsome trolling powers
Trollster
-
hey kpr8 !
Do you fear that FTDI can't pay you tomorrow because of lawyer problems ?
I'm cheap, just like a good Chinese clone
Trollster
Oh, okay, I understand. FTDI is so down that they can't buy more than you. And I hoped to get a big chinese troll army...
-
Y, I just heard the 'makers' over at hackaday are boycotting FTDI and now sales are down by 10, possibly 11 chips this year so they had to fire their marketing dept. Sorry Internet you will have to make do with me
T
-
Y, I just heard the 'makers' over at hackaday are boycotting FTDI and now sales are down by 10, possibly 11 chips this year so they had to fire their marketing dept. Sorry Internet you will have to make do with me
T
:-DD
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
I think that oscilloscope on usb lines probably would do. As the fake chip might even not have a proper USB hardware, rise times might be quiet different. Also there could be a lot of jitter. Measuring current consumption would tell a lot too.
The fakes chip is probably use some kind of usb microcontroller, there will be no difference on the USB lines
Any difference in the current consumption could easily drown in what ever else is on the board, LEDs etc.
Are you so sure that there won't be difference. As I played with usb, even signal from different usb controllers within the same motherboard looked noticeably different (low an full speed). As this is not high speed USB, there shouldn't be any issue to test it. As of LEDs and else on the board. This is not about testing already made devices but screening incoming parts on the test jig/breakout board.
-
I am sorry I reacted to this. KPR8 has joined only to comment on this thread and has posted nowhere else. Sorry for feeding him.
-
how long before real virus writers latch onto this idea and brick REAL ftdi chips?
I am betting it will happen. just a matter of when.
actually, I've never had a virus break hardware. but it seems I have had legit companies brick hardware that they had no rights to..
willful destruction of other peoples' property. really hard to believe ftdi didn't check their legal dept before pulling this boner of a stunt.
if I did own ftdi stock, I'd be selling it all now.
-
Seems unlikely
Based on what ?
I only wanted to highlight that not only hobbyists are present on this forum.
I can tell you our lawyers are going to have lots of fun in court if this is to happen.
Well, they will send you a big bill anyway
Probably lower than replacing 100K devices. If what I described happens, we'll try to get FTDI pay for the devices they bricked.
I have absolutely no way to be absolutely sure I haven't been sold a fake. So I cannot take the risk.
Erm, buy from FTDI China?
http://www.dailymail.co.uk/news/article-2148527/Flood-counterfeit-parts-China-used-U-S-military-gear--compromise-national-security-raise-defence-costs.html (http://www.dailymail.co.uk/news/article-2148527/Flood-counterfeit-parts-China-used-U-S-military-gear--compromise-national-security-raise-defence-costs.html)
If the military can't protect themselves from counterfeit parts, I can't be sure I'm protected too.
I do not have any way to know where the parts come from, apart from trusting my distributors.
I can also tell you I will send an e-mail tomorrow to our FTDI distributor asking for an explanation of the situation.
Get help with the grammar
The fact that I'm not an english speaker does not remove my ability to contribute to this forum.
It is really a pity you attack me on the grammar.
Trolley
My posts adds more value than yours. Get a life.
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
I think that oscilloscope on usb lines probably would do. As the fake chip might even not have a proper USB hardware, rise times might be quiet different. Also there could be a lot of jitter. Measuring current consumption would tell a lot too.
The fakes chip is probably use some kind of usb microcontroller, there will be no difference on the USB lines
Any difference in the current consumption could easily drown in what ever else is on the board, LEDs etc.
Are you so sure that there won't be difference. As I played with usb, even signal from different usb controllers within the same motherboard looked noticeably different (low an full speed). As this is not high speed USB, there shouldn't be any issue to test it. As of LEDs and else on the board. This is not about testing already made devices but screening incoming parts on the test jig/breakout board.
If the FTDI driver can detect fake chips, then a test jig can likely use the same method and do it without going low level (electrical characteristics.)
-
I reported this to Microsoft via their security vulnerability channels (figuring that a driver that intentionally bricked hardware, and shipped through Windows Update, constituted a security vulnerability).
Anyway, after some initial shenanigans (https://news.ycombinator.com/item?id=8495716) I got through to their security folks who were very helpful. Apparently they don't consider it a security problem, but they're aware of it and are investigating already. I hope they're going to come down on FTDI like a ton of bricks for this. Especially as end-users will blame Microsoft: "I had a working device, then Windows Update ran, and now it's dead, and it's out of warranty ... "
-
how long before real virus writers latch onto this idea and brick REAL ftdi chips?
Hey that was my idea some pages ago !! ;P
-
So has anyone actually identified the Windows Update that introduced the updated driver?
Seems to me that removing this should restore the previous driver preventing the issue- has anyone tested this?
-
If the FTDI driver can detect fake chips, then a test jig can likely use the same method and do it without going low level (electrical characteristics.)
Realistically a company is not going to modify its production test jigs to check for the authenticity of the parts they use, especially because they may not know they are being shipped counterfeit parts until it's too late (= driver modification bricking the chips). You can't detect something you are not looking for.
What FTDI did is nonsense.
-
I'm still hoping that someone has a link to the last GOOD ftdi driver. I'd like to capture it and save it, plus blacklist the MS patch so that it won't ever happen on any other windows box I admin, ever again.
if someone who has a windows background could create a simple .bat file that will blacklist/block this particular windows update, that would be a great service to us all.
-
I wonder if this is the "revenge shot" of a dead/dieing company. I dunno. It seems like more and more companies are abandoning hardware production as theres just no money in it with chinese slave labor being what it is.
-
Just seen this, I have a iTead FOCA and all it does is spitting out <0>'s in the terminal program, got me puzzled about how I was failing so bad in the UART code of the MCU, turned out to be a fake chip and recent drivers(this happened more than a month ago).
-
Seems unlikely
Based on what ?
I only wanted to highlight that not only hobbyists are present on this forum.
Experience
I can tell you our lawyers are going to have lots of fun in court if this is to happen.
Well, they will send you a big bill anyway
Probably lower than replacing 100K devices. If what I described happens, we'll try to get FTDI pay for the devices they bricked.
And you will fail 100% not FTDI's fault
I have absolutely no way to be absolutely sure I haven't been sold a fake. So I cannot take the risk.
Erm, buy from FTDI China?
http://www.dailymail.co.uk/news/article-2148527/Flood-counterfeit-parts-China-used-U-S-military-gear--compromise-national-security-raise-defence-costs.html (http://www.dailymail.co.uk/news/article-2148527/Flood-counterfeit-parts-China-used-U-S-military-gear--compromise-national-security-raise-defence-costs.html)
If the military can't protect themselves from counterfeit parts, I can't be sure I'm protected too.
I do not have any way to know where the parts come from, apart from trusting my distributors.
FTDI China's contact details are at the end of official FTDI datasheets, pretty sure they are legit. They also do their due diligence when you apply to buy from them, they dont sell to brokers for fear of feeding the counterfeit market
I can also tell you I will send an e-mail tomorrow to our FTDI distributor asking for an explanation of the situation.
Get help with the grammar
The fact that I'm not an english speaker does not remove my ability to contribute to this forum.
It is really a pity you attack me on the grammar.
My bad
My posts adds more value than yours. Get a life.
Only in your opinion
-
I reported this to Microsoft via their security vulnerability channels ... I got through to their security folks who were very helpful. Apparently they don't consider it a security problem, but they're aware of it and are investigating already.
don't consider it a security problem
I hope they're going to come down on FTDI like a ton of bricks for this.
Y, M$ hate when ppl protect their IP
Troll
-
what facts do you dispute or question?
today, after reading this, I uninstalled the ftdi update on my win7 box, but it was too late. the driver was still mem-resident and when I plugged in a test dongle that I bought from amazon, it zeroed out the pid. I confirmed it by plugging it into a linux box and looking at /var/log/syslog. sure enough, the pid is all 0's and was NOT all 0's before (I had used that dongle on both win and linux just recently).
none of that is opinion. not sure what else you need, but people are not making this up..
-
If the FTDI driver can detect fake chips, then a test jig can likely use the same method and do it without going low level (electrical characteristics.)
Realistically a company is not going to modify its production test jigs to check for the authenticity of the parts they use, especially because they may not know they are being shipped counterfeit parts until it's too late (= driver modification bricking the chips). You can't detect something you are not looking for.
What FTDI did is nonsense.
If the company buys parts from shady sources and do not make proper screening they can blame only themselves.
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
I think that oscilloscope on usb lines probably would do. As the fake chip might even not have a proper USB hardware, rise times might be quiet different. Also there could be a lot of jitter. Measuring current consumption would tell a lot too.
The fakes chip is probably use some kind of usb microcontroller, there will be no difference on the USB lines
Any difference in the current consumption could easily drown in what ever else is on the board, LEDs etc.
Are you so sure that there won't be difference. As I played with usb, even signal from different usb controllers within the same motherboard looked noticeably different (low an full speed). As this is not high speed USB, there shouldn't be any issue to test it. As of LEDs and else on the board. This is not about testing already made devices but screening incoming parts on the test jig/breakout board.
If the FTDI driver can detect fake chips, then a test jig can likely use the same method and do it without going low level (electrical characteristics.)
The FTDI driver will be using some undocumented feature in the chip, so only FTDI could build that test
If the feature was documented the fakers would have implemented it, it's not like it is rocket science to make a usb microcontroller behave like an FTDI but you can only implement the stuff you know about
-
Unless you have an xray machine you have no way of knowing if it is fake, you can just see that chip with a certain name on the top doesn't work
I think that oscilloscope on usb lines probably would do. As the fake chip might even not have a proper USB hardware, rise times might be quiet different. Also there could be a lot of jitter. Measuring current consumption would tell a lot too.
The fakes chip is probably use some kind of usb microcontroller, there will be no difference on the USB lines
Any difference in the current consumption could easily drown in what ever else is on the board, LEDs etc.
Are you so sure that there won't be difference. As I played with usb, even signal from different usb controllers within the same motherboard looked noticeably different (low an full speed). As this is not high speed USB, there shouldn't be any issue to test it. As of LEDs and else on the board. This is not about testing already made devices but screening incoming parts on the test jig/breakout board.
If the FTDI driver can detect fake chips, then a test jig can likely use the same method and do it without going low level (electrical characteristics.)
The FTDI driver will be using some undocumented feature in the chip, so only FTDI could build that test
If the feature was documented the fakers would have implemented it, it's not like it is rocket science to make a usb microcontroller behave like an FTDI but you can only implement the stuff you know about
In your dreams dofus, the cloners will do 'just enough' to make the PoS chip work. 10-1 this is the set VID/PID command and it so happens the genuine parts reject a PID of 0000 but the clones don't. The cloners never saw that cmd and so never implemented a check for it.
Dont make me get my USB analyser out...
-
what facts do you dispute or question?
today, after reading this, I uninstalled the ftdi update on my win7 box, but it was too late. the driver was still mem-resident and when I plugged in a test dongle that I bought from amazon, it zeroed out the pid. I confirmed it by plugging it into a linux box and looking at /var/log/syslog. sure enough, the pid is all 0's and was NOT all 0's before (I had used that dongle on both win and linux just recently).
Same here:
[89593.509194] usb 2-4.2.4: new full speed USB device using ehci_hcd and address 36
[89593.979468] usb 2-4.2.4: New USB device found, idVendor=0403, idProduct=0000
[89593.979472] usb 2-4.2.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[89593.979475] usb 2-4.2.4: Product: FT232R USB UART
[89593.979477] usb 2-4.2.4: Manufacturer: FTDI
[89593.979480] usb 2-4.2.4: SerialNumber: A961PFBR
-
Y, M$ hate when ppl protect their IP
Troll
I'm a professional programmer who co-founded a company that sold a Windows-based DRM system for protecting revenue from software sales. I'm totally okay with companies protecting their intellectual property; for a while I was making a living from doing just that.
But, to be clear, bricking third-party hardware is malicious. This driver is malware by any reasonable definition of the term.
-
Turns out there are sane ppl on Hackaday:
Andres R (@TheFakeAndres) says:
October 22, 2014 at 11:49 am
Buy counterfeit equipment, deal with counterfeit problems.
Didn’t know you bought a piece of equipment that was counterfeit and infringed on IP, trademark and licensing? Now you know, because FTDI just brought it to your attention by taking back their licensing right – device isn’t bricked as in unrepairable, they just removed one of the infringing portions that they could change (using the driver that you installed, gave permission). Do people want to start signing EULAs for drivers now? No. So either know what you are installing (research) or just deal with it.
Who would have thunk?
-
Realistically a company is not going to modify its production test jigs to check for the authenticity of the parts they use, especially because they may not know they are being shipped counterfeit parts until it's too late (= driver modification bricking the chips). You can't detect something you are not looking for.
The driver did not brick anything. FTDI drivers now refuse to work with non-FTDI chips and made it retrospective.
You bought chips with no drivers, you were using the chips with stolen drivers and now you are bitching at the owner of the drivers because they took them back. FTDI will tell you that if you want to use someone else's chips then use someone else's drivers.
-
what facts do you dispute or question?
today, after reading this, I uninstalled the ftdi update on my win7 box, but it was too late. the driver was still mem-resident and when I plugged in a test dongle that I bought from amazon, it zeroed out the pid. I confirmed it by plugging it into a linux box and looking at /var/log/syslog. sure enough, the pid is all 0's and was NOT all 0's before (I had used that dongle on both win and linux just recently).
none of that is opinion. not sure what else you need, but people are not making this up..
I'd like to see the driver reprogramming the chip to set all 0's and/or the chip read before AND after that reveals the internal contents. Just because a driver for some as yet unknown reason fails to read the PID from the chip correctly and hence is unable to set the value in the OS control blocks from something other than the initialised 0's, doesn't leave the only remaining possibility that the chip is bricked.
I have one left (the rest of the boards I bought are still on a boat) so here it goes:
Before:
[178302.833023] usb 2-4.2.4: new full speed USB device using ehci_hcd and address 43
[178303.303679] usb 2-4.2.4: New USB device found, idVendor=0403, idProduct=6001
[178303.303683] usb 2-4.2.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[178303.303686] usb 2-4.2.4: Product: FT232R USB UART
[178303.303688] usb 2-4.2.4: Manufacturer: FTDI
[178303.303690] usb 2-4.2.4: SerialNumber: A9U5PFN7
[178303.303779] usb 2-4.2.4: configuration #1 chosen from 1 choice
[178303.350681] ftdi_sio 2-4.2.4:1.0: FTDI USB Serial Device converter detected
[178303.350702] usb 2-4.2.4: Detected FT232RL
[178303.350705] usb 2-4.2.4: Number of endpoints 2
[178303.350707] usb 2-4.2.4: Endpoint 1 MaxPacketSize 64
[178303.350710] usb 2-4.2.4: Endpoint 2 MaxPacketSize 64
[178303.350712] usb 2-4.2.4: Setting MaxPacketSize 64
[178303.351059] usb 2-4.2.4: FTDI USB Serial Device converter now attached to ttyUSB1
After:
[178453.772118] usb 2-4.2.4: reset full speed USB device using ehci_hcd and address 43
[178454.052482] usb 2-4.2.4: device firmware changed
[178454.053230] usb 2-4.2.4: USB disconnect, address 43
[178454.127953] usb 2-4.2.4: new full speed USB device using ehci_hcd and address 44
[178454.602228] usb 2-4.2.4: New USB device found, idVendor=0403, idProduct=0000
[178454.602231] usb 2-4.2.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[178454.602233] usb 2-4.2.4: Product: FT232R USB UART
[178454.602234] usb 2-4.2.4: Manufacturer: FTDI
[178454.602236] usb 2-4.2.4: SerialNumber: A9U5PFN7
[178454.602314] usb 2-4.2.4: configuration #1 chosen from 1 choice
-
what facts do you dispute or question?
today, after reading this, I uninstalled the ftdi update on my win7 box, but it was too late. the driver was still mem-resident and when I plugged in a test dongle that I bought from amazon, it zeroed out the pid. I confirmed it by plugging it into a linux box and looking at /var/log/syslog. sure enough, the pid is all 0's and was NOT all 0's before (I had used that dongle on both win and linux just recently).
none of that is opinion. not sure what else you need, but people are not making this up..
I'd like to see the driver reprogramming the chip to set all 0's and/or the chip read before AND after that reveals the internal contents. Just because a driver for some as yet unknown reason fails to read the PID from the chip correctly and hence is unable to set the value in the OS control blocks from something other than the initialised 0's, doesn't leave the only remaining possibility that the chip is bricked.
I have a few more ftdi 'fakes' that came from the same amazon vendor.
I guess, for those doubting thomas' out there, I could create a video of a 'clean' win7 box working with the fake chip, then doing a win update, plugging the dongle in again, viewing its properties dialog and showing the vendor/product id's. even taking that dongle out, moving it to a linux box and capturing the /var/log/syslog.
but that's a lot of effort and honestly, I'm not sure anyone really doubts that this is what is really happening.
the moon landing, that was fake. but this chip bricking is real, mate.
(semi lol)
-
But, to be clear, bricking third-party hardware is malicious. This driver is malware by any reasonable definition of the term.
For what value of malicious? I'm really OK with FTDI bricking clone HW but I source my FTDI chips from sustainable sources (ie the genuine parts from the genuine mfr and that revenue goes to creating cool new chips for the next generation of angry butt hurt neckbeard makers)
I dont see how you can complain if your knock off hardware gets killed
Troll
User has been banned - no more reports please
-
what facts do you dispute or question?
today, after reading this, I uninstalled the ftdi update on my win7 box, but it was too late. the driver was still mem-resident and when I plugged in a test dongle that I bought from amazon, it zeroed out the pid. I confirmed it by plugging it into a linux box and looking at /var/log/syslog. sure enough, the pid is all 0's and was NOT all 0's before (I had used that dongle on both win and linux just recently).
none of that is opinion. not sure what else you need, but people are not making this up..
I'd like to see the driver reprogramming the chip to set all 0's and/or the chip read before AND after that reveals the internal contents. Just because a driver for some as yet unknown reason fails to read the PID from the chip correctly and hence is unable to set the value in the OS control blocks from something other than the initialised 0's, doesn't leave the only remaining possibility that the chip is bricked.
I have a few more ftdi 'fakes' that came from the same amazon vendor.
I guess, for those doubting thomas' out there, I could create a video of a 'clean' win7 box working with the fake chip, then doing a win update, plugging the dongle in again, viewing its properties dialog and showing the vendor/product id's. even taking that dongle out, moving it to a linux box and capturing the /var/log/syslog.
but that's a lot of effort and honestly, I'm not sure anyone really doubts that this is what is really happening.
the moon landing, that was fake. but this chip bricking is real, mate.
(semi lol)
Name the vendor, complain to Amazon, get rid of the cloned crap (report me to a mod while you're at it!)
-
New Hit: FTDI driver killed the FTDI clone.
Album: The age of silicon.
I'm sorry, but I couldn't resist. ;D
-
That MY point. No-one is collecting actual evidence. It is easier to just take up massive amounts of threadspace with opinions and speculation.
The possible cause of the problem I saw was quite clear to me and the 6th reply points to a thread on another forum where people have discovered the productid gets programmed to 0. What else is there to proof after my previous post which shows the productid is suddenly 0 after the device has been connected to Windows machine which uses the latest FTDI drivers (V2.12).
-
possible link to older firmware and some instructions on use:
http://www.reddit.com/r/arduino/comments/2iktoz/how_to_fix_arduino_knockoffs_serial_port_driver/ (http://www.reddit.com/r/arduino/comments/2iktoz/how_to_fix_arduino_knockoffs_serial_port_driver/)
I will probably try this on my own win7 box (after doing a full backup, first, of course. wish I had a full backup of my win7 system BEFORE I accepted the MS update, sigh)
-
I dont see how you can complain if your knock off hardware gets killed
Would you feel the same way if the chip didn't say FTDI on it, but implemented their interface? Because this is legitimate reverse engineering. It's the only reason we have a commodity PC market, and it's something that should be encouraged. FTDI is of course not required to support such efforts, nor are they expected to be happy about it. However it certainly doesn't give them the legal or moral right to intentionally break their competitor's implementation permanently.
Bottom line, this is trademark infringement, and trademark infringement alone. Well perhaps copyright infringement as well, as they might ship the driver, but since it comes with Windows I'm not so sure about that... Either way it certainly doesn't warrant a malicious approach. This is Sony Rootkit levels of unjustified, malicious overkill.
Also, maybe wait a few minutes between posts rather than responding directly to every. single. post. Do you have nothing better to do than hang around this thread?
-
New Hit: FTDI driver killed the FTDI clone.
Album: The age of silicon.
I'm sorry, but I couldn't resist. ;D
(in chechen voice)
"joker-man was right. we must fix real problem. we must kill the ftdi chips!"
;)
-
That MY point. No-one is collecting actual evidence. It is easier to just take up massive amounts of threadspace with opinions and speculation.
the moon landing, that was fake. but this chip bricking is real, mate.
Not helping make your argument persuasive.
it seems your sense of humor has been uninstalled. please do an update and return to the forum.
-
New Hit: FTDI driver killed the FTDI clone.
Album: The age of silicon.
I'm sorry, but I couldn't resist. ;D
Fish for the masses !!!!! :D
<°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))>< <°)))))><
-
I dont see how you can complain if your knock off hardware gets killed
Would you feel the same way if the chip didn't say FTDI on it, but implemented their interface? Because this is legitimate reverse engineering. It's the only reason we have a commodity PC market, and it's something that should be encouraged. FTDI is of course not required to support such efforts, nor are they expected to be happy about it. However it certainly doesn't give them the legal or moral right to intentionally break their competitor's implementation permanently.
Bottom line, this is trademark infringement, and trademark infringement alone.
It is just trademark infringement because the counterfeiters stamp the FTDI logo on their chips. If they put IDFT on it or something else and called the part number FT232 then they would operate in a perfectly legal way. There is a completely different chip inside which just mimics an existing chip. Much like AMD does with Intel. What if Intel would release a software update which kills all AMD CPUs?
-
That MY point. No-one is collecting actual evidence. It is easier to just take up massive amounts of threadspace with opinions and speculation.
the moon landing, that was fake. but this chip bricking is real, mate.
Not helping make your argument persuasive.
it seems your sense of humor has been uninstalled. please do an update and return to the forum.
After the update it turns out the sense of humour had been surgically removed. ;D
-
Breaking News: FTDI removes humor of makers through bad update !!!
-
I dont see how you can complain if your knock off hardware gets killed
Would you feel the same way if the chip didn't say FTDI on it, but implemented their interface? Because this is legitimate reverse engineering. It's the only reason we have a commodity PC market, and it's something that should be encouraged. FTDI is of course not required to support such efforts, nor are they expected to be happy about it. However it certainly doesn't give them the legal or moral right to intentionally break their competitor's implementation permanently.
Bottom line, this is trademark infringement, and trademark infringement alone. Well perhaps copyright infringement as well, as they might ship the driver, but since it comes with Windows I'm not so sure about that... Either way it certainly doesn't warrant a malicious approach. This is Sony Rootkit levels of unjustified, malicious overkill.
No, it's deliberate theft. The cloners are benefiting from the investment FTDI made without bearing any of the costs. Chips don't design themselves, drivers don't write themselves, drivers don't put themselves thru M$ approval, marketing doesn't do its self. Bottom line is FTDI invested huge amounts of money in the FT232 and Chinese fly-by-nights are benefiting from that without paying a penny.
Also, maybe wait a few minutes between posts rather than responding directly to every. single. post. Do you have nothing better to do than hang around this thread?
Who are you? The thread Police?
I am honest enough to name myself the 'FTDI annoy neckbeard makers thread' troll and I have a reasoned argument (I hand out full on rudeness too). You are just another butt hurt wannabe maker who feels he deserves something for nothing
-
And in the Chinglish instruction manual - step 3: click 'ignore' when whiny driver complains your product is a fake :S
Firstly, I have *real* FTDI chips. I am unaffected by this unless I have some device that I've not used for a while that (unbeknownst to me) contains a fake ftdi chip. (I often turn it on rather than take it apart -- sorry).
Second, I am well aware of intellectual property issues. We rely on them to protect our income and *yes* we have been the target of a Chinese attempt to "piggyback" on our success via piracy.
However, it's not our customers that we punished. I would be completely alright if the driver displayed a message that I could not dismiss for 30 seconds. It would make me well aware that I had a fake, make long term operation impossible, but it would not completely cripple me in the time it took to rectify the problem.
What did we do to affected customers? We offered them a valid licensed product at the normal price. I'm almost completely sure that none of them knew they had a knockoff. What we didn't do is penalise them for a mistake that they probably shouldn't have made, but did.
-
Breaking News: FTDI removes humor of makers through bad update !!!
Oooh, Krater, be careful, seems you are coming over to the dark side ;)
User is banned - please no more reports
-
FTDI
For Treacherous Driver Installation
:)
-
reminder: don't feed the trolls.
the forum has an 'ignore user' feature. I suggest it be used here to good effect.
(oops, I accidentally ignored myself. did I actually post, or did I just dream it?)
-
Oooh, Krater, be careful, seems you are coming over to the dark side ;)
KPR8, no school today?
-
FTDI
For Treacherous Driver Installation
:)
Fear The Duff Installation
-
If nothing else this sets a very dangerous precedent.
Crap like DRM is bad enough, but if this sort of behaviour is allowed (e.g. by Microsoft including it in updates), and is considered "acceptable", what next?
Printer bricked after using knock-off cartridge?
Hard disk wiped if MS discovers your license number is a copy?
Phone bricked after using a fake battery?
I would really like someone to get a comment from Microsoft on this, in particular whether or not they knew about it.
My guess is MS could end up at least, if not more legally liable than FTDI, as they didn't give the user any warning that their update would damage hardware.
Why would MS risk legal action to help a 3rd-party "protect" their own interests...? My guess is they didn't know, in which case all colours of crap may be hitting the fans soon.
-
Oooh, Krater, be careful, seems you are coming over to the dark side ;)
KPR8, no school today?
Nothing more pressing than baiting freetards that's for sure
Bed time in Troll-land and I wont be back (if you like you can pretend you won the argument)
Try and understand these basic facts tho:
-FTDI have been very 'maker' friendly in the past, releasing DIP adapter versions of their early chips
-If you chose unbelievably cheap versions of their products you can't complain when they turn out to be fake. Buy all 5 f your FTDI chips from RS
-FTDI have a right to protect their IP (I suspect they screwed this up tbh and it will be reversed shortly)
-If you buy cheap copies the IP provider _will_ go out of business == no more cool chips in the future
-2-3 dozen butt hurt neckbeards whining on a forum makes fuck all difference to a multi million dollar company
-Your Tarduino project is NOT going to be a product despite what Hackaday tell you ;)
-
Breaking News: FTDI removes humor of makers through bad update !!!
Oooh, Krater, be careful, seems you are coming over to the dark side ;)
No ! Never ! The Force is strong with my one !
-
All the moderators must be asleep.
-
Pls wake up.
-
Breaking News: FTDI removes humor of makers through bad update !!!
Oooh, Krater, be careful, seems you are coming over to the dark side ;)
No ! Never ! The Force is strong with my one !
We have cake....
But I rather like pizza...
-
Does anyone have more details on this - which driver versions zero out the PID, which ones don't?
I don't have any firm evidence that 2.12.0 is the version which introduced this issue, but the previous version from FTDI's web page (2.10.0) does not contain a licence file.
The licence file in 2.12.0 says (in part)
"1.5 The Software will not function properly on or with a component that is not a Genuine FTDI Component. Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT. It is the Licensee's responsibility to make sure that all chips it installs the Software on, or uses the Software as a driver for, are Genuine FTDI Components. If in doubt then contact the Licensor. "
Of course, if you had just followed the normal process for upgrading the driver (which is mostly automated and transparent to most users) you would not have seen this.
-
If nothing else this sets a very dangerous precedent.
Crap like DRM is bad enough, but if this sort of behaviour is allowed (e.g. by Microsoft including it in updates), and is considered "acceptable", what next?
Printer bricked after using knock-off cartridge?
Hard disk wiped if MS discovers your license number is a copy?
Phone bricked after using a fake battery?
I used to be a panasonic camera (digicam) fan and owned quite a few of them. then, one day, they decided to chip their batteries and the aftermarket ones stopped working. we no longer had any choice in how much we would pay for camera li-ion batteries. at that point, I stopped buying pany cams.
I've heard that the battery makers have worked around this, but I have given up on pany cams and won't ever come back.
pany doesn't care, of course. but I just can't give pany my money, at least for cameras.
its a shame when a good vendor turns to the dark side.
-
Breaking News: FTDI removes humor of makers through bad update !!!
Oooh, Krater, be careful, seems you are coming over to the dark side ;)
No ! Never ! The Force is strong with my one !
We have cake....
But I rather like pizza...
"I'd like to order a large pie, extra cheese and extra zero's, please."
-
All the moderators must be asleep.
I'm new here, and was wondering if this forum is essentially unmoderated. Certainly, there seems to be a troll infestation |O
-
Does anyone have more details on this - which driver versions zero out the PID, which ones don't?
I don't have any firm evidence that 2.12.0 is the version which introduced this issue, but the previous version from FTDI's web page (2.10.0) does not contain a licence file.
The licence file in 2.12.0 says (in part)
"1.5 The Software will not function properly on or with a component that is not a Genuine FTDI Component. Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT. It is the Licensee's responsibility to make sure that all chips it installs the Software on, or uses the Software as a driver for, are Genuine FTDI Components. If in doubt then contact the Licensor. "
Of course, if you had just followed the normal process for upgrading the driver (which is mostly automated and transparent to most users) you would not have seen this.
Okay, now is clear it's intentionally destruction of hardware, not accidently or anything else. I don't see any reason why we should spare FTDI. No new design with FTDI chips.
Im sure in Germany this is a crime, but I don't think any court will make anything for a 3$ usb-bridge.
-
Breaking News: FTDI removes humor of makers through bad update !!!
Oooh, Krater, be careful, seems you are coming over to the dark side ;)
No ! Never ! The Force is strong with my one !
We have cake....
But I rather like pizza...
"I'd like to order a large pie, extra cheese and extra zero's, please."
I want a 2 between my 1's ans 0's !
-
All the moderators must be asleep.
I'm new here, and was wondering if this forum is essentially unmoderated. Certainly, there seems to be a troll infestation |O
Sorry, normally we don't need moderation, but at this thread, what you are expect here ? We know that FTDI is doing shit, we know thats in the driver update, and we know it's doing just shit with chinese clones. Is there anything thats not sayd ?
-
All the moderators must be asleep.
I'm new here, and was wondering if this forum is essentially unmoderated. Certainly, there seems to be a troll infestation |O
"dave's not here, man"
(but will probably wake up shortly).
-
Okay, now is clear it's intentionally destruction of hardware, not accidently or anything else. I don't see any reason why we should spare FTDI. No new design with FTDI chips.
It's not just the terms and conditions, they're bragging about it on Twitter (https://twitter.com/FTDIChip/status/524918979840585729) ...
FTDI is definitely not targeting end users - if you're unsure if ICs are genuine then please don't use the drivers.
-
yeh, it used to be cp21xx that had a bad reputation because there were so many fakes and they constantly updated the drivers to break them so it seemed the they never worked
Are you sure you don't mean the Prolific chip (PL2303)?
The CP21xx (Silabs), I don't recall there ever being any problems with breaking drivers or known fakes.
But the Prolific's did have those issues, however I don't think they intentionally broke drivers, but just that the new drivers didn't work with the fake chips, and they didn't actually go out of their way to reprogram the chips as FTDI has done.
-
Okay, now is clear it's intentionally destruction of hardware, not accidently or anything else. I don't see any reason why we should spare FTDI. No new design with FTDI chips.
It's not just the terms and conditions, they're bragging about it on Twitter (https://twitter.com/FTDIChip/status/524918979840585729) ...
FTDI is definitely not targeting end users - if you're unsure if ICs are genuine then please don't use the drivers.
I believe in the good in the mankind. Twitter can be hacked, updates not.
-
Okay, now is clear it's intentionally destruction of hardware, not accidently or anything else. I don't see any reason why we should spare FTDI. No new design with FTDI chips.
If a chip tells the operating system it is a specific FTDI part and requests it to load FTDI drivers for that part how the hell can FTDI be held responsible for anything their drivers do to a chip which isn't their part?
How could they possibly give assurances that their drivers will not damage chips over which they have no control?
Having established the chip wasn't the specific FTDI part it claimed to be you could argue correcting an invalid PID improved not damaged the part.
-
Anyone know if this affects deivces other than FT232?
I have a FT245 here that is probably fake, with external EEPROM. Not affected
-
Okay, now is clear it's intentionally destruction of hardware, not accidently or anything else. I don't see any reason why we should spare FTDI. No new design with FTDI chips.
If a chip tells the operating system it is a specific FTDI part and requests it to load FTDI drivers for that part how the hell can FTDI be held responsible for anything their drivers do to a chip which isn't their part?
How could they possibly give assurances that their drivers will not damage chips over which they have no control?
Having established the chip wasn't the specific FTDI part it claimed to be you could argue correcting an invalid PID improved not damaged the part.
Okay, if they added a function intentionally to brick chips that are not ftdi, than they responsible. It's not just a accident or incompatibility that damages the chip. The changes in license points to that they do it intentionally.
Its the same reason why you (in Germany) can't simply put landmines to your property and say "I've never sayd the kids should play on it...".
For my attitude of morality, they are responsible, and for german law(they sell in Germany) too. I can't say anything about other people or countries.
-
FYI KPR8 has been sent to the sin bin.
Wow, 1400 guests viewing this thread!
-
Wow, 1400 guests viewing this thread!
Here's why: http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/ (http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/)
-
/. too (http://hardware-beta.slashdot.org/story/14/10/22/185244/ftdi-reportedly-bricking-devices-using-competitors-chips)
-
It is a disaster here, hackaday and slashdot for FTDI. And looks like they are prepared and planted a lot of trolls to go in for the offence. But they can't bulldoze through because the converter chips are just too popular. The whole orchestrated movement expose the FTDI as one of the worst companies. It is more than a rookie's mistake by a fresh MBA that came in without knowing the impact.
-
Would you feel the same way if the chip didn't say FTDI on it, but implemented their interface? Because this is legitimate reverse engineering. It's the only reason we have a commodity PC market, and it's something that should be encouraged. FTDI is of course not required to support such efforts, nor are they expected to be happy about it. However it certainly doesn't give them the legal or moral right to intentionally break their competitor's implementation permanently.
:-+ The driver has absolutely no way of checking whether the chip says FTDI on it or not, so it cannot assume that every one that fails the "is it genuine" check (anyone here with a USB analyser and both the real and clone chips care to do some analysis on figuring out what exactly is the behavioural difference?) is illegally using the trademark and not just some generic brand.
From http://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984#Reverse_engineering_not_prohibited (http://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984#Reverse_engineering_not_prohibited)
The SCPA permits competitive emulation of a chip by means of reverse engineering. The ordinary test for illegal copying (mask work infringement) is the "substantial similarity" test of copyright law,[7] but when the defense of reverse engineering is involved and supported by probative evidence (usually, the so-called paper trail of design and development work), the similarity must be greater.[8] Then, the accused chip topography must be substantially identical (truly copied by rote, so-called slavish copying), rather than just substantially similar, for the defendant to be liable for infringement.[9] Most world chip topography protection laws provide for a reverse engineering privilege.
The clone vs. real die pictures posted somewhere near the beginning of this thread shows that they're completely different, so it is a product of legal reverse-engineering. The clone doesn't even have any "FTDI" marking on the die.
Bottom line, this is trademark infringement, and trademark infringement alone. Well perhaps copyright infringement as well, as they might ship the driver, but since it comes with Windows I'm not so sure about that... Either way it certainly doesn't warrant a malicious approach. This is Sony Rootkit levels of unjustified, malicious overkill.
It's only trademark infringement when the chip is being sold with FTDI markings. If it's unmarked, or marked with any name other than FTDI, it does not infringe on FTDI's trademark.
-
If someone has a fake, can you check the chips serial number(not the USBID number, not serial stored in external eeprom)?
Each of the chips has a unique serial number ( it can be read), it could be the fakes all have the same serial number because they were too lazy/cheap to laser cut / program it.
In which case it would be an easy matter to do a search in the driver for that serial number and mask it out.
-
In which case it would be an easy matter to do a search in the driver for that serial number and mask it out.
The driver is signed, if you change anything it will not work again.
-
It's only trademark infringement when the chip is being sold with FTDI markings. If it's unmarked, or marked with any name other than FTDI, it does not infringe on FTDI's trademark.
They're trying to make it a copyright/licensing issue (I think) via the new license "agreement" in their drivers.
Having said that, my reading suggests that at least some (perhaps many/most) fake chips are branded with FTDI.
-
I think the missed opportunity here is a license from FTDI for the low, low cost of $5 to continue using a counterfeit device...
Perhaps it's a break, then fix sort of thing.
-
If someone has a fake, can you check the chips serial number(not the USBID number, not serial stored in external eeprom)?
Each of the chips has a unique serial number ( it can be read), it could be the fakes all have the same serial number because they were too lazy/cheap to laser cut / program it.
In which case it would be an easy matter to do a search in the driver for that serial number and mask it out.
the various fakes that I've personally had all had non-null serial numbers. its only the pid that was all 0's.
I had a long set of emails with one vendor (sunfounder is the name) on amazon who sold me one with all 0's. I wrote an amazon review of it, he saw it (amazon probably reacted to my review and halted his sales) and the next few that I was sent by that vendor did NOT have 0's as the pid. the vendor swears to me that he buys directly from ftdi and was trying his best to make the situation right again. I can't tell, to be honest; was it amazon's halting of his sales that made him 'sorry' or was it sincere? was the unit that I got a customer return who plugged it into windows and windows zero'd it out? impossible to tell.
but all of the ones that I got had serial number strings that 'looked' reasonable. only the PID was 0000.
-
I think the missed opportunity here is a license available for the low, low cost of $5 to continue using a counterfeit device...
Perhaps it's a break, then fix sort of thing.
how would that work on linux? linux has source-based code and you can't force a binary blob down (usually) and get away with it once the source is already out there.
you could stop the mac and windows users but linux lets users see and modify source code. the vendor can't threaten linux users. they probably knew this and so they (apparently) decided there was ONE 'fix' for all os's. and I use the word 'fix' in the most non-literal sense.
then again, a linux driver update to ftdi_sio.[ch] may be coming soon that allows the 0000 pid.
-
Hacker News is sending traffic here too. (https://news.ycombinator.com/item?id=8493849)
And lobste.rs (https://lobste.rs/s/fi1h79/watch_that_windows_update_ftdi_drivers_are_killing_fake_chips).
-
I think the missed opportunity here is a license available for the low, low cost of $5 to continue using a counterfeit device...
Perhaps it's a break, then fix sort of thing.
how would that work on linux? linux has source-based code and you can't force a binary blob down (usually) and get away with it once the source is already out there.
you could stop the mac and windows users but linux lets users see and modify source code. the vendor can't threaten linux users. they probably knew this and so they (apparently) decided there was ONE 'fix' for all os's. and I use the word 'fix' in the most non-literal sense.
then again, a linux driver update to ftdi_sio.[ch] may be coming soon that allows the 0000 pid.
As you pointed out, the problem isn't on Linux. I am sure the dev community will catch up to handle the new PID. The most vocal set of users are those who bought an arduino or some other product which no longer works, and the current bitterness is that the device is not working. It may be an unpopular opinion, but I do understand their issue with enforcement. A popup box saying "Your product is counterfeit" doesn't accomplish anything but give the user some search terms to find a non-detecting version of the driver.
Imagine instead of just bricking the device, you received a popup saying "Your product is counterfeit, please contact the manufacturer for RMA or purchase a license from FTDIStore.com." You'd still be annoyed, but you'd probably pay the $5 so that you can continue using the $30 device.
That way, the OEM still is forced to purchase genuine parts, the user can continue using their device, and FTDI still gets revenue from a missed sale.
-
In which case it would be an easy matter to do a search in the driver for that serial number and mask it out.
The driver is signed, if you change anything it will not work again.
That's easy to bypass pretty easily if you're willing. (Assuming you're talking about Windows' signing and not some extra, homebrew signing by FTDI.)
-
In which case it would be an easy matter to do a search in the driver for that serial number and mask it out.
The driver is signed, if you change anything it will not work again.
Quite naturally, there's a patch to disable that too, or resign with your own certificate (which you've installed as a trusted root.)
-
Imagine instead of just bricking the device, you received a popup saying "Your product is counterfeit, please contact the manufacturer for RMA or purchase a license from FTDIStore.com." You'd still be annoyed, but you'd probably pay the $5 so that you can continue using the $30 device.
That way, the OEM still is forced to purchase genuine parts, the user can continue using their device, and FTDI still gets revenue from a missed sale.
that would be the proper and ethical thing to do.
sadly, ftdi jumped before they thought it all out and we're now left with a meltdown. will they double-down on their derp or will they change their stance and pull the damaging driver back and use a popup, like you (and others) have suggested? my bet is that they will not budge and only if they are sued will they change their tune. companies are like that, these days; they never want to admit that a decision they made was horribly wrong ;(
-
This was only a couple of pages yesterday, now it is 20+ with over 1K visitors.
-
In which case it would be an easy matter to do a search in the driver for that serial number and mask it out.
The driver is signed, if you change anything it will not work again.
Quite naturally, there's a patch to disable that too, or resign with your own certificate (which you've installed as a trusted root.)
A Kernel Boot Configuration Option exists to disable signature checking, called TESTSIGNING.
You can't resign *that* easily though, as the system trusted root doesn't cover kernelmode, only things with a Microsoft cert somewhere in the certs chain of trust are trusted in kernelmode.
As for what FTDI should have done, I would have been happy enough if the driver just refused to start on a fake device with a Code 10 in device manager: "The device cannot start".
-
I'm wondering are these fools blaming FTDI are actually real users? or are they just trols paid by fake ICs manufacturers? it was entertaining to read the posts but come on they can't be real.
Why would you blame FTDI if you are an legit user who unknowingly bought a device containing a counterfeit IC, contact your vendor (he is the one to blame) and ask for a refund or a product change. If they knew those where cointerfeit ICs its their fault if they didn't know they will sue their providers and will make sure they buy the real thing next time it is still their fault.
Just a reminder: buying or selling counterfeit products is illegal and ipholder has the right and duty to make the counterfeit product destroyed (remember when sparkfun cried when they had to pay to have their fake flukes destroyed?)
-
I'm wondering are these fools blaming FTDI are actually real users? or are they just trols paid by fake ICs manufacturers? it was entertaining to read the posts but come on they can't be real.
I'm wondering are these fools defending FTDI are actually real users? or are they just trols paid by FTDI? It was entertaining to read the posts but come on they can't be real.
God, it was actually physically painful to type with such bad grammar.
-
Oh crap. I bought a rs232 TTL converter from adafruit and it had the same exact issue. The PID used to reset to 0000.
I had to modify the windows ftdi inf files to include 0000 and then boot in unsigned mode to Install the driver. Now it works fine on the normal windows mode.. We were on a tight timeline so couldn't really get a new one.
However if I change the PID to anything via their ftdi eeprom utility it changes it back to 0000 the next time it is plugged in. Had a long forum conversation with adafruit and they didn't want to believe me. Finally they refunded me the money on good faith I guess.
Link to the adafruit forum post. https://forums.adafruit.com/viewtopic.php?f=19&t=60807 (https://forums.adafruit.com/viewtopic.php?f=19&t=60807)
p.S Typing on a tablet: please forgive any errors.
-
In case anyone was still wondering if this is intentional and malicious...
(https://marcan.st/transf/ftdi_evil.png)
Straight out of their driver. Function/variable naming and comments mine.
Edit: Ooooh this is cleverer than I thought. So what's going on is that on real FT232RLs, the EEPROM is written in 32-bit units: writes to even addresses are buffered, and writes to odd addresses write 32 bits at once: the buffered 16 bits, and the supplied 16 bits. So, on a real FT232RL, this code does nothing; it just buffers 16 bits then buffers another 16 bits and no writes are issued. On a clone FT232RL, this writes the PID to 0 (breaking the checksum) and writes not the checksum, but the value required to make the existing checksum match to address 62. In combination, these two writes make the checksum at address 63 valid again (without modifying it). I've updated the image above with the new analysis.
Edit 2: Note that the EEPROM write commands are legitimate (and necessary - but not sufficient - when writing the full EEPROM of an original FT232RL), and indeed I think they would work on (i.e. also brick) other FTDI devices with external EEPROMs (the code that calls this function is very careful to only do so after detecting an FT232RL, legit or not). What seems to have happened here is that, when FTDI switched to an internal EEPROM on the FT232RL, they decided to switch to a 32-bit EEPROM (you can actually see the 32×40 bit array in this die shot (http://s.zeptobars.ru/ftdi-FT232RL-Si-HD.jpg) by Zeptobars). However, they kept the existing 16-bit-at-a-time commands, but instead decided to buffer one and write only when the chip has accumulated a full 32 bits. This keeps the PC side the same across their entire chip range. The clones just emulate the established interface in the logical and obvious way, issuing 16-bit writes, since presumably nobody checked that a real device doesn't respond like that since usually the entire EEPROM is written at once. FTDI realized that this difference of implementation existed, and is exploiting it here by carefully crafting a routine that has no effect on the original device, but bricks clones (and would likely brick legitimate non-232RL FTDI chips too!).
In a way, the clones actually implement FTDI's command interface better than FTDI themselves - and FTDI is exploiting this to brick them.
-
what wrong did I do by buying a device on amazon, fully believing that the items there won't be ebay-style fakes?
how is it right, in your view, to punish ME for this?
I heard that one before, from a guy trying to smuggle elephant ivory
At least if I design a .. Prolific... part into my product, it's less likely to get wrecked by malware.
you seem to missed the memo on prolific driver bsoding on purpose when it detects fake chip
-
Oh crap. I bought a rs232 TTL converter from adafruit and it had the same exact issue. The PID used to reset to 0000.
Might want to contact them about that, they have a statement on their website at the moment saying all of theirs are genuine.
Hackaday and EEVblog are reporting that the latest Windows update that include FTDI drivers brick any counterfeit FTDI chips. Adafruit requires it suppliers to only use genuine FTDI chips. However, no matter what it’s always possible counterfeit chips could be used when you purchase products from anyone, anywhere. We’re double and triple checking all our products and suppliers as an added precaution.
-
In case anyone was still wondering if this is intentional and malicious...
(https://marcan.st/transf/ftdi_evil.png)
Straight out of their driver. Function/variable naming and comments mine.
So it relies on a quirk of the EEPROM handling of the fakes. I suspect this will turn into a game of cat and mouse if FTDI continue...
what wrong did I do by buying a device on amazon, fully believing that the items there won't be ebay-style fakes?
how is it right, in your view, to punish ME for this?
I heard that one before, from a guy trying to smuggle elephant ivory
At least if I design a .. Prolific... part into my product, it's less likely to get wrecked by malware.
you seem to missed the memo on prolific driver bsoding on purpose when it detects fake chip
True, but it still doesn't semi-brick your device when it does this...
USB-CDC should be standard by now; surely some cheap chinese chip consortium could spend some time rolling a cheap CDC chip for the masses?
-
Arduino switched to using a USB equipped ATMega for their USB-to-serial needs.
I think the best response from the outraged community would be an open-sourced FT232RL emulator sketch for ATMel (or similar) micro controllers. It should, of course, be complete with an "#ifdef PROTECT_PID" code block that works around this nonsense.
-
Oh crap. I bought a rs232 TTL converter from adafruit and it had the same exact issue. The PID used to reset to 0000.
Might want to contact them about that, they have a statement on their website at the moment saying all of theirs are genuine.
Hackaday and EEVblog are reporting that the latest Windows update that include FTDI drivers brick any counterfeit FTDI chips. Adafruit requires it suppliers to only use genuine FTDI chips. However, no matter what it’s always possible counterfeit chips could be used when you purchase products from anyone, anywhere. We’re double and triple checking all our products and suppliers as an added precaution.
Just did. Linked them to hackaday. Wow, I wasted almost 2 hrs that day fixing this stupid issue.
-
Looks like adafruit removed the product I bought with the fake chip. Great!
https://forums.adafruit.com/viewtopic.php?f=19&t=60807 (https://forums.adafruit.com/viewtopic.php?f=19&t=60807)
-
what wrong did I do by buying a device on amazon, fully believing that the items there won't be ebay-style fakes?
how is it right, in your view, to punish ME for this?
I heard that one before, from a guy trying to smuggle elephant ivory
What did he use the FTDI IC for?
-
What did he use the FTDI IC for?
That's the whole point. He used a fake chip... or a fake elephant. Or something. Or the real elephant came back and trampled the fake ivory because it wasn't real.
You see?
-
I really like FTDI. It sure beats the hell out of Prolific. I have chosen FTDI over the years because the drivers worked well. FTDI didn't do this casually I'm sure. I'm actually sympathetic to them because how the hell are they supposed to develop new products if everyone gets to steal their IP? I really have as much sympathy for people's fake eBay crap getting bricked as I do for those who brick their scopes when they try to steal software upgrades.
If you want your clone FTDI chip to work, consider LICENSING their driver instead of just stealing it. If you want your USB device to work, buy FTDI ICs through legitimate distribution channels. Any purchasing agent who doesn't know they're buying gray or black market components is a liar or incompetent twit.
That said, FTDI should at least flag end users for why their fake device is now defunct. Otherwise their is no mechanism for a user to demand what they paid for: a legitimate FTDI-based device.
-
What did he use the FTDI IC for?
That's the whole point. He used a fake chip... or a fake elephant. Or something. Or the real elephant came back and trampled the fake ivory because it wasn't real.
You see?
ahahaha
thank you, couldnt make a better argument myself
hahahah
Im laughing so hard I started crying haha
In case anyone was still wondering if this is intentional and malicious...
Straight out of their driver. Function/variable naming and comments mine.
Nice. You cant even blame them for doing something specific to fakes, they do very same procedure to all chips presenting proper ftdi vid/pid.
I like it. If I worked for FTDI I would call this "eprom_test" and claim its essential for quality assurance :-DD
-
How long does Windows updates include this clone bricking driver?
I wonder if Microsoft was aware of this practice and will they let it go on.
-
I wonder if Microsoft was aware of this practice and will they let it go on.
Do you honestly think the company that will brick a pirated OS will stop a hardware vendor from bricking its stolen IP?
-
FWIW, I think FTDI is clearly in the wrong here. While I have no objection to them protecting their IP, the correct approach is not to damage end-user products. They should've just made the driver refuse to work on clone chips.
My personal philosophy is that there is no excuse for intentionally or through negligence damaging users' hardware (and I write my code according to it). For example, when I was doing something similar while writing The Homebrew Channel for the Nintendo Wii (anti-scam code), the behavior when an inconsistency is detected is to show a scam warning screen for 60 minutes - on the very slim off-chance that the user screwed up their hardware such that using The Homebrew Channel as currently installed was their last hope of recovery, they can still save themselves (after waiting). I don't know of any cases where this has happened or where it would happen, but I didn't want to be responsible for disabling a user's last hope of recovery, even if remote. Deliberately bricking devices is just incomprehensible (and reprehensible) to me. With HBC, we tried *very* hard to maximally inconvenience scammers who were selling our free (as in beer) software (and their users), but always with a very hard, clear line between inconveniencing and actively damaging. I'm proud to say that I've never heard of a user directly or indirectly bricking their hardware with my code (as released to end-users - and we have over 5 million users of our hacks).
-
In case anyone was still wondering if this is intentional and malicious...
(disassembled code)
Straight out of their driver. Function/variable naming and comments mine.
Thank you for the analysis. Now they are in trouble and can't just pretend it's the clones "malfunctioning" with the new driver...
Maybe they didn't expect someone to dig into the code...
-
Wow, 1400 guests viewing this thread!
At one point yesterday it was close to 5000. Apparently it's big news, and I can understand why - this can get real nasty - consumers aside, this can affect a LOT of industrial equipment and who knows what else.
While I understand that FTDI is technically within its rights (license agreement says this can happen), there are nicer ways to inform the user, than to, say, shut down his industrial controller, DAQ thingamajig or similar. Message boxes and various other means of informing the user. It sure is the one that will gain the most attention, but the price for it CAN be pretty high.
Essentially, I see a potential backfire of gigantic proportions...
-
The response from Adafruit seems unexpectedly ignorant and dismissive.
Are they really that clueless? Or are they trying to wave their arms through the problem?
-
If someone has a fake, can you check the chips serial number(not the USBID number, not serial stored in external eeprom)?
Each of the chips has a unique serial number ( it can be read), it could be the fakes all have the same serial number because they were too lazy/cheap to laser cut / program it.
From my limited number of samples it seems each FT232R clone has a unique serial number.
-
What did he use the FTDI IC for?
That's the whole point. He used a fake chip... or a fake elephant. Or something. Or the real elephant came back and trampled the fake ivory because it wasn't real.
You see?
Again: the only fake thing about the 'counterfeit' chips is the FTDI logo on them. The rest is 100% different so it doesn't infringe any copyrights, patents or whatever. It's like the elephant being angry somebody invented synthetic ivory. See Intel versus AMD where AMD implemented Intel's instruction set in compatible products. This resulted in a race which has pushed both Intel and AMD to new boundaries of performance and price which in the end has been very benificial for the end user. Competition results in innovation but FTDI thinks they can just sit and wait for their chickens to keep producing golden eggs.
-
I say good riddance to FTDI:
Their chips are over-priced. It's cheaper to use a usb micro controller an implement a CDC device.
Their drivers SUCK. On a mac, they haven't updated it since 2012. If you unplug a device while the port is open it will kernel panic.
All this rhetoric about them being so innovative and "making cool chips for makers" is B.S..
Once, I actually spent a good 20 minutes trying to convince a visiting HP (nee procurve) design engineer to include a FTDI chip in their network switches rather than their RS232 console ports. They ended up going with a custom solution (probably because FTDI chips cost too much). I was annoyed because who wants to install YET ANOTHER F-ING DRIVER, but now I have to say that I see the wisdom in their ways.
This feels like the the gasping of a dying company. That alone may be another great reason to stop designating FTDI parts in new designs.
-
Again: the only fake thing about the 'counterfeit' chips is the FTDI logo on them. The rest is 100% different so it doesn't infringe any copyrights, patents or whatever.
No. It's an IC plus a driver. And the clone is infringing on the software license agreement. There would be no issue if the clone ICs supplied their own driver. But they're not. They are using/stealing FTDI's driver in total violation of the licensing agreement. Buy the FTDI chip - use the driver, gratis. Otherwise, write your own driver.
-
No. It's an IC plus a driver. And the clone is infringing on the software license agreement. There would be no issue if the clone ICs supplied their own driver. But they're not. They are using/stealing FTDI's driver in total violation of the licensing agreement. Buy the FTDI chip - use the driver, gratis. Otherwise, write your own driver.
That's a perfect argument for the driver to detect that the chip is not genuine and then to refuse to operate with it.
And that's exactly what FDTI have done here... or not.
edit: and the history of the license text file in the driver package supports this too (they just added it in the current release)
-
No. It's an IC plus a driver. And the clone is infringing on the software license agreement. There would be no issue if the clone ICs supplied their own driver. But they're not. They are using/stealing FTDI's driver in total violation of the licensing agreement. Buy the FTDI chip - use the driver, gratis. Otherwise, write your own driver.
How can the hardware infringe on the software license agreement? The hardware can't know, which driver will get used. If you plug it into a linux machine for instance it doesn't use the FTDI-provided driver (or if it was written by them it doesn't have such a license agreement attached). The user can possibly infringe on the software license agreement.. but the hardware itself cannot.
-
The driver has absolutely no way of checking whether the chip says FTDI on it or not, so it cannot assume that every one that fails the "is it genuine" check (anyone here with a USB analyser and both the real and clone chips care to do some analysis on figuring out what exactly is the behavioural difference?) is illegally using the trademark and not just some generic brand.
If the chip is using FTDI's VID it's a pretty clear sign.
USB-CDC should be standard by now; surely some cheap chinese chip consortium could spend some time rolling a cheap CDC chip for the masses?
Creating a new market is much more difficult than latching on to an existing one. But for plain USB to serial converters, class-compliant devices really should be the standard. The other functionality offered by FTDI's devices (FIFOs, bit-banging etc.) is harder to replace.
-
Today I posted on the FTDI facebook page asking for an official statement.
If it turns out to be true using their products as become very risky. A simple screwup anywhere down the purchasing chain could lead to potential disaster. I would have to redesign a few products that add up to about 3000 FTDI chips per year, mostly FT232R and some others.
FTDI better gets an official statement out.
On some point somebody will decompile the driver and eventually find the piece of code that destroys the fakes.
This would be very bad reputation for FTDI.
-
That's a perfect argument for the driver to detect that the chip is not genuine and then to refuse to operate with it.
And that's exactly what FDTI have done here... or not.
Perhaps FTDI support are just tired of having to support someone else's faulty hardware with their drivers and decided to solve the problem.
If I can remotely brick the MacBook air that was stolen from me, why can't FTDI brick their stolen hardware?
-
Perhaps FTDI support are just tired of having to support someone else's faulty hardware with their drivers and decided to solve the problem.
If I can remotely brick the MacBook air that was stolen from me, why can't FTDI brick their stolen hardware?
Because the MacBook is yours.
The other would be like Apple bricking any third party MacOS compliant system.
Alexander.
-
If I can remotely brick the MacBook air that was stolen from me, why can't FTDI brick their stolen hardware?
Should Vishay be able to remotely brick your MacBook air if it contains a counterfeit resistor?
-
If it turns out to be true using their products as become very risky. A simple screwup anywhere down the purchasing chain could lead to potential disaster. I would have to redesign a few products that add up to about 3000 FTDI chips per year, mostly FT232R and some others.
As a design engineer I have no control of my supply chain of parts, this is handled by a 3rd party.
Now if the 3rd party sources a fake chip I am screwed. As it is out of my control the consequence is simple: no more FTDI in my designs.
I have a few designs equipped with FTDI chips because the driver can be retrieved from Windows Update (which saves us quite a lot of support).
For personal and/or lab use (we consume quite a few of these cables here, test engineers always manage to blow stuff up..) I am definitely not going to buy any FTDI anymore! I cannot spend my time researching whether a device contains a legit or a fake chip.
Now I am working on a new design, but I'd like to retain a USB -> TTL serial chip with drivers available on Windows Update.
As far as I know the Prolific PL2303 does not have a driver on Windows Update, am I right? I find this chip also hard to source locally for prototypes (EU based, so I prefer Farnell).
Anyone know an alternative?
-
Because the MacBook is yours.
The other would be like Apple bricking any third party MacOS compliant system.
Alexander.
Which Microsoft et. el. do all the time if they detect a fake serial (or Vendor ID in FTDI case.)
-
Which Microsoft et. el. do all the time if they detect a fake serial (or Vendor ID in FTDI case.)
No they don;t. They disable the stolen goods (e.g. unauthorized Windows copy). They are not killing the hardware containing the stolen goods.
Alexander.
-
Should Vishay be able to remotely brick your MacBook air if it contains a counterfeit resistor?
Why not? Although inconvenience, I would just get a refund from Apple. Who in that case would be in the wrong, not Vishay.
-
Anyone know an alternative?
Silicon Labs do a range which are easy to use, and I find them cheaper than FTDI.
http://www.silabs.com/products/interface/usbtouart/Pages/default.aspx (http://www.silabs.com/products/interface/usbtouart/Pages/default.aspx)
-
No they don;t. They disable the stolen goods (e.g. unauthorized Windows copy). They are not killing the hardware containing the stolen goods.
Alexander.
And your can reinstall a licensed vendor ID in to the clone part and it'll work again. Just not with FTDI software.
-
If I can remotely brick the MacBook air that was stolen from me, why can't FTDI brick their stolen hardware?
Should Vishay be able to remotely brick your MacBook air if it contains a counterfeit resistor?
should you get free fluid change at Mercedes dealers if you drive up in this:
(http://all-funny.info/wp-content/uploads/2008/06/fake_mercedes_benz.jpg)
should you scream bloody murder if they _try_ to give you that free service, but fill oil pan with brake fluid due to differences between real and fake one?
As a design engineer I have no control of my supply chain of parts, this is handled by a 3rd party.
so you are not responsible for it, whats the problem?
Now if the 3rd party sources a fake chip I am screwed.
did anything change today? you could ALWAYS get screwed by a fake transistor that burns out after couple of hours
As it is out of my control the consequence is simple: no more FTDI in my designs.
no more transistors too? no more opamps, no more avrs? I suppose you stopped using pendrives and SD cards, they all get faked in china
For personal and/or lab use (we consume quite a few of these cables here, test engineers always manage to blow stuff up..) I am definitely not going to buy any FTDI anymore! I cannot spend my time researching whether a device contains a legit or a fake chip.
you dont have to, fake one simply wont work outright = no wasted time
Now I am working on a new design, but I'd like to retain a USB -> TTL serial chip with drivers available on Windows Update.
As far as I know the Prolific PL2303 does not have a driver on Windows Update, am I right? I find this chip also hard to source locally for prototypes (EU based, so I prefer Farnell).
Anyone know an alternative?
why would you need any? Farnell has original chips and there is zero risk of getting fake, where is the problem?
I simply dont get angry people from this thread - you bought a fake, deal with it. Imagine someone selling Daves uCurrent Gold, build using 5% resistors and lm358, all made to look like the genuine one, except the price is $10. This is your $2 FTDI cable with free shipping.
-
Which Microsoft et. el. do all the time if they detect a fake serial (or Vendor ID in FTDI case.)
Do they?
The last time I saw anything of this nature it was when my neighbour asked if I could look at their computer.
It had a black background and a note on the screen somewhere that it was an unauthorised copy.
It still worked for most things and there was some sort of option provided to "correct" the fault.
Off topic, but in this case it was a brand name PC with a "genuine Windows" sticker on the side and it was still under original warranty. I recommended that they take it back to where they had purchased it from. I assume they did because I've never been asked to look at it again.
Seemed like (a) false positive, (b) not bricked, (c) still mostly operational, (d) hardware certainly not damaged.
Should Vishay be able to remotely brick your MacBook air if it contains a counterfeit resistor?
Why not? Although inconvenience, I would just get a refund from Apple. Who in that case would be in the wrong, not Vishay.
Suuuuure.
-
Which Microsoft et. el. do all the time if they detect a fake serial (or Vendor ID in FTDI case.)
Do they?
I'm guessing that you can yoll back the driver and use the FTDI util to change the vendor ID.
-
(http://all-funny.info/wp-content/uploads/2008/06/fake_mercedes_benz.jpg)
should you scream bloody murder if they _try_ to give you that free service, but fill oil pan with brake fluid due to differences between real and fake one?
You sure as hell should scream bloody murder if they go ahead and punch a hole in the oil pan.
This isn't "FTDI's driver accidentally damages clones". FTDI's driver contains code blatantly, explicitly, and clearly designed to damage clones.
-
Should Vishay be able to remotely brick your MacBook air if it contains a counterfeit resistor?
Why not? Although inconvenience, I would just get a refund from Apple. Who in that case would be in the wrong, not Vishay.
Suuuuure.
It's guaranteed by trading standards in the UK.
-
This isn't "FTDI's driver accidentally damages clones". FTDI's driver contains code blatantly, explicitly, and clearly designed to damage clones.
They removed their vendor ID from clone chips, nothing more.
-
so you are not responsible for it, whats the problem?
The trouble is this is difficult to support, so it will cost me time further down the line. I understand the reason why FTDI does this, but by hurting the end customer in an inconvenient way just causes a lot of potential support for me, this is something I simply do not have the time for..
did anything change today? you could ALWAYS get screwed by a fake transistor that burns out after couple of hours
Most discrete components get substituted by local alternatives instead of clones, these local alternatives can be easily verified whether they meet specification.
So far I have been lucky I guess as I do not recall problems with fake parts so far..
no more transistors too? no more opamps, no more avrs? I suppose you stopped using pendrives and SD cards, they all get faked in china
With semiconductor parts I have been lucky so far.. As for pendrivers and SD cards.. Please do not remind me of the pain I had already with that fake stuff :rant:
All the Raspberry PI development kits ship with our own SD card, you want to use another one? Fine: but no support from me anymore!
you dont have to, fake one simply wont work outright = no wasted time
Sure, buying them and testing them does not cost time and money :palm:
Or what do you think of the case when I test them on a PC with an older driver? In that case I hand over the working cable and it gets bricked at the end user, fun stuff right?
why would you need any? Farnell has original chips and there is zero risk of getting fake, where is the problem?
I am not scared about locally built prototypes: those will be fine. Problems will arise when stuff gets built in volume in the Far East.
I simply dont get angry people from this thread - you bought a fake, deal with it. Imagine someone selling Daves uCurrent Gold, build using 5% resistors and lm358, all made to look like the genuine one, except the price is $10. This is your $2 FTDI cable with free shipping.
The problem is the way FTDI hits the end user, fighting counterfeit parts is no problem! There are many different ways to fight these counterfeits, but FTDI managed to choose more or less the worst method I guess...
-
Now I am working on a new design, but I'd like to retain a USB -> TTL serial chip with drivers available on Windows Update.
As far as I know the Prolific PL2303 does not have a driver on Windows Update, am I right? I find this chip also hard to source locally for prototypes (EU based, so I prefer Farnell).
Anyone know an alternative?
I always liked the CP21xx devices from Silabs. I think these are also more robust (less problems when switching something on/off) than the FT232R. The only reason I choose for the FT232R is the TSOP package instead of QFN but the advantage of TSOP over QFN is marginal to me.
-
They removed their vendor ID from clone chips, nothing more.
So, they own an integer value?
As long as I don't violate any patents, I can build a system that talks a protocol that looks like USB (of course I'm not allowed to call it USB) and send any data I like.
-
This isn't "FTDI's driver accidentally damages clones". FTDI's driver contains code blatantly, explicitly, and clearly designed to damage clones.
They removed their vendor ID from clone chips, nothing more.
Actually, no, they removed the product ID only, not the vendor ID. And no, they don't actually legally own their Vendor ID in any relevant way, nor do they have the legal right to remove their Vendor ID from clone chips. USB Vendor IDs are, legally speaking, only relevant to USB certification. I can use whaver Vendor ID I damn well want in my product, and that is 100% legal, valid, and ethical (it just won't pass USB-IF certification).
Flamewar aside, I figured out what's going on with the real chips: turns out their EEPROM is written in 32bit units. Writing to even addresses is ignored; the value is buffered and the address discarded. Writing to odd addresses writes the entire 32bits, using whatever value was last buffered for the other half. So both the PID write and the checksum write are ignored on real FTDI chips, as they are both written to even addresses. I still don't know why it works on clone chips though, since the checksum is written to the wrong place (it should normally be on an odd address); presumably they don't check it.
-
I don't agree that this risk is limited to $2 converters with free shipping off Ebay.
When a contract manufacturing company is producing a product, and they get caught with short stock and long lead-times, they go to the grey market and take a risk. I've seen it first hand, time and time again. They get the parts in, test a couple, and if they work they give the all-clear for mass production.
So the products "at risk" here are ALL products with an FT232 chip in it, since you cannot possibly know where the device manufacturer obtained their parts.
My personal take on this is that FTDI have made a big mistake in not informing end users of the problem. I'm not sure if I have a problem with bricking the device as such, in the manner that they do it, (I can see both points of view) but I do have a problem with not informing the user. The vast majority of users will just experience a dead product, and will have no idea that the reason is because of a fake IC.
BJH
-
KPR8 has been banned therefore please do not report any more of his post!
-
For a moment, forget that you are engineers.
Consider end users. What someone owns a device with fake chip?
Imagine devices which are working for a long period of time and after the update... |O
It seems FTDI adopting "Stuxnet" policy!
-
wow, this really blew up while I was asleep!
thanks marcan for doing the disassembly legwork. Was going to give it a look this morning but I see that you have hex-rays, so I can't really compete with that! :P
Can we stop with the analogies please? Let's just look at the facts:
- after using a cloned/counterfeit device in a windows PC, it is "disabled"
- the disabled device has its product ID (not vendor ID) set to 0, which windows later than XP does not like
- you can not re-enable the device on the same PC that "disabled" it, unless you install linux (or XP :-//) and have a more advanced skillset than being able to plug in a usb cable
- the user is in no way notified that their cloned device has been disabled, unless they look at the device information in the system settings and then it's more like a "if 0000 then probably]/i] disabled by the driver"
- the code that disables the device was not present in the past, and it appears to have no purpose other than to disable the cloned devices
- the user is not given an option to accept or reject the license if it is delivered by windows update
- it is impossible for an end user to know if a chip is counterfeit (unless they are prepared to use nitric acid or an x-ray). To put it another way, it is not possible for a user to non-destructively know if the part is a counterfeit even if the part is in their hands
- there is no evidence that the clones are actually "clones" in terms of the die. The FTDI marking on top is definitely infringing, and it is possible to copy FTDI very accurately in this regard
- the people who make the die aren't necessarily the infringers. It is quite possible for someone to buy a batch of FTDI-interoperable chips, laser or sand the markings off the chip, and add new ones. See the sparkfun fake AVR episode
I've always purchased my stock from real suppliers, but now I'm worried to plug in any devices that have an FTDI chip in them that were purchased elsewhere (like the local electronics shop, sparkfun, adafruit, various embedded linux boards, microcontroller dev boards, etc). Fortunately I use linux and mac for almost anything.
PS if you'd like a USB serial converter to play with, the cypress PSOC boards come with one that you can snap off. And the boards are only $4 each, plus you get an ARM microcontroller! I bought 5. ^-^
-
I can use whaver Vendor ID I damn well want in my product, and that is 100% legal, valid, and ethical (it just won't pass USB-IF certification).
And risk breaking USB plug and play and end user systems.
-
Again: the only fake thing about the 'counterfeit' chips is the FTDI logo on them. The rest is 100% different so it doesn't infringe any copyrights, patents or whatever.
No. It's an IC plus a driver. And the clone is infringing on the software license agreement.
You can't enforce such a restriction under copyright law. You can allow people to use your software and make them pay whatever you want but you can't limit the way people use the software. Besides that the driver comes with Windows and there is no way to decline the license therefore the license is null and void.
-
And risk breaking USB plug and play and end user systems.
If by that you mean risk my device not working right because the wrong driver got loaded, sure; that's why we have IDs after all. But there is no risk to end user systems outside of the device in question.
We have certifications for a reason, and the system was designed this way for a reason, but there is a vast, vast difference between a) what the spec says, b) what is moral/right for end users, and c) what is legal.
Putting someone else's logo on your part? That's neither compliant with the spec, nor moral, nor legal.
Using someone else's VID with your own, custom, proprietary device? Violates the spec, it's stupid since it might cause trouble for end-users if there is a PID collision, but perfectly legal.
Using someone else's VID and PID, intending to provide a compatible programming interface? Still out of spec, but perfectly moral, most likely fine in the absence of malicious intent, and certainly legal.
-
Again: the only fake thing about the 'counterfeit' chips is the FTDI logo on them. The rest is 100% different so it doesn't infringe any copyrights, patents or whatever.
No. It's an IC plus a driver. And the clone is infringing on the software license agreement. There would be no issue if the clone ICs supplied their own driver. But they're not. They are using/stealing FTDI's driver in total violation of the licensing agreement. Buy the FTDI chip - use the driver, gratis. Otherwise, write your own driver.
It is the logo and the IDs used by the chip than makes it "fake". Using FTDI IDs the chips forcing OS to load the appropriate drivers.
Anyway this is well known by FTDI for long period of time.
http://gadgetmakersblog.com/2/ (http://gadgetmakersblog.com/2/)
-
For a moment, forget that you are engineers.
Imagine end users. What someone owns a device with fake chip?
Imagine devices which are working for a long period of time and after the update... |O
It seems FTDI adopting "Stuxnet" policy!
Agreed.
I'm still wondering just how big of a problem this is for FTDI and just what other options it had to protect itself from being cloned out of its own market?
-
I don't think you'd need to knowingly go grey market to get counterfeit chips. Proper suppliers have been hit by counterfeits before.
I agree, and that's because "proper" suppliers will experience the same issue. They need stock but can't deal with the lead times. So they put out interest to other suppliers. And then they run the risk of ending up with counterfeit devices.
Whichever way you look at it, there's a risk and I totally agree with you. But I think contract manufacturers pose the biggest risk. Perhaps that's just because I have first hand experience of them going to the grey market, being burned, and yet doing the same thing all over again the next time.
-
Does anyone know for sure how long this driver has been out?
A few hobbyists being inconvenienced by a cheap serial cable no longer working is one thing, but what happens when much bigger, more important equipment suddenly won't talk to the outside world any more?
Let's see, where are serial communication links used...
Automated test equipment? Sure.
CNC machines? Undoubtedly.
Hospital equipment? Quite possibly.
Air traffic control? Dunno.
Is is a good or bad idea to keep the PCs to which these machines are connected patched and up-to-date with all the latest updates from MS? Normally I'd have said 'yes', though it just became a more difficult question to answer correctly.
I wonder how many of these counterfeit parts are in use in the world's chip fabs...?
-
Somebody may have posted this earlier in the thread
Company Counterfeit Device Statement
FTDI Chip is committed to taking appropriate measures to protect our
customers from the adverse impacts caused by counterfeiting of FTDI Chip
devices. Many of these devices resemble FTDI Chip markings which may lead
the customer to believe they are genuine. FTDI Chip has established a proactive
and global process aimed at detecting and deterring such counterfeit activity.
In order to protect our customers from acquiring counterfeit FTDI Chip devices,
we strongly advise the purchase of products directly from FTDI Chip or one of
our authorised distributors.
Please visit our Sales Network for a complete listing of authorised sales and
distribution partners.
from http://www.ftdichip.com/Support/Documents/QualityDocuments/Counterfeit%20statement.pdf (http://www.ftdichip.com/Support/Documents/QualityDocuments/Counterfeit%20statement.pdf)
My opinion, which is worth what you are paying for it...
I have a great deal of sympathy with FTDI.
They shouldn't have done this: it will cause their customers (i.e. big companies) endless grief, will result in endless lawsuits (many directed at FTDI), and will large corporations' QA and purchasing departments may ban FDTI products from their future systems.
It is a "sony rootkit" moment.
-
Agreed.
I'm still wondering just how big of a problem this is for FTDI and just what other options it had to protect itself from being cloned out of its own market?
Well, there are plenty of ways they could have taken instead of bricking hardware. And it obviously is a problem for them when they are taking such ridiculous action as to sabotage someone else's hardware.
On the other hand, there are plenty of other USB-to-whatever bridge manufacturers - Prolific, Microchip, Cypress ... Is FTDI going to start to attempt sabotaging every other competitor as well now? (technicalities about loading the drivers due to different VID:PIDs aside). Where is this BS going to stop?
-
why would you need any? Farnell has original chips and there is zero risk of getting fake, where is the problem?
I simply dont get angry people from this thread - you bought a fake, deal with it. Imagine someone selling Daves uCurrent Gold, build using 5% resistors and lm358, all made to look like the genuine one, except the price is $10. This is your $2 FTDI cable with free shipping.
I agree with you
-
Does anyone know for sure how long this driver has been out?
A few hobbyists being inconvenienced by a cheap serial cable no longer working is one thing, but what happens when much bigger, more important equipment suddenly won't talk to the outside world any more?
Let's see, where are serial communication links used...
Automated test equipment? Sure.
CNC machines? Undoubtedly.
Hospital equipment? Quite possibly.
Air traffic control? Dunno.
Is is a good or bad idea to keep the PCs to which these machines are connected patched and up-to-date with all the latest updates from MS? Normally I'd have said 'yes', though it just became a more difficult question to answer correctly.
I wonder how many of these counterfeit parts are in use in the world's chip fabs...?
As a general rule, the higher the price/risk of failure, the more stringent parts, suppliers and contractors are assessed. At the company my brother works for, you have to go to the manufactures directly or get a batch code from them to go to a distributor with.
-
Agreed.
I'm still wondering just how big of a problem this is for FTDI and just what other options it had to protect itself from being cloned out of its own market?
Well, there are plenty of ways they could have taken instead of bricking hardware. And it obviously is a problem for them when they are taking such ridiculous action as to sabotage someone else's hardware.
Such as?
-
They removed their vendor ID from clone chips, nothing more.
So, they own an integer value?
As long as I don't violate any patents, I can build a system that talks a protocol that looks like USB (of course I'm not allowed to call it USB) and send any data I like.
then be prepared to receive and handle any data third party software throws at you
-
Somebody may have posted this earlier in the thread
from http://www.ftdichip.com/Support/Documents/QualityDocuments/Counterfeit%20statement.pdf (http://www.ftdichip.com/Support/Documents/QualityDocuments/Counterfeit%20statement.pdf)
My opinion, which is worth what you are paying for it...
I have a great deal of sympathy with FTDI.
They shouldn't have done this: it will cause their customers (i.e. big companies) endless grief, will result in endless lawsuits (many directed at FTDI), and will large corporations' QA and purchasing departments may ban FDTI products from their future systems.
I'm sure FTDI would have done a bit of research first. Traced down the manufacture, looked at who they where selling to and what numbers before acting on it.
I'd be surprised if this will effect nothing more than cheap usb->serial cables and ebay arduinos. Something which will give the likes of Adafruit and Sparkfun a bit more breathing room.
-
Interesting. I just saw this driver debacle on hackaday. (I have seen the microscope comparison pictures, that was cool! I like chips...)
Got me thinking.
I have a self built Atmel STK500 compatible programmer, that has a FT232 in it. It was an OK programmer but it was difficult to use with any type of USB extension cable. I will do this update and check it this evening... maybe I had a counterfeit FT232RL.
-
When they say their driver may harm a product of another vendor, I normally take that to mean that they cannot guarantee that it won't break by "normal use" by the FTDI driver. That they intentionally take measures to break it makes it a whole new type of game.
I can visually see the difference between the fake FTDI chips that I have and the real ones.
If the consensus is that it is legal to fake the FTDI VID, then the fake parts are legal, except maybe the trademarked "FTDI" marking printed on the top. I don't think it is fair that FTDI disables the chips that violate that trademark. What right do they have to involve consumers that happen to have bought an item that contains a trademark violating component?
When I look on the "Texas instruments" site they have a "pricing at 1k" column in their product selection tables. As I don't buy components from them in 1k units, those prices are way lower than what I pay with Farnell for 2, 5 or 10 of them. With a lot of products we KNOW that in china people can earn money from putting items in envelopes at $1 per item including shipping. So what makes it impossible that someone in china bought 1k FTDI chips and is willing to sell them to me at cost+shipping+margin ending up cheaper than Farnell at 5, 10 or 20 quantity?
Also, getting the right amount of chips at the right moment in time for production is difficult. So if someone has bought 100k chips, but then the production run gets cancelled at 80k and they are left with 20k chips but no PCBs to put them on. What now? If you sell them at the normal price every potential buyer will buy from the normal distributer. So with the leftover chips, someone will have to take their loss, and sell them below "normal" price (which for that person/company is better than taking a 100% loss on those chips). So it is also conceivable that some chips are available at prices BELOW normal volume prices because of some over-buying situations.
Is everything from that end of the globe fake? If you buy an STM32F103 development board, is the STM chip on there fake?
As for what FTDI can do about the fakes, wouldn't it be much nicer if they said (say, in a popup window): "The chip you have connected claims to be FTDI, but is in fact a fake. We, FTDI, invested time and money to make drivers for our chips. Please contact the vendor of this chip for the driver for their chip".
Well, there are plenty of ways they could have taken instead of bricking hardware. And it obviously is a problem for them when they are taking such ridiculous action as to sabotage someone else's hardware.
Such as?
If you buy a game from vendor X and in the EULA it says it cannot guarantee to work on PCs that have games from other vendors installed. Would you read that EULA? Would you be surprised if it erased essential parts of the other game? What if you load a driver/utility for your seagate disk, and it intentionally bricks the western digital drive in your computer? Would that be OK?
-
A point that a lot of people are missing is that some very expensive equipment could go out of action.
For example a manufacture of industrial machinery that was originally controlled by a serial link has had an FT232 designed into later revisions due to the disappearance of serial ports on computers. They might only sell 50 machines a year so they are not in a position to buy direct form the manufacturer so they go on-line and buy from the channel. If these fake chips have made their way into the channel then there could be factories with equipment costing many thousands and production lines stopped because of this deliberate action by FTDI.
The driver has a way to identify the fake chips so they could have easily just have made it so that the driver no longer worked for the fake chip. Deliberately damaging the fake chip is just going to far.
-
Hospital equipment? Quite possibly.
Air traffic control? Dunno.
I don't know that any of FTDI's parts (especially the FT232 concerned here) are certified for life-critical systems, so they wouldn't appear in those settings.
In this whole affair, the chain of responsibility goes back to the suppliers of the counterfeit parts.
- Products stop working as intended, they are returned to the manufacturer.
- Manufacturer has cluster of returned products. Investigates.
- All came from factory X, between dates Y and Z.
- Supplier of FT232 for that batch/es grilled. Taken to court.
- Supplier goes to their supplier seeking satisfaction
- And so on until the counterfeit chip maker has nobody to sell to.
-
T-shirt idea:" OMG FDTI Killed my Dongle.. You Bastards" :D
-
When I look on the "Texas instruments" site they have a "pricing at 1k" column in their product selection tables. As I don't buy components from them in 1k units, those prices are way lower than what I pay with Farnell for 2, 5 or 10 of them. With a lot of products we KNOW that in china people can earn money from putting items in envelopes at $1 per item including shipping. So what makes it impossible that someone in china bought 1k FTDI chips and is willing to sell them to me at cost+shipping+margin ending up cheaper than Farnell at 5, 10 or 20 quantity?
haha essentially what I do but from the UK so faster and more reliable*
*when you don't take royal mail's "performance" into account
-
All FTDI need to do is write the driver to refuse to talk to fake chips which is perfectly legal and maybe send details of the product back to FTDI so that they can track the offenders down. Now if windows is using FTDI's drivers then that is not the users problem and is something they need to take up with microsoft
-
Does anyone know for sure how long this driver has been out?
The drivers dated 2014-09-29 have the license file waning of damage to parts, the ones released 2014-02-21 do not.
My guess is since 2014-09-29. This fits in with reports of people having problems starting from early this month.
-
Our company had some BSOD problems last year. Devices were not bricking, but some computers would BSOD during comm init. Vista and 7 were affected, but not all. The chip (FT232RQ) was purchased from farnell and included in to some expensive gear. Clients started returning our product. Massive losses. We did not find a solution or cause and simply decided that this chip is crap. Went for silicon labs alternative, which works fine and is a lot cheaper too.
I can imagine exact thing happening again.
-
I saw this issue with PID of 0000 just under a month ago, added the PID to the inf file and was working fine for me.
The fact that Microsoft allowed this in an update is not an issue with Microsoft but with FTDI. it should not have the effect of bricking the device and i'm sure that is borderline illegal.
I have uploaded the inf files to work with the device with a PID of 0000 here:
http://s000.tinyupload.com/?file_id=02202246962541455351 (http://s000.tinyupload.com/?file_id=02202246962541455351)
Extract the official drivers, replace the inf file with these, then install the inf files one at a time.
FTDI need to release another update through microsoft to change the device PID back to whatever it should be to correct this issue.
Faith in FTDI is now shaken, they need to fix this issue to fix their reputation and image in the eyes of the electronic world.
ALL YOUR BASE ARE BELONG TO US
-
Our company had some BSOD problems last year. Devices were not bricking, but some computers would BSOD during comm init. Vista and 7 were affected, but not all. The chip (FT232RQ) was purchased from farnell and included in to some expensive gear. Clients started returning our product. Massive losses. We did not find a solution or cause and simply decided that this chip is crap. Went for silicon labs alternative, which works fine and is a lot cheaper too.
I can imagine exact thing happening again.
Thats a sad tale, and just because you bought from Farnell doesn't mean the chips were not fake.
-
Here ya go ==> http://www.ftdichip.com/Support/Documents/AppNotes/AN_107_AdvancedDriverOptions_AN_000073.pdf (http://www.ftdichip.com/Support/Documents/AppNotes/AN_107_AdvancedDriverOptions_AN_000073.pdf)
;D
-
Thats a sad tale, and just because you bought from Farnell doesn't mean the chips were not fake.
Yes, I wanted to say that you can never know, even when buying from legit sources. We still don't know what happened, no proof it being fake etc. So safest step would be to simply not use it.
I just informed my new colleagues about this and response was "ok, I see. No FTDI then."
-
Another new T-SHIRT idea:
"FTDI - Remember them?"
or simply:
"FTDI - WTF?"
-
Here ya go ==> http://www.ftdichip.com/Support/Documents/AppNotes/AN_107_AdvancedDriverOptions_AN_000073.pdf (http://www.ftdichip.com/Support/Documents/AppNotes/AN_107_AdvancedDriverOptions_AN_000073.pdf)
;D
FTDI's datasheets make my eyes hurt, with their stupid large fonts and Chad-Valley colour schemes.
-
The fact that Microsoft allowed this in an update is not an issue with Microsoft but with FTDI.
It is a potential massive issue with MS.
Unlike the drivers you download from FTDI, which have a warning, albeit hidden on a second page, the MS stuff is installed without express permission.
If someone were to sue, they would sue MS, not FTDI, as it was MS that delivered the malware which broke their hardware.
However where it gets more muddy is showing intent - FTDI clearly had the intent to cause damage, which is not only a civil but pprobally also a criminal matter (in the UK, criminal damage, and Computer Misuse act) .
My guess is MS will not admit whether or not they knew about it, as if they did know, they would also open themselves to action based on intent to cause damage.
-
All FTDI need to do is write the driver to refuse to talk to fake chips
The problem with this is that the test is also a countermeasure: FTDI tries to brick the device in a specific way, that doesn't affect legit chips.
-
I have one left (the rest of the boards I bought are still on a boat) so here it goes:
Before:
[178303.303679] usb 2-4.2.4: New USB device found, idVendor=0403, idProduct=6001
After:
[178454.602228] usb 2-4.2.4: New USB device found, idVendor=0403, idProduct=0000
Git pull request for this driver update would be handy, would make for a fantastic Linus rant.
-
In this whole affair, the chain of responsibility goes back to the suppliers of the counterfeit parts.
- Products stop working as intended, they are returned to the manufacturer.
- Manufacturer has cluster of returned products. Investigates.
- All came from factory X, between dates Y and Z.
- Supplier of FT232 for that batch/es grilled. Taken to court.
- Supplier goes to their supplier seeking satisfaction
- And so on until the counterfeit chip maker has nobody to sell to.
Can you think of any reason why FTDI, being the sole beneficiary of this long, drawn-out and hugely expensive process besides the lawyers, should NOT foot the bill for it?
-
haha essentially what I do but from the UK so faster and more reliable*
*when you don't take royal mail's "performance" into account
You prefer CityLink or Yodel? Really? Ever had to retrieve a "delivery" from your rubbish bin (I have)?
(BTW I've just had a RM try to deliver a parcel to me despite it being the wrong road - and despite there being a sign 1" from the doorbell indicating that. Worst example of a misdelivery was roof-height scaffolding!)
-
It is the logo and the IDs used by the chip than makes it "fake".
No it's not. At least in the EU, interfaces, APIs and software functions used for interoperability cannot be copyrighted. Moreover in some countries the reproduction of such interfaces for the purpose of interoperability is even protected, rendering EULAs that forbid 'emulating' a device void. And the driver can not determine if the device brings their logo.
Their only defense was that they're exploiting a side-effect of running some code on the counterfeit device, but that stopped being effective as an excuse the moment they acknowledged they are aware their drivers are actively bricking third party devices.
Shielding behind the EULA is not going to work either: if I plug my end-user device I bough with due diligence from a reputable vendor into someone else's laptop and the driver included in Windows renders it interoperable, where is that I had the chance of being made aware of their policy?
(sidenote: I am sympathetic to their massive issues to fight counterfeit devices flooding their market, on the other hand, I am concerned that my consumer rights don't get in the middle of a battle between manufacturers and clones)
-
The problem with this is that the test is also a countermeasure: FTDI tries to brick the device in a specific way, that doesn't affect legit chips.
Then they should change it right back when done, but a better test probably exists.
-
All FTDI need to do is write the driver to refuse to talk to fake chips
The problem with this is that the test is also a countermeasure: FTDI tries to brick the device in a specific way, that doesn't affect legit chips.
They could've written to an even EEPROM location, read it back to check whether it was indeed written, then restored it. This would've been slightly dangerous (disconnecting the device at the wrong time would cause a checksum failure which *might* cause it to malfunction), which is a far cry from consistently and deliberately bricking every device.
-
Can you think of any reason why FTDI, being the sole beneficiary of this long, drawn-out and hugely expensive process besides the lawyers, should NOT foot the bill for it?
Of course they should foot the bill.
I'm sure they already worked out a ballpark figure of what said bill might be, and still decided they'd end up better off, with their army of accountants and lawyers.
-
I now face an interesting problem. Suppose I want to buy a USB to serial cable from Saturn (a reputable electronics retailer here in Europe) and the outside of the packet says that it has an FTDI chipset:
If the chipset is genuine the I am supporting FTDI and I do not want to do this.
If the chipset is fake then it will die as soon as I plug the cable into an MS Windows machine.
My only option is therefore to avoid ANY product that has an FTDI chip leading to loss of business on their part. Rather silly on their part, killing their own market like that.
-
If nothing else this sets a very dangerous precedent.
Crap like DRM is bad enough, but if this sort of behaviour is allowed (e.g. by Microsoft including it in updates), and is considered "acceptable", what next?
Printer bricked after using knock-off cartridge?
Hard disk wiped if MS discovers your license number is a copy?
Phone bricked after using a fake battery?
I don't think that we'll see much of that since it would be plain illegal in several countries. For Germany it's quite simple. Any warning in the licence or another paper about bricking stuff is invalid since it would be a bad surprise and also would discriminate users disproportionately. Bricking devices is a willful damage to property and that's an offence. Things like wiping disks is computer sabotage, also an offence. The vendor would have to compensate the user for any damages and would also face a fine and/or some jail time for the responsible managers.
-
haha essentially what I do but from the UK so faster and more reliable*
*when you don't take royal mail's "performance" into account
You prefer CityLink or Yodel? Really? Ever had to retrieve a "delivery" from your rubbish bin (I have)?
(BTW I've just had a RM try to deliver a parcel to me despite it being the wrong road - and despite there being a sign 1" from the doorbell indicating that. Worst example of a misdelivery was roof-height scaffolding!)
I'm holding tight for xmas, when RM became privatized my lost deliveries went from 1 per 2 months to 2 per week! they now contractually reserve the right to take 15 days more than "promised" or "aimed" to deliver and even for "special delivery guaranteed by x time next day" they make the contractual right to take 10 days on top of that if they feel like it.
Yea the cheap parcel carriers are crap - you generally get what you pay for
-
I sense a very interesting shitstorm brewing!
I just cannot fathom what kind of thinking led to releasing a driver like this from FTDI. I'm absolutely certain they WILL get sued by some party having massive losses due to this sabotage.
I agree with every (sensible) person here that showing an explicit window saying this driver will not work this counterfeit chip would have been perfectly good enough. But actively sabotaging chips due to a counterfeit logo, wow.
The only logical conclusion I can come up to is that I will not use any FTDI chips in my own or my work projects because of this debacle. This way I can minimize my (and my employers) risk of getting caught up in this. Also this kind of stuff is pretty telling of the companys ethics and I do not want to condone such behaviour.
-
Here ya go ==> http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal)
Must admit. The logo on the fake IC is way better than the one on the real IC ;D
-
I now face an interesting problem. Suppose I want to buy a USB to serial cable from Saturn (a reputable electronics retailer here in Europe) and the outside of the packet says that it has an FTDI chipset:
If the chipset is genuine the I am supporting FTDI and I do not want to do this.
If the chipset is fake then it will die as soon as I plug the cable into an MS Windows machine.
My only option is therefore to avoid ANY product that has an FTDI chip leading to loss of business on their part. Rather silly on their part, killing their own market like that.
Perhaps they are already receiving a bad reputation and loosing their market share as people are buying what they believe to be FTDI products that do not meet the full specifications in the datasheet.
It'll be interesting to see if someone does a full comparison of a fake IC next to a real one.
-
In case anyone was still wondering if this is intentional and malicious...
(https://marcan.st/transf/ftdi_evil.png)
Straight out of their driver. Function/variable naming and comments mine.
Edit: Ooooh this is cleverer than I thought. So what's going on is that on real FT232RLs, the EEPROM is written in 32-bit units: writes to even addresses are buffered, and writes to odd addresses write 32 bits at once: the buffered 16 bits, and the supplied 16 bits. So, on a real FT232RL, this code does nothing; it just buffers 16 bits then buffers another 16 bits and no writes are issued. On a clone FT232RL, this writes the PID to 0 (breaking the checksum) and writes not the checksum, but the value required to make the existing checksum match to address 62. In combination, these two writes make the checksum at address 63 valid again (without modifying it). I've updated the image above with the new analysis.
Thanks for your reverse engineering.
I think all other things are sayd. I would wonder if no one of the poeple that posts here for FTDI is payd.
-
Parody patch sent for linux kernel. :)
https://lkml.org/lkml/2014/10/23/129
-
Parody patch sent for linux kernel. :)
https://lkml.org/lkml/2014/10/23/129
You sure that's a parody? Also, damn you beat me to posting that link.
-
Parody patch sent for linux kernel. :)
https://lkml.org/lkml/2014/10/23/129
*ROFL*
-
Their only defense was that they're exploiting a side-effect of running some code on the counterfeit device, but that stopped being effective as an excuse the moment they acknowledged they are aware their drivers are actively bricking third party devices.
Technically why should they bother in that case. It works perfectly on the target device. If the poorly cloned counterfeit device which is illegal to sell cannot bear normal operation of the driver, why should they bother at all. Manufacturer is not supposed to modify drivers because of the counterfeit device exists. Moreover rolling back to the older driver if you know that it is a fake, is also breaking of the older driver licence agreement. So technically what is a difference between bricking the device and make user to know that it is a fake as it becomes illegal to use the counterfeit device since the moment user becomes aware of it being fake?
-
Their only defense was that they're exploiting a side-effect of running some code on the counterfeit device, but that stopped being effective as an excuse the moment they acknowledged they are aware their drivers are actively bricking third party devices.
Technically why should they bother in that case. It works perfectly on the target device. If the poorly cloned counterfeit device which is illegal to sell cannot bear normal operation of the driver, why should they bother at all. Manufacturer is not supposed to modify drivers because of the counterfeit device exists. Moreover rolling back to the older driver if you know that it is a fake, is also breaking of the older driver licence agreement. So technically what is a difference between bricking the device and make user to know that it is a fake as it becomes illegal to use the counterfeit device since the moment user becomes aware of it being fake?
Why ? Because they are now in a war that they can't win. Chinese manufacturers will follow and then they can update their drivers again. And so on.....
AND:It's NOT illegal to sell the chip. Maybee some of the chips are wrapped with epoxid and tagged as ftdi, but you're sure all destroyed chips are so? how can the driver test this ? Its illegal to destroy chips with this insufficient test!
It will not be more true if you post this wrong fact in every of your messages.
Edit:And if the war runs long enough, chinese cloners have perfect rebuilds that works like the original with no chance to test for the driver.
-
AND:It's NOT illegal to sell the chip.
Yes it is. As it is illegal to even send it abroad tor return back to the seller as any other counterfeit.
-
Agreed.
I'm still wondering just how big of a problem this is for FTDI and just what other options it had to protect itself from being cloned out of its own market?
Well, there are plenty of ways they could have taken instead of bricking hardware. And it obviously is a problem for them when they are taking such ridiculous action as to sabotage someone else's hardware.
Such as?
Nag screen when you plug in a device something like what microsoft do, in form the user and annoy them slightly then let them on their way :-//
"You may be a victim of USB hardware counterfeiting, please contact your supplier to ensure they use only genuine FTDI parts"
-
Parody patch sent for linux kernel. :)
https://lkml.org/lkml/2014/10/23/129 (https://lkml.org/lkml/2014/10/23/129)
It seems the official Linux kernel is already patched to keep using the bricked FT232 devices. https://www.mail-archive.com/linux-usb@vger.kernel.org/msg50762.html (https://www.mail-archive.com/linux-usb@vger.kernel.org/msg50762.html)
I also see that the driver supports a healthcare device so I hope there are real FTDI devices in there.
-
After going through my USB devices it appears that I may need to be careful with one item:
Logic Analyzer Bus 001 Device 004: ID 0925:3881 Lakeview Research
MiniVNA Bus 006 Device 003: ID 0403:6001 Future Technology Devices International, Ltd FT232 USB-Serial (UART)
Picoscope Bus 002 Device 003: ID 0ce9:1001 pico Technology PicoScope3204
Parallel Port Interface Bus 006 Device 004: ID 067b:2305 Prolific Technology, Inc. PL2305 Parallel Port
Old Webcam Bus 006 Device 005: ID 093a:2460 Pixart Imaging, Inc. Q-TEC WEBCAM 100
New Webcam Bus 002 Device 007: ID 046d:082b Logitech, Inc.
I have no idea if the FTDI chip in my MiniVNA is genuine or a fake and just to get to the chip will mean a complete strip down. I may wait a few days to see if the patch is removed by Microsoft.
-
AND:It's NOT illegal to sell the chip.
Yes it is. As it is illegal to even send it abroad tor return back to the seller as any other counterfeit.
Why should it be illegal ? the chip is not a copy, its a rebuild from reverse engineering and datasheets. Thats legal in the complete eu and in many other countries. in china, where the chips are developed its legal too. So can you me name ANY real reason why this chips should be illegal ?
-
FTDI is at fault for this as they were the ones who passed on the driver to Microsoft to be included in the update. Microsoft are doing as they have always done and take the word of the manufacturers that what they are going to be including into their update will not be malicious to preexisting devices.
Yes it's a pain that this situation has come about and yes it's a pain that some peoples devices are being affected by this, but it is not the customers fault that devices are being bricked, intentionally or not. The fact of the matter is that this situation has happened. The only foreseeable way out of this is for FTDI to change their code to support correcting this issue in affected devices, which they will not want to do or foot the bill for as it's not their product in the device which is now broken.
Such as the situation is bad, this has highlighted sellers of this chip so people who have bought fake chips know where they bought them from and those places should be listed as not to further the problem. Microsoft should reverse the update so that it doesn't affect any further devices and those with affected devices will have to foot the bill and pass that back on to the manufacturing and sellers of the fake devices which were purchased.
In the long run, it's a terrible thing that has happened but but it can be reversed on most devices and once Microsoft pulls the update those devices will be able to work again, albeit that FTDI won't want to be changing their source... they should think about doing so as a customer relations exercise.
-
AND:It's NOT illegal to sell the chip.
Yes it is. As it is illegal to even send it abroad tor return back to the seller as any other counterfeit.
Why should it be illegal ? the chip is not a copy, its a rebuild from reverse engineering and datasheets. Thats legal in the complete eu and in many other countries. in china, where the chips are developed its legal too. So can you me name ANY real reason why this chips should be illegal ?
If you can find a single clone that is not marked as FT232, then maybe. But I'm not aware of such existing, as they are mostly prolific clones. Anyway now people are yelling about bricking devices where are chips with FTDI and FT232Rx written on them indeed. I'm not big supporter of such tactics, but i think that technically it is OK to do in legal aspect.
-
I bought an FTDI cable from farnell, it came with no driver so FTDI seem to be maliciously using microsoft as a distribution medium as a device that was originally installed by windows is more likely to have an update installed for it by windows......
If FTDI supplied a driver then they could remote;ly argue that they aren't responsible for the choice of drivers used.
-
AND:It's NOT illegal to sell the chip.
Yes it is. As it is illegal to even send it abroad tor return back to the seller as any other counterfeit.
Why should it be illegal ? the chip is not a copy, its a rebuild from reverse engineering and datasheets. Thats legal in the complete eu and in many other countries. in china, where the chips are developed its legal too. So can you me name ANY real reason why this chips should be illegal ?
If you can find a single clone that is not marked as FT232, then maybe. But I'm not aware of such existing, as they are mostly prolific clones. Anyway now people are yelling about bricking devices where are chips with FTDI and FT232Rx written on them indeed. I'm not big supporter of such tactics, but i think that technically it is OK to do in legal aspect.
The thing is, the driver will destroy the chips that are not marked as FTDI too. In germany(and I think EU too) we have laws against this.
Technically all you can do is okay. But technically if FTDI has a security problem of his computers it's okay too to steal all it's IP and sell it to china. They are dumb enough to don't close the security flaw, so they must suffer. But shall we really think just technically ?
I think its really dumb to do that, because it's just breaks old payd working devices, and some new ones. The new ones will now equiped with better fakes or chips from other vendors. The win of this is volatile. the image problem for FTDI will remain.
-
So what makes it impossible that someone in china bought 1k FTDI chips and is willing to sell them to me at cost+shipping+margin ending up cheaper than Farnell at 5, 10 or 20 quantity?
Nothing, but if you buy from a source that doesn't offer the traceability of distributors, that's a chance you're willing to take. You're also willing to accept that the parts may have suffered from ESD damage, been improperly stored and all the other things distributors take care of.
Edit:And if the war runs long enough, chinese cloners have perfect rebuilds that works like the original with no chance to test for the driver.
That goes without saying. The only question is how long it takes for the current generation of clones to disappear from the market.
Why should it be illegal ? the chip is not a copy, its a rebuild from reverse engineering and datasheets. Thats legal in the complete eu and in many other countries. in china, where the chips are developed its legal too. So can you me name ANY real reason why this chips should be illegal ?
The chips are sold as FTDI chips, bearing the FTDI markings. That makes them counterfeits, and selling them is not legal in the EU.
-
So what makes it impossible that someone in china bought 1k FTDI You're also willing to accept that the parts may have suffered from ESD damage, been improperly stored and all the other things distributors take care of.
And would you like a tin hat to go with that ? I've never had problems and use paper bags
I bought 1000 ATmega328's from Farnell only to find that they were packed in the shittiest tubes I've ever seen (looked more like extra thick socket tubes) with wrong sized rubber plugs, they fell out got all bent up in the box and some didn't even work, god knows how they ended up in non atmel branded tubes of random lengths. I could be forgiven for thinking they had been swept up from a factory floor and repackaged.......
Good news is that I program the arduino bootloaders myself so any dodgy ones show up and get canned by me.
-
I can think of 2 issues why FTDI would do this, and why they should not do this:
The biggest problem I can think of is support for FTDI. If a customer have had a batch made in China, came back for compliance testing and failed on the USB part. "But I thought we were using the FTDI chip correctly - all engineering data looked OK; let's contact FTDI!". It would be a very nasty surprise for both parties if it turns out the chips were fake. I suspect they have had numerous cases of this happening, which had maybe costed them a lot of money and faith for those customers. Resetting the Vendor ID sounds like: "get of my USB lawn!" - which is OK-ish.
However their software states you can only use it with official FTDI chips. Unless I have read over it, but does that also reserve them the right to interface and interact with chips that are not official FTDI? If it does, then it was OK in the first place to use FTDI-compliant chips with their driver. But that is obviously not what they want.
So I assume their driver license excludes the usage of unofficial FTDI chips with their driver - so why they the hell are they interfacing with it in the first place and change the ID? Or will they defend this as the only detection mechanism for a counterfeit chip?
I would have thought a better solution would be that the FTDI chip wouldn't enumerate and display the device descriptor as "Counterfeit FT232RL". Bricking the chips and affecting end customers is rather.. how the Chinese works. They will probably be beaten by experience at that level.
-
Why should it be illegal ? the chip is not a copy, its a rebuild from reverse engineering and datasheets. Thats legal in the complete eu and in many other countries. in china, where the chips are developed its legal too. So can you me name ANY real reason why this chips should be illegal ?
The chips are sold as FTDI chips, bearing the FTDI markings. That makes them counterfeits, and selling them is not legal in the EU.
No, the CHIPS are marked as SR1107 SUPEREAL, the epoxid where the chips in are marked as FTDI. But are you sure all chips hat FTDI cases ? I'm not.
-
No, the CHIPS are marked as SR1107 SUPEREAL, the epoxid where the chips in are marked as FTDI. But are you sure all chips hat FTDI cases ? I'm not.
Show me even one instance where that has happened. As far as I'm concerned, it's just hyperbole and hypotheticals.
-
But shall we really think just technically ?
That's what lawyers and judicial system are for. So bastards can technically be clean and get away according to the law :-DD.
-
I understand there are a lot of angry people out there. But I have some remarks to think about.
1. FTDI detects that the chips are counterfeit, however the process of doing this bricks the counterfeit chips. The copy is not functional equivalent to the real FTDI chip and therefor stops working.
2. After this detection process the chip is left in a undefined state. Is it really the task of FTDI to clean this up?
3. If they choose to do the test and restore the content of the eeprom it will also result in a massive failure of devices. Because frequently programming and erassing an eeprom will certaintly destroy it. Keep in mind that the FTDI device eeprom is not programmed using this detection circuit.
I agree, that this detection method is a lost cause. Because counterfeit chips will have the same behaviour in approximately 3 to 4 months. This will make them even harder to detect.
Comparing INTEL vs AMD is not a good comparising in this case, because they have cross licensing deals. AMD did not reverse engineer the chips, but had a license to produce the design from INTEL for INTEL. AMD manufactored copyright by INTEL and so on.
FTDI is only preventing user from using their driver with counterfeit chips. There is nothing wrong with this.
This process also prevents reverting to older driver. For now this works.
The question is also how good do these chips work and are they fully compatible. The answer for now is NO and therefor can't be used with the FTDI driver.
The USB vendor id and product id are reserved for and by FTDI. Using them results in a non working plug and play system.
The chips are sold as counterfeits and therefor they should not be used. This is very simple and is valid in the whole of europe. A fake Rolex will also be destroyed and the buyer is responsible for this. Actually buying counterfeit products is a crime.
Ok my thoughts on the subject.
-
So...
there's this drug dealer.
He sells the good stuff.
And there's these people who like drugs.
So they buy lots of drugs from him
and then some other dealer moves in
and sells drugs of lesser quality... but similar
So they start going to this new guy
and the older dealer?
what does he do?
RIGHT
he shoots the junkies.
-
1. FTDI detects that the chips are counterfeit, however the process of doing this bricks the counterfeit chips. The copy is not functional equivalent to the real FTDI chip and therefor stops working.
2. After this detection process the chip is left in a undefined state. Is it really the task of FTDI to clean this up?
This is incorrect. FTDI doesn't actually detect that the chips are counterfeit at all. The driver, instead, uncoditionally, and without feedback, issues a set of commands that have been carefully and meticulously crafted to do nothing to a real FT232RL (and only FT232RL - they'd almost certainly brick other FT*** chips!) while bricking a counterfeit chip. The driver doesn't even check if the device was bricked/modified/a clone. In fact, I believe the driver will work fine with a clone the first time it's plugged in - until the device is reset, the new EEPROM content is applied, and the brick becomes evident.
3. If they choose to do the test and restore the content of the eeprom it will also result in a massive failure of devices. Because frequently programming and erassing an eeprom will certaintly destroy it. Keep in mind that the FTDI device eeprom is not programmed using this detection circuit.
EEPROMs are usually pretty resilient (unlike Flash), and only counterfeit chips would actually be programmed, and then only once each time they are enumerated. This would not affect their customers, nor will it realistically affect the clones either, unless their EEPROM array is crap.
This is unquestionably a deliberate act by FTDI to brick clone devices. It's not a "clone detection that unfortunately bricks them". They went for the kill, going as far as reversing their own checksum routine to be able to bypass the checksum in a way that only takes effect on clones. I suspect someone at FTDI might think they're safe because "well, we issue the same commands to all chips, it's not our fault that only clones are affected!!!!", but that's not going to stand up in court when it is evident and unquestionable that the code has been designed for the sole purpose and effect of bricking clone chips.
FTDI is only preventing user from using their driver with counterfeit chips. There is nothing wrong with this.
Uh, no. FTDI's driver makes the victim device not work with *any* driver. FTDI did not write the driver that Linux uses. Plugging a clone into a Windows box running FTDI's driver will make it stop working on a Linux box which has nothing to do with their intellectual property. This is deliberate destruction (or at least damage) of property, and almost certainly illegal in most reasonable jurisdictions.
For now this works.
You mean for now this doesn't work and people's devices are now broken.
The question is also how good do these chips work and are they fully compatible.
They were until FTDI decided to latch onto implementation minutiae to destroy them. There's a difference between a functional clone and a 100% perfect bug-compatible replica.
The USB vendor id and product id are reserved for and by FTDI.
If you want to use the USB logo.
Using them results in a non working plug and play system.
No, using them results in their driver being loaded. Or someone else's driver for FTDI chips (like the one in Linux). Nothing more, nothing less. In fact, I would strongly consider using their VID and PID if I were writing USB-serial firmware for something and wanted it to work anywhere (though I'd probably end up going for CDC if that works out of the box on Windows these days). And it would be perfectly legitimate. It's a number, and FTDI have no legal protection from others using it.
The chips are sold as counterfeits and therefor they should not be used.
Agreed. This, unfortunately, has nothing to do with the unlucky manufacturers and especially end-users who unintentionally ended up with counterfeits.
This is very simple and is valid in the whole of europe. A fake Rolex will also be destroyed and the buyer is responsible for this. Actually buying counterfeit products is a crime.
Nope. Only in France and Italy. Buying counterfeit products is legal in the rest of the world. You're even allowed to knowingly import one counterfeit item per class into the US. *Selling* counterfeit products is illegal. Buyers/end-users have no fault in any of this, and destroying their hardware because it's counterfeit is *WRONG*.
-
If you can find a single clone that is not marked as FT232, then maybe. But I'm not aware of such existing, as they are mostly prolific clones. Anyway now people are yelling about bricking devices where are chips with FTDI and FT232Rx written on them indeed. I'm not big supporter of such tactics, but i think that technically it is OK to do in legal aspect.
Yes there are certainly FT232-compatible ICs with no FTDI markings on them (http://hardware.slashdot.org/comments.pl?sid=5861063&cid=48206385).
I did a bit more digging on 'Supereal' and found that they also make a USB-ethernet IC. (http://siliconpr0n.org/archive/doku.php?id=azonenberg:supereal:sr1002). Note that there are absolutely no markings on the IC, but the die has "SUPEREAL SR1002" on it. Following the lead that this is supposed to be an "RD9700"-compatible IC (another obscure Chinese part), I found the "SR9700" and traced that to this Chinese company (http://www.corechip-sz.com/enproductsview.asp?id=13), which also happens to make a USB-serial IC (http://www.corechip-sz.com/enproductsview.asp?id=18) named the "SR6866" (or SR6865, depending on which page of the site you trust...) and another curiously-named SR2303HX - a Prolific clone. I think we have a match.
tl;dr: These "fake" FT232-compatible ICs are produced by a Chinese company named CoreChips, with their own part numbers, and they are almost certainly not selling them with FTDI markings - as this image of the Prolific clone shows (http://img.007swz.com/cpimg/shoujiIC/vp2OWwQlpC_1250107370.jpg). It's legal to create a competing and compatible product through reverse-engineering. It's not legal to put FTDI's name on it, which is probably being done by someone else downstream.
Comparing INTEL vs AMD is not a good comparising in this case, because they have cross licensing deals. AMD did not reverse engineer the chips, but had a license to produce the design from INTEL for INTEL. AMD manufactored copyright by INTEL and so on
They now have cross-licensing, but AMD reverse-engineered and cloned the 386. (http://en.wikipedia.org/wiki/Am386)
-
Oh, I remembered about one more clone with Belarus origin. Stumbled on it more than a year ago but completely forgot about it. Seems to ship only in the die form, yay ;D
Datasheet: http://www.bms.by/eng/spec/PDF/IZ232e-ts.pdf (http://www.bms.by/eng/spec/PDF/IZ232e-ts.pdf)
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=114329;image)
-
This is incorrect. FTDI doesn't actually detect that the chips are counterfeit at all. The driver, instead, uncoditionally, and without feedback, issues a set of commands that have been carefully and meticulously crafted to do nothing to a real FT232RL (and only FT232RL - they'd almost certainly brick other FT*** chips!) while bricking a counterfeit chip. The driver doesn't even check if the device was bricked/modified/a clone. In fact, I believe the driver will work fine with a clone the first time it's plugged in - until the device is reset, the new EEPROM content is applied, and the brick becomes evident.
The question here is, is it possible for FTDI to detect if the chip is counterfeit in another way?
I do not think so! They probably spend a lot of time figuring this method out.
Also configuration data will only be read once, hence the one time run.
From my experience eeproms do not last that long. I have seen device which where guaranteed for 250 write/read cycles which only survived a few read/write cycles.
This is unquestionably a deliberate act by FTDI to brick clone devices. It's not a "clone detection that unfortunately bricks them". They went for the kill, going as far as reversing their own checksum routine to be able to bypass the checksum in a way that only takes effect on clones. I suspect someone at FTDI might think they're safe because "well, we issue the same commands to all chips, it's not our fault that only clones are affected!!!!", but that's not going to stand up in court when it is evident and unquestionable that the code has been designed for the sole purpose and effect of bricking clone chips.
FTDI doesn't have to guarantee that there code works with chips of someone else. Many manufactors warn for non-functioning equipment when their drivers are used with products, which are not produced by them.
Uh, no. FTDI's driver makes the victim device not work with *any* driver. FTDI did not write the driver that Linux uses. Plugging a clone into a Windows box running FTDI's driver will make it stop working on a Linux box which has nothing to do with their intellectual property. This is deliberate destruction (or at least damage) of property, and almost certainly illegal in most reasonable jurisdictions.
Actually they just erase the product id. That is all you can easy reprogram it.
You mean for now this doesn't work and people's devices are now broken.
I mean that counterfeit IC cann't be used for now with the new drivers.
They were until FTDI decided to latch onto implementation minutiae to destroy them. There's a difference between a functional clone and a 100% perfect bug-compatible replica.
No, they are not. They do not pass the new test system to detect if they are a clone. Therefor they are not compatible. Many PC compatibles in the 80 where also not compatible.
If you want to use the USB logo.
No, these ID's are used to assign a driver to the chip through the INF file. For instance in the PCI system if you chose to use 8086 as vendor id and 8259 as product ID I am sure you end up with a non functioning PC.
The same applies also for the USB. This is the only way for the OS/BIOS/EFI to detect new hardware and assign the right driver. They should be unique ID's. You pay $5000 so that you are ensured they are unique.
No, using them results in their driver being loaded. Or someone else's driver for FTDI chips (like the one in Linux). Nothing more, nothing less. In fact, I would strongly consider using their VID and PID if I were writing USB-serial firmware for something and wanted it to work anywhere (though I'd probably end up going for CDC if that works out of the box on Windows these days). And it would be perfectly legitimate. It's a number, and FTDI have no legal protection from others using it.
Try assigning some random numbers to your USB devices and see what happens on Linux also. You need a VID and PID and the system works by uniqueness of these numbers.
Agreed. This, unfortunately, has nothing to do with the unlucky manufacturers and especially end-users who unintentionally ended up with counterfeits.
It is the responsibility from the manufactor to check their sources.
Nope. Only in France and Italy. Buying counterfeit products is legal in the rest of the world. You're even allowed to knowingly import one counterfeit item per class into the US. *Selling* counterfeit products is illegal. Buyers/end-users have no fault in any of this, and destroying their hardware because it's counterfeit is *WRONG*.
I think here in the Netherlands you can leave it behind on the airport and may be lucky when you do not get a fine.
P.s. How many non-functioning devices you got?
-
FTDI doesn't have to guarantee that there code works with chips of someone else. Many manufactors warn for non-functioning equipment when their drivers are used with products, which are not produced by them.
If I wrote a virus which was piggybacked along with another piece of software, and it completely takes out your computer; wipes your bios (attempting to flash and re-flash it to the point of exhausting the write-life), knocks out your boot sector, and deletes your windows folder, then claim "if you didn't want that to happen, you shouldn't have run my software on any machine but ones I sell" would you say that's just fine and legal?
-
I understand there are a lot of angry people out there. But I have some remarks to think about.
1. FTDI detects that the chips are counterfeit, however the process of doing this bricks the counterfeit chips. The copy is not functional equivalent to the real FTDI chip and therefor stops working.
This is where you are wrong already. The 'counterfeit' chip isn't a copy. It is a functional equivalent. Just like you can buy PC processors from AMD.
-
And would you like a tin hat to go with that ? I've never had problems and use paper bags
I've bought some ATtinys off of eBay, and they arrived stuck in a piece of styrofoam packaged in a ziploc bag. They seem to work, but I would not use them for anything I would sell, or was in any way safety-related.
-
Franky i don't understand why the counterfeiters don't just release their own driver and separately Id the chip, i mean having to accept "non signed" windows drivers is not something that has stopped major manufacturers and software houses. If they choose to imitate someone else's ID in order to appropriate their driver they can't complain if they have not made their chips compatible with the driver. It's not like serial to USB converter chips are bleeding edge technology that only comes from one manufacturer.
Yes it's not a problem with a short term solution so arguing about one is pointless. What is needed is to track down the counterfeiter and sue them, ah but then cross continent lawsuits are probably a minefield.
-
By the way, that is the SILabs competing part? I may as well start looking at them while I wait to hear back from FTDI on something (In spite of KRP8's claim, I have a product which has shipped a few thousand of these parts this year alone, with the major release tentatively coming up Q1-15. :|
-
And would you like a tin hat to go with that ? I've never had problems and use paper bags
I've bought some ATtinys off of eBay, and they arrived stuck in a piece of styrofoam packaged in a ziploc bag. They seem to work, but I would not use them for anything I would sell, or was in any way safety-related.
Of course that is an extremely stupid way to package them, there are small time sellers and "ebay monkeys".
-
Franky i don't understand why the counterfeiters don't just release their own driver and separately Id the chip,.........
Frankly speaking, and call me a bigot if you need, but many Chinese manufacturers operate on cloning for cost reduction and not innovation. They're essentially not setup or tooled for that kind of software dev, they look for easy ways to make money with surprisingly old tech. A few state-funded reverse engineering labs are setup to break down "important" parts (which is why the US has such a raging hard-on for ITAR) and then passes along "State interest" parts for production. In the mean time of lulls, different operations use these facilities to reverse engineer various other devices from TI, LTC, ADI, etc. The key, for them, is to get "good enough" to copy-cat higher dollar devices, and then the gap is pure profit with essentially zero R&D costs (again, the state RE labs are usually a different bucket).
What I expect to see, honestly, is a slight change to the clones which inhibit the write, and then FTDI is back to square one, with a large consumer base that is FTDI phobic. Any man can create a lock which he himself cannot pick.
-
FTDI doesn't have to guarantee that there code works with chips of someone else. Many manufactors warn for non-functioning equipment when their drivers are used with products, which are not produced by them.
If I wrote a virus which was piggybacked along with another piece of software, and it completely takes out your computer; wipes your bios (attempting to flash and re-flash it to the point of exhausting the write-life), knocks out your boot sector, and deletes your windows folder, then claim "if you didn't want that to happen, you shouldn't have run my software on any machine but ones I sell" would you say that's just fine and legal?
How would you detect that I am using the machine you sell?
The problem is that FTDI is writting and maintaining the driver, while other manufactors use it without paying them. So they search for a ways of preventing you to use it with the cheap rip off. Because the persons making the rip off are too lazy to:
1. Write the code themself or not capable
2. To pay the costs involved with validation of the USB device.
So FTDI comes up with a method of detecting that it is counterfeit, However, this damages the fake product.
Keep in mind that this is not a virus. It does not go out and find all fake FTDI chips and destroys them.
Your product does that. Why should I use your software with another PC.
Also another importanted question is always how to pay the rent. FTDI needs to pay it employees and it can only do that when other people do not sell reproductions/copies of there product.
I understand you feel very strongly about this. But in the end a company must make a profit to stay alive.
Which it only can when it is selling product.
-
err surely they had to spend time reverse engineering an FTDI then making something to "look" like it. They could have done what the arduino did and just programmed an MCU with a usb and serial port to work as a converter or made their own ASIC
Yes china is essentially the photocopier of the world, and before people get indignant about that statement, i used to work for a guy that wanted to import clothes from china, we kept asking for catalogs and all we got back was: you send us a sample, we copy it and send it to you if your happy you tell us how many you want. They openly declared to not have any clothes of their own design.
-
FTDI doesn't have to guarantee that there code works with chips of someone else. Many manufactors warn for non-functioning equipment when their drivers are used with products, which are not produced by them.
If I wrote a virus which was piggybacked along with another piece of software, and it completely takes out your computer; wipes your bios (attempting to flash and re-flash it to the point of exhausting the write-life), knocks out your boot sector, and deletes your windows folder, then claim "if you didn't want that to happen, you shouldn't have run my software on any machine but ones I sell" would you say that's just fine and legal?
How would you detect that I am using the machine you sell?
In this case, I don't have to on the grounds that my machine is not subject to "suffering" from my code's actions. So, again, would you say this is just fine and legal?
-
err surely they had to spend time reverse engineering an FTDI then making something to "look" like it. They could have done what the arduino did and just programmed an MCU with a usb and serial port to work as a converter or made their own ASIC
From my limited understanding, this is exactly what the SupeReal device is, only it hooks into the FTDI interface on Windows PCs.
I wonder if the AVR CDC implementations can be sufficient substitutes for the FTDI devices....?
-
I don't understand all the protocol business but if the chip works and has a driver and conforms to the standards who cares how it is achieved.
I'm assuming the cheapest methos for mass production is an ASIC or maybe programming an existing uC is cheaper.
-
So FTDI comes up with a method of detecting that it is counterfeit, However, this damages the fake product.
Keep in mind that this is not a virus. It does not go out and find all fake FTDI chips and destroys them.
This seems like that old favorite: "plausible deniability".
-
Franky i don't understand why the counterfeiters don't just release their own driver and separately Id the chip, i mean having to accept "non signed" windows drivers is not something that has stopped major manufacturers and software houses.
Do you tried that on a Win7 x64 system ? Good Luck...
-
FTDI doesn't have to guarantee that there code works with chips of someone else. Many manufactors warn for non-functioning equipment when their drivers are used with products, which are not produced by them.
If I wrote a virus which was piggybacked along with another piece of software, and it completely takes out your computer; wipes your bios (attempting to flash and re-flash it to the point of exhausting the write-life), knocks out your boot sector, and deletes your windows folder, then claim "if you didn't want that to happen, you shouldn't have run my software on any machine but ones I sell" would you say that's just fine and legal?
How would you detect that I am using the machine you sell?
In this case, I don't have to on the grounds that my machine is not subject to "suffering" from my code's actions. So, again, would you say this is just fine and legal?
Using a virus is never legal. That is very clear. Have to admit that I still do not understand what you try to prove/say here, sorry! Not a native english speaker.
However, if I made a PC which was similar in all functions to yours and adviced people to use a copy of your software. A copy of your software is provided on your webside for people who use your PC. What would you think of this? This is basically what happens to FTDI!
-
Franky i don't understand why the counterfeiters don't just release their own driver and separately Id the chip, i mean having to accept "non signed" windows drivers is not something that has stopped major manufacturers and software houses.
Do you tried that on a Win7 x64 system ? Good Luck...
I have windows 7 64bit, any cheap peice of hardware generally comes with a non signed driver that i have to accept.
-
So FTDI comes up with a method of detecting that it is counterfeit, However, this damages the fake product.
Keep in mind that this is not a virus. It does not go out and find all fake FTDI chips and destroys them.
This seems like that old favorite: "plausible deniability".
Yes, that is true.
But I asked this question before. I do not know if FTDI had an another method of detecting the clone.
Because they are basically very good. I understand from this forum that many people use them without knowing. And printing FTDI on a counterfeit IC makes it even harder. FTDI did not make an open standard with a fixed VID and PID that can be used by a default driver. They do not maintain a driver for a product type, but only for their own device. P.s. I beleive it is a little bit more complex than only the VID/PID for selecting a device group like a keyboard etc.
-
But I asked this question before. I do not know if FTDI had an another method of detecting the clone.
Because they are basically very good. I understand from this forum that many people use them without knowing. And printing FTDI on a counterfeit IC makes it even harder. FTDI did not make an open standard with a fixed VID and PID that can be used by a default driver. They do not maintain a driver for a product type, but only for their own device. P.s. I beleive it is a little bit more complex than only the VID/PID for selecting a device group like a keyboard etc.
They could have shown a messagebox to the end-user (or refuse to start the driver) and revert the PID back to what it was instead of leaving it zeroed out. It's easy, they could just have checked if the write has worked by reading the EEPROM back and if yes, refuse to start the driver and rewrite the original PID. It's probably only 10 more lines of code in the driver.
They intentionally break the clones and they could have done it another way. This is reckless.
-
Franky i don't understand why the counterfeiters don't just release their own driver and separately Id the chip, i mean having to accept "non signed" windows drivers is not something that has stopped major manufacturers and software houses.
Do you tried that on a Win7 x64 system ? Good Luck...
I have windows 7 64bit, any cheap peice of hardware generally comes with a non signed driver that i have to accept.
Aeehm, my computer runs in the testsigning mode, so I can run my self compiled (and self signed) driver. A driver without signature will not run even there. Maybee you accept the "not microsoft compliant" message. But not signed drivers will not run anymore in win7 64.
see here for more info:https://www.raymond.cc/blog/loading-unsigned-drivers-in-windows-7-and-vista-64-bit-x64/
-
But I asked this question before. I do not know if FTDI had an another method of detecting the clone.
Because they are basically very good. I understand from this forum that many people use them without knowing. And printing FTDI on a counterfeit IC makes it even harder. FTDI did not make an open standard with a fixed VID and PID that can be used by a default driver. They do not maintain a driver for a product type, but only for their own device. P.s. I beleive it is a little bit more complex than only the VID/PID for selecting a device group like a keyboard etc.
They could have shown a messagebox to the end-user (or refuse to start the driver) and revert the PID back to what it was instead of leaving it zeroed out. It's easy, they could just have checked if the write has worked by reading the EEPROM back and if yes, refuse to start the driver and rewrite the original PID. It's probably only 10 more lines of code in the driver.
They intentionally break the clones and they could have done it another way. This is reckless.
It's unfortunate that this hits the end user and it's too late for the money lost to the cloners. I suppose lots of angry customers going up the supply chain demainding answers might weed out bad supply chains and make major suppliers very aware that they much buy from genuine sources.
-
The question here is, is it possible for FTDI to detect if the chip is counterfeit in another way?
I do not think so! They probably spend a lot of time figuring this method out.
I bet there are other ways of detecting them. I don't have any clones myself, so I can't test, but it's extremely unlikely that the cloners nailed everything else but this. And even if they did, it would still be way better to read-modify-write-restore the EEPROM as a detection mechanism, rather than, again, going for damage.
FTDI doesn't have to guarantee that there code works with chips of someone else. Many manufactors warn for non-functioning equipment when their drivers are used with products, which are not produced by them.
There's a difference between code that happens not to work on another device, and code whose sole purpose is to destroy another device. "Only use manufacturer-approved equipment" is not a valid legal veil to hide behind while you explicitly set out to destroy non-compliant equipment. It's (usually) legal to detect and refuse to work with knockoffs (not always - antitrust laws come into play here, and sometimes even that can be illegal). Deliberately causing damage is crossing the line.
Actually they just erase the product id. That is all you can easy reprogram it.
Linux still won't load the driver. That's still causing deliberate damage, even if it's reversible.
I mean that counterfeit IC cann't be used for now with the new drivers.
Hence, don't work. It's a negative state of affairs, particularly for the owners of said devices.
No, they are not. They do not pass the new test system to detect if they are a clone. Therefor they are not compatible. Many PC compatibles in the 80 where also not compatible.
You seem to be confusing compatibility with 100% identical behavior. Intel and AMD CPUs are largely compatible. They're also trivial to tell apart. Even AMD's original (much simpler, compared to modern chips) Am486 was completely compatible with the 80486, but dedicated code designed to tell it apart could still do so.
You can buy Philips screwdrivers from two manufacturers. They are compatible. Doesn't mean they have to be the same color, material, or have all the atoms in exactly the same place. Just because I can look at them and tell them apart doesn't mean they aren't compatible.
No, these ID's are used to assign a driver to the chip through the INF file. For instance in the PCI system if you chose to use 8086 as vendor id and 8259 as product ID I am sure you end up with a non functioning PC.
Actually, that product ID is unused by Intel right now, so absolutely nothing bad would happen, and if your device is of a standard device class, it'll even work fine with generic drivers. For example, I could build a PCI SD Host Controller interface with those IDs, and it would work fine. Intel might not be amused, and it would be a silly idea, but harmless. If Intel ever releases a device with that ID, then indeed it would cause a conflict. However, if I designed a device register-compatible with an Intel device and used its same ID, again, practically speaking, nothing bad would happen. In fact, that is exactly what all virtualization solutions like VMWare, VirtualBox, and QEMU do, all the time. I have myself written a virtual USB xHCI controller for QEMU, and yes, it could emulate one of two different chips, and yes, it used their VID/PID, and yes, it even had to deal with some retarded "anti-clone" vendor-specific commands, and no, it wasn't 100% bug-for-bug compatible, but it was close enough to work.
The same applies also for the USB. This is the only way for the OS/BIOS/EFI to detect new hardware and assign the right driver. They should be unique ID's. You pay $5000 so that you are ensured they are unique.
You pay $5000 for the right to use the USB logo. Yes, the IDs should be unique. No, there is no legal protection nor guarantee that they are, unless you use the USB logo. The world doesn't end if you use someone else's ID, especially if you do it in a compatible way.
Try assigning some random numbers to your USB devices and see what happens on Linux also. You need a VID and PID and the system works by uniqueness of these numbers.
Actually, the vast majority of the USB devices that people use every day are identified by class codes, not VID/PID - mass storage, HID, CDC, even the PCI controllers (UHCI, OHCI, xHCI). VID/PID only have to be unique for a particular proprietary device interface. Nobody cares about what VID/PID you use for a standard device (as long as they don't conflict with a proprietary one, which might result in their driver being assigned), and again, there's nothing wrong with masquerading as another device if you intend to be compatible with it. You're taking a risk, but that's a compatibility risk, and it's not reasonable to expect direct gunfire from the other side in return.
It is the responsibility from the manufactor to check their sources.
Sure, and everyone demands a paper trail and armed guards across the entire chain of custody, to make sure no counterfeits slip in, right?
It sucks when these things happen, but placing all the blame on the final assembler/manufacturer is grossly oversimplifying things. You have no idea what happened that led to counterfeits being used in an end product.
I think here in the Netherlands you can leave it behind on the airport and may be lucky when you do not get a fine.
Funny, the first Google result (http://www.belastingdienst.nl/wps/wcm/connect/bldcontenten/belastingdienst/individuals/abroad_and_customs/luggage/from_a_non_eu_country/special_products_and_pets/counterfeit_products) for "netherlands counterfeit goods" proves you wrong. There's an exception for personal use, within reasonable limits. Seriously, before you argue with someone on the Internet about your own country's laws, you might want to at least do a cursory check...
P.s. How many non-functioning devices you got?
None, but I've developed a rather strong disgust for people who destroy end-user hardware through gross negligence or deliberate action, over the past 8 years or so, due to certain communities I've been involved in, and I've done my best to make sure that my software never does that, not even in the least likely of circumstances. I have a very strong respect for people's hardware.
-
It's unfortunate that this hits the end user and it's too late for the money lost to the cloners. I suppose lots of angry customers going up the supply chain demainding answers might weed out bad supply chains and make major suppliers very aware that they much buy from genuine sources.
As a FTDI customer, I have absolutely no way of checking if I have a genuine FTDI part or not.
FTDI in their EULA asks people to check if the components are genuine before using the driver, but they give absolutely no way of doing so.
As I said, even the military has been sold counterfeit items in the past. It can happen to anyone.
So as a customer it feels safer just to avoid FTDI parts altogether (there are alternatives) than risking my device bricked some day.
-
(lots of comments)
You are my hero.
-
There's a difference between code that happens not to work on another device, and code whose sole purpose is to destroy another device.
But the device was not destroyed. An invalid PID was corrected and the device was actually improved.
-
There's a difference between code that happens not to work on another device, and code whose sole purpose is to destroy another device.
But the device was not destroyed. An invalid PID was corrected and the device was actually improved.
:-DD
You work for FTDI right ?
-
As a FTDI customer, I have absolutely no way of checking if I have a genuine FTDI part or not.
FTDI in their EULA asks people to check if the components are genuine before using the driver, but they give absolutely no way of doing so.
I've submitted a support request to FTDI (Huzzah for being from a large Semi manufacturer who uses their parts on eval boards) to get an EOL software test. If parts fry, at least kill them before they hit the end customer. I'll post if I hear anything back.
-
Given all the ruckus about "it doesn't destroy anything, it just..." how about some dictionary definition straight from Merriam Webster:
de·stroy verb \di-?stro?i, d?-\
: to cause (something) to end or no longer exist
: to cause the destruction of (something)
: to damage (something) so badly that it cannot be repaired
I'd say that for the majority-use-case, #3 is the cake that FTDI takes.
-
There's a difference between code that happens not to work on another device, and code whose sole purpose is to destroy another device.
But the device was not destroyed. An invalid PID was corrected and the device was actually improved.
No your motherboard is not destroyed, just your BIOS is wiped....
Oh, your car is not destroyed, we can bend it to that it just looks as new....
can you say me where's the difference ?
-
But the device was not destroyed. An invalid PID was corrected and the device was actually improved.
No your motherboard is not destroyed, just your BIOS is wiped....
Oh, your car is not destroyed, we can bend it to that it just looks as new....
can you say me where's the difference ?
[/quote]
Don't fall for the trolls.
-
Given all the ruckus about "it doesn't destroy anything, it just..." how about some dictionary definition straight from Merriam Webster:
de·stroy verb \di-?stro?i, d?-\
: to cause (something) to end or no longer exist
: to cause the destruction of (something)
: to damage (something) so badly that it cannot be repaired
I'd say that for the majority-use-case, #3 is the cake that FTDI takes.
Talking of definitions, in UK law, damage does not need to be permanent to still count as criminal damage. e.g. letting car tyres down.
-
First time poster here. I consider myself a hobbyist when it comes to electronics. I have a VERY small side business where I make a controller used primarily in the Halloween industry for pneumatic prop animation control. For the past few months I have been working on a new design, and I had originally planned on using an FTDI232RL chip to handle host communications - an important component to my product. After seeing this, I think a better move for me would be to move to the ATmega32u4 instead of using an FTDI chip. I of course would only have wanted to use genuine FTDI chips. I have only ever bought parts from DigiKey, Mouser, or element14. My bare boards are made in China. Right now I hand assemble every product myself with a hot air reflow station. I'm small potatoes... I sell less than 100 controllers a year but. But this thing with FTDI scares the crap out of me. I'm left wondering if a bunch of devices I have from other companies are now going to be "bricked". Just my 2 cents.
-
For the FTDI programmer's sake, I hope bricking of equipment connected to government computers isn't interpreted as a cyber attack on national security!
http://slashdot.org/story/14/10/23/1235205/proposed-penalty-for-uk-hackers-who-damage-national-security-life (http://slashdot.org/story/14/10/23/1235205/proposed-penalty-for-uk-hackers-who-damage-national-security-life)
-
A good analogy with the VID for USB would be the MAC address for IPv6.
My company identifies their products through the IPv6 address which is directly related to the MAC address, so if another company wants to clone our devices it should use the same range of MAC addresses. BUT since anybody can change his MAC address ( on a pc for instance) this can never be the sole way to identify that product. So there should always be some kind of cryptographic handshake performed to uniquely identify that product and if t is not genuine the communication ends.
That is where FTDI misses the ball, they think that no other chip is allowed to use their VID so they can do whatever they want with those chips. No company has the right to do that based on some unprotected number. They should just id the chip and if it is not theirs stop the driver thats all they should ever do.
-
Given all the ruckus about "it doesn't destroy anything, it just..." how about some dictionary definition straight from Merriam Webster:
de·stroy verb \di-?stro?i, d?-\
: to cause (something) to end or no longer exist
: to cause the destruction of (something)
: to damage (something) so badly that it cannot be repaired
I'd say that for the majority-use-case, #3 is the cake that FTDI takes.
Talking of definitions, in UK law, damage does not need to be permanent to still count as criminal damage. e.g. letting car tyres down.
I totally agree. The whole point is that people are throwing around "it's not destroyed" in a way that tries to evade the very meaning of "destroy." Even by the definition, they're doing just that.
-
Anyone remember MOS? They made 6800 compatible processors for a fraction of the price that Motorola were selling them. Was MOS leeching off Motorola, making use of their compilers, software written for their ICs, their development systems, their emulators? There is a fine line between cloning and just making compatible hardware, and that line is etching an FTDI logo onto the chip.
The made a chip which was pin compatible, but not software compatible...
-
Given all the ruckus about "it doesn't destroy anything, it just..." how about some dictionary definition straight from Merriam Webster:
de·stroy verb \di-?stro?i, d?-\
: to cause (something) to end or no longer exist
: to cause the destruction of (something)
: to damage (something) so badly that it cannot be repaired
I'd say that for the majority-use-case, #3 is the cake that FTDI takes.
Talking of definitions, in UK law, damage does not need to be permanent to still count as criminal damage. e.g. letting car tyres down.
Not only that, but in most jurisdictions, unwanted alteration falls under "harm" or "destruction of property". You don't need to take a hammer to something--just modifying it without the consent of the owner is enough to constitute destruction of property.
Disclaimer: I am not a lawyer. This is not legal advice.
-
I do wonder if FTDI actually got much legal advice before doing this. I especially wonder if right now they're frantically getting a lot *more* legal advice...
I can see the logic - "oh, we we're not detecting anything, it's just our driver happens to do something that on a buggy knock-off does something bad, it's not our fault that someone copied our chips badly but used our driver..." - while completely glossing over the fact that the *only* purpose to that code is to break those chips, and it's otherwise a completely unnecessary null operation on their own ones. i.e. obviously and demonstrably a deliberate act with a single purpose - to disable chips they didn't sell. I think they'll be lucky if there's not *some* market in which that won't turn out to be an expensive misjudgement.
-
I think they'll be lucky if there's not *some* market in which that won't turn out to be an expensive misjudgement.
I think they'll be lucky if there's *any* market in which this won't turn out to be an expensive misjudgement.
-
Anyone remember MOS? They made 6800 compatible processors for a fraction of the price that Motorola were selling them.
And exactly what was the part number of that MOS Technology chip? Hint: it wasn't the 650x series.
The 650x series had essentially the same functional pinout as the 6800, but a radically different instruction set.
-
I have an Arduino compatible board purchased from Farnell which was built by a fairly reputable manufacturer. It seems that it's detected as being a counterfeit by the FTDI driver.
Either this means that the chip is a counterfeit or that the driver is detecting it wrong. Either way it is *absolutely* NOT MY FAULT! I'd understand (to some degree) if I'd bought a $3 board off ebay, but in this case I didn't. There's evidently been some dishonesty at some point in the supply chain that has lead to this.
If I'm left with a dead device which I bought in good faith from a reputable supplier and manufacturer, how many others are? Supply chains are clearly not impervious to fake chips. I can't imagine how much pain a silent Windows update is going to cause people trying to debug this.
-
Just found this link on AvrFreaks
http://www.reddit.com/r/arduino/comments/2k0i7x/watch_that_windows_update_ftdi_drivers_are/clgviyl (http://www.reddit.com/r/arduino/comments/2k0i7x/watch_that_windows_update_ftdi_drivers_are/clgviyl)
Seems line debricking is easy on linux.
But that still leaves around 95% of those people i know , in the dark.
/Bingo
-
I bet there are other ways of detecting them. I don't have any clones myself, so I can't test, but it's extremely unlikely that the cloners nailed everything else but this. And even if they did, it would still be way better to read-modify-write-restore the EEPROM as a detection mechanism, rather than, again, going for damage.
It was more a question. And something to think about.
I am not sure but it is very likely that the configuration data is only read once. Need to read the standard for that.
There's a difference between code that happens not to work on another device, and code whose sole purpose is to destroy another device. "Only use manufacturer-approved equipment" is not a valid legal veil to hide behind while you explicitly set out to destroy non-compliant equipment. It's (usually) legal to detect and refuse to work with knockoffs (not always - antitrust laws come into play here, and sometimes even that can be illegal). Deliberately causing damage is crossing the line.
I think this is more law stuff which you showed I do not know anything about.
Linux still won't load the driver. That's still causing deliberate damage, even if it's reversible.
Problem with linux that devices with ID zero cann't be used?
Hence, don't work. It's a negative state of affairs, particularly for the owners of said devices.
I personally think this method is bad practice, but I can image that they do it.
You seem to be confusing compatibility with 100% identical behavior. Intel and AMD CPUs are largely compatible. They're also trivial to tell apart. Even AMD's original (much simpler, compared to modern chips) Am486 was completely compatible with the 80486, but dedicated code designed to tell it apart could still do so.
You can buy Philips screwdrivers from two manufacturers. They are compatible. Doesn't mean they have to be the same color, material, or have all the atoms in exactly the same place. Just because I can look at them and tell them apart doesn't mean they aren't compatible.
Read again. License vs copy is going on in all this text. AMD has a license and for the philips screwdriver you needed a license blablabla.
If AMD vs INTEL is so easy why does not NVIDIA make x86 CPU. Something to thing about.
Actually, that product ID is unused by Intel right now, so absolutely nothing bad would happen, and if your device is of a standard device class, it'll even work fine with generic drivers. For example, I could build a PCI SD Host Controller interface with those IDs, and it would work fine. Intel might not be amused, and it would be a silly idea, but harmless. If Intel ever releases a device with that ID, then indeed it would cause a conflict. However, if I designed a device register-compatible with an Intel device and used its same ID, again, practically speaking, nothing bad would happen. In fact, that is exactly what all virtualization solutions like VMWare, VirtualBox, and QEMU do, all the time. I have myself written a virtual USB xHCI controller for QEMU, and yes, it could emulate one of two different chips, and yes, it used their VID/PID, and yes, it even had to deal with some retarded "anti-clone" vendor-specific commands, and no, it wasn't 100% bug-for-bug compatible, but it was close enough to work.
Sorry, I did not check this ID, but you get my drift.
Emulating some one else device in software is a bit different than sellling a cloned chip of it.
I tried to explain if you do not implement exactly the same register set then using some one else VID and PID maybe a mistake.
You pay $5000 for the right to use the USB logo. Yes, the IDs should be unique. No, there is no legal protection nor guarantee that they are, unless you use the USB logo. The world doesn't end if you use someone else's ID, especially if you do it in a compatible way.
No, there is no legal protection, but there is one organization for it.
No, the world doesn't end when you do this is your own hobby environment, but it will when you do in the real world. Modern PC work by a lot of standards which need to be implemented very carefully.
Actually, the vast majority of the USB devices that people use every day are identified by class codes, not VID/PID - mass storage, HID, CDC, even the PCI controllers (UHCI, OHCI, xHCI). VID/PID only have to be unique for a particular proprietary device interface. Nobody cares about what VID/PID you use for a standard device (as long as they don't conflict with a proprietary one, which might result in their driver being assigned), and again, there's nothing wrong with masquerading as another device if you intend to be compatible with it. You're taking a risk, but that's a compatibility risk, and it's not reasonable to expect direct gunfire from the other side in return.
Yes, I know see also another post from me good Google search though :-+
Again you confuse an open standard Keyboard controllers mice, HD and so on.
They can use a standard drivers. But standard hardware still will have their own VID/PID,but use a generic driver. Specialized hardware uses a unique VID/PID pair.
Masquerading the chip and providing your own drivers is no problem.
Sure, and everyone demands a paper trail and armed guards across the entire chain of custody, to make sure no counterfeits slip in, right?
It sucks when these things happen, but placing all the blame on the final assembler/manufacturer is grossly oversimplifying things. You have no idea what happened that led to counterfeits being used in an end product.
Yes, very much. It also sucks when you get counterfeit money too. Live sucks.
Funny, the first Google result (http://www.belastingdienst.nl/wps/wcm/connect/bldcontenten/belastingdienst/individuals/abroad_and_customs/luggage/from_a_non_eu_country/special_products_and_pets/counterfeit_products) for "netherlands counterfeit goods" proves you wrong. There's an exception for personal use, within reasonable limits. Seriously, before you argue with someone on the Internet about your own country's laws, you might want to at least do a cursory check...
I am sorry, for you that you need to get personal.
By the way read it very careful it states that in principle it is FORBIDDEN.
But as everything in the Netherlands it will be "Gedoogd". I would advice you to google for this word. :palm:
None, but I've developed a rather strong disgust for people who destroy end-user hardware through gross negligence or deliberate action, over the past 8 years or so, due to certain communities I've been involved in, and I've done my best to make sure that my software never does that, not even in the least likely of circumstances. I have a very strong respect for people's hardware.
Yes, you have a very strong respect for some one else hardware, but none for their software, which I always find very strange. People pay without problems 1000 of euros for hardware, but do not want to pay for software.
I am always puzzled that all the world things that software comes for free. Most of the time it is, however one of the biggest challenges in a design to get the software correct.
So copying it is simple.
-
I do wonder if FTDI actually got much legal advice before doing this. I especially wonder if right now they're frantically getting a lot *more* legal advice...
I can see the logic - "oh, we we're not detecting anything, it's just our driver happens to do something that on a buggy knock-off does something bad, it's not our fault that someone copied our chips badly but used our driver..." - while completely glossing over the fact that the *only* purpose to that code is to break those chips, and it's otherwise a completely unnecessary null operation on their own ones. i.e. obviously and demonstrably a deliberate act with a single purpose - to disable chips they didn't sell. I think they'll be lucky if there's not *some* market in which that won't turn out to be an expensive misjudgement.
However for the vast majority of victims, the loss involved isn't enough to bother with.
The apportion of blame between FTDI & Microsoft may also be tricky to determine.
I would _really_ like to know if MS knew about it though.
-
I wonder if FTDI have pulled the update. http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip) (the latest version on their site) redirects to the v2.10 download - not sure if it always has done this or not?
-
A good analogy with the VID for USB would be the MAC address for IPv6.
My company identifies their products through the IPv6 address which is directly related to the MAC address, so if another company wants to clone our devices it should use the same range of MAC addresses. BUT since anybody can change his MAC address ( on a pc for instance) this can never be the sole way to identify that product. So there should always be some kind of cryptographic handshake performed to uniquely identify that product and if t is not genuine the communication ends.
That is where FTDI misses the ball, they think that no other chip is allowed to use their VID so they can do whatever they want with those chips. No company has the right to do that based on some unprotected number. They should just id the chip and if it is not theirs stop the driver thats all they should ever do.
A MAC address is in its nature not unique nor does it needs to be. As long as you have one MAC address on a segment it works correctly. The IPV6 address needs to be unique if some one clones them you get a lot of problems. Depending on routing packets may get lost and not arrive in the correct location.
Actually the VID/PID should be unique for every vendor, which registers itselfs by the USBsig and get one VID and I think that they can chopse the PID themselfs. This makes me wonder they can only support up to 65535 vendors.
To make things clear I think that FTDI made a big mess of this whole affair.
But I do understand why they do it.
-
(http://image.bayimg.com/fd5208dbd505b90d30745bcfcc6fb77ed0a68d37.jpg)
-
Is FTDI the only USB/Serial that has a driver in the default windows installation?
If not, I don't see what advantage FTDI has these days considering the low cost of MCU/USB ICs.
-
Is FTDI the only USB/Serial that has a driver in the default windows installation?
If not, I don't see what advantage FTDI has these days considering the low cost of MCU/USB ICs.
I don't know if it is the only one.
But it is probabely one of the few that is signed.
Most MCUs often offer a USB interface, but all the firmware you still need to write. Also you have to write a driver for such a device. You need to get the necessary IDs and once you have written the driver you need to get it signed. Complicated stuff.
The FTDI is a simple device with little logic needed and RS232 out. So you can hook it up to your device very easily.
-
The chips are sold as counterfeits and therefor they should not be used. This is very simple and is valid in the whole of europe. A fake Rolex will also be destroyed and the buyer is responsible for this. Actually buying counterfeit products is a crime.
Agreed. Although, a device showing the FTDI logo is a counterfeit product. A device that contains none of their IP and only behaves like their own, using the original USB ID and all, is technically not.
-
By the way, I don't think anyone has brought this up yet.
How do we know that in the future this, or similar actions taken in FTDI's driver won't accidentally brick legitimate FTDI devices? I can easily envision a particular - maybe old - hardware version of one of their devices being left out of a test matrix and then suddenly FTDI (and their customers and customers' customers) are hoist by their own petard.
No, the risk is too great now to use FTDI chips - legitimate or otherwise - anymore.
-
The apportion of blame between FTDI & Microsoft may also be tricky to determine.
I would _really_ like to know if MS knew about it though.
I'm pretty sure FTDI had to sign legal agreements that put any responsibility onto themselves.
From "Windows Certification Program Hardware Certification Policies and Processes"
http://www.microsoft.com/en-us/download/details.aspx?id=34791 (http://www.microsoft.com/en-us/download/details.aspx?id=34791)
Windows Certification Program Testing Agreement. This agreement includes language that is related to testing procedures, testing policies, intellectual property rights, support requirements, audit policies, payment policies, indemnification, warranty, liabilities, confidentiality, term and termination, metadata, and digital rights management (DRM) clauses. Signing this agreement is required for participation in the program.
-
By the way, I don't think anyone has brought this up yet.
How do we know that in the future this, or similar actions taken in FTDI's driver won't accidentally brick legitimate FTDI devices? I can easily envision a particular - maybe old - hardware version of one of their devices being left out of a test matrix and then suddenly FTDI (and their customers and customers' customers) are hoist by their own petard.
No, the risk is too great now to use FTDI chips - legitimate or otherwise - anymore.
The way the bricking works, that seems unlikely - there's no per-device detection, it's already 'trying' to brick all devices and authentic ones are just not vulnerable to the method used.
Mind you, this is a pretty gung-ho thing to do at all, so not inconceivable that they've overlooked an obscure variant, or in an escalating arms race do something riskier.
-
Is FTDI the only USB/Serial that has a driver in the default windows installation?
If not, I don't see what advantage FTDI has these days considering the low cost of MCU/USB ICs.
I don't know if it is the only one.
But it is probabely one of the few that is signed.
Most MCUs often offer a USB interface, but all the firmware you still need to write. Also you have to write a driver for such a device. You need to get the necessary IDs and once you have written the driver you need to get it signed. Complicated stuff.
The FTDI is a simple device with little logic needed and RS232 out. So you can hook it up to your device very easily.
That's not that complicated. I'm sure Dean Camera would be happy to accept a license fee for his LUFA USB CDC firmware. In fact, I suspect that the price delta between a hardware USB atmel and the FT232 is substantially more than a commercial LUFA license. Why don't we just do the math???
ATXMEGA16A4U @ digikey = $1.74 @ 2k units
FT232RL @ digikey = $3.05 @ 2k units
That leaves $1.31 per device. I'm assuming we're going to make 2k units. The commercial license for LUFA is $1500. That means that once we sell 1145 units we've broken even. By the time we've sold all 2000 devices, we've saved $1120. It gets more complicated when we want to have our own VID/PID. Last I checked, getting your own VID costs $2000 from usb.org. If you have more than one project subject to such analysis, you're going to come out ahead. Another option is to request one from the vendor. Atmel will allow you to use their VID/PID provided that you don't try to use it for USB compliance, among other things:
Customer may keep the Atmel Vendor Identifier (Atmel VID) and Product Identifier (PID) in their product that integrates an Atmel USB Flash Microcontroller (“Integrated Product”) from one Atmel original example subject to the following acknowledgments and/or conditions:
The point I'm getting at here is that FTDI's business is not sustainable even without this particular flap. They have failed to truly innovate. The've surely amortized the development and NREs from the FT232, and haven't adjusted the price down to reflect that. It's economical to use a general-purpose micro controller to implement every feature of their product for less money. What's the value proposition? Their driver is included in windows? Well, that's fantastic for them. Mac and linux computers can use USB CDC devices without any driver at all. For some idiotic reason, MS requires a INF for CDC devices. Not only that, the FTDI driver available on the mac is a piece of shit. If kernel panics my computer constantly. I'm looking forward to a time where FTDI doesn't exist so everyone can move on to CDC.
-
There's certainly a big opportunity here for an fully open source USB-to-UART chip based on a microcontroller, especially now. The embedded portion of such a project doesn't bother me nearly as much as the Windows driver. USB device drivers routinely break about every other version of Windows and it is a significant burden to support the driver side of things. This is one of the reasons I use FTDI and SiLabs chips - I let the chip vendor take care of the driver. But if there was a critical mass of people wanting to design in such a device, this could happen as open source, even considering the costs associated with driver signing and USB vendor ID's.
-
Most manufacturers don't pay book pricing on such ICs. FTDI has a sales force and they might offer better pricing if one has the volume and asks professionally. The IC vendor will then issue you a letter allowing you to buy at the better price through distribution.
These negotiations happen all the time in the industry.
-
Most manufacturers don't pay book pricing on such ICs. FTDI has a sales force and they might offer better pricing if one has the volume and asks professionally. The IC vendor will then issue you a letter allowing you to buy at the better price through distribution.
These negotiations happen all the time in the industry.
Are you implying that Microchip and Atmel won't do the same thing?
-
Most manufacturers don't pay book pricing on such ICs. FTDI has a sales force and they might offer better pricing if one has the volume and asks professionally. The IC vendor will then issue you a letter allowing you to buy at the better price through distribution.
These negotiations happen all the time in the industry.
any supplier will offer better prices on volume, even distributors will haggle if your spending thousands, even I've done deals with farnell for 1K
-
The point I'm getting at here is that FTDI's business is not sustainable even without this particular flap. They have failed to truly innovate. The've surely amortized the development and NREs from the FT232, and haven't adjusted the price down to reflect that. It's economical to use a general-purpose micro controller to implement every feature of their product for less money. What's the value proposition? Their driver is included in windows? Well, that's fantastic for them. Mac and linux computers can use USB CDC devices without any driver at all. For some idiotic reason, MS requires a INF for CDC devices. Not only that, the FTDI driver available on the mac is a piece of shit. If kernel panics my computer constantly. I'm looking forward to a time where FTDI doesn't exist so everyone can move on to CDC.
Absolutely true. FTDI does have some good chips but they will soon die if they don't innovate. What they did with their driver looks like a desperate act to try to keep their profit on their parts. Just like the music industry still expects to sell MP3 albums for $19.99 like they did in the past when they were selling CDs. They need to adapt - or they will die.
Most manufacturers don't pay book pricing on such ICs. FTDI has a sales force and they might offer better pricing if one has the volume and asks professionally. The IC vendor will then issue you a letter allowing you to buy at the better price through distribution.
These negotiations happen all the time in the industry.
Are you implying that Microchip and Atmel won't do the same thing?
You'd be really, really surprised at how different the marketing policies are between manufacturers.
Some are willing to give you a good price upfront, some others require you to show a quotation from someone else before they align their prices, and some others are just too expensive no matter what you show them and loose the business.
-
I just reinstalled windows 7 with FTDI driver not yet installed and still have some updates i need to install.
Anyone know which windows update is causing this?
Also I've ready by using FTDI/utilities/FT_PROG 2.8.2.0 u can change back the PID, but if it's a permanent solution, I can't tell.
-
Most manufacturers don't pay book pricing on such ICs. FTDI has a sales force and they might offer better pricing if one has the volume and asks professionally. The IC vendor will then issue you a letter allowing you to buy at the better price through distribution.
These negotiations happen all the time in the industry.
Are you implying that Microchip and Atmel won't do the same thing?
Not at all.
-
if you download the zipped non-latest driver from the ftdi website and unpack it somewhere on your pc, you can simply use "update driver" in device manager for a bricked device and point it to the .inf file of the downloaded driver. Do not let windows choose the correct driver, choose it yourself. Ignore the warnings windows issues and you're done. The device is now usable again (with pid 0000). You can even change the pid using ft_prog.
tested on win8.1
-
http://www.reddit.com/r/arduino/comments/2k0i7x/watch_that_windows_update_ftdi_drivers_are/clgviyl (http://www.reddit.com/r/arduino/comments/2k0i7x/watch_that_windows_update_ftdi_drivers_are/clgviyl)
I have managed to build the ft232r_prog program on linux but have not tried it yet. I will use my 'broken' windows to verify my bad chip (or maybe 'ruin' a new one that I have as a spare) and then see if the linux app fixes it. they say it works and I bet it does, but I'll try it myself just to see and report back.
interesting that ftdi has rolled back their bad image (2.12) and the download link on THEIR site now redirects to 2.10. IANAL, but this seems like backpeddling to me, essentially admitting that they screwed the pooch and they don't want any more damage from this bad judgement call.
-
interesting that ftdi has rolled back their bad image (2.12) and the download link on THEIR site now redirects to 2.10.
No it doesn't.
-
interesting that ftdi has rolled back their bad image (2.12) and the download link on THEIR site now redirects to 2.10.
No it doesn't.
The link has changed to the 2.12 executable now, but there was a point earlier today when it redirected to a zipped version of 2.10.
-
A MAC address is in its nature not unique nor does it needs to be. As long as you have one MAC address on a segment it works correctly. The IPV6 address needs to be unique if some one clones them you get a lot of problems.
How do you think a constrained device gets an IPv6 address in the IoT universe?
Answer: it is a direct substitute of its MAC address. So NO it is not allowed to have two devices with the same MAC address in this setting
-
This morning I didn't have the time to have a look at all the posts about that topic.
Turns out that the findings, namely pooving that the destruction of counterfeit chips was deliberate was already done!
Hat's up to you guys. Beside one troll that has already been banned this is a real on topic discussion.
We had a meeting at work today about that issue:
Our board assembler gets all the material from trustworty distributors.
However there is still a residual risk of having counterfeit mixed with genuine one. :rant:
So we decided to slowly transition AWAY from FTDI because we deem them to be UNTRUSTWORTY from now on. :-- :-- :--
The problem: They don't have a go at the fake manufacturers but at the customers who have already been betraid by the delivery of the counterfeit chips in the first place.
One product will be most likey be changed to Silicon Labs CP2110 or CP2104.
This means around 3000 pcs FT232R + some others sold less for them every year.
There are now around 17K of these in our products out in the field somewhere.
I don't want to even think about the support line being unindated with calls when the Windows update installs new drivers.
As of now there are 0 reports. I really hope it stays like that. :scared:
I work in a small company and we just can't take the risk of getting units back from far away because they are blown by a driver. :rant:
-
To expand on this: What if FTDI sold some chips to a manufacturer and a year or two later held them hostage to pay over more licensing $$ or they would brick their devices!
By the way, I don't think anyone has brought this up yet.
How do we know that in the future this, or similar actions taken in FTDI's driver won't accidentally brick legitimate FTDI devices? I can easily envision a particular - maybe old - hardware version of one of their devices being left out of a test matrix and then suddenly FTDI (and their customers and customers' customers) are hoist by their own petard.
No, the risk is too great now to use FTDI chips - legitimate or otherwise - anymore.
-
interesting that ftdi has rolled back their bad image (2.12) and the download link on THEIR site now redirects to 2.10.
No it doesn't.
The link has changed to the 2.12 executable now, but there was a point earlier today when it redirected to a zipped version of 2.10.
flip-floppers! ;)
I did pull down the 2.10 via their 2.12 link, so it really did redirect for a while. wonder why they changed it.
maybe one lawyer said to, but another said not to. admitting they were wrong via the redirect? can't have that! so, tell that damned webmaster to redir the redir. sigh...
-
yeh, it used to be cp21xx that had a bad reputation because there were so many fakes and they constantly updated the drivers to break them so it seemed the they never worked
Are you sure you don't mean the Prolific chip (PL2303)?
The CP21xx (Silabs), I don't recall there ever being any problems with breaking drivers or known fakes.
But the Prolific's did have those issues, however I don't think they intentionally broke drivers, but just that the new drivers didn't work with the fake chips, and they didn't actually go out of their way to reprogram the chips as FTDI has done.
You are right, it was the prolific I was thinking about
-
We had a meeting at work today about that issue:
Our board assembler gets all the material from trustworty distributors.
However there is still a residual risk of having counterfeit mixed with genuine one. :rant:
Thank you for your report.
I'm exactly on the same boat.
FTDI cannot hold the end user responsible for the whole supply chain.
-
WTF? I just noticed that the FTDI download for drivers is a setup executable, and you need to email them if you want to use custom VID/PID - what's that all about?
Is this a recent thing or has it been like that for a while?
-
The redir still works if you go to the link for the zip, (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip)), it's just that they've changed the URL on the site to the EXE, perhaps so that they can show a warning message or EULA.
EDIT: Yes, after it extracts a EULA is shown with the warning about genuine products. The exe is signed yesterday afternoon, so I wonder they were advised to do this by their lawyers?
-
I just reinstalled windows 7 with FTDI driver not yet installed and still have some updates i need to install.
Anyone know which windows update is causing this?
Also I've ready by using FTDI/utilities/FT_PROG 2.8.2.0 u can change back the PID, but if it's a permanent solution, I can't tell.
As I mentioned here:
https://www.eevblog.com/forum/reviews/ftdi-how-to-remedy-the-dangerous-driver/msg535202/#msg535202 (https://www.eevblog.com/forum/reviews/ftdi-how-to-remedy-the-dangerous-driver/msg535202/#msg535202)
It's not a traditional "Windows Update" - it comes via the Windows Update drivers service which you will need to disable if you don't want updated drivers installed automatically.
-
WTF? I just noticed that the FTDI download for drivers is a setup executable, and you need to email them if you want to use custom VID/PID - what's that all about?
Is this a recent thing or has it been like that for a while?
I *think* that the VID/PID pair is part of the INF file which is signed, so they have to re-sign the driver if they change the VID/PID. So it's normal you have to get in touch with them to get a custom driver package signed if you want to change the VID/PID.
-
The redir still works if you go to the link for the zip, (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip)), it's just that they've changed the URL on the site to the EXE, perhaps so that they can show a warning message or EULA.
They no longer provide a link to the zip.
-
I was under the impression that FTDI already can change the VID/PID in the chip?
If so, they can always, with a driver update brick any device. Technically speaking the device is not bricked it just has a new VID/PID. After reprogramming it with the correct VID/PID the chip will function again with older drivers or can be used on Linux.
I even think there are more vendors which can change the VID/PID of their product.
This is not new and often will be used as a feature. I know one vendor which has a chip which can be configured over the USB bus. That is it starts out as generic device and through an upload of the firmware and disconnect/reconnect it is recognized as the new device.
All these devices can always be compromissed from within in the driver.
Still understand FTDI, but this method not very nice, actually plain stupid. Still curious if it on purpose or if it a side effect of the detection method |O I guess I will never know :--
-
One product will be most likey be changed to Silicon Labs CP2110 or CP2104.
Don,t know the large quantity pricing, but looking at farnell and mouser you can even safe more then half the cost for that ic, so why not change?
-
WTF? I just noticed that the FTDI download for drivers is a setup executable, and you need to email them if you want to use custom VID/PID - what's that all about?
Is this a recent thing or has it been like that for a while?
I got 2.10.00 drivers which still came as INF files.
-
The redir still works if you go to the link for the zip, (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip)), it's just that they've changed the URL on the site to the EXE, perhaps so that they can show a warning message or EULA.
They no longer provide a link to the zip.
I just saved the file pointed to by the link above.
-
The redir still works if you go to the link for the zip, (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip)), it's just that they've changed the URL on the site to the EXE, perhaps so that they can show a warning message or EULA.
They no longer provide a link to the zip.
I just saved the file pointed to by the link above.
Congrats.
-
One product will be most likey be changed to Silicon Labs CP2110 or CP2104.
From the CP2110 manual:
The CP2110 is a USB Human Interface Device (HID), and as most operating systems include native HID drivers,
custom drivers do not need to be installed. The CP2110 does not fit one of the standard HID device types, such as
a keyboard or mouse, and so any CP2110 PC application needs to use the CP2110’s HID specification to
communicate with the device. The low-level HID specification for the CP2110 is provided in “AN434: CP2110/4
Interface Specification.” This document describes all of the basic functions for opening, reading from, writing to,
and closing the device as well as the ROM programming functions.
A Windows DLL that encapsulates the CP2110 HID interface and also adds higher level features such as read/
write time-outs is provided by Silicon Labs. This DLL is the recommended interface for the CP2110. The Windows
DLL is documented in CP2110 Windows DLL Specification.
Both of these documents and the DLL are available in the CP2110EK CD as well as online at
http://www.silabs.com/. (http://www.silabs.com/.)
So, you are going to write additional software to bridge between the low-level HID driver and serial port functionality? Or is the change simpler than that?
-
So, you are going to write additional software to bridge between the low-level HID driver and serial port functionality? Or is the change simpler than that?
With the CP2102 & CP2101, they appear to be direct competitors to the FTDI part. I think the big hangup for most people has been the QFN package vs. SSOP.
-
interresting....
http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip)
redirects to:
http://www.ftdichip.com/Drivers/CDM/CDM%20v2.10.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.10.00%20WHQL%20Certified.zip)
so even if you try to download the 2.12 you'll get the older 2.10... interesting , apparently they changed the redirect again ;)
it looks like some kind of schizophrenic fight :-DD
-
The redir still works if you go to the link for the zip, (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip)), it's just that they've changed the URL on the site to the EXE, perhaps so that they can show a warning message or EULA.
They no longer provide a link to the zip.
Looks like they indeed quickly changed the linking page.
Current version:
http://www.ftdichip.com/Drivers/D2XX.htm (http://www.ftdichip.com/Drivers/D2XX.htm)
Snapshot a few days ago:
https://web.archive.org/web/20141012061236/http://www.ftdichip.com/Drivers/D2XX.htm (https://web.archive.org/web/20141012061236/http://www.ftdichip.com/Drivers/D2XX.htm)
Google cache also still shows the zip link:
http://webcache.googleusercontent.com/search?q=cache:CK-LKzirhLAJ:www.ftdichip.com/Drivers/D2XX.htm (http://webcache.googleusercontent.com/search?q=cache:CK-LKzirhLAJ:www.ftdichip.com/Drivers/D2XX.htm)
No idea why they think this helps, but oh well. :-//
And while we're at it, direct link to archived version of that zip:
https://web.archive.org/web/20140710231626/http://www.ftdichip.com/Drivers/CDM/CDM%20v2.10.00%20WHQL%20Certified.zip (https://web.archive.org/web/20140710231626/http://www.ftdichip.com/Drivers/CDM/CDM%20v2.10.00%20WHQL%20Certified.zip)
Just checked it, and that is indeed the exact same zip file.
-
So, you are going to write additional software to bridge between the low-level HID driver and serial port functionality? Or is the change simpler than that?
With the CP2102 & CP2101, they appear to be direct competitors to the FTDI part. I think the big hangup for most people has been the QFN package vs. SSOP.
OK, it just appears to me that with FTDI you get the serial port handling within Windows with the driver, and with CP21XX one might have some more to do. And this is actually an honest, "I don't know" question, I'm not trying to shill for FTDI.
-
So, you are going to write additional software to bridge between the low-level HID driver and serial port functionality? Or is the change simpler than that?
With the CP2102 & CP2101, they appear to be direct competitors to the FTDI part. I think the big hangup for most people has been the QFN package vs. SSOP.
OK, it just appears to me that with FTDI you get the serial port handling within Windows with the driver, and with CP21XX one might have some more to do. And this is actually an honest, "I don't know" question, I'm not trying to shill for FTDI.
Honestly, half the time I want to do more on the windows side. It's stupid to say "Find the com port, it may change depending on what usb port you plug into and if you've restarted since last time" rather then being able to write my software to look for my specific usb device.
-
OK, it just appears to me that with FTDI you get the serial port handling within Windows with the driver, and with CP21XX one might have some more to do. And this is actually an honest, "I don't know" question, I'm not trying to shill for FTDI.
I am taking this as a sort of "Don't trust, and instead verify" approach. I ordered the CP2102EK kit in order to see how different they are. My core goal is for the user to plug the thing in, and not muck with anything. Also, don't fret, I didn't take anything you said as having malicious intent. SILabs' thing is that they have a number of odd permutations, so not all of them are actually competitive to the FT232R parts.
-
OK, it just appears to me that with FTDI you get the serial port handling within Windows with the driver, and with CP21XX one might have some more to do. And this is actually an honest, "I don't know" question, I'm not trying to shill for FTDI.
I am taking this as a sort of "Don't trust, and instead verify" approach. I ordered the CP2102EK kit in order to see how different they are. My core goal is for the user to plug the thing in, and not muck with anything. Also, don't fret, I didn't take anything you said as having malicious intent. SILabs' thing is that they have a number of odd permutations, so not all of them are actually competitive to the FT232R parts.
I hope that once you and others have the chance to try it out, that you will post your impressions of the platform and process.
-
After a bit of hunting around, I found a way to unbrick my bricked device (set the PID back to 6001) using the ft232r utility in Linux.
I wrote up the steps here: http://www.minipwner.com/index.php/unbrickftdi000 (http://www.minipwner.com/index.php/unbrickftdi000)
*Disclaimer - I am not promoting the use of these fake FTDI chips. They've given me nothing but headaches. I order Arduino Nano's in batches for workshops I run, and for the last year I've had to pre-order one, check that its a legit chip to the best of my ability, and then order the rest of the batch from the same supplier. (And yes I do ask the supplier ahead of time but they don't always get it right either).
-
Franky i don't understand why the counterfeiters don't just release their own driver and separately Id the chip,.........
Frankly speaking, and call me a bigot if you need, but many Chinese manufacturers operate on cloning for cost reduction and not innovation.
Bingo. Writing drivers which work across a whole set of Windows version is difficult to say the least and requires long term commitment. FTDI has a track record of keeping their drivers running as the Windows platform evolves. There is a lot of value to that. The minimum you need is to to pay a driver engineer on a continuous basis to keep the driver working. I've dealt with driver level engineering for years: At minimum you have to make changes a few times a year to keep drivers working with new OS versions, new architectures, new security models etc.
Take a look at the FTDI driver page and realize the amount of platforms they support: http://www.ftdichip.com/FTDrivers.htm (http://www.ftdichip.com/FTDrivers.htm) It's pretty amazing and every single one has it's own issues/bugs which need to be worked around. They still support Windows 98!
I expect the next big change in drivers to be around USB security in general. As the 'BadUSB' exploit becomes used in the wild Microsoft will have to start to lock down USB to mitigate these kind of attacks. That will likely affect all drivers.
In the end a Chinese fly by company could never afford to write their own drivers. I also doubt that an open source project would be able to handle that given the amount of QA you need to do on drivers. It's very costly.
What I expect to see, honestly, is a slight change to the clones which inhibit the write, and then FTDI is back to square one, with a large consumer base that is FTDI phobic. Any man can create a lock which he himself cannot pick.
Correct. It sounds like the cloners will just adjust to the current situation and continue to make more fake chips. It could even drive more sales for them by selling it under a 'works with new FTDI driver' tag. In meantime you have a large base of angry customers.
I think the right strategy for FTDI would have been to enter the arms race like everyone else and start to include fingerprint/authentication silicon into their new chips like most companies now start to do. It sucks that we have to this route, but the lack of IP/copyright enforcement in various countries really forces the hand here. This lack of enforcement also affects open source software BTW. Tons of Chinese products use GPL software without ever releasing source code. My recent stint with security cameras show they are pretty much all using GPLd video/H.264/linux software. And no way for me to fix the broken software in those devices since they don't release source code...
-
"Honestly, half the time I want to do more on the windows side. It's stupid to say "Find the com port, it may change depending on what usb port you plug into and if you've restarted since last time" rather then being able to write my software to look for my specific usb device."
Agreed, the constantly changing COM port numbers are annoying. My suggested fix is that the USB driver asks the device what COM port it would like to use, and this number is also written on the outside of the case of the peripheral in question.
-
OK, it just appears to me that with FTDI you get the serial port handling within Windows with the driver, and with CP21XX one might have some more to do. And this is actually an honest, "I don't know" question, I'm not trying to shill for FTDI.
The CP2102 works just fine. I use USB-Serial modules that all use the CP2102 and have for years, I've sold piles of the things too, no complaints.
Drivers for Linux, Windows and Mac (and WinCE and Android) if your OS doesn't automatically find them...
http://www.silabs.com/products/mcu/pages/usbtouartbridgevcpdrivers.aspx (http://www.silabs.com/products/mcu/pages/usbtouartbridgevcpdrivers.aspx)
-
A MAC address is in its nature not unique nor does it needs to be. As long as you have one MAC address on a segment it works correctly. The IPV6 address needs to be unique if some one clones them you get a lot of problems.
How do you think a constrained device gets an IPv6 address in the IoT universe?
Answer: it is a direct substitute of its MAC address. So NO it is not allowed to have two devices with the same MAC address in this setting
Uhm not quite. Assuming we're talking about SLAAC here because that's the only time the MAC address is related at all to the IPv6 address.
A MAC address is 48-bits. An IPv6 network address is 128-bits. They're not directly related. In a normal situation, the local router will advertise itself, along with a 64-bit (or shorter) network address for the segment. Any host that attaches is then free to select an address (or addresses) it would like to use from within that network; it will have at least 64-bits of address space to work with. In early implementation this was straight-up the MAC address, encoded in a trivial manner, but most OSs now use "privacy addresses" that are basically random and change periodically. Once an address is chosen, default address detection (DAD) is performed to verify that the address is not already in use on the local segment. Then it is bound to the interface.
So you end up with <64 bits of network address, set by the network device>:<64 bits of host address, randomly assigned>. Even when the host part is generated from the interface identifier (MAC), the whole address is still globally unique due to the network address portion.
-
How do you think a constrained device gets an IPv6 address in the IoT universe?
Answer: it is a direct substitute of its MAC address. So NO it is not allowed to have two devices with the same MAC address in this setting
The IPv6 EUI-64 address is a function of the MAC address, and the gateway prefix. So the MAC address has to be unique only within the same /64 which mostly falls in the same scope as an IPv4 subnet, or the underlaying layer-2 LAN.
-
OK, it just appears to me that with FTDI you get the serial port handling within Windows with the driver, and with CP21XX one might have some more to do.
No, I have used the CP2101 and CP2102 in the past and they work out of the box just like the FT232R does. The only difference is that the CP2101 doesn't come in TSSOP.
-
I just did a little poking, and the CP2110 actually looks freaking awesome. Looks like it has support for making your own "devices" that don't just show up as com ports, but they do use standard usb HID drivers on windows. All you need is a simple dll bundled with your app and you've got a serial style connection to the device. No crazy drivers, no hunting for the right ports. Looks awesome to me!
-
I just did a little poking, and the CP2110 actually looks freaking awesome. Looks like it has support for making your own "devices" that don't just show up as com ports, but they do use standard usb HID drivers on windows. All you need is a simple dll bundled with your app and you've got a serial style connection to the device. No crazy drivers, no hunting for the right ports. Looks awesome to me!
This is the biggest risk of companies pulling shenanigans like this. The last thing that you want is your customers to ask the question "What other options are there?" Once that question is asked, you're in trouble. If you can keep them "fat, dumb, and happy" then you're likely to keep them.
I realize that their worried about their future, and they have a right to try to protect their IP, but this is a very dangerous move.
-
I just did a little poking, and the CP2110 actually looks freaking awesome. Looks like it has support for making your own "devices" that don't just show up as com ports, but they do use standard usb HID drivers on windows. All you need is a simple dll bundled with your app and you've got a serial style connection to the device. No crazy drivers, no hunting for the right ports. Looks awesome to me!
This is the biggest risk of companies pulling shenanigans like this. The last thing that you want is your customers to ask the question "What other options are there?" Once that question is asked, you're in trouble. If you can keep them "fat, dumb, and happy" then you're likely to keep them.
I realize that their worried about their future, and they have a right to try to protect their IP, but this is a very dangerous move.
Exactly. I would love for my arduino IDE to have a list of connected arduinos pop up as programming targets, rather then a list of com ports. Or even, *gasp*, it just working when I hit upload cause there's only one arduino!
-
Another advantage to the CP2110 is that it is compatible with Android if the device supports USB Host. I used one on an Android-based project last year and it worked well.
-
This just in, Microsoft pulls two FTDI drives from Windows Update.
http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/ (http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/)
-
No idea why they think this helps, but oh well. :-//
..so they can add a more explicit warning of imminent device destruction...?
-
No idea why they think this helps, but oh well. :-//
..so they can add a more explicit warning of imminent device destruction...?
Ah, the remaining .exe file shows you a popup with such a warning? I missed that.
-
By the way, I don't think anyone has brought this up yet.
How do we know that in the future this, or similar actions taken in FTDI's driver won't accidentally brick legitimate FTDI devices? I can easily envision a particular - maybe old - hardware version of one of their devices being left out of a test matrix and then suddenly FTDI (and their customers and customers' customers) are hoist by their own petard.
No, the risk is too great now to use FTDI chips - legitimate or otherwise - anymore.
The way the bricking works, that seems unlikely - there's no per-device detection, it's already 'trying' to brick all devices and authentic ones are just not vulnerable to the method used.
Actually, they do detect what type of device is plugged in, and only issue the bricking commands to FT232RLs. In fact, the same commands will brick other genuine FTDI devices with an external EEPROM too, if the code didn't check for them. The FT232RL is the odd man out; the clones actually behave the same as FTDI's other chips, which is what their USB command protocol was clearly intended to do. FT232RLs have a buffering hack due to their EEPROM layout, and that specifically is what the clones didn't catch on to, and what the bricking code exploits.
(https://marcan.st/transf/checkbrick.png)
Sidenote: code bug here. They forgot to return a value for non-FT232RL devices, when the if branch isn't taken. This caused the return register to contain an uninitialized value - in this case, the FTDIDevice *dev parameter - which confused the decompiler into thinking the return value's type is FTDIDevice* instead of int (I could've fixed the type but didn't bother). They don't use the return value in the caller, so this is harmless, but still, bad FTDI, ignoring compiler warnings. Doesn't instill much confidence that they don't even check for compiler warnings on their critical bricking code that might brick legitimate devices if it malfunctions.
-
No idea why they think this helps, but oh well. :-//
..so they can add a more explicit warning of imminent device destruction...?
Ah, the remaining .exe file shows you a popup with such a warning? I missed that.
I don't know - just a guess.
-
From: http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/ (http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update. :palm:
Sounds like MS stepped up and put them in their place over this issue...
PS SIMON.... I never figured you were sparkylabs... I've ordered a number of stuff off you in the past and always been happy :-) (Waves)
-
This just in, Microsoft pulls two FTDI drives from Windows Update.
http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/ (http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/)
Confirmed - I had a FTDI update sitting in my Windows Update queue a week ago (I don't install WU device driver updates because these things happen - not bricking, but unintentionally fucking things up - I'd rather go to the mfg to read the release notes first). It's gone now, after doing an update check.
-
I just did a little poking, and the CP2110 actually looks freaking awesome. Looks like it has support for making your own "devices" that don't just show up as com ports, but they do use standard usb HID drivers on windows. All you need is a simple dll bundled with your app and you've got a serial style connection to the device. No crazy drivers, no hunting for the right ports. Looks awesome to me!
This is the biggest risk of companies pulling shenanigans like this. The last thing that you want is your customers to ask the question "What other options are there?" Once that question is asked, you're in trouble. If you can keep them "fat, dumb, and happy" then you're likely to keep them.
the guys crying out loud are probably the guys selling fake ftdi chips or devices containing fake ftdi chips
I realize that their worried about their future, and they have a right to try to protect their IP, but this is a very dangerous move.
only if they affect actual customers.
for a chip manufacturer, hobbyists like you or me are not their real customers, hobbyist market is a really small market. Their customers are the guys who design/build devices. The driver update affect manufacturer who don't buy their chips anyway so not their real customer and would probably make more manufacturers buy the real thing next time.
Bricking fake devices actually protect their real customers and their customer's customers.
-
I don't know - just a guess.
I got the impression that they removed the link to the .zip file after someone posted about a workaround by using the .INF file (found in the zip) and then specifying the desired VID/PID. As opposed to the automated installation you'd get by default using the .exe. But not sure. :-//
-
The driver update affect manufacturer who don't buy their chips anyway so not their real customer and would probably make more manufacturers buy the real thing next time.
Bricking fake devices actually protect their real customers and their customer's customers.
I guess you didn't read the comments from the pros on this forum. Some explain having had (crisis) meetings about the impact of FTDI sabotage driver. Thinking it is possible to buy 100% real devices in mass production is being naive. There is no guarantee a counterfeit product doesn't end up in a device. That means using FTDI chips poses the risk a device stops working which in turn results in an angry customer or even damage claims. Such a risk is unacceptable for any business so the clever move is to stop using FTDI at all.
-
Reading between the lines, it would appear that Microsoft has bitch-slapped FTDI
http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/ (http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/)
look near the bottom
-
I just did a little poking, and the CP2110 actually looks freaking awesome. Looks like it has support for making your own "devices" that don't just show up as com ports, but they do use standard usb HID drivers on windows. All you need is a simple dll bundled with your app and you've got a serial style connection to the device. No crazy drivers, no hunting for the right ports. Looks awesome to me!
This is the biggest risk of companies pulling shenanigans like this. The last thing that you want is your customers to ask the question "What other options are there?" Once that question is asked, you're in trouble. If you can keep them "fat, dumb, and happy" then you're likely to keep them.
the guys crying out loud are probably the guys selling fake ftdi chips or devices containing fake ftdi chips
I realize that their worried about their future, and they have a right to try to protect their IP, but this is a very dangerous move.
only if they affect actual customers.
for a chip manufacturer, hobbyists like you or me are not their real customers, hobbyist market is a really small market. Their customers are the guys who design/build devices. The driver update affect manufacturer who don't buy their chips anyway so not their real customer and would probably make more manufacturers buy the real thing next time.
Bricking fake devices actually protect their real customers and their customer's customers.
But you have firms like Microchip who will happily give out free samples to hobbyists which I am sure is because they not only see us as future customers but in your own words as their future customer customers.
I only only see myself as a hobbyist but I sell my stuff (Does selling your skills make you a professional or not? I have made my limited skills into a profession for me. I dunno...). What this whole issue has told me is if I want to add a USB-Serial Device I am going to stay away from "Future Tremendous Disaster Incoming" and go with someone else.
Yeah sure they are not making mega bucks off me selling me chips (So they don't really care about me as a customer, but they should) and I don't like counterfeit chips as much as the next guy. So why should I run the risk that I fuck up and get in some fakes when I think I am going though legit sources and then cause my customers headaches down the road when there are plenty of other options to fill the USB-Serial need.
FTDI have shown they don't care about me nor my customers (As I am not big enough for them) so I'm not going to give them two thoughts about them. I'm sure they will survive without me as a customer but I know I will survice without them being a supplier of mine.
-
I just did a little poking, and the CP2110 actually looks freaking awesome. Looks like it has support for making your own "devices" that don't just show up as com ports, but they do use standard usb HID drivers on windows. All you need is a simple dll bundled with your app and you've got a serial style connection to the device. No crazy drivers, no hunting for the right ports. Looks awesome to me!
This is the biggest risk of companies pulling shenanigans like this. The last thing that you want is your customers to ask the question "What other options are there?" Once that question is asked, you're in trouble. If you can keep them "fat, dumb, and happy" then you're likely to keep them.
the guys crying out loud are probably the guys selling fake ftdi chips or devices containing fake ftdi chips
I realize that their worried about their future, and they have a right to try to protect their IP, but this is a very dangerous move.
only if they affect actual customers.
for a chip manufacturer, hobbyists like you or me are not their real customers, hobbyist market is a really small market. Their customers are the guys who design/build devices. The driver update affect manufacturer who don't buy their chips anyway so not their real customer and would probably make more manufacturers buy the real thing next time.
Bricking fake devices actually protect their real customers and their customer's customers.
But you have firms like Microchip who will happily give out free samples to hobbyists which I am sure is because they not only see us as future customers but in your own words as their future customer customers.
I only only see myself as a hobbyist but I sell my stuff (Does selling your skills make you a professional or not? I have made my limited skills into a profession for me. I dunno...). What this whole issue has told me is if I want to add a USB-Serial Device I am going to stay away from "Future Tremendous Disaster Incoming" and go with someone else.
Yeah sure they are not making mega bucks off me selling me chips (So they don't really care about me as a customer, but they should) and I don't like counterfeit chips as much as the next guy. So why should I run the risk that I fuck up and get in some fakes when I think I am going though legit sources and then cause my customers headaches down the road when there are plenty of other options to fill the USB-Serial need.
FTDI have shown they don't care about me nor my customers (As I am not big enough for them) so I'm not going to give them two thoughts about them. I'm sure they will survive without me as a customer but I know I will survice without them being a supplier of mine.
Heh, just look at 3d printers. I'm sure somebody scoffed at RepRap, but I know people that have spend hundreds on just the electronics. Speaking of, I wonder how many 3d printers got killed by this. A lot of reprap stuff uses offbrand arduino clones.
-
from http://arstechnica.com (http://arstechnica.com)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
Love to be a fly on the wall in FTDI HQ when they are discussing this.
-
from http://arstechnica.com (http://arstechnica.com)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
Love to be a fly on the wall in FTDI HQ when they are discussing this.
I'm pretty sure that that conversation (between Microsoft and FTDI) was a straight-up bitch-slap.
-
from http://arstechnica.com (http://arstechnica.com)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
Love to be a fly on the wall in FTDI HQ when they are discussing this.
Oh yes, and then when FTDI is discussing the profit of the next quarter.
-
from http://arstechnica.com (http://arstechnica.com)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
Love to be a fly on the wall in FTDI HQ when they are discussing this.
Oh yes, and then when FTDI is discussion the profit of the next quarter.
Well I don't really think FTDI's update is going to effect MS's profits for next quarter (Tounge in cheek: MS are going a fine job of that themselves... Though Win 10 TP isn't the horse crap Win 8 was....) And(I misread the post... Sorry) its not really going to effect FTDI's next quarter because A) its too short of a time period for people to jump ship, Their "Big" customers have already locked in their designs to change supplier b) I can see them reversing ship pretty quickly now it has come to attention (even though there have been reports of this for over a month, but those reports fall into the the "small enough not to give a crap about" bracket).
-
from http://arstechnica.com (http://arstechnica.com)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
Love to be a fly on the wall in FTDI HQ when they are discussing this.
Oh yes, and then when FTDI is discussion the profit of the next quarter.
Well I don't really think FTDI's update is going to effect MS's profits for next quarter (Tounge in cheek: MS are going a fine job of that themselves... Though Win 10 TP isn't the horse crap Win 8 was....) And(I misread the post... Sorry) its not really going to effect FTDI's next quarter because A) its too short of a time period for people to jump ship, Their "Big" customers have already locked in their designs to change supplier b) I can see them reversing ship pretty quickly now it has come to attention (even though there have been reports of this for over a month, but those reports fall into the the "small enough not to give a crap about" bracket).
Okay, ack, you're right. The big players will need some more time. And the impact of better china copies will need more time too. So maybee for the short time they have more profit. Maybee the responsible manager gets his bonus payment before he changes to another company.
EDIT:looks like the typical turbocapitalistic way...
-
What makes me laugh about all this is that once some people decapped a fake chip (because it was just returning 0's) and reported their finding to FTDI they asked for feedback, They suggested instead of sending 0's back the driver sent back something like "FAKECHIP" So the driver didn't work and what ever software was running on it could inform the user of the issue stead of just not working.
When Mike brought FTDI up over the rewriting of the PID on twitter they asked him for "suggestions on how to do it" https://twitter.com/FTDIChip/status/524931435077963776 (https://twitter.com/FTDIChip/status/524931435077963776) When they had a) already given out a driver that just ignored the fake chips b) were given a suggestion on how to make it so 3rd party software would know its a fake chip.
I guess they saw driver roll back too much as a threat and just decided to nip the issue in the butt (and create themselves a bigger issue in the long run)...
I'm just looking forward to the FTDI Press release over this... I just need some warning so I can pop some fresh corn :-)
-
Uh, no. FTDI's driver makes the victim device not work with *any* driver. FTDI did not write the driver that Linux uses. Plugging a clone into a Windows box running FTDI's driver will make it stop working on a Linux box
not true, Linux is already patched and will work with your fake
I have an Arduino compatible board purchased from Farnell which was built by a fairly reputable manufacturer. It seems that it's detected as being a counterfeit by the FTDI driver.
If I'm left with a dead device which I bought in good faith from a reputable supplier and manufacturer
You arent left, you need to contact Farnell for replacement/refund. Farnell sold you a fake.
-
Uh, no. FTDI's driver makes the victim device not work with *any* driver. FTDI did not write the driver that Linux uses. Plugging a clone into a Windows box running FTDI's driver will make it stop working on a Linux box
not true, Linux is already patched and will work with your fake
That's true insofar as the Linux kernel folks have released a patch that was a response to the damage caused by this malware. The way you said it, it implies that the damage caused by the Windows driver has no impact on Linux. This is false on two counts: 1. It impacts virtually all copies of Linux that are in actual use on the planet today, and 2. It requires a version of Linux that will accept a PID of 0, which is definitively non-standard.
And, by the way, if FTDI were so cheesed off about the clone chips hijacking FTDI's vendor ID, then why is it the product ID that they cleaned out?
-
Uh, no. FTDI's driver makes the victim device not work with *any* driver. FTDI did not write the driver that Linux uses. Plugging a clone into a Windows box running FTDI's driver will make it stop working on a Linux box
not true, Linux is already patched and will work with your fake
That's true insofar as the Linux kernel folks have released a patch that was a response to the damage caused by this malware. The way you said it, it implies that the damage caused by the Windows driver has no impact on Linux. This is false on two counts: 1. It impacts virtually all copies of Linux that are in actual use on the planet today, and 2. It requires a version of Linux that will accept a PID of 0, which is definitively non-standard.
And, by the way, if FTDI were so cheesed off about the clone chips hijacking FTDI's vendor ID, then why is it the product ID that they cleaned out?
Do you want the real reason, or the PR reason? Cause the real reason is that they could run the code to change the product id on a clone chip or on a real chip, and it'd only mess up the clone chip. Vendor ID, I'm fairly certain, is on an odd offset, so it wouldn't get buffered like that on the real chip.
-
I just tried the linux fix:
./ft232r_prog --old-pid 0x0000 --new-pid 0x6001
ft232r_prog: version 1.24, by Mark Lord.
eeprom_size = 128
vendor_id = 0x0403
product_id = 0x0000
self_powered = 0
remote_wakeup = 1
suspend_pull_downs = 0
max_bus_power = 90 mA
manufacturer = FTDI
product = FT232R USB UART
serialnum = A9E9X73N
high_current_io = 0
load_d2xx_driver = 0
txd_inverted = 0
rxd_inverted = 0
rts_inverted = 0
cts_inverted = 0
dtr_inverted = 0
dsr_inverted = 0
dcd_inverted = 0
ri_inverted = 0
cbus[0] = TxLED
cbus[1] = RxLED
cbus[2] = TxDEN
cbus[3] = PwrEn
cbus[4] = Sleep
Rewriting eeprom with new contents.
moved the bad dongle over to windows (I installed 2.10 driver and disabled the damned windows update driver search. my god!) and the pid is back to 6001 again. confirmed on linux syslog, too.
2 or 3 times - even after I installed 2.10 on win7 - the driver must have been mem resident since it kept resetting my pid! ok, fine, want to play it hard, I'll play it hard - moved it back to linux, reset the pid again and finally rebooted windows to clear its mem.
confirmed that once I REBOOTED win7, the 2.10 driver took the 2.12's place and things are back to 'normal' again.
the linux app definitely does 'repair' bad chips. I love it!!
-
I've just done a very quick analysis of the new 2.12.00 vs the old 2.12.00 drivers.
It seems that the dpinst.xml file has been updated, although curiously the updates seem to be fairly insignificant.
It consists of a large number of lines like this
<language code="0x0404"><eula type="txt" path="licence.txt"/></language>
It seems that it may have been intended to display the EULA. More information about this file is located here: http://www.ftdichip.com/Support/Knowledgebase/index.html?sampledpinstxmlfile.htm (http://www.ftdichip.com/Support/Knowledgebase/index.html?sampledpinstxmlfile.htm)
There are other changes to the dpinst executable files. The changes are quite significant by the looks of the size changes. But I have not investigated what they might be.
-
but most OSs now use "privacy addresses" that are basically random and change periodically. Once an address is chosen, default address detection (DAD) is performed to verify that the address is not already in use on the local segment. Then it is bound to the interface.
Did you see my "constrained device" remark in my post? There is no OS we have 32kB RAM and 64kB ROM if lucky an RTOS that has nothing to do with IP. Everyone still thinks PCs but that is definetly not the IoT universe. But going offtopic so I stop.
-
Hello to all.
I'm new here, but not new viewing EEVBLOG videos on YouTube.
Shouldn't be the right question:
How will FTDI prove that my devices are, endeed, a counterfit? I could claim that they are originals and stick to it, the same way they are claiming to be counterfiting ICs. I could then claim that even after decapping the IC, they could still be from FTDI. And what if they are all genuine and they're trying to convince us otherwise because they released a bad batch or a buggy firmware / hardware version?
And for those who are still in the shadows. A couple of facts and ideas:
1) You can rewrite broken PID (0x0000) if you use another PC (or use a virtual machine for example) with an older FTDI driver (then use their FTProg tool to restore the original PID) BUT connecting the device again to a PC with the new driver will change again the PID to 0x0000.
2) You could add a new PID in the given drivers by FTDI, so the device could still work in all Windows versions, even with PID 0x0000;
3) I first suspected of some of my FT232RL devices a couple of months ago, because FTDI claims that they can handle up to 3mbps, but some of my chips were choking when configuring baudrates greaters than 2mbps. Sniffing USB packets i saw that at this values of baudrates, data reports were only beeing writtten each aprox. ~ 500 ms (a really piece of crap).
-
A few cases of similar protection of trivial magic numbers people seem to be forgetting:
http://mashable.com/2009/10/03/palm-restores-itunes-sync/ (http://mashable.com/2009/10/03/palm-restores-itunes-sync/)
http://hackaday.com/2014/08/05/hardware-security-and-a-dmca-takedown-notice/ (http://hackaday.com/2014/08/05/hardware-security-and-a-dmca-takedown-notice/)
Good on FTDI for having a go and pushing the squatters off their driver, the device isn't bricked it is simply not recognised by their driver anymore. Intentionally looking for a device which isn't licensed to use the software and disabling it from doing so sounds legitimate when you put it that way.
-
A few cases of similar protection of trivial magic numbers people seem to be forgetting:
http://mashable.com/2009/10/03/palm-restores-itunes-sync/ (http://mashable.com/2009/10/03/palm-restores-itunes-sync/)
http://hackaday.com/2014/08/05/hardware-security-and-a-dmca-takedown-notice/ (http://hackaday.com/2014/08/05/hardware-security-and-a-dmca-takedown-notice/)
Good on FTDI for having a go and pushing the squatters off their driver, the device isn't bricked it is simply not recognised by their driver anymore. Intentionally looking for a device which isn't licensed to use the software and disabling it from doing so sounds legitimate when you put it that way.
First link, Palm signed an agreement, and then violated that agreement. Second one is irrelevant, cause the manufacturer isn't directly copying the chips, they are making a functional copy, likely through some form of reverse engineering. Good try, but unusable without a different os and or painful contortions is close enough to bricked for the average user, not to mention messing with my hardware is a very iffy thing for them to be doing.
-
Good on FTDI for having a go and pushing the squatters off their driver, the device isn't bricked it is simply not recognised by their driver anymore. Intentionally looking for a device which isn't licensed to use the software and disabling it from doing so sounds legitimate when you put it that way.
It's the other way around, the software is not licensed to be used the device and thus should not modify it.
Anyway, looks like FTDI learned their lesson but they are weak in managing damage control. Fluke did a much better job with the Sparkfun's yellow DMMs.
-
On a side note: if FTDI would bring out a software package that would identify the connected ic as being genuine or fake without damaging or altering it I think that would be a good thing.
But only if everyone currently buying their chips from any vendor will check their purchases and give negative feedback to that vendor in case of fake chips.
The big question to the hobbieist community is will you do that and pay the extra $ for the genuine part or not?
-
I have switched to CH340 some month or two ago. They are several times cheaper than FTDI and work same as well (despite sincere hate towards Win8 - it has the drivers preinstalled for that chip).
Entire converter usb stick costs less than the FTDI chip alone. Since FTDI's products are same as risky to use as shady chinese supplier now - why overpay when you get the same risk?
-
Good on FTDI for having a go and pushing the squatters off their driver, the device isn't bricked it is simply not recognised by their driver anymore.
For a layman, aka, consumers, and the vast majority of users of this IC are consumers, the result is indistinguishable.
Consumers just don't know, don't care, and need not to know or care what kind of USB chip is in their gadget. They buy the gadget, they don't have the knowledge to open it, diagnose if the IC is fake and they don't have the means and the skills to fix a bricked device.
FTDI was knowingly and willingly accepting huge collateral damage. They thought it was OK to kill heaps of innocent bystanders. It is now firing back.
Maybe a Scottish victim of FTDI finds some time to report FTDI to the proper authorities
Intentionally looking for a device which isn't licensed to use the software and disabling it from doing so sounds legitimate when you put it that way.
No, it isn't. It is vigilantism without proper authority. Turning off their own driver so it does not works with fakes, OK, fine. Manipulating the property of others, so laymen can no longer use that property, is not legitimate.
Further, even if the damage is not permanent, i.e. people manage to fix it, FTDI caused damage. Just because you can repair something doesn't mean damaging that property is legal.
And if you want to discuss legality further, the UK (and Scotland is still in the UK), has a chapter "Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of computer, etc." in its Computer Misuse Act.
-
Anyway, looks like FTDI learned their lesson
No, they haven't. Companies hardly ever learn their lesson. Instead they just believe they have been treated unfair and some great injustice happened to them. They would do it again, as soon as they manage to find a way to not get caught next time. Until they find such a way they consider PR as a "remedy", instead of actually compensating the victims of their behavior.
Thats why these companies need to be constantly reminded of the consequences of their wrongdoing. Even years or decades after the did something.
Fluke did a much better job with the Sparkfun's yellow DMMs.
One thing Fluke did right was to use the law, not to break it. That tremendously helps handling the fallout.
-
A MAC address is in its nature not unique nor does it needs to be. As long as you have one MAC address on a segment it works correctly. The IPV6 address needs to be unique if some one clones them you get a lot of problems.
How do you think a constrained device gets an IPv6 address in the IoT universe?
Answer: it is a direct substitute of its MAC address. So NO it is not allowed to have two devices with the same MAC address in this setting
Is this the same as the ethernet MAC address? If so it is not guaranteed to be unique.
Keep in mind that MAC address are not routed through a gateway. The IP address is needed for that.
The protocol keeps the IP address and substitue the MAC address with the address of the correct gateway on each new segment /route it encouters. Thats how IPv4 works since the hardware has not changed I do not think IPv6 will change this behaviour.
Also note that an MAC address is 6 bytes long. Many of these bits are used for the manufactor. And they only needed to be unique within one segment.
-
Fluke did a much better job with the Sparkfun's yellow DMMs.
One thing Fluke did right was to use the law, not to break it. That tremendously helps handling the fallout.
The Fluke thing was not a result of something Fluke did directly, it was a result of the US customs officials enforcing Fluke's trademark. Still doesn't make it right, but the blame did not fall squarely on Fluke as it wasn't a direct action by Fluke which caused the problem. (personally, I think Fluke should have to pay a fee for this sort of protection - I don't believe that it is the government's responsibility to enforce trademarks, it should be the responsibility of the trademark holder and they should take direct action against Sparkfun if they have a problem with the product) However, in this case the customs officials had the legal authority to block the shipment, while FTDI does not have the legal authority to damage 3rd party hardware.
-
Is this the same as the ethernet MAC address? If so it is not guaranteed to be unique.
Keep in mind that MAC address are not routed through a gateway. The IP address is needed for that.
The protocol keeps the IP address and substitue the MAC address with the address of the correct gateway on each new segment /route it encouters. Thats how IPv4 works since the hardware has not changed I do not think IPv6 will change this behaviour.
Also note that an MAC address is 6 bytes long. Many of these bits are used for the manufactor. And they only needed to be unique within one segment.
A MAC address is supposed to be unique. They are handed out in blocks to manufacturers, who are then supposed to ensure that each port they make has its own unique MAC address out of their allocated blocks. However, people have tinkered so much with MAC addresses that the uniqueness has been severely compromised.
-
FTDI actually got (used to have) a lot of fans all over. If they have approached the whole issue responsibily, and seek help and support, they can get to their pot of gold. But in a swipe, they inflame these fans into their most bitter enermies. I am not a high volume buyers. When I do buy, I bought the so-called industrial grade FTDI cable and sold how good these cables to my clients, and strongly recommend them to get the FTDI for their departments and subsidaries. They trust my word as I have solved a lot of their tough problems. I believe a lot of people here are (tech) opinions leaders. But now, I have to bad mouth FTDI. This type of company is too dangerous to be around. You never know what they may resort to in the future, and when they can.
-
FTDI actually got (used to have) a lot of fans all over. If they have approached the whole issue responsibily, and seek help and support, they can get to their pot of gold. But in a swipe, they inflame these fans into their most bitter enermies. I am not a high volume buyers. When I do buy, I bought the so-called industrial grade FTDI cable and sold how good these cables to my clients, and strongly recommend them to get the FTDI for their departments and subsidaries. They trust my word as I have solved a lot of their tough problems. I believe a lot of people here are (tech) opinions leaders. But now, I have to bad mouth FTDI. This type of company is too dangerous to be around. You never know what they may resort to in the future, and when they can.
My thoughts exactly. I have designed FT232RL chips into a couple of research devices (legitimate ones from Digikey, not unknown ones from ebay). I chose FTDI because 'it just works'. However, that's no longer the case. Will it work? Who knows. As soon as you start building kill switches into things, then there is a chance that the kill switch will not work completely as anticipated and end up causing collateral damage to a legitimate part. I believe most of the 'counterfeit' chips are legitimate FTDI-compatible clones that have been illegally re-marked. They really shot themselves in the foot with this one.
-
From: http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/ (http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update. :palm:
Sounds like MS stepped up and put them in their place over this issue...
PS SIMON.... I never figured you were sparkylabs... I've ordered a number of stuff off you in the past and always been happy :-) (Waves)
Good stuff
I'm yet to catch up on the topic but I think FTDI are going over the top. perhaps they could modify their chip design so that is looks in a certain place for a code and if it's not there or wrong it refuses to use the driver. I know it means changes for them but welcome to life poor FTDI, it would not help old chips being fakes and really as they are already our there and in customers gear it is wrong to punish the end user but it would help protect future devices. Bricking devices people thought to be genuine FTDI will not help their image at all. But then since being back in the Uk i have learnt that consumers have very little rights at all, and the bigger the company and the more "consumer friendly stuff" they sign up to the more unlikely external bodies are to step in and help while your left in an endless loop in their "complaints procedure" or whatever fancy process they have that keep official bodies happy but does very little for the user.
-
Just read one of the articles linked to, oh they are a scottish company ? say no more, if i were to generalize I could say "the scotts hate everyone and always think they are right and the injured party" but that would not be fair of all scottish people (I work for a scottish based company)
-
Nice article for the Dutch visitors of eevblog, written by a Dutch IT jurist:
http://blog.iusmentis.com/2014/10/24/chipleverancier-fdti-saboteert-namaakchips-met-firmwareupdates-mag-dat/ (http://blog.iusmentis.com/2014/10/24/chipleverancier-fdti-saboteert-namaakchips-met-firmwareupdates-mag-dat/)
-
From: http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/ (http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update. :palm:
Sounds like MS stepped up and put them in their place over this issue...
PS SIMON.... I never figured you were sparkylabs... I've ordered a number of stuff off you in the past and always been happy :-) (Waves)
Good stuff
I'm yet to catch up on the topic but I think FTDI are going over the top. perhaps they could modify their chip design so that is looks in a certain place for a code and if it's not there or wrong it refuses to use the driver. I know it means changes for them but welcome to life poor FTDI, it would not help old chips being fakes and really as they are already our there and in customers gear it is wrong to punish the end user but it would help protect future devices. Bricking devices people thought to be genuine FTDI will not help their image at all. But then since being back in the Uk i have learnt that consumers have very little rights at all, and the bigger the company and the more "consumer friendly stuff" they sign up to the more unlikely external bodies are to step in and help while your left in an endless loop in their "complaints procedure" or whatever fancy process they have that keep official bodies happy but does very little for the user.
Problem is they have to support legacy FTDI devices. So that would do nothing about clones of the FT232RL and other existing devices. And just reading out some ID is trivial to duplicate, so it will do nothing to fix the counterfeit problem. Incidentally, the current difference that they are exploiting is quite easy to fix and in a few months we will see clones that are invulnerable to the current destructive clone counterfeit test.
-
From: http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/ (http://arstechnica.com/information-technology/2014/10/windows-update-drivers-bricking-usb-serial-chips-beloved-of-hardware-hackers/)
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update. :palm:
Sounds like MS stepped up and put them in their place over this issue...
PS SIMON.... I never figured you were sparkylabs... I've ordered a number of stuff off you in the past and always been happy :-) (Waves)
Good stuff
I'm yet to catch up on the topic but I think FTDI are going over the top. perhaps they could modify their chip design so that is looks in a certain place for a code and if it's not there or wrong it refuses to use the driver. I know it means changes for them but welcome to life poor FTDI, it would not help old chips being fakes and really as they are already our there and in customers gear it is wrong to punish the end user but it would help protect future devices. Bricking devices people thought to be genuine FTDI will not help their image at all. But then since being back in the Uk i have learnt that consumers have very little rights at all, and the bigger the company and the more "consumer friendly stuff" they sign up to the more unlikely external bodies are to step in and help while your left in an endless loop in their "complaints procedure" or whatever fancy process they have that keep official bodies happy but does very little for the user.
Problem is they have to support legacy FTDI devices. So that would do nothing about clones of the FT232RL and other existing devices. And just reading out some ID is trivial to duplicate, so it will do nothing to fix the counterfeit problem. Incidentally, the current difference that they are exploiting is quite easy to fix and in a few months we will see clones that are invulnerable to the current destructive clone counterfeit test.
True enough i suppose, time they actually tracked down the counterfitters, then they will have the law on their side.
-
Someone posted this over at Slashdot, amused me:
>We've discovered some counterfeit parts in your car.
-Oh, really? Well, I'm going to drive over to the dealership take that up with them.
>We've already handled the problem. We crushed your car into a cube.
-Uhhh...
>You have 15 seconds to move your cube.
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg534731/#msg534731 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg534731/#msg534731)
;)
-
How will FTDI prove that my devices are, endeed, a counterfit? I could claim that they are originals and stick to it, the same way they are claiming to be counterfiting ICs. I could then claim that even after decapping the IC, they could still be from FTDI. And what if they are all genuine and they're trying to convince us otherwise because they released a bad batch or a buggy firmware / hardware version?
There are MAJOR differences between genuine and fake FT232 - it's a COMPLETELY different die, different behaviour etc. The ONLY way they are similar is in the driver interface and the logo on the encapsulation.
-
We appreciate your feedback, comments and suggestions.
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.
As previously stated, we recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. http://www.ftdichip.com/FTSalesNetwork.htm (http://www.ftdichip.com/FTSalesNetwork.htm)
If you are concerned that you might have a non-genuine device, our support team would be happy to help out.
Yours Sincerely
Fred Dart - CEO
-
I am seriously curious - I want to buy one of those counterfeit FT232s and play with it. How/where do I buy one which is definitely NOT the original?
all cheap arduino nano clones ( < $10) with FTDI chip have those fake FT232R chips. the newer cheap nano clones are coming with CH340G instead of the fake FTDI.
-
The big question to the hobbieist community is will you do that and pay the extra $ for the genuine part or not?
Talking about price. Another post in this thread got me thinking (uh-oh). FTDI supports many platforms and appearantly spends quite some money on driver development. But let's be realistic: those extra drivers are useful for 0.001% of their customers. The rest of the customers pays extra for features they don't need. That is a bad business model IMHO and opens a niche for cheaper clones.
-
I am glad to see FTDI respond here on the forum. :-+
Although I'm glad to see them post, still doesn't excuse them from maliciously attacking end users, with the intent to harm. Their stance reversal is only due to miscalculated media attention.
All things considered I will look to FTDI alternatives from now on.
-
We appreciate your feedback, comments and suggestions.
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.
As previously stated, we recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. http://www.ftdichip.com/FTSalesNetwork.htm (http://www.ftdichip.com/FTSalesNetwork.htm)
If you are concerned that you might have a non-genuine device, our support team would be happy to help out.
Yours Sincerely
Fred Dart - CEO
As has been well said here in the last nearly 40 pages or more users don't mind so much that a driver refuses to work with a future non genuine chips as they can then seek redress from the supplier and as they have not been in use for years and suddenly stop working don't create mayhem and collateral damage that will severely hurt your customers. but to brick historic products is unacceptable. Other companies seek legal redress through laws and lawful methods of enforcing their patents etc, you may find users are willing to work with you to help identify fake supply chains if you work with users. Alternatively you can get out of the chip market and go do whatever else pleases you, there are it would seem plenty of other chip manufacturers so your not exactly like gold dust to anyone. Now let me sit down and wonder why Britain is no longer the leading edge in technology and our economy is not improving, thanks for showing up the British market place and making it an international laughing stock !
-
We appreciate your feedback, comments and suggestions.
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.
As previously stated, we recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. http://www.ftdichip.com/FTSalesNetwork.htm (http://www.ftdichip.com/FTSalesNetwork.htm)
If you are concerned that you might have a non-genuine device, our support team would be happy to help out.
Yours Sincerely
Fred Dart - CEO
Mr Dart, please please please have the driver inform the end user that it is counterfeit, rather than just silently doing something.
I'm pretty sure most people who design electronics here don't want counterfeit chips either (I certainly don't), but not everyone has the ability to find out if their not-working chip is because it is a fake, DOA or even just poor circuit design. It is particularly hard with the FT232 as it seems the only real way to tell is to decap or xray the chip (or perhaps doing an even address EEPROM write! but now that the cat is out of the bag, I assume this is going to be worked around by counterfeiters).
-
Take the FTDI post as a mere press release, i doubt very much the email address the account is registered is Mr Darts
-
Take the FTDI post as a mere press release, i doubt very much the email address the account is registered is Mr Darts
It is: http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
-
Take the FTDI post as a mere press release, i doubt very much the email address the account is registered is Mr Darts
It is: http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
Ah yes, posted by a mikeg that ties with the address the account on here is registered to.
-
Someone posted this over at Slashdot, amused me:
>We've discovered some counterfeit parts in your car.
-Oh, really? Well, I'm going to drive over to the dealership take that up with them.
>We've already handled the problem. We crushed your car into a cube.
-Uhhh...
>You have 15 seconds to move your cube.
gotta love the Simpson's reference in that ;)
-
The more I think about it, the more I can't shake the feeling that there isn't really a way out of this for FTDI. Looks like they've just given up one of their last secrets about the FT232 that can be used to identify it from the counterfeits (and made it widely known due to the bricking and subsequent attention). They can EOL the FT232, but there are so many legitimate ones out there that they'd still have to support the driver for a while. And I'd be quite surprised if they changed the masks for such an old and stable product.
I suppose they could go for a hail mary and open source the drivers, in the hope that people will stick to legit chips. But I'm thinking that the chances of that are about as small as, well, you know, avian porcines and such.
-
mr ceo of ftdi,
as a boss of mine once liked to say, "you cant unring that bell". you may have revoked the malicious windows update, but it seems that another one is going to replace it; and while it may not actively write to non-genuine parts like yesterday's driver update did, refusing to instantiate the chip (init it) still punishes the end-user and leaves him stranded. it hurts the companies who -thought- they had real chips and used them in embedded products that we, consumers, bought.
a message on the screen, even with a forced delay and a forced "I understand" typed back in by the user would be mostly acceptable. otoh, refusing to init the driver would still be a malicious act, punishing the end-user.
please think this out very clearly before you take the next move. you have already lost a lot of customers over this; how you handle this, next, can either save you or send you down the 'sony rootkit fiasco' direction and people will just write you off as a troublesome company that cannot be trusted. and that's really odd since you once were Good Guys(tm) and we all DID trust you and your products.
we look forward to your return to sanity and hope its a speedy transition ;)
-
I suppose they could go for a hail mary and open source the drivers, in the hope that people will stick to legit chips. But I'm thinking that the chances of that are about as small as, well, you know, avian porcines and such.
I'm not sure. If the new driver shows a pop-up saying a fake FTDI chip is connected (but still works!) people can go back to the supplier and demand a device with a genuine chip. I contacted the seller of the RS485 boards (which started this thread) and he promised me to send 12 new boards and I urged him to make sure these have genuine FTDI chips on them otherwise they would be as useless as the boards he send me previously. I'm planning to hand out these RS485 boards to my customers so I don't want a 'this is a fake pop-up' appearing on their computer.
-
the way I plan to handle this is: lockdown any windows pc that wasn't created by corp IT, and disable its automatic search for windows updates. I used to trust that, but that trust is now down to ZERO, thanks to both ftdi and MS. MS also owns some blame here for 'qualifying' this piece of crap malware and they were active in distributing said malware.
so, disable auto-update search for drivers.
then, remove the 2.12 driver AND REBOOT. if you don't reboot, it stays mem-resident.
then, install the last good driver, 2.10, I believe.
beyond that, I'm going to disable all windows auto-updates on any box I have admin rights to, and be very careful about which ones I accept. anything marked 'optional' won't ever get onto my systems unless I first do a full image backup (which is a huge PITA).
it sounds like ftdi is going to revise their driver and send out another update, eventually. I can't trust it. the trust is completely gone with this company, at least for me. I am an arduino developer at my company (a huge datacom company, everyone has heard of..) and my advice to my peers and bosses is to do just as I've said, above, and also to avoid connecting these serial dongles or embedded arduino boards into anything windows based. if we stick with linux to do our programming, we will be safe. and as many large companies do, my win laptop is locked down by a 'group policy' and so I can't disable windows updates, even with admin privs on my company laptop. that means that its not safe to use windows and arduino development, ever again (at least with ftdi chips).
-
As has been well said here in the last nearly 40 pages or more users don't mind so much that a driver refuses to work with a future non genuine chips as they can then seek redress from the supplier and as they have not been in use for years and suddenly stop working don't create mayhem and collateral damage that will severely hurt your customers.
Their customers, you know the ones that actually bought FTDI chips are not hurt.
but to brick historic products is unacceptable.
The fake chips having no legitimate drivers always were bricks. FTDI found (or decided to implement) a way to stop their drivers working with some? of the fakes and FTDI become the bad guys and 'international laughing stock'?
The level of shit posted in this thread is astounding. Perhaps some of the anger could be directed at the manufacturers of the fake chips except you don't even know who made the 'bricks' which is the whole problem.
Other companies seek legal redress through laws and lawful methods of enforcing their patents etc,
Irrelevant. FTDI do not have to write drivers for fake chips. They specifically say they are only licensed for use on their chips. If you don't want FTDI drivers messing with your chips don't buy chips programmed with VID/PID which requests FTDI drivers to be loaded.
I am quite happy FTDI did what they did and the resulting shit storm highlights the extent of the problem. The people claiming they won't design in FTDI parts in the future are admitting they build low quality shit with parts from unidentified manufacturers - they are the ones I laugh at.
-
I suppose they could go for a hail mary and open source the drivers, in the hope that people will stick to legit chips. But I'm thinking that the chances of that are about as small as, well, you know, avian porcines and such.
I'm not sure. If the new driver shows a pop-up saying a fake FTDI chip is connected (but still works!) people can go back to the supplier and demand a device with a genuine chip. I contacted the seller of the RS485 boards (which started this thread) and he promised me to send 12 new boards and I urged him to make sure these have genuine FTDI chips on them otherwise they would be as useless as the boards he send me previously. I'm planning to hand out these RS485 boards to my customers so I don't want a 'this is a fake pop-up' appearing on their computer.
Looking at the latest reply from FTDI, as you are not the one that collected the chip hot out from the factory oven, you can never know what your customers going to see or not see now, and in the future. Worse can happen, a few bytes may be changed or lost along the way, etc etc. One can never be sure as they are operating on different turf.
-
:blah: :blah:. The lawyers will certainly make some money here.
Regardless of what you think of FTDI's decision, it is the counterfeiters that are the criminals and it is the responsibility of the goods manufacturer to sell products containing authentic parts. As a manufacturer, if you cannot control your buyers then you should change how you operate. Some people on this topic appear to be sympathising with the manufacturer who has inserted the counterfeit product into a design. Perhaps a minority deserve sympathy but not the majority.
If a designer or budgeter within a company creates a cost list with the price of a component listed as it would be supplied from the grey (risky) market, and not a price from the chip manufacturer’s franchised dealer, and the company goes onto source that component from the grey market then does that company really deserve sympathy? No.
In small and medium quantities, it is not difficult for anyone to buy from a reputable dealer such as Farnell, Mouser or Digikey. In larger numbers, try the franchised dealers for best price. These are very simple supply rules. If part of your organisation decides to cut costs and take a risk with a cheaper deal then it must accept the risk (or incompetence) and prepare to get burnt.
As an individual (or business), when you buy cheap electronics from sources such as ebay, direct from China or from smaller online outlets you are running the risk of buying counterfeit, reject or stolen goods. When other, more reputable outlets exist for what you are buying, and you still choose to buy cheap then you must accept the risk. I have been buying from ebay for years for personal use and most 'sold-as-new' electronics products I have purchased for the lowest price have developed a fault after a while. Nearly all those products have clearly been factory rejects or substandard in some way. I have not whinged about this because I understand the risk. I try to avoid short-duration ebay dealers, those with a significant number of negative feedbacks and those who I consider to have an unreasonable returns policy, and I never buy mains goods unless I take them apart to check for safety first. I rarely buy from China but, when I do, I understand the risk. For my business, I adopt minimum risk and do not buy from China directly and do not buy from ebay unless it is a 'transparent' non-complex product (i.e. non-electrical) to be tested or used for internal administrative purposes e.g. a paper-clip.
If a business can only make money by buying cheap grey market high-risk components then it should not exist. If a business is doing that to be greedy then it has decided to run the risk of getting burnt.
With expert counterfeiters these days, the only way to minimise your risk is to pay the 'going price' and buy from a reputable dealer. Only idiots buy cheap goods from the back of a van in a car park more than once. If you are lucky, the goods are stolen and the negative result is that your purchase is promoting crime. If you are unlucky, the negative result is that the goods will be substandard. The result is always negative. Go watch some early ‘Only Fools and Horses’ episodes to learn what ‘back-of-the-lorry’ goods are.
This morning FTDI confirmed to me that Farnell is an 'official channel partner' and Farnell confirmed that 'order code 1146032rl is sourced directly from FTDI'.
If you have suffered a PID 0000 and want to do something constructive, then post the details of what the product is and where you purchased it from here. It may help identify the counterfeit supply routes.
-
I am quite happy FTDI did what they did and the resulting shit storm highlights the extent of the problem. The people claiming they won't design in FTDI parts in the future are admitting they build low quality shit with parts from unidentified manufacturers - they are the ones I laugh at.
Wrong, and quite laughable.
As a moral human being I take note of malicious people and companies, and base my support and buying decisions accordingly.
-
I emailed FDTI with my thoughts and a link to this thread and this was part of the response:
The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.
-
as usual, rufus is defending the company that exhibited poor decision-making. not sure why, but some of us can guess.
as was said several times before, if the US MILITARY can't ensure, 100%, that they avoid clones and fakes when building their own hardware, I'm not sure its reasonable in today's 'made in china' world to expect any company to be on the ground, 7x24, 100% of the time, to watch the board makers production lines.
to think so shows total ignorance about how things are done in today's 'outsourced' world.
rufus, give it up. your cred here is totally shot. perhaps its time to add you to my ignore list. I'm getting tired of your posts, to be honst; and they are not adding any value to the discussion.
-
Well bottom line is that FTDI was not happy how their new driver came in the news, was afraid to loose existing clientele and so takes a step back.
Ergo this topic was a succes and the people saying that this action was a step too far were and got right.
-
it seems that even the wikipedia entry for ftdi (the company) has added a section about the 'controversy':
http://en.wikipedia.org/wiki/FTDI#Driver_controversy (http://en.wikipedia.org/wiki/FTDI#Driver_controversy)
congrats, ftdi. you are the new rootkit posterboy of 2014.
I expect that, over the years, MBAs will study this as another example of how NOT to act.
-
As a bit of an oddity, I'll ask the folks here for a similar thing I asked of FTDI support:
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).
-
As a bit of an oddity, I'll ask the folks here for a similar thing I asked of FTDI support:
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).
You can write "kill" code for any devices that has development tools that let you reassign USB VID/PIDs. It has been a standard feature of many chips for a while now. They're just simply using it maliciously to "brick" devices by abusing the general trust around their official drivers (other malicious hackers writing kill code won't get it into the official microsoft update system for example)
-
as usual, rufus is defending the company that exhibited poor decision-making. not sure why, but some of us can guess.
Seems I have higher moral standards than most here - you know like if I was in possession of stolen goods I wouldn't call the owner wanting them back immoral or malicious just because I didn't know they were stolen and had been using them a while.
as was said several times before, if the US MILITARY can't ensure, 100%, that they avoid clones and fakes when building their own hardware, I'm not sure its reasonable in today's 'made in china' world to expect any company to be on the ground, 7x24, 100% of the time, to watch the board makers production lines.
to think so shows total ignorance about how things are done in today's 'outsourced' world.
So you are happy to sell product built with fake chips of unknown origin and quality as long as the legitimate source of the chips can't demonstrate they are fake and don't work? - I'm still laughing.
-
rufus, give it up. your cred here is totally shot. perhaps its time to add you to my ignore list. I'm getting tired of your posts, to be honst; and they are not adding any value to the discussion.
One more to my ignore list as well.
but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.
This is what a mature company would do from the start, just as effective, no media storm, no innocent just starting out totally screwed makers.
-
As a bit of an oddity, I'll ask the folks here for a similar thing I asked of FTDI support:
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).
You can write "kill" code for any devices that has development tools that let you reassign USB VID/PIDs. It has been a standard feature of many chips for a while now. They're just simply using it maliciously to "brick" devices by abusing the general trust around their official drivers (other malicious hackers writing kill code won't get it into the official microsoft update system for example)
This is not true. You can't use the FTDI programming tools to "disable" just the clone chips, as the tools do not perform the preimage attack on the EEPROM checksum (as far as I know?). Using the tools to set the PID to zero will set both clones and legitimate chips to zero.
-
Now that they appear to have realised the error of their ways, maybe the "I'll never use FTDI again" brigade should consider this :
Company F screws up, realises it and fixes it.
Company S hasn't (yet) screwed up.
Which of the two is more likely to do something stupid like this in the future?
"That guy's error cost me $x000"
"Why didn't you fire him"
"Why should I do that, I just spent $X000 training him..."
-
A quick check of FTDI's website doesn't appear to offer any resources for manufacturers to test their parts to see whether they are genuine.
They seem to have the same attitude as Rufus, simply telling people to "do the right thing" without offering any help to actually do that.
They would have some sympathy from me if they were offering useful resources for people to confirm they were getting the "real thing".
-
Which of the two is more likely to do something stupid like this in the future?
I dunno, you can't usually fix stupid. I've met lots of these type of people, they never learn.
-
Now that they appear to have realised the error of their ways, maybe the "I'll never use FTDI again" brigade should consider this :
Company F screws up, realises it and fixes it.
Company S hasn't (yet) screwed up.
Which of the two is more likely to do something stupid like this in the future?
"That guy's error cost me $x000"
"Why didn't you fire him"
"Why should I do that, I just spent $X000 training him..."
No, no, no. This wasn't a mistake. This was an unbelievably unethical decision deliberately made. There is a difference. I will still avoid FTDI Chips henceforth. Fool me once, shame on you. Fool me twice, shame on me.
Cypress Semi has a pin-compatible replacement. I've got a few on order already to test.
-
As a bit of an oddity, I'll ask the folks here for a similar thing I asked of FTDI support:
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).
A better way is to do a VI characteristics comparison of all permutation of pin combinations with a known good sample.
Yu may be stuck with FTDI chip , but with the latest reply, they still look like a hidden time bomb that may explode anytime. The only way for FTDI to gain back some trust is stopped their trolls online immediately, and then do a public "execution" of those responsible to show that the cancer is removed totaly, and then give some online tool for supporters to verify their purchases. They do not need 100% check. A few percent of people doing that, and having the ability to do that shall help to keep the supply chain clean. It is MAD MAD MAD to go after the end users, but they still have not given up the ideas of nuclear-bombing the end-users in their wars against the other chip makers.
-
Seems I have higher moral standards than most here -
No you are just making a complete fool out of yourself. It is childishly naive to think that you can get a 100% guarantee you won't get functional equivalent chips in mass production or in a product you buy from a third party. It makes me think you have no experience at all with mass producing electronics.
Nobody says that they want to buy funtional equivalent chips on purpose (I wouldn't). But if devices manage to slip through then people would like a warning so they can remedy the situation instead of getting cornered.
-
Incidentally, the current difference that they are exploiting is quite easy to fix and in a few months we will see clones that are invulnerable to the current destructive clone counterfeit test.
Few months? More like a few weeks... look how long it took for the Chinese to clone Apple's Lightning cable - and that was RE from scratch, not in this case where all they have to do is update a mask ROM and start producing new chips.
In fact I think the moment that driver update was released, they saw the problem and were working on fixing it. I'm almost willing to bet they've already fixed it and are just waiting for the wafer fab.
And in all of this remember that the only thing different between an illegal counterfeit and legal clone is the marking on the outside of the package. It is completely legal to reverse-engineer and reimplement an IC - look here for the relevant US law (http://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984#Reverse_engineering_not_prohibited), the EU also has similar provisions. Based on the die markings of one "Supereal SR1107" clone, and how different it is from the real one, I think this is what happened, and then someone else (illegally, in violation of trademark law) put FTDI's name on it. FTDI hasn't mentioned any patent rights either, so they can't go after them that way. The driver has no way of knowing whether a differently-behaving chip has been branded "FTDI", or is a generic compatible clone, so adding code with the intent of rendering unusable those chips is anti-competitive and could be illegal under the various other laws people have mentioned here.
Also agree with the others that this would be a great time to move to a non-proprietary standard protocol like CDC - for which source code is available for both AVRs, PICs, and several other common MCU families.
-
:blah: :blah:. The lawyers will certainly make some money here.
Regardless of what you think of FTDI's decision, it is the counterfeiters that are the criminals and it is the responsibility of the goods manufacturer to sell products containing authentic parts. As a manufacturer, if you cannot control your buyers then you should change how you operate. Some people on this topic appear to be sympathising with the manufacturer who has inserted the counterfeit product into a design. Perhaps a minority deserve sympathy but not the majority.
If a designer or budgeter within a company creates a cost list with the price of a component listed as it would be supplied from the grey (risky) market, and not a price from the chip manufacturer’s franchised dealer, and the company goes onto source that component from the grey market then does that company really deserve sympathy? No.
I think most poeple on here are concerned about the END USER that gets shafted, correct if a manufacturer uses a bad part it's their fault and they are the first responsible, if people go back to them and tell them they are wankers because their stuff is fake they may be able to go back up their supply chain to find out what happened or inform FTDI and help them find the counterfeiters. but just rendering end user equipment useless is not helping anyone and won't help them track down fakes. They have made this a huge public thing by what they did. they could have been more subtle about it so that their ability to detect and not work with fakes did not become so public and they could have worked on modifications to their future chips to make checks. Any security can be overcome, but you have to know about it first. What they did let the cat right out of the bag and now they have lost this method of detecting fakes, what a bunch of wollys.
-
Now that they appear to have realised the error of their ways, maybe the "I'll never use FTDI again" brigade should consider this :
Company F screws up, realises it and fixes it.
Company S hasn't (yet) screwed up.
That thought has crossed my mind as well. The thing is that the rat race between the competition and FTDI has now begun. The competition will change their design to mimic the original devices closer so the current driver can't tell the difference. Then FTDI will look for different ways to make a new driver tell their devices and those from the competition apart. This vicious circle will soon lead to false positives due to silicon aging defects in FTDI devices. The only solution for FTDI is to beat the competition at their own game: lower their prices and let the volume make up for the lower price. Maybe even do a die shrink to get more chips from a wafer. The competition uses a 500nm process where FTDI is still on a >600nm process (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal))
-
I think most poeple on here are concerned about the END USER that gets shafted
Curiously I'm also worried that FTDI have shafted themselves by this "Sony rootkit" moment. I'll never put any Sony software on my machines (and by implication would never put a Sony SmartTV on my network) because I can't trust Sony not to brick my equipment.
FTDI produces good stuff AFAIK - but can they be trusted in the future? Such doubt is corrosive, and is a godsend for competitors in the long term.
I hope (and expect that it is a low probability) they have not bricked any equipment that could be regarded as being "of national importance". The risk: the criminal (not civil) law could descend on the individual programmers.
-
I've been thinking about how this could be done, in terms of working with vendors. you have adafruit, sparkfun and even amazon selling chips that may have questionable sourced chips in their products. and being able to return a product is usually limited to a short time period and you may even have to have kept your receipt. I know I have bought arduino nano clones from amazon and they probably have 'fake' chips in them. but they are long after the 30 day return period.
does ftdi want to work with the vendors and somehow allow exceptions so that anyone with old hardware that is not genuine can still return it? is that even possible? I can't see any practical way to get this process to work. some sellers are temporary; they 'sell and run' and so even if amazon took the chips back, who do THEY yell at? even worse with ebay and its 100% useless to try to put pressure on direct china ebay sellers. you can't even return products to them (if you are not local) at an affordable price. what costs them a fraction of a dollar to ship to you costs 10x or even 100x that to return the item to them; again, they may not even exist anymore (typical of ebay china sellers; they change usernames and come and go all the time).
it would take a team of fulltime people to scout out all the sellers who have fake chips in their inventory and to serve them court notices. even if you tried that, many are in countries that will just rip up said court notice and laugh at it.
face it, there is NO WAY to go after companies who use fake chips. this is the modern world of manufacturing and unless you are a mega corp, you simply cannot punish all the vendors using fake parts. and, as seen here, its morally wrong to punish consumers and end-users who posess those chips in products they bought.
there is no solution here. some have suggested that the new driver update should refuse to init the fake chips. even that is going too far. it punishes the user and there will be no real pushback that punishes the sellers.
ftdi is just going to have to realize that they have created too good of a product and, as they say, 'imitation is the most sincere form of flattery' (lol).
what do companies do when in this situation? show the users how much better THEIR real chips are (and I'm sure the real chips ARE better in many ways) - but to disable the use of fake chips is just not the way forward on this problem.
I hope that the next driver update flashes a message to the user, informs them that, in the future, they should run this 'checker' app against all NEW purchases and demand a return to the seller if the test fails. provide a link in the message popup to download a checker app but do NOT disable the chip that is plugged in and do NOT refuse to enable/init it. simply educate the user and give him a tool so that, next time he buys a device with this chip, he can test it and at least have 30 days return window to 'punish' the seller.
items that are over 30 days old can't usually be returned and there is no practical way to do a 'buy back' that I'm aware of.
-
A better way is to do a VI characteristics comparison of all permutation of pin combinations with a known good sample.
Yu may be stuck with FTDI chip , but with the latest reply, they still look like a hidden time bomb that may explode anytime. The only way for FTDI to gain back some trust is stopped their trolls online immediately, and then do a public "execution" of those responsible to show that the cancer is removed totaly, and then give some online tool for supporters to verify their purchases. They do not need 100% check. A few percent of people doing that, and having the ability to do that shall help to keep the supply chain clean. It is MAD MAD MAD to go after the end users, but they still have not given up the ideas of nuclear-bombing the end-users in their wars against the other chip makers.
Redesigning existing products would require both a PCN and a lot of headaches. Adding an EOL production test requires neither of those at the expense of a few seconds. Once you hit a certain size, products become beasts that must be fed. I don't even have the capacity to care about Blame Theater at this point.
Additionally, doing curve traces on every part will take much longer than running a simple chunk of code.
-
FTDI just tweeted, that they removed the update from WinUpdate and are working on a less invasive option:
http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
-
The simplest solution would be to have the driver pop up a message that says :
" This device attempted to load the wrong driver. Please contact the device manufacturer to get an updated driver."
And that's it. Then someone who has bought something with the fake part can go bombard the seller with requests for the right driver , or ask for his money back.
-
even worse with ebay and its 100% useless to try to put pressure on direct china ebay sellers. you can't even return products to them (if you are not local) at an affordable price. what costs them a fraction of a dollar to ship to you costs
That is not quite right. A Paypal claim is a strong tool to get your money back and Ebay isn't kind to sellers who sell counterfeit brands. The Chinese seller I got my boards from has nearly 4000 feedbacks so may have sold 10k to 20k devices totalling to a $100k to $500k turnover. I would not call that a hit&run operation.
-
you think ebay is going to even LISTEN to you after 30 or perhaps 90 days?
are they going to reimburse you for the high cost of shipping back to china?
I once bought a laptop battery from a china ebay seller and it was a fake (the chip in the battery reported the wrong data and the charger never charged it well, plus it had fit/size issues with its cheap plastic casing). ebay told me to send it back and I did, but at the time I didn't realize it had to be the most expensive form of shipping (with tracking). I asked the post office when I was there if this form of mailing was trackable and they (incorrectly) told me it was. well, it was a half lie: you could see it left the US and 'entered china' but that was all. OF COURSE, the seller denied ever getting the battery back and the cost of 'cheap' shipping was $20, as it was! I ended up being out $20 AND the battery; the seller got the battery back (I'm pretty sure) and laughed at the whole thing.
ebay is not going to help here unless they simply refund you outright OR foot the bill for prepaid return shipping to the seller. you think they'll do that? HA! I seriously doubt it.
amazon might; they are a high-service vendor. they have done things like that, in the past, for me. but ebay/paypal? they are thieves, themselves, and they now exist to protect their cash cows, the 'power sellers'. and most of the power sellers are in china and 99% of them could care less about IP rights.
-
The simplest solution would be to have the driver pop up a message that says :
" This device attempted to load the wrong driver. Please contact the device manufacturer to get an updated driver."
And that's it. Then someone who has bought something with the fake part can go bombard the seller with requests for the right driver , or ask for his money back.
I think they should rather give us a non-cryptic message like "The product you are attempting to use is using a faked FTDI chip. Please contact the manufacturer"
Then it should just not work (not support it, but not kill it). Then everyone has a share: End-users know what's wrong (kinda), people w/ skill can just use an older driver and FTDI does something against fraud.
That was my main problem w/ the pid=0 driver thing: The enduser didn't know what's wrong
-
The simplest solution would be to have the driver pop up a message that says :
" This device attempted to load the wrong driver. Please contact the device manufacturer to get an updated driver."
Indeed except that at the moment the driver is unable to tell the difference.
There should be a cryptographic handshake in the protocol before the driver activates. Only drivers AND chips with the correct PSK and secret protocol should accept eachother.
It is always difficult if not impossible to secure hw and sw afterwards, you have to design it in from the beginning.
And the next disaster is already lurking in the shadows: car electronics with CAN bus are not secure either and everybody that has a bit of security knowledge is already :scared:
-
The simplest solution would be to have the driver pop up a message that says :
" This device attempted to load the wrong driver. Please contact the device manufacturer to get an updated driver."
And that's it. Then someone who has bought something with the fake part can go bombard the seller with requests for the right driver , or ask for his money back.
and if its beyond the return period, often which could be as little as 7 days or as much as 30 or 90 days? if its outside the window OR if the seller left the business or changed names; how do you propose this actually work, in the Real World(tm)?
like I said in my previous post, a download link to a 'tester' app would help and a message that informs the user that NEXT TIME he buys, he should run this tester while still in the 30 days return window. that's fair and do-able. anything else is just plain wrong.
-
just rendering end user equipment useless is not helping anyone and won't help them track down fakes
Well, this has raised the awareness of counterfeit components and caused problems for those supply lines using the fakes. The problem is that a lot of people have been upset. Also it is not a bad thing that a few more people will have learned not to blindly accept Windows updates (or unnecessary driver updates for that matter).
their ability to detect and not work with fakes did not become so public and they could have worked on modifications to their future chips to make checks
I agree the sensible thing would have been for the driver update to simply not work with the fake chips, and not actually alter them, if possible. Not sure what you mean by 'modifications to their future chips to make checks' as modifications just get copied.
-
you think ebay is going to even LISTEN to you after 30 or perhaps 90 days?
You are barking to the wrong tree. Open a Paypal claim. It has worked for me several times.
-
Cypress Semi has a pin-compatible replacement. I've got a few on order already to test.
Are you sure they are genuine? Seems like the cloners would do well to switch to stamping a Cypress logo on their ICs and using Cypress' VID/PID in future, now they know that FTDI is actively trying to stop their drivers working with fake parts.
I buy from DigiKey and Mouser, so my chances are good I'm getting legit product. Furthermore, I believe the Cypress chip follows the CDC standard, so there's no vendor specific driver they can mess with (I may be wrong - I'll know when the chips get here and I test them).
-
FTDI just tweeted, that they removed the update from WinUpdate and are working on a less invasive option:
http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
That's not quite accurate. Microsoft removed the update and bitch-slapped them.
EDIT: It has been pointed out to me that I presented this as fact, where I have no basis to state as such. It should read:
That's likely not quite accurate. Microsoft probably removed the update and bitch-slapped them.
-
That's not quite accurate. Microsoft removed the update and bitch-slapped them.
Thats what you said numerous times and probbably like to believe but there is 0 evidence to back it up so it is pure speculation from your side?
-
FTDI Official statement about driver removal: http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
-
That's not quite accurate. Microsoft removed the update and bitch-slapped them.
Thats what you said numerous times and probbably like to believe but there is 0 evidence to back it up so it is pure speculation from your side?
arstechnica (iirc) posted that MS did, in fact, remove 2 versions of the driver from its update site. we can guess its 2.11 and 2.12, since 2.10 was the last known good working version, malware-free.
why do you doubt that MS has removed the updates? I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.
-
why do you doubt that MS has removed the updates? I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.
It also makes business sense for MS to intervene. They have enough problems with Windows Updates killing systems, the last thing they want is to get inundated with complains about how their update bricked user's peripherals. Everyone would look at MS first, as that would have been the most recent system change. This is a near "free" act of preventative maintenance on their part.
-
It is not removed yet! it will be next week...
read this: http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
-
why do you doubt that MS has removed the updates? I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.
Let me rephrase so it is more clear and unambiguous:
I do believe MS removed the updates.
BUT I rather do believe a CEO from a multi million$ company stating in an official press release that their company asked MS to remove them than the words of a youngster that says that MS has removed the updates and "bitch slapped" that company.
-
It is not removed yet! it will be next week...
read this: http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
Re-read it buddy. It has been pulled from the Windows updates.
-
Well, this has raised the awareness of counterfeit components and caused problems for those supply lines using the fakes. The problem is that a lot of people have been upset.
Yes, like raising the awareness of people not cleaning windows by smashing every dirty window in sight. Clever move.
-
It is not removed yet! it will be next week...
read this: http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
I can't believe Mr. Dart got zero comments on that blog posting. Some minion at FTDI might be busy ruining the Delete button on his keyboard.
What the posting also shows is that FTDi didn't learn its lesson.
-
The simplest solution would be to have the driver pop up a message that says :
" This device attempted to load the wrong driver. Please contact the device manufacturer to get an updated driver."
The device doesn't load anything. It's the OS and driver that decide what to 'load'.
-
It is not removed yet! it will be next week...
read this: http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
I can't believe Mr. Dart got zero comments on that blog posting. Some minion at FTDI might be busy ruining the Delete button on his keyboard.
What is there to comment on? It is a vague press release. Not an invitation for debate.
What the posting also shows is that FTDi didn't learn its lesson.
I agree. I'm not going to change my decision not to put FTDI chips in my design. One way or another FTDI has decided to kill their competition. I don't want to become collateral damage.
-
That's not quite accurate. Microsoft removed the update and bitch-slapped them.
Thats what you said numerous times and probbably like to believe but there is 0 evidence to back it up so it is pure speculation from your side?
arstechnica (iirc) posted that MS did, in fact, remove 2 versions of the driver from its update site. we can guess its 2.11 and 2.12, since 2.10 was the last known good working version, malware-free.
why do you doubt that MS has removed the updates? I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
That would seem to say FTDI removed them, not Microsoft.
-
why do you doubt that MS has removed the updates? I'm not MS fan (not even close) but I have no reason to believe this was false reporting from A.T.
Let me rephrase so it is more clear and unambiguous:
I do believe MS removed the updates.
BUT I rather do believe a CEO from a multi million$ company stating in an official press release that their company asked MS to remove them than the words of a youngster that says that MS has removed the updates and "bitch slapped" that company.
I'm 46, thank you very much. And I would trust just about anyone more than I would trust someone in an obvious position to need to spin a situation.
-
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
That would seem to say FTDI removed them, not Microsoft.
Yeah, you really need to un-spin that.
What sort of engineering assistance could FTDI possibly need from Microsoft to prevent them from knowingly and deliberately supplying a weaponized driver to Windows Update?
No, what likely really happened was that Microsoft's legal team had a "chat" with someone over there and they had an "Oh shit!" moment. And everything after that has been spin control.
-
I appreciate the statement FTDI put out on their forum site.
It is the only action to take: Remove the destructive code but refuse to work with counterfeit devices.
However the damage is done.
At our today's engineering meeting we got a good analogy of what FTDI did:
It is like the shopkeeper who knows you for 10+ years suddenly points his gun at you saying "if you don't steal you have nothing to fear".
Sure you would think "WTF?" |O
Well at least the shopkeeper has put the gun away now, saying "If you steal I won't talk to you anymore"
Sure I am fine with that.
All the FTDI chips we purchased the past year (around 17K units in total) went through their official sales network,
so the risk is almost 0. Phew...
I am still not happy.... but....whatever
-
One way or another FTDI has decided to kill their competition.
Yeah, competition. What will you think when will get such a competition >:D. People will think that your product is a crap which sells everywhere while actually you can barely sell anything at all.
-
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
That would seem to say FTDI removed them, not Microsoft.
Yeah, you really need to un-spin that.
What sort of engineering assistance could FTDI possibly need from Microsoft to prevent them from knowingly and deliberately supplying a weaponized driver to Windows Update?
No, what likely really happened was that Microsoft's legal team had a "chat" with someone over there and they had an "Oh shit!" moment. And everything after that has been spin control.
And you need to stop posting opinion and assumption as fact.
-
One way or another FTDI has decided to kill their competition.
Yeah, competition. What will you think when will get such a competition >:D. People will think that your product is a crap which sells everywhere while actually you can barely sell anything at all.
I would rather think that they have pretty much killed their own customer base with this stunt. Who is going to trust them now?
J.
-
Update: Microsoft has given us a statement:
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
That would seem to say FTDI removed them, not Microsoft.
Yeah, you really need to un-spin that.
What sort of engineering assistance could FTDI possibly need from Microsoft to prevent them from knowingly and deliberately supplying a weaponized driver to Windows Update?
No, what likely really happened was that Microsoft's legal team had a "chat" with someone over there and they had an "Oh shit!" moment. And everything after that has been spin control.
And you need to stop posting opinion and assumption as fact.
I am not doing anything of the sort. Do you think the scenario I described is unlikely? What did I say other than that?
-
And you need to stop posting opinion and assumption as fact.
I am not doing anything of the sort. Do you think the scenario I described is unlikely? What did I say other than that?
FTDI just tweeted, that they removed the update from WinUpdate and are working on a less invasive option:
http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
That's not quite accurate. Microsoft removed the update and bitch-slapped them.
-
And you need to stop posting opinion and assumption as fact.
I am not doing anything of the sort. Do you think the scenario I described is unlikely? What did I say other than that?
FTDI just tweeted, that they removed the update from WinUpdate and are working on a less invasive option:
http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
That's not quite accurate. Microsoft removed the update and bitch-slapped them.
You are absolutely right. I retract that, and replace it with
That's likely not quite accurate. Microsoft probably removed the update and bitch-slapped them.
I apologize for not being more clear earlier.
-
And in that case, yes, it's entirely possible Microsoft told them where to stick it.
On the other hand, they may have realised they just shot themselves in the foot with a 12-gauge and done something about it for themselves.
-
I would rather think that they have pretty much killed their own customer base with this stunt. Who is going to trust them now?
You're kidding, yeah?
Anyone with an interest in the supply chain being less full of fakes might see this as an opening shot, however misplaced, in that battle.
They were never going to sell their smallest devices to the sub-dollar serial widget manufacturer or the Chinese knockoff Arduino market, so have lost nothing there.
No longer having their drivers blamed for problems with the VID/PID rippers' budget and variously crappy widgets sounds like a good thing.
Having designers explicitly call for real FTDI chips from the CEMs - that might deliver real volumes of sales.
I, for one, will continue to design in and specify FTDI parts where they're the best fit.
-
And you need to stop posting opinion and assumption as fact.
Just as you need to stop posting content-free snark :-//
-
I think the real take-away here is that devices that rely on proprietary drivers always leave you at the mercy of the suppliers of those drivers, in sharp contrast to devices that implement open standards. Here I am specifically contrasting FTDI devices with CDC devices.
Where an open standard exists, this incident shows the value proposition of adopting it.
-
Current FTDI driver offered in FTDI Drivers Download page (v2.12.00) does it. Im attaching an image with the attack with the relevant USB Transactions using a USB sniffing software, confirming the driver disassembly behaviour posted a few days ago. :rant:
-
As a bit of an oddity, I'll ask the folks here for a similar thing I asked of FTDI support:
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).
you can build such tool yourself using this joke linux patch - its replicating what the windows driver did
https://lkml.org/lkml/2014/10/23/129
A quick check of FTDI's website doesn't appear to offer any resources for manufacturers to test their parts to see whether they are genuine.
such tool would be used by chinese designer to perfect his copy, chicken and egg problem
Incidentally, the current difference that they are exploiting is quite easy to fix and in a few months we will see clones that are invulnerable to the current destructive clone counterfeit test.
Few months? More like a few weeks... look how long it took for the Chinese to clone Apple's Lightning cable - and that was RE from scratch, not in this case where all they have to do is update a mask ROM and start producing new chips.
In fact I think the moment that driver update was released, they saw the problem and were working on fixing it. I'm almost willing to bet they've already fixed it and are just waiting for the wafer fab.
except for the fact your fake chips just lost a ton of value and desirability, people in big companies might do meetings discussing FTDI policy, but most chinese sellers/designers will simply STOP using fakes outright - fake sold over ebay equals to bad feedback at best, paypal chargeback and black mark (few of those and paypal freezes your account) at worst. There might still be few scammers/wise guys trying to sell old stock bundled with CD including older driver, but all of a sudden its a very dangerous proposition if they want to remain on ebay platform
Also agree with the others that this would be a great time to move to a non-proprietary standard protocol like CDC - for which source code is available for both AVRs, PICs, and several other common MCU families.
ot was never about lack of drivers, it was about convenience, FTDI driver is just there, by default, everywhere, so why bother reinventing the wheel.
you think ebay is going to even LISTEN to you after 30 or perhaps 90 days?
are they going to reimburse you for the high cost of shipping back to china?
45 days minimum + YO DO NOT pay for any shipping in case of a fake
I think the real take-away here is that devices that rely on proprietary drivers always leave you at the mercy of the suppliers of those drivers, in sharp contrast to devices that implement open standards. Here I am specifically contrasting FTDI devices with CDC devices.
Where an open standard exists, this incident shows the value proposition of adopting it.
I agree in principle, problem is windows now enforces driver signing so you either pay M$ tax or use something that is already signed
-
......
All the FTDI chips we purchased the past year (around 17K units in total) went through their official sales network,
so the risk is almost 0. Phew...
I am still not happy.... but....whatever
Your chance is not 0, it is as good as FTDI can detect and can control. I knew of a case that was done by an official sale channel part seller (not FTDI chip), he would replace a certain percantage with his own-printed part. As years go by, the percentage increases. I could not remember how was it finally detected, either the sale figure became too low, or through part failure analysis that exposed him. He was finally removed, but the whole thing was kept secret from the public.
-
As a bit of an oddity, I'll ask the folks here for a similar thing I asked of FTDI support:
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).
you can build such tool yourself using this joke linux patch - its replicating what the windows driver did
https://lkml.org/lkml/2014/10/23/129
I think you need far less than that. You can easily send the EEPROM writing requests using the FTDI D2XX .NET library for example. Writing a couple of lines in C# can replicate the attack that is beeing used by FTDI.
-
The simplest solution would be to have the driver pop up a message that says :
" This device attempted to load the wrong driver. Please contact the device manufacturer to get an updated driver."
And that's it. Then someone who has bought something with the fake part can go bombard the seller with requests for the right driver , or ask for his money back.
Why fight with the commodity chip makers? With such a brand and a large user base for their driver, they can capitalize it. Sell some advertisement? Or sell unlock code to stop the advert?
-
And why not writing an Open Source library 100% compatible for a uC? Would it be legal? Who wants some?
-
And why not writing an Open Source library 100% compatible for a uC? Would it be legal? Who wants some?
I would say that it's perfectly legal for interoperability. As long as nothing about the protocol is patented by FTDI, anyway.
-
I think the real take-away here is that devices that rely on proprietary drivers always leave you at the mercy of the suppliers of those drivers, in sharp contrast to devices that implement open standards. Here I am specifically contrasting FTDI devices with CDC devices.
Where an open standard exists, this incident shows the value proposition of adopting it.
Yep, proprietary is the word here. Will we see an open source driver for the FTDI devices included into windows so the clones will be safe?
you think ebay is going to even LISTEN to you after 30 or perhaps 90 days?
are they going to reimburse you for the high cost of shipping back to china?
45 days minimum + YO DO NOT pay for any shipping in case of a fake
Ebay/Paypal policy changes between different countries, many of us have to pay return shipping for any problem and it has to be tracked (even when trackable services are not available to the country!).
-
things may have changed on ebay since my laptop battery problem, but I did report it to ebay as a FAKE and yet I was told to pay for return shipping and it most certainly was not free. I had photos and even some linux syslog dumps to show ebay (not that they'd even know what to do with such data). they still told me to send it back via trackable mail and there was NO voucher or prepaid shipping label sent to me.
it was at least 2 years ago, though, maybe even 3.
-
things may have changed on ebay since my laptop battery problem, but I did report it to ebay as a FAKE and yet I was told to pay for return shipping and it most certainly was not free. I had photos and even some linux syslog dumps to show ebay (not that they'd even know what to do with such data). they still told me to send it back via trackable mail and there was NO voucher or prepaid shipping label sent to me.
it was at least 2 years ago, though, maybe even 3.
It all depends what you report with eBay.
If you report an item that does not work, it's easy, you will be refunded.
If you report a counterfeit item, it's much harder to get a refund.
Years ago (5-6 years ago ?) I remember filing a claim for a fake Sandisk CompactFlash card. I got an e-mail from SanDisk confirming that I've been shipped a fake card, but PayPal wanted me to hire and pay a legal expert (!!!) and to ship the card to China back to the seller.
The worst thing is that the seller didn't even understand why I wasn't happy... "why aren't you happy, the card works no ?"
I have no problem with buying cheap stuff from China, I just want to know what I'm buying.
It's the same with FTDI here, I don't care if Chinese manufacturers make binary compatible chips, I only care about people writing FTDI on chips which are not made by FTDI, and shipping those to me. But even when that happens, I'm not responsible for it, I can't check the whole supply chain.
-
good info to know. sounds like they put undue burden on YOU if you report something as fake.
I know I did report the battery as fake but they didn't give me a run-around; they just said to ship it back and ship it trackable. my mistake was not knowing that trackable != trackable (the post office gave me bad advice; if I can't ask them about their own service, how am I supposed to know any better?)
-
things may have changed on ebay since my laptop battery problem, but I did report it to ebay as a FAKE and yet I was told to pay for return shipping and it most certainly was not free. I had photos and even some linux syslog dumps to show ebay (not that they'd even know what to do with such data). they still told me to send it back via trackable mail and there was NO voucher or prepaid shipping label sent to me.
it was at least 2 years ago, though, maybe even 3.
That's not really relevant since eBay has changed their rules multiple times since then. The current rule is that the seller has to pay return shipping, if any.
-
Looks like they might be changing their minds
http://www.ftdichipblog.com/?p=1053 (http://www.ftdichipblog.com/?p=1053)
:)
-
Using an unannounced automatic silent update via the 'trusted' Microsoft distribution channel was designed to brick as many fake chips as possible in a short space of time whilst hiding behind the Microsoft update curtain. Many consumers will be blaming Microsoft for the bricked chips.
In addition, using Microsoft as a distribution channel completely undermines the whole point of operating system 'trusted' updates which are supposed to increase reliability and fix security flaws.
It is not a medium for fighting a war against fake chips.
Like many others, I have now disabled automatic driver updates. As a consequence my computer is less secure and possibly less reliable than it could be, thanks to the action of one chip company, which from this point onwards cannot be trusted.
Supply chains are imperfect. No manufacturer can guarantee that every chip in every product is 100% genuine, so for a chip vendor to distribute a driver with a kill switch to end-users without any prior warning to manufacturers is just crazy.
It panics the companies that are trying to do everything right causing much wasted time and money.
It will be interesting to see if Microsoft continues to distribute future FTDI driver updates as FTDI has caused a bunch of bad publicity surrounding Windows update for no gain whatsoever for Microsoft or their customers.
Distributing drivers via an operating system vendor is a privilege, not a right.
-
You don't have to disable Windows Update to avoid driver updates. You can stop driver downloads without losing the security updates for the system in general.
...
Like many others, I have now disabled automatic driver updates. As a consequence my computer is less secure and possibly less reliable than it could be, thanks to the action of one chip company, which from this point onwards cannot be trusted.
...
-
things may have changed on ebay since my laptop battery problem, but I did report it to ebay as a FAKE and yet I was told to pay for return shipping and it most certainly was not free. I had photos and even some linux syslog dumps to show ebay (not that they'd even know what to do with such data). they still told me to send it back via trackable mail and there was NO voucher or prepaid shipping label sent to me.
it was at least 2 years ago, though, maybe even 3.
It all depends what you report with eBay.
If you report an item that does not work, it's easy, you will be refunded.
If you report a counterfeit item, it's much harder to get a refund.
Years ago (5-6 years ago ?) I remember filing a claim for a fake Sandisk CompactFlash card. I got an e-mail from SanDisk confirming that I've been shipped a fake card, but PayPal wanted me to hire and pay a legal expert (!!!) and to ship the card to China back to the seller.
The worst thing is that the seller didn't even understand why I wasn't happy... "why aren't you happy, the card works no ?"
I have no problem with buying cheap stuff from China, I just want to know what I'm buying.
It's the same with FTDI here, I don't care if Chinese manufacturers make binary compatible chips, I only care about people writing FTDI on chips which are not made by FTDI, and shipping those to me. But even when that happens, I'm not responsible for it, I can't check the whole supply chain.
Not any more……
Starting from the 20 November, Paypal have a new policy.
1. Quires / refunds go from 42 to 180 days
2. Fakes are no longer required to be returned before you can claim a refund.
As regards to buying 'cheap stuff' from China , even the suppliers don't know what they are selling.
The issue I have with this whole FTDI fiasco is that the fake chips are NOT being sold cheaper, they also under perform not reaching the full 3mbs or are generally unstable.
The main problem is that E* scum, are circumventing absolutely boatloads of legal requirements as regards fit for purpose, IP violations and safety requirements and E* the company are taking a massive cut of that illegal business.
Very few if any of the suppliers are even aware how to perform safety/quality checks on the products they are selling, and I have personally seen and photographed illegal business practices by E* suppliers that I have tracked down in Shenzhen, even know of at least one that is selling dangerous kit into the market.(Reporting it got MY E* account closed down, because until it is reported E* has plausible deniability…after that they are opened up to all sorts of legal problems…. SOLUTION: cannot check supplier, so trash whistle blower and word will get around)
-
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).
Here is some code that will non-destructively test for clones and also fix them if bricked.
https://mrcn.st/t/ftdi_clone_tool.py
It should work on a Linux system with Python2 and libftdi1 with Python bindings. I have not tested it on clones as I don't have any, but I believe it should work. AIUI libftdi also works on Mac OS X and Windows, so you should be able to get it to work on those OSes too.
It should work on a Linux system with Python2 and PyUSB. I have tested it and it accurately detects and restores clones. It should also work on Windows and Mac OS X if you have PyUSB with a working backend installed (although I guess Windows > XP might still complain about the zero PID; haven't tested that, if you do please report back).
Edit: I am dumb and forgot that I was using a patched libftdi1 to make this work. Rewrote the entire thing to use libusb instead. You need PyUSB (under Ubuntu, apt-get install python-usb).
-
Okay, FTDI will now go one step back. They talked with their lawyers and they sayd, that what you do is really dumb and dangerous, and you're caught now. And now, one month after the kill-update released, rhey step back and want to sell that to us as community success.
F*** YOU FTDI !
I will never use one part of you in a new design.
They don't lerned, they just try to limit the damage. The risk that they do some thing again is not smaller than yesterday....
If they lerned, they would release a update that repairs the bricked chips....
-
ere is some code that will non-destructively test for clones.
https://mrcn.st/t/detect_ftdi_clone.py
Forgive me, I'm not a python user. I get the error:
ImportError: No module named ftdi1
I assume this means I don't have the python bindings for this. How do I install them (I'm using Linux Mint)
-
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road.
Marcan posted some reverse-engineered source (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535270/#msg535270) earlier in this thread (variable and function names are not original):
https://marcan.st/transf/ftdi_evil.png (https://marcan.st/transf/ftdi_evil.png)
https://marcan.st/transf/checkbrick.png (https://marcan.st/transf/checkbrick.png)
It's quite simple:
- This is only run on chips with bcdDevice & 0xff00 == 0x0600.
- It exploits a quirk of FTDI's EEPROM: writes are 32 bits, so writes to even words are buffered until the corresponding odd word is written. The clones allow 16-bit writes.
- It writes eeprom[2] (the PID) to 0, and eeprom[62] (unused) to a value that keeps the checksum valid.
- On a real FTDI chip, neither write actually does anything.
- On a fake, they go through and achieve the brick. (I'm guessing they have to get the checksum right or the parts will fall back to useable default ROM settings.)
Seeing this, what they did actually makes a little bit of sense: the bricking is sort of a side-effect of the detection algorithm. They could have done a test-write to a different word, but I can see a bloody-minded person saying "fuck it, don't bother putting the old value back, just leave it broken".
Of course, they failed to think through the consequences of shooting the horse long after it had left the barn and causing massive amounts of pain for people who were also victims of the counterfeiting. And for whom the easiest way to ensure it never happens again is to switch to a competitor's product.
-
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road.
Marcan posted some reverse-engineered source (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535270/#msg535270) earlier in this thread (variable and function names are not original):
https://marcan.st/transf/ftdi_evil.png (https://marcan.st/transf/ftdi_evil.png)
https://marcan.st/transf/checkbrick.png (https://marcan.st/transf/checkbrick.png)
It's quite simple:
- This is only run on chips with bcdDevice & 0xff00 == 0x0600.
- It exploits a quirk of FTDI's EEPROM: writes are 32 bits, so writes to even words are buffered until the corresponding odd word is written. The clones allow 16-bit writes.
- It writes eeprom[2] (the PID) to 0, and eeprom[62] (unused) to a value that keeps the checksum valid.
- On a real FTDI chip, neither write actually does anything.
- On a fake, they go through and achieve the brick. (I'm guessing they have to get the checksum right or the parts will fall back to useable default ROM settings.)
Seeing this, what they did actually makes a little bit of sense: the bricking is sort of a side-effect of the detection algorithm. They could have done a test-write to a different word, but I can see a bloody-minded person saying "fuck it, don't bother putting the old value back, just leave it broken".
Of course, they failed to think through the consequences of shooting the horse long after it had left the barn and causing massive amounts of pain for people who were also victims of the counterfeiting. And for whom the easiest way to ensure it never happens again is to switch to a competitor's product.
Yeah, what I think happened is they figured out that this was a difference between the chips and they decided that they would just send the commands to all FT232RL chips so they don't explicitly discriminate against the 'counterfeit' chip. Perhaps they figured this would legally be a sound method (hey, we send the same commands to all FT232RL chips, it just 'happens' to brick the 'counterfeit' ones). However, with the trouble of going through and recalculating the checksum, the code cannot just be explained away and obviously has no other purpose than explicit malicious intent against alleged counterfeit chips.
-
Fluke did a much better job with the Sparkfun's yellow DMMs.
Better, but they were still assholes. They offered to replace SparkFun's 2000 multimeters with $30K of Fluke products. Nice, but that's not going to fill 2000 customer orders!
And needlessly destroyed 2000 fully functional, if low-quality, multimeters.
The classy thing to do would have been to simply grant SparkFun a temporary trademark license if they agreed to fix things as fast as humanly possible.
-
Those sparkfun meters deserved their death.
If at least they were decent meters then maybe, but there is no way to grant a license (temporary or not) because that will kind of mean endorsement, which fluke, in good conscience, just couldn't do.
I think fluke handle matters pretty well, and it's not like those meters where back ordered. Even after the fiasco, there were some left at the local microcenter.
-
Even has made it to "main stream" tech press, or TheRegister, if you want to look.
http://www.theregister.co.uk/2014/10/24/ftdi_bricking_driver_response/ (http://www.theregister.co.uk/2014/10/24/ftdi_bricking_driver_response/)
Wonder how many of the commenters are also on this thread, the comments page look remarkably similar.
-
Those sparkfun meters deserved their death.
WTF? They are sold as Digital Multimeter - Basic (https://www.sparkfun.com/products/12966), i.e. "cheap but basically functional". AFAIK, that's exactly what they are. I have a pile of even cheaper Harbour Freight multimeters (http://www.harborfreight.com/7-function-multimeter-98025.html) precisely because they're basically disposable. I can stash one anywhere one might be useful. There's one in the car with the jack and spare fuses just in case, one in the drawer with the spare batteries to ensure I don't get a dead one mixed in, and so on.
there is no way to grant a license (temporary or not) because that will kind of mean endorsement, which fluke, in good conscience, just couldn't do.
Utter rubbish. They are required to police their trademark or lose it. But just like a simple defense to adverse posession of real estate is to grant permission, you can do the same with a trademark. SparkFun had already sold thousands of the things in yellow, and was going to seel thousands more after changing the rubber. Letting you off with a warning isn't endorsement.
-
Those sparkfun meters deserved their death.
WTF? They are sold as Digital Multimeter - Basic (https://www.sparkfun.com/products/12966), i.e. "cheap but basically functional". AFAIK, that's exactly what they are. I have a pile of even cheaper Harbour Freight multimeters (http://www.harborfreight.com/7-function-multimeter-98025.html) precisely because they're basically disposable.
Meters with fake safety ratings need to die. And contrary to your opinion, they are not basically functional. Safety is an essential and basic function. These crap doesn't provide it.
And seeing how SparkFun advertise the crap multimeter, SparkFun are essentially assholse here, bullshitting "starving students".
-
And why not writing an Open Source library 100% compatible for a uC? Would it be legal? Who wants some?
Sure, here is a kick-off project for those who want to follow along:
http://www.microchip.com/forums/FindPost/275586 (http://www.microchip.com/forums/FindPost/275586)
What if I would write a FTDI-emulated device and use it only on Linux. Do the Windows license terms apply? Doubtful.
As for Windows/FTDI terms:
- The licence only allows use of the Software with, and the Software will only work with Genuine FTDI Components (as defined in the Licence Terms). Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.
- It is your responsibility to make sure that all chips you use the Software as a driver for are Genuine FTDI Components. If in doubt then contact FTDI.
Wouldn't that make it my own risk to run non-FTDI parts with the driver? They may be damaged? Are we then cowboys (but not outlaws) for taking risks?
The FTDI protocol is not complicated. It's around in the linux kernel free to watch. Whether it's a moral thing to do; hmm.
-
I use FTDI parts in designs, and have done for years. They have always been a good company to deal with, sales, support, etc...
Why exactly it FTDI's problem if their drivers are used outside of their T&C's???
-
Meters with fake safety ratings need to die.
I agree. Since the early days of electricity/electronics, we are taught how to carefully read the specs of anything - including test gear - before using it. Since Sparkfun is trusted by newcomers and inexperienced hobbyists, in my opinion they should be extra careful with the misleading safety ratings of the equipment they sell.
To me a similar scenario is having an infamous capacitor brand mark their products as X2 or Y2 when they are not, "just because they are cheap". Experienced folks will recognize the brand and stay away but newcomers will trust the markings blindly.
And that is the biggest peeve with all this FTDI issue: at the beginning I was siding with FTDI but, after some consideration, "newcomers" will blindly believe the functionality of the product they bought - thus I consider this a bad practice on FTDI's part. OTOH, experienced folks trying to use this for professional purposes should know better: buying the cheapest of eBay when your reputation is on the line is asking for trouble.
-
Why exactly it FTDI's problem if their drivers are used outside of their T&C's???
It's been endlessly debated here.
Bottom line is FTDI know what they did was wrong and it would ultimately hurt their company, and now they have backed down.
-
Why exactly it FTDI's problem if their drivers are used outside of their T&C's???
Because in the case of Windows Update, those T&Cs were not made clear to the user beforehand. Even on the FTDI website they were on a seperate page to the driver download page.
Because T&Cs can not override criminal law - in this case criminal damage and possibly the computer misuse act.
-
Why exactly it FTDI's problem if their drivers are used outside of their T&C's???
Because in the case of Windows Update, those T&Cs were not made clear to the user beforehand. Even on the FTDI website they were on a seperate page to the driver download page.
Because T&Cs can not override criminal law - in this case criminal damage and possibly the computer misuse act.
if FTDI are so concerned about fakes and misuse of its driver it begs the question as to why they are making their driver so available through windows update.......
If i was microsoft I'd refuse to "deliver" any more FTDI drivers.
-
ere is some code that will non-destructively test for clones.
https://mrcn.st/t/detect_ftdi_clone.py (https://mrcn.st/t/detect_ftdi_clone.py)
Forgive me, I'm not a python user. I get the error:
ImportError: No module named ftdi1
I assume this means I don't have the python bindings for this. How do I install them (I'm using Linux Mint)
Look for a package named libftdi or libftdi1, and possibly something with ftdi and python in the name. On Ubuntu it seems to be libftdi1 and python-ftdi.
I just managed to get ahold of a fake FT232RL and can confirm that the script above does indeed detect it. Specifically, it's this Deek-Robot USB to TTL (http://ru.aliexpress.com/item/FTDI-USB-TTL-FT232-Free-Delivery/1360409191.html) board that I found in a fairly reputable shop in Akihabara (Tokyo).
Edit: photo of real vs. fake (click for high-res). I think the easiest way to tell them apart is that the real one has a larger pin 1 dimple centered between pins 1 and 2, while the fake one has a smaller dimple that is offset towards pin 1.
(https://mrcn.st/t/ftdi_real_fake_800.jpg) (https://mrcn.st/t/ftdi_real_fake.jpg)
-
Why exactly it FTDI's problem if their drivers are used outside of their T&C's???
It's been endlessly debated here.
Bottom line is FTDI know what they did was wrong and it would ultimately hurt their company, and now they have backed down.
I must have missed the posting (in the 40 odd pages here) were FTDI admit that they are deliberatly bricking non-FTDI parts....
-
I must have missed the posting (in the 40 odd pages here) were FTDI admit that they are deliberatly bricking non-FTDI parts....
They indirectly did, on Twitter, then deleted their tweets (here's a screenshot (https://twitter.com/0xabad1dea/status/525849774268768256)). But the code speaks for itself - it's blatantly designed to brick non-FTDI parts and is otherwise completely useless, having been carefully engineered to exploit a minor implementation difference (that even differs for other genuine non-232RL FTDI chips) to brick clones. Whether FTDI did this deliberately or not is not up for debate - they did, period.
-
Check consumer protection laws in your country. I think most of the EU would have a good case for a return/refund.
Obviously if you bought from eBay there is no warranty, buti recently returned an 18 month old battery to Amazon because the NFC bit was fake.
If you have a case for returning a fake it's not a case of standard return times and warranty periods, it's fake and should never have been sold and the seller is at fault.
-
Edit: photo of real vs. fake (click for high-res). I think the easiest way to tell them apart is that the real one has a larger pin 1 dimple centered between pins 1 and 2, while the fake one has a smaller dimple that is offset towards pin 1.
(https://mrcn.st/t/ftdi_real_fake_800.jpg) (https://mrcn.st/t/ftdi_real_fake.jpg)
Well, that means the 2 Freeduino boards I have do have real FTDI chips on them, they look like the ones on the left.
-
I must have missed the posting (in the 40 odd pages here) were FTDI admit that they are deliberatly bricking non-FTDI parts....
There not being any legitimate drivers for non-FTDI parts they always were bricks under Windows. They found a way to prevent some illegal use of their drivers and exploited it. If you want to carry on illegally using older versions of their drivers you have to jump through some hoops - cry me a river.
I have some minor sympathy for the few people who found trying to use illegal drivers under windows meant they had to jump through some minor hoops to use the device with open drivers under linux.
Sparkfun with 30 products using FTDI parts have a reasonable response to the issue
https://www.sparkfun.com/news/1629 (https://www.sparkfun.com/news/1629)
A. They don't think they have a problem
B. If it turns out they do it is their problem
-
I must have missed the posting (in the 40 odd pages here) were FTDI admit that they are deliberatly bricking non-FTDI parts....
They indirectly did, on Twitter, then deleted their tweets (here's a screenshot (https://twitter.com/0xabad1dea/status/525849774268768256)). But the code speaks for itself - it's blatantly designed to brick non-FTDI parts and is otherwise completely useless, having been carefully engineered to exploit a minor implementation difference (that even differs for other genuine non-232RL FTDI chips) to brick clones. Whether FTDI did this deliberately or not is not up for debate - they did, period.
Thanks for posting that - not exactly a smoking gun though.
If the bricking of the fake is a 'happy' accident of the way the driver works, then fair enough I say. But if the driver has been deliberately written to render the part permanently useless (by re-writing the EEPROM or perhaps some other irreversible method) then FTDI would be on shaky ground, however I think it would be fair for the driver to simply not work. After all this is what ink-jets do.
Has someone got the source code for the driver or has FTDI admitted to that also?
-
I've thought about it some more (and read a chunk of the sparkfun article).
As a manufacturer of things with FTDI chips inside, I think that FTDI's behavior is acceptable. Here goes:
If I buy FTDI parts, I expect them and want them to be genuine - I will most likely have paid good $ and have no desire to fit counterfeit IC's in my products. If one of my products was to suddenly 'brick' due to a counterfeit part having made it's way inside, I would take it up with the supplier of that part and expect them to make me whole again (assuming it wasn't me buying a random reel from some dodgy corner of the internet).
If I was joe-public and bought some device which was suddenly rendered useless due to this issue, then I would take it up with the supplier, if they happen to be in China and can't be bothered replying to my emails then that would be my tough-shit.
-
I must have missed the posting (in the 40 odd pages here) were FTDI admit that they are deliberatly bricking non-FTDI parts....
They indirectly did, on Twitter, then deleted their tweets (here's a screenshot (https://twitter.com/0xabad1dea/status/525849774268768256)). But the code speaks for itself - it's blatantly designed to brick non-FTDI parts and is otherwise completely useless, having been carefully engineered to exploit a minor implementation difference (that even differs for other genuine non-232RL FTDI chips) to brick clones. Whether FTDI did this deliberately or not is not up for debate - they did, period.
Thanks for posting that - not exactly a smoking gun though.
On what planet is it not?
If the bricking of the fake is a 'happy' accident of the way the driver works, then fair enough I say. But if the driver has been deliberately written to render the part permanently useless (by re-writing the EEPROM or perhaps some other irreversible method) then FTDI would be on shaky ground, however I think it would be fair for the driver to simply not work. After all this is what ink-jets do.
Has someone got the source code for the driver or has FTDI admitted to that also?
Assuming that the decompilation is genuine (I have not personally verified that, but if it wasn't, I'm confident it would have been exposed by now), what other conceivable purpose could that chunk of code possibly have?
Keep in mind as well that people have used USB protocol analyzers (I've seen the posts on Twitter, but cannot be bothered to go find one right now) that have demonstrated the same sequence of actions that the decompilation shows. Again - what possible purpose is served by that sequence of operations apart from deliberately bricking devices that don't ignore the given operations (like genuine FTDI devices apparently do)?
This was not an accident. This was not a mistake. This was a deliberate, unethical act. That much is quite clear.
-
Sparkfun with 30 products using FTDI parts have a reasonable response to the issue
https://www.sparkfun.com/news/1629 (https://www.sparkfun.com/news/1629)
A. They don't think they have a problem
B. If it turns out they do it is their problem
Yess, yess you finally got it IT'S THE PEOPLE BUYING THE PARTS AND PUTTING THEM INTO THEIR PRODUCTS that need to be targeted, worked with NOT end users who are non the wiser.
FTDI's logic was thus: we want to sell more chips and we don't like people faking our chips and using our driver. Oh nice we have found a vulnerability in the fake chip. What shall we do ?
2 scenarios:
1) as they have done, brick the fakes, and by doing so punish the end user of a product that may be well out of warranty for something they had no part in. They have no idea why they device broke and i guess FTDI hope they won't buy another one from the same supplier so hopefully get a genuine one next time so FTDI hope. The supplier of the product is non the wiser and may now be using genuine FTDI chips so FTDI shoot themselves in the foot. As no one knows what the problem is people keep buying fakes anawares although by this point the problem is probably found and corrected but potentially millions of unsuspecting and innocent users are punished and financially damaged for products they bought in good faith and are already in service.
2) FTDI stop their driver from working with a fake chip so the device can't be installed as it now has no driver support (and they could have quietly found a way to distinguish so historic devices carry on but new ones won't work). If the supplier of the equipment have not figured this out yet they get loads of returns and innocent customers get their money back and no hard feeling with a supplier that may also not be at fault and if that supplier is now using genuine chips they don't feel so bad and keep using the chips. The suppliers will then seek redress from their chips suppliers and maybe involve FTDI and the source of fakes is found and people prosecuted. Everyone comes out on top and counterfeiters are hopefully caught.
What FTDI did was selfish and stupid
-
I must have missed the posting (in the 40 odd pages here) were FTDI admit that they are deliberatly bricking non-FTDI parts....
There not being any legitimate drivers for non-FTDI parts they always were bricks under Windows. They found a way to prevent some illegal use of their drivers and exploited it. If you want to carry on illegally using older versions of their drivers you have to jump through some hoops - cry me a river.
I have some minor sympathy for the few people who found trying to use illegal drivers under windows meant they had to jump through some minor hoops to use the device with open drivers under linux.
Sparkfun with 30 products using FTDI parts have a reasonable response to the issue
https://www.sparkfun.com/news/1629 (https://www.sparkfun.com/news/1629)
A. They don't think they have a problem
B. If it turns out they do it is their problem
The part they left out is:
C. If they switch to CDC parts, they'll never have this problem ever.
-
Regarding: https://twitter.com/0xabad1dea/status/525849774268768256
FTDI have no right at all to brick chips, the chips could be used by linux under different drivers or someone could write a windows driver, this means no one is violating anything other than the manufacturer who badged the chip FTDI if indeed they did, it's just another USB to serial converter, this is not like buying a fake GHD hair straighter. I surely hope FTDI have to pay damages for this, to claim they have to stop counterfeiters in order to guarantee innovation, they have to be joking, if they think serial to USB converters are hi tech they really should get out of the business.
-
What is really funny is I started buying FTDI stuff BECAUSE OF WHAT PROLIFIC did with their drivers screwing over customers a few years ago.
-
Regarding: https://twitter.com/0xabad1dea/status/525849774268768256
FTDI have no right at all to brick chips, the chips could be used by linux under different drivers or someone could write a windows driver, this means no one is violating anything other than the manufacturer who badged the chip FTDI if indeed they did, it's just another USB to serial converter, this is not like buying a fake GHD hair straighter. I surely hope FTDI have to pay damages for this, to claim they have to stop counterfeiters in order to guarantee innovation, they have to be joking, if they think serial to USB converters are hi tech they really should get out of the business.
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
If you use a counterfeit FTDI part with an FTDI driver, then I think it is legitimate for it not to work.
The only issue appears to be that the FTDI driver reprograms the PID and so it won't work without faffing about afterwards, not technically bricked it appears. That will be cleared up with the new device driver issue from FTDI.
Why shouldn't FTDI protect their IP and good name???
-
Edit: photo of real vs. fake (click for high-res). I think the easiest way to tell them apart is that the real one has a larger pin 1 dimple centered between pins 1 and 2, while the fake one has a smaller dimple that is offset towards pin 1.
(https://mrcn.st/t/ftdi_real_fake_800.jpg) (https://mrcn.st/t/ftdi_real_fake.jpg)
I'm afraid I have to disagree with you: the chip with the laser-engraved markings on the right is the real chip. The chip with simple printed markings on the left is fake. When you view the high res image, it's visible more clearly.
Compare with the foto in this link:
http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal)
-
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
If you use a counterfeit FTDI part with an FTDI driver, then I think it is legitimate for it not to work.
The only issue appears to be that the FTDI driver reprograms the PID and so it won't work without faffing about afterwards, not technically bricked it appears. That will be cleared up with the new device driver issue from FTDI.
Why shouldn't FTDI protect their IP and good name???
Good name ? they don't have one of those now. If the driver simply refuses to work with the chip then that is fine. under linux there are non ftdi drivers or maybe i am wrong if there are then ftdi are not being hard done by, not their chip and not their driver. equally someone could write a windows driver and the chip would work, no violation of ftdi's IP.
Then FTDI can use lawful and fare methods to track down counterfeiters and deal with the fake manufacturers and not cause damage to end users who have paid their money and the fake suppliers have had their share. What ftdi have done does very little to the suppliers of old fakes, it will only hit them in the future, in the mean time innocent end users have had their equipment redered useless for no good reason, the manufacturers still have their money for the fakes. The attitude has not been to resolve the situation but to be vindictive no matter who pays...... reminds me a of a certain referendum just had on FTDI land! It's the same old tune: "we have decided we have been wronged no matter what anyone thinks therefore fuck everyone else!"
-
The part they left out is:
C. If they switch to CDC parts, they'll never have this problem ever.
Yes, but, because they are not some no-name Chinese asshole they consider buying fake chips of unknown quality and origin to be a problem regardless of what interface they use. FTDI's driver actions mean in the future they are less likely to find fake FTDI chips in the supply chain. That combined with FTDI's excellent driver support and quality is reason to continue using them.
-
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
If you use a counterfeit FTDI part with an FTDI driver, then I think it is legitimate for it not to work.
The only issue appears to be that the FTDI driver reprograms the PID and so it won't work without faffing about afterwards, not technically bricked it appears. That will be cleared up with the new device driver issue from FTDI.
Why shouldn't FTDI protect their IP and good name???
Good name ? they don't have one of those now. If the driver simply refuses to work with the chip then that is fine. under linux there are non ftdi drivers or maybe i am wrong if there are then ftdi are not being hard done by, not their chip and not their driver. equally someone could write a windows driver and the chip would work, no violation of ftdi's IP.
Then FTDI can use lawful and fare methods to track down counterfeiters and deal with the fake manufacturers and not cause damage to end users who have paid their money and the fake suppliers have had their share. What ftdi have done does very little to the suppliers of old fakes, it will only hit them in the future, in the mean time innocent end users have had their equipment redered useless for no good reason, the manufacturers still have their money for the fakes. The attitude has not been to resolve the situation but to be vindictive no matter who pays...... reminds me a of a certain referendum just had on FTDI land! It's the same old tune: "we have decided we have been wronged no matter what anyone thinks therefore fuck everyone else!"
Back in the real world - I can't see any manufacturer dropping FTDI because they took a stand on counterfeit parts. Also, I suspect that someone is working on an application to unbrick those 'PID=0x0000' parts.
As for FTDI not having a good name? Perhaps not amongst a small % of hackers/makers only, but I and those other manufacturers I know won't stop putting their parts in products as long as they offer the cost/benefit that they do.
-
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
Users did chose to use FTDI driver, it was forced on them by being shipped with Windows (practically a monopoly) and by the OS selecting it as the appropriate driver for that hardware.
FTDI's competitive advantage is having a driver in the stock Windows distribution but they abused it and people now look for alternatives. Yet to be seen if this will cause Microsoft to include a generic CDC driver and solve this USB/Serial driver issue once for all. Manufacturer can then be able to design chips for that standard and users will not have to install drivers.
As Simon said, USB/Serial is a commodity these days, just like USB mouse or keyboards.
-
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
If you use a counterfeit FTDI part with an FTDI driver, then I think it is legitimate for it not to work.
The only issue appears to be that the FTDI driver reprograms the PID and so it won't work without faffing about afterwards, not technically bricked it appears. That will be cleared up with the new device driver issue from FTDI.
Why shouldn't FTDI protect their IP and good name???
Good name ? they don't have one of those now. If the driver simply refuses to work with the chip then that is fine. under linux there are non ftdi drivers or maybe i am wrong if there are then ftdi are not being hard done by, not their chip and not their driver. equally someone could write a windows driver and the chip would work, no violation of ftdi's IP.
Then FTDI can use lawful and fare methods to track down counterfeiters and deal with the fake manufacturers and not cause damage to end users who have paid their money and the fake suppliers have had their share. What ftdi have done does very little to the suppliers of old fakes, it will only hit them in the future, in the mean time innocent end users have had their equipment redered useless for no good reason, the manufacturers still have their money for the fakes. The attitude has not been to resolve the situation but to be vindictive no matter who pays...... reminds me a of a certain referendum just had on FTDI land! It's the same old tune: "we have decided we have been wronged no matter what anyone thinks therefore fuck everyone else!"
Back in the real world - I can't see any manufacturer dropping FTDI because they took a stand on counterfeit parts. Also, I suspect that someone is working on an application to unbrick those 'PID=0x0000' parts.
As for FTDI not having a good name? Perhaps not amongst a small % of hackers/makers only, but I and those other manufacturers I know won't stop putting their parts in products as long as they offer the cost/benefit that they do.
So all of this over a few hobbyists ? gee what a lot of hassle, really vindictive then, as I keep saying they have not harmed the seller of existing fakes onthey innocent users that have already made the fakers rich, not very clever move
-
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
Users did chose to use FTDI driver, it was forced on them by being shipped with Windows (practically a monopoly) and by the OS selecting it as the appropriate driver for that hardware.
FTDI's competitive advantage is having a driver in the stock Windows distribution but they abused it and people now look for alternatives. Yet to be seen if this will cause Microsoft to include a generic CDC driver and solve this USB/Serial driver issue once for all. Manufacturer can then be able to design chips for that standard and users will not have to install drivers.
As Simon said, USB/Serial is a commodity these days, just like USB mouse or keyboards.
Hmmm. The user chose the product that contains the fake-FTDI part, this then enumerated with the cloned FTDI VID/PID code (which belongs to FTDI under the USB-IF agreement). Windows then looked up the correct driver to use and loaded it.
If the user had chosen a product with a generic CDC implementation, then the FTDI driver wouldn't have been run up...
-
Users did chose to use FTDI driver, it was forced on them by being shipped with Windows (practically a monopoly) and by the OS selecting it as the appropriate driver for that hardware.
FTDI's competitive advantage is having a driver in the stock Windows distribution but they abused it and people now look for alternatives. Yet to be seen if this will cause Microsoft to include a generic CDC driver and solve this USB/Serial driver issue once for all. Manufacturer can then be able to design chips for that standard and users will not have to install drivers.
As Simon said, USB/Serial is a commodity these days, just like USB mouse or keyboards.
Yes exactly, no one explicity chose to use the driver and ftdi don't have to put it into windows update, they can just leave you to download the drivers THEN sellers of counterfits will have to either copy it and provide the driver themselves which breaks the law in a bigger way that saying "meh I never said to use that driver" and makes a better case for prosecution or they will be telling people to go to FTDI to get the driver so if they openly say the manufacturer is FTDI when it's not again more legal amunition for FTDI.
If i buy for example an arduino board I don't know what is on it and if it works and i don't care, it's up to the manufacturer to sort it out, why bring the fight to me when it's with manufacturers and their supply chains
-
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
In what countries? As far as I know it's not illegal to possess counterfeit goods in most countries (just checked for Germany.. here neither buying nor possessing counterfeit goods is illegal).
And that's assuming that the parts had fake FTDI branding on them. Because seemingly you can buy them with non-FTDI branding as well (see some pages earlier in this thread iirc)..
-
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
Users did chose to use FTDI driver, it was forced on them by being shipped with Windows (practically a monopoly) and by the OS selecting it as the appropriate driver for that hardware.
FTDI's competitive advantage is having a driver in the stock Windows distribution but they abused it and people now look for alternatives. Yet to be seen if this will cause Microsoft to include a generic CDC driver and solve this USB/Serial driver issue once for all. Manufacturer can then be able to design chips for that standard and users will not have to install drivers.
As Simon said, USB/Serial is a commodity these days, just like USB mouse or keyboards.
Hmmm. The user chose the product that contains the fake-FTDI part, this then enumerated with the cloned FTDI VID/PID code (which belongs to FTDI under the USB-IF agreement). Windows then looked up the correct driver to use and loaded it.
If the user had chosen a product with a generic CDC implementation, then the FTDI driver wouldn't have been run up...
the end customer does not chose the chip that is in a completed product PCB so why punish them
-
If you use a counterfeit FTDI part with a non-FTDI written driver, then that's fine and it's upto FTDI to pursue you under the counterfeit laws.
If you use a counterfeit FTDI part with an FTDI driver, then I think it is legitimate for it not to work.
The only issue appears to be that the FTDI driver reprograms the PID and so it won't work without faffing about afterwards, not technically bricked it appears. That will be cleared up with the new device driver issue from FTDI.
Why shouldn't FTDI protect their IP and good name???
Good name ? they don't have one of those now. If the driver simply refuses to work with the chip then that is fine. under linux there are non ftdi drivers or maybe i am wrong if there are then ftdi are not being hard done by, not their chip and not their driver. equally someone could write a windows driver and the chip would work, no violation of ftdi's IP.
Then FTDI can use lawful and fare methods to track down counterfeiters and deal with the fake manufacturers and not cause damage to end users who have paid their money and the fake suppliers have had their share. What ftdi have done does very little to the suppliers of old fakes, it will only hit them in the future, in the mean time innocent end users have had their equipment redered useless for no good reason, the manufacturers still have their money for the fakes. The attitude has not been to resolve the situation but to be vindictive no matter who pays...... reminds me a of a certain referendum just had on FTDI land! It's the same old tune: "we have decided we have been wronged no matter what anyone thinks therefore fuck everyone else!"
Back in the real world - I can't see any manufacturer dropping FTDI because they took a stand on counterfeit parts. Also, I suspect that someone is working on an application to unbrick those 'PID=0x0000' parts.
As for FTDI not having a good name? Perhaps not amongst a small % of hackers/makers only, but I and those other manufacturers I know won't stop putting their parts in products as long as they offer the cost/benefit that they do.
So all of this over a few hobbyists ? gee what a lot of hassle, really vindictive then, as I keep saying they have not harmed the seller of existing fakes onthey innocent users that have already made the fakers rich, not very clever move
No, I doubt that FTDI would have done this to attack hobbyists - law of unintended consequences - and if it makes people question the authenticity of the products they buy and reduces the risk of getting counterfeit part then great.
-
equally someone could write a windows driver and the chip would work, no violation of ftdi's IP.
Of course they could, they could join the USB-IF and pay to get their own VID. They could submit their drivers, hardware, and money to Microsoft for WHQL certification they could submit their drivers, hardware, and money to USB-IF and get USB-IF certification. They could provide datasheets, technical support, driver kits, and stamp their own name on the parts and spend 15 years building a reputation for quality and reliability.
But screw that, FTDI can do and pay for all that shit, we will just make some crap that kinda works like an FTDI part and stamp FTDI on the front.
-
In what countries? As far as I know it's not illegal to possess counterfeit goods in most countries (just checked for Germany.. here neither buying nor possessing counterfeit goods is illegal).
And that's assuming that the parts had fake FTDI branding on them. Because seemingly you can buy them with non-FTDI branding as well (see some pages earlier in this thread iirc)..
exactly! if I were to buy a product with a fake chip and use it under linux FTDI have no claim at all, not their chip, not their driver. As you say plenty of chips have no marking and if this is about hobbyists and makers they are the ones more often using linux. So what is the big deal ?
Now if the FTDI logo is on the chip and it's trying to use their driver then FTDI can try and prosecute for that, let you know the chip is fake, ask you to contact them and tell them where you bought it and then take on the manufacturers and their suppliers. A handful of cases would set the market straight in the same way this action may and the end user has more chance of understanding why the device won't work and being able to get their money back.
-
.. the fake-FTDI part, this then enumerated with the cloned FTDI VID/PID code (which belongs to FTDI under the USB-IF agreement).
I doubt that the USB org agreement allows FTDI to brick third party devices that have that VID. It just guarantees that the USB org will not grant the same VID to another party, nothing more, nothing less.
-
I'm afraid I have to disagree with you: the chip with the laser-engraved markings on the right is the real chip. The chip with simple printed markings on the left is fake. When you view the high res image, it's visible more clearly.
Who says the fakers don't have laser engravers...? If you compare with the other link you posted, you'll see that the pin 1 indicator on the real one is bigger too; ignore the printing, that can be very easily changed. The dimple for pin 1, however, is likely to be a better distinguishing mark since it's put there by the packager's epoxy moulding.
-
If you use a counterfeit FTDI part with an FTDI driver, then I think it is legitimate for it not to work.
Wrong. FTDI provides their software to you. What you do with it is up to you. The only thing they can enforce is their copyright which allows them to set a price on the software and control distribution. They can't tell people how to use the software. It is like when you get or buy a book. Nobody can stop you from using the book to start your fireplace, use it as a door stop, etc.
-
If the user had chosen a product with a generic CDC implementation, then the FTDI driver wouldn't have been run up...
The problem with CDC is that the creators of that standard never defined a basic serial port :palm: MORONS! :palm: They did define a modem. Therefore on several OSses (IIRC Apple's OSX) a CDC serial device shows up as a modem. That is also why so many USB to serial adapters come with their own drivers.
-
Edit: photo of real vs. fake (click for high-res). I think the easiest way to tell them apart is that the real one has a larger pin 1 dimple centered between pins 1 and 2, while the fake one has a smaller dimple that is offset towards pin 1.
(https://mrcn.st/t/ftdi_real_fake_800.jpg) (https://mrcn.st/t/ftdi_real_fake.jpg)
I'm afraid I have to disagree with you: the chip with the laser-engraved markings on the right is the real chip. The chip with simple printed markings on the left is fake. When you view the high res image, it's visible more clearly.
No, the one on the right is definitely a functional equivalent. I have one sitting on my desk (bricked by FTDI's driver). The giveaway in this case is that the 'serial number' (?) starts with CN which happens to be the country ID for China. But that could be a coincidence. I wouldn't be surprised though that it turns out the functional equivalents come from a more modern and well equiped production line that the ones from FTDI. As I wrote before the functional equivalent is made on a more modern process.
-
So I'm dumb and the clone detector tool that I linked before relied on a patched libftdi (which I hacked up when this saga started and then forgot about...)
So instead I rewrote it to use libusb and made it a lot more useful. Now it can:
- Tell you if you have a clone chip
- Fix bricked clones (by undoing exactly what the FTDI driver did, restoring the PID to 6001 but also reverting the value at 0x3e - this might fix string data corruption if your strings area was full when the FTDI driver did its dirty work, or if user data was in use)
- NEW: immunize clone chips against the evil driver by deliberately breaking the EEPROM checksum. This reverts all settings to defaults (and loses the serial number), but if those work for you, then FTDI's driver will not brick your device and will happily work with it. You can also revert this change.
https://mrcn.st/t/ftdi_clone_tool.py
Tested on both real devices (where it refuses to do anything) and on clones (where all of the above works; I tested it against FTDI's driver too).
-
I'm afraid I have to disagree with you: the chip with the laser-engraved markings on the right is the real chip. The chip with simple printed markings on the left is fake. When you view the high res image, it's visible more clearly.
No, sorry, my assessment is correct. I confirmed it with my own code and FTDI's driver. I didn't swap them around. I suspect both real chips and clones have used different marking methods. The consistent giveaway, at least between my chips and Zeptobars', is the pin 1 dimple.
-
So I'm dumb and the clone detector tool that I linked before relied on a patched libftdi (which I hacked up when this saga started and then forgot about...)
So instead I rewrote it to use libusb and made it a lot more useful. Now it can:
- Tell you if you have a clone chip
- Fix bricked clones (by undoing exactly what the FTDI driver did, restoring the PID to 6001 but also reverting the value at 0x3e - this might fix string data corruption if your strings area was full when the FTDI driver did its dirty work, or if user data was in use)
- NEW: immunize clone chips against the evil driver by deliberately breaking the EEPROM checksum. This reverts all settings to defaults (and loses the serial number), but if those work for you, then FTDI's driver will not brick your device and will happily work with it. You can also revert this change.
https://mrcn.st/t/ftdi_clone_tool.py
Tested on both real devices (where it refuses to do anything) and on clones (where all of the above works; I tested it against FTDI's driver too).
Oh, i just love that tool. And the CORRUPTME command name is just hilarious. It reminds me of that Nineteen Eighty-Four movie phrase: "I'm corrupt to the core". :-DD
-
The problem with CDC is that the creators of that standard never defined a basic serial port :palm: MORONS! :palm: They did define a modem. Therefore on several OSses (IIRC Apple's OSX) a CDC serial device shows up as a modem. That is also why so many USB to serial adapters come with their own drivers.
That's what I see on my OSX machine with LPC/CDC /dev/tty.usbmodemNXP-71.
What's wrong with a modem model? It can still be mapped to a COM port on windows.
BTW, is the CDC driver on OSX supported by Apple? If so, that's nice of them. I don't recall installing it but I may be wrong.
-
I have used microcontroller based CDC serial port devices on OSX and they work out of the box (just like they do on Linux). No surprise there because OSX is Unix as well.
There is no functional problem but it's just hard to explain to noobs that a gadget is a serial port and not a modem. Some people will never get that and insist on something called a serial port.
-
I have used microcontroller based CDC serial port devices on OSX and they work out of the box (just like they do on Linux). No surprise there because OSX is Unix as well.
There is no functional problem but it's just hard to explain to noobs that a gadget is a serial port and not a modem. Some people will never get that and insist on something called a serial port.
It's seems that the root deficiency is in Windows for not having an out of the box standard CDC driver and relying on a combative partner with a proprietary driver.
It's time for Microsoft to come with a generic USB/Serial driver. I wouldn't be surprised in FTDI pays Microsoft for staying in this monopolistic position.
-
For some of is this particular part of the thread is very confusing. Every time I see 'CDC' I always think of Control Data Corporation. The university I attended had a pair of CDC 7600 machines:
http://www.lamef.bordeaux.ensam.fr/~jlc/ASI/Historique/images/cdc7600-2.jpeg (http://www.lamef.bordeaux.ensam.fr/~jlc/ASI/Historique/images/cdc7600-2.jpeg)
-
Windows does have a CDC ACM drivier - it has since at least XP. One of the problems with that protocol is that it doesn't support all the handshake lines. Another potential problem is that is uses a separate endpoint for data and handshake (FTDI uses the same endpoint). So a vendor supplied driver is required for a full featured USB to serial solution.
-
Windows does have a CDC ACM drivier - it has since at least XP. One of the problems with that protocol is that it doesn't support all the handshake lines. Another potential problem is that is uses a separate endpoint for data and handshake (FTDI uses the same endpoint). So a vendor supplied driver is required for a full featured USB to serial solution.
Yes sir! That's the right reason.
-
It's seems that the root deficiency is in Windows for not having an out of the box standard CDC driver and relying on a combative partner with a proprietary driver.
It's time for Microsoft to come with a generic USB/Serial driver. I wouldn't be surprised in FTDI pays Microsoft for staying in this monopolistic position.
They do, and have for a long time now. It's usbser.sys (or something like that). All one needs is a .inf file that lists the VID/PID of the thing attached, and then points to the usbser driver. Sure, it's rather silly to require that instead of going by the USB device's class (after all, that is what the USB descriptors are for), but still better than requiring a complete driver for such a simple thing.
Greetings,
Chris
-
Like many others, I have now disabled automatic driver updates.
Good - that should have been the case anyway. There have been numerous instances when newer drivers have caused problems.
As a consequence my computer is less secure and possibly less reliable than it could be
Don't be silly.
Supply chains are imperfect. No manufacturer can guarantee that every chip in every product is 100% genuine
Wrong. We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
-
Edit: photo of real vs. fake (click for high-res). I think the easiest way to tell them apart is that the real one has a larger pin 1 dimple centered between pins 1 and 2, while the fake one has a smaller dimple that is offset towards pin 1.
(https://mrcn.st/t/ftdi_real_fake_800.jpg) (https://mrcn.st/t/ftdi_real_fake.jpg)
Well, that means the 2 Freeduino boards I have do have real FTDI chips on them, they look like the ones on the left.
EDIT: :palm: Misread the image. So yes, the parts I have are real parts that look like the chip in the image on the left (i.e. not engraved).
-
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
In your naive world there would be no counterfeit money either :palm: There is money to be made so somehow somewhere there is always someone who manages to slip in counterfeit items and make a profit.
@idpromnut: the one on the left is real. The fake chip has a better finishing than the original :-DD
-
In case anyone is confused by this, you do not have to turn off Windows Update in Windows 7 just to block device driver downloads. For some reason known only to Microsoft this setting is not found in the Windows Update settings. It's located in:
Control Panel > System > Advanced system settings > Hardware tab > Device Installation Settings
My personal position is that you're better off not letting Windows update anything but itself, and even then do not let it do it automatically. If you're really concerned about things getting screwed up, only download security updates unless you have a specific problem.
-
My personal position is that you're better off not letting Windows update anything but itself, and even then do not let it do it automatically. If you're really concerned about things getting screwed up, only download security updates unless you have a specific problem.
reminds me of someone who called me over to fix his computer because it had a virus, he was running no antivirus and had stopped windows from updating as he thought it made things worse. That was his business computer he totally screwed up with all of his records. :-DD
-
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
In your naive world there would be no counterfeit money either :palm:
So you go into a shop with a counterfeit bill and find they have just installed a UV scanner which detects your counterfeit. They won't accept your bill and write "COUNTERFEIT" on it before giving it back so no one else will accept it either.
You then tweet to anyone that will listen that the bastards in this shop just BRICKED my bill. They illegally damaged my property. I am never going to shop there again. I want to start a class action law suit against this shop. It is not my fault I didn't know the bill was counterfeit. Maybe we could get together and make some better counterfeits that the shop can't detect. The shop always accepted my counterfeit bills before, they didn't ask for my permission before installing this new UV scanner, I didn't want them to it is completely unfair.
-
So you go into a shop with a counterfeit bill and find they have just installed a UV scanner which detects your counterfeit. They won't accept your bill and write "COUNTERFEIT" on it before giving it back so no one else will accept it either.
You then tweet to anyone that will listen that the bastards in this shop just BRICKED my bill. They illegally damaged my property. I am never going to shop there again. I want to start a class action law suit against this shop. It is not my fault I didn't know the bill was counterfeit. Maybe we could get together and make some better counterfeits that the shop can't detect. The shop always accepted my counterfeit bills before, they didn't ask for my permission before installing this new UV scanner, I didn't want them to it is completely unfair.
Quite different, fake money is fake money, these chips are functioning chips that just happen to hijack the FDTI driver, if they had their own driver they would not be deemed as fakes. It's a bit like I try to use a scottish paper money note in england and it gets refused because the idiot behind the counter has decided it's not legal tender.
-
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
In your naive world there would be no counterfeit money either :palm:
So you go into a shop with a counterfeit bill and find they have just installed a UV scanner which detects your counterfeit. They won't accept your bill and write "COUNTERFEIT" on it before giving it back so no one else will accept it either.
I see your point. Vigilantly justice is the way to go. If you tires don't have enough thread other citizens should slash them.
-
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
In your naive world there would be no counterfeit money either :palm:
So you go into a shop with a counterfeit bill and find they have just installed a UV scanner which detects your counterfeit.
As usual in this thread you are missing the point completely and that is that there is always a chance you get counterfeit money and even pay with it. Statistically the chance you and me have used counterfeit money isn't zero. Or do you carry a UV scanner around to check all the bills you get from a shop? You know it's easy for a cashier to bring counterfeit money to the store and exchange it for real money and handing out the counterfeit money as change without anyone knowing.
-
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
In your naive world there would be no counterfeit money either :palm:
So you go into a shop with a counterfeit bill and find they have just installed a UV scanner which detects your counterfeit. They won't accept your bill and write "COUNTERFEIT" on it before giving it back so no one else will accept it either.
You then tweet to anyone that will listen that the bastards in this shop just BRICKED my bill. They illegally damaged my property. I am never going to shop there again. I want to start a class action law suit against this shop. It is not my fault I didn't know the bill was counterfeit. Maybe we could get together and make some better counterfeits that the shop can't detect. The shop always accepted my counterfeit bills before, they didn't ask for my permission before installing this new UV scanner, I didn't want them to it is completely unfair.
The bills have a lot of visible and invisible (to human eye) security measures to help detecting a real from a fake one. FTDI never gave us a single way for us to detect a counterfeit chip before their driver break them. If we stick to your bill example, man, you just choose a pretty bad example. Why? Because i think almost 90% of the bill manufacturing cost is dedicated to security materials and processes. Can you say the same about FTDI chips manufacturing costs?
-
FTDI are trying to protect and increase their revenue streams on a particular run of the mill low value part - man they must be in trouble or being very petty. I wouldn't touch the rest of their product range with any length barge pole.
-
FTDI are trying to protect and increase their revenue streams on a particular run of the mill low value part - man they must be in trouble or being very petty. I wouldn't touch the rest of their product range with any length barge pole.
I agree. I have right here more than a hundred FT232RL chips, all from my (no more)"trusted" local supplier, and they are all counterfeits. I pay them 9.34 USD dollars + taxes each one (im not in the first world as you can seeE) I'm so pissed off right now, im the one paying for them and at the same time (who would imagine?) being attacked from both sides: counterfeiters and FTDI!
-
Didn't realize they cost that much, if they are marked as FTDI or you biught them as FTDI branded then you have every ounce on your side to return the things for a refund. It's up to your supplier to make sure they source genuine parts. I generally start with small quantities and if there are no problems order in bigger batches. Yes there are a few suppliers i have stopped using.
-
Didn't realize they cost that much, if they are marked as FTDI or you biught them as FTDI branded then you have every ounce on your side to return the things for a refund. It's up to your supplier to make sure they source genuine parts. I generally start with small quantities and if there are no problems order in bigger batches. Yes there are a few suppliers i have stopped using.
They don't. But here i have only one official FTDI distributor (Arrow). I've called them in the past and they told me that they didn't have any in stock, and that the only way they could bring them was if i bought them an entire 2k piece REEL.
-
As usual in this thread you are missing the point completely
Your point being that the solution to the problem of counterfeit anything is to never question them and so avoid getting an answer you didn't want to hear.
-
Yeah, that's why I offered that information. I'd read a few posts where it sounded like people had turned off Windows Update just to avoid getting bad drivers. It's not a good idea to turn of Windows Update completely, do keep a close eye on it though.
In case anyone is confused by this, you do not have to turn off Windows Update in Windows 7 just to block device driver downloads. For some reason known only to Microsoft this setting is not found in the Windows Update settings. It's located in:
Control Panel > System > Advanced system settings > Hardware tab > Device Installation Settings
My personal position is that you're better off not letting Windows update anything but itself, and even then do not let it do it automatically. If you're really concerned about things getting screwed up, only download security updates unless you have a specific problem.
reminds me of someone who called me over to fix his computer because it had a virus, he was running no antivirus and had stopped windows from updating as he thought it made things worse. That was his business computer he totally screwed up with all of his records. :-DD
-
Didn't realize they cost that much, if they are marked as FTDI or you biught them as FTDI branded then you have every ounce on your side to return the things for a refund. It's up to your supplier to make sure they source genuine parts. I generally start with small quantities and if there are no problems order in bigger batches. Yes there are a few suppliers i have stopped using.
They don't. But here i have only one official FTDI distributor (Arrow). I've called them in the past and they told me that they didn't have any in stock, and that the only way they could bring them was if i bought them an entire 2k piece REEL.
Yea they are £4 or less in the UK and to think we paid a whole 16+ quid for one in a cable....... You have every right to throw them back at arrow, they should know better and at that price in that quantity they should come in gold foil packaging
-
Didn't realize they cost that much, if they are marked as FTDI or you biught them as FTDI branded then you have every ounce on your side to return the things for a refund. It's up to your supplier to make sure they source genuine parts. I generally start with small quantities and if there are no problems order in bigger batches. Yes there are a few suppliers i have stopped using.
They don't. But here i have only one official FTDI distributor (Arrow). I've called them in the past and they told me that they didn't have any in stock, and that the only way they could bring them was if i bought them an entire 2k piece REEL.
Yea they are £4 or less in the UK and to think we paid a whole 16+ quid for one in a cable....... You have every right to throw them back at arrow, they should know better and at that price in that quantity they should come in gold foil packaging
I think you didn't understand my previous posts. I didn't bought these conterfeits in Arrow. The told me (Arrow) that even if i bought the entire 2K REEL, the delay would be between 6 to 8 weeks. I bought them in another supplier, not an official FTDI distributor.
The other day Arrow sent me an email, telling me that they could fractionate the 2K REEL, but at a price of 12 USD + taxes each chip, and with a delay of 6 to 8 weeks too.
I'm now trying to get them from Future Electronics (importations here are almost closed). But this is the begining of our Company changing to other USB to Serial converter chip and brand. We're the ones beeing damaged from both fronts, and that's not fair. And they can't tell me that i knew that they were counterfeits, because i paid them as if the whole chip were made of silicon.
-
Didn't realize they cost that much, if they are marked as FTDI or you biught them as FTDI branded then you have every ounce on your side to return the things for a refund. It's up to your supplier to make sure they source genuine parts. I generally start with small quantities and if there are no problems order in bigger batches. Yes there are a few suppliers i have stopped using.
They don't. But here i have only one official FTDI distributor (Arrow). I've called them in the past and they told me that they didn't have any in stock, and that the only way they could bring them was if i bought them an entire 2k piece REEL.
Yea they are £4 or less in the UK and to think we paid a whole 16+ quid for one in a cable....... You have every right to throw them back at arrow, they should know better and at that price in that quantity they should come in gold foil packaging
I think you didn't understand my previous posts. I didn't bought these conterfeits in Arrow. The told me (Arrow) that even if i bought the entire 2K REEL, the delay would be between 6 to 8 weeks. I bought them in another supplier, not an official FTDI distributor.
The other day Arrow sent me an email, telling me that they could fractionate the 2K REEL, but at a price of 12 USD + taxes each chip, and with a delay of 6 to 8 weeks too.
I'm now trying to get them from Future Electronics (importations here are almost closed). But this is the begining of our Company changing to other USB to Serial converter chip and brand. We're the ones beeing damaged from both fronts, and that's not fair. And they can't tell me that i knew that they were counterfeits, because i paid them as if the whole chip were made of silicon.
Oh i see. well you should still return them, fakes are fakes and dud fakes as they will be are a pretty poor excuse for a cheap knock off. What is the problem with importing ? is it hard to import to your country full stop or is it suppliers that are not wanting to deal in your country ?
-
Didn't realize they cost that much, if they are marked as FTDI or you biught them as FTDI branded then you have every ounce on your side to return the things for a refund. It's up to your supplier to make sure they source genuine parts. I generally start with small quantities and if there are no problems order in bigger batches. Yes there are a few suppliers i have stopped using.
They don't. But here i have only one official FTDI distributor (Arrow). I've called them in the past and they told me that they didn't have any in stock, and that the only way they could bring them was if i bought them an entire 2k piece REEL.
Yea they are £4 or less in the UK and to think we paid a whole 16+ quid for one in a cable....... You have every right to throw them back at arrow, they should know better and at that price in that quantity they should come in gold foil packaging
I think you didn't understand my previous posts. I didn't bought these conterfeits in Arrow. The told me (Arrow) that even if i bought the entire 2K REEL, the delay would be between 6 to 8 weeks. I bought them in another supplier, not an official FTDI distributor.
The other day Arrow sent me an email, telling me that they could fractionate the 2K REEL, but at a price of 12 USD + taxes each chip, and with a delay of 6 to 8 weeks too.
I'm now trying to get them from Future Electronics (importations here are almost closed). But this is the begining of our Company changing to other USB to Serial converter chip and brand. We're the ones beeing damaged from both fronts, and that's not fair. And they can't tell me that i knew that they were counterfeits, because i paid them as if the whole chip were made of silicon.
Oh i see. well you should still return them, fakes are fakes and dud fakes as they will be are a pretty poor excuse for a cheap knock off. What is the problem with importing ? is it hard to import to your country full stop or is it suppliers that are not wanting to deal in your country ?
It's almost impossible to import things in my country.
-
It's almost impossible to import things in my country.
And that is? Russia perhaps?
-
It's almost impossible to import things in my country.
And that is? Russia perhaps?
Argentina. But what our small Company does have is a big lawyer buffett. So we'll see what will be the action curse we take.
-
big lawyer buffett.
Interesting idea. How do they taste?
-
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
In your naive world there would be no counterfeit money either :palm: There is money to be made so somehow somewhere there is always someone who manages to slip in counterfeit items and make a profit.
Can we stop the fake money analogy? Handing over money in the form of notes and coins in a shop carries with it no provenance; you have not thought your analogy through. Once in circulation no records are kept of its movement and there is no traceability as no provenance is expected. A respectable manufacturer does not source components from the back of a van or on ebay. It should be able to trace back its source of components to a responsible party a number of years after it has integrated them into its products and if it cannot then it should review its sourcing procedure. Anybody with ISO9001 can do this and all others should be responsible enough to do this too. If this is not standard practice then counterfeiting will hit businesses and customers and FTDI has provided an example of such.
The argument has been raised that these counterfeit chips may have been inserted by a rogue employee on a production line. I am interested to know if anyone has first hand evidence of this and what the details are. What does this employee do with the authentic chips? Surely they would get little money from them as they would have to sell them on the grey market, and might be just as well to sell the fake chips for the same price in a sell and run operation. Or are we suggesting that 'chip laundering' is rife? If so, in a big operation, end of production line checks should, as far as possible, ensure that marked chips match the components (revision codes/date codes/other markings are all possible on bigger chips) entering the production line. The employer is responsible for the actions of an employee. The manufacturer is responsible to their customers (via their vending outlets) for any counterfeit chips in their products.
So what are these criminal employees doing? Smuggling in and out a handful of chips each day? Is that really going to be the way the majority of the fakes have entered production lines? Lazy cheap outsourcing will be the main reason where a sub-contractor has consciously bought a bulk load of cheap chips to save a few bucks with no questions asked (or even known them to be counterfeit). With this FTDI issue, my guess is that we are talking about cheap goods on ebay, and incompetent, irresponsible or desperate small internet vendors and manufacturers. Microboy, you have my sympathies but you should have bought that 2k reel, given that you have not even named your other source (it must be dodgy!). A micro business often has to take the MOQ hit or take the risk. What the designers in that microbusiness should be doing is considering the availability of a part early in the design stage (as well as expected production life etc); it is as important as a component's spec when looking to make small quantities.
Naive world? I do not understand. I run a small successful electronics manufacturing business. I am not siding with anyone. I am not condoning FTDI's actions. I am not saying that counterfeit products do not exist. I am not saying that bad businesses exist. What I am saying is that they should not and if a customer finds one that is not prepared to help sort out their FTDI problem then that business should be flamed. I am also saying a manufacturer should warranty their products against containing counterfeit parts and be very careful where they source components. Interestingly, very few people (any?) in this massive thread have actually bothered to state the details of the product and vendor when they have encountered a PID0 issue.
My comment that you commented upon was pulling up someone for erroneously saying that a manufacturer cannot provide a 100% guarantee of no counterfeit goods in their products. Perhaps we are mistaking each other's interpretation of the word 'guarantee'. For me it essentially means warranty accompanying the sale of a product such that the product should work as advertised.
-
To all those who would like to have FTDI sued for that:
That would be pretty difficult.
Look closely at the code snippet from marcan. (Thanks for that btw)
It's not coded like "oh we found a counterfeit device, go and let's brick it".
No, its much more clever: They write to the EEPROM in a way that is ignored by the original but that makes a fake one unusable.
So they would get away with a lawsuit. It's can't be proved that they deliberately sabotaged "compatible" devices.
The same code is executed for a genuine and a counterfeit device. It "just" happens that a counterfeit dies from it.
Sure we all know that this was the purpose. But that no lawsuit proof evidence.
(https://marcan.st/transf/ftdi_evil.png)
-
I think even major distributors have been caught out ?
ISO9001 ? really where i work we have that, caugh, caugh, caugh, it does not guarantee sod all and although we get audited yearly it's not like they are trying to fail us, they just look hard enough to be able to say they are satisfied.........
The only good quality system is one that was setup because the company genuinely cares.
-
To all those who would like to have FTDI sued for that:
That would be pretty difficult.
Look closely at the code snippet from marcan. (Thanks for that btw)
It's not coded like "oh we found a counterfeit device, go and let's brick it".
No, its much more clever: They write to the EEPROM in a way that is ignored by the original but that makes a fake one unusable.
So they would get away with a lawsuit. It's can't be proved that they deliberately sabotaged "compatible" devices.
The same code is executed for a genuine and a counterfeit device. It "just" happens that a counterfeit dies from it.
Sure we all know that this was the purpose. But that no lawsuit proof evidence.
(https://marcan.st/transf/ftdi_evil.png)
It is obvious that there was intent to trash fake chips - the code can serve no other purpose. There is no reason for it to be there on genuine chips.
-
big lawyer buffett.
Interesting idea. How do they taste?
Can't tell if that was a joke or a serious question. English isn't my native tongue.
To all those who would like to have FTDI sued for that:
That would be pretty difficult.
Shouldn't that be as difficult as FTDI proving that my chips are counterfeits and not a different revision of their product that went wrong with this driver?
Update:
I can't believe it! I have what it seems to be an original FT245RL! It passes the FTDI new driver attack. I should frame it and put it in the wall.
-
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
In your naive world there would be no counterfeit money either :palm: There is money to be made so somehow somewhere there is always someone who manages to slip in counterfeit items and make a profit.
Can we stop the fake money analogy?
Ok how about the bus lane analogy.
Bus company builds bus lanes and busses to run on them.
The bus lanes were being used by lots of other vehicles.
Bus company installs (without telling anyone) control devices: http://en.wikipedia.org/wiki/Sump_buster (http://en.wikipedia.org/wiki/Sump_buster)
Hilarity ensues as they didn't provide enough warning signs.
Except in this case FTDI didn't irreversibly damage the problem devices. Its FTDI's software driver, if some other product decides it wants to use the driver without co-ordinating or licensing with FTDI then they have no control over what will happen to their device. FTDI didn't publish or offer their interface for free, there is no standard involved, they can do what they like when a device identifies to use their software.
-
We can and do because we use franchised distributors, source all components ourselves and outsource build-only to a trusted, reliable assembler. Every manufacturer could do the same (or in-house build) but if you want to save cost by outsourcing to China, then yes, forget it. It is cost saving and profit greed that allows counterfeiting.
In your naive world there would be no counterfeit money either :palm: There is money to be made so somehow somewhere there is always someone who manages to slip in counterfeit items and make a profit.
Can we stop the fake money analogy? Handing over money in the form of notes and coins in a shop carries with it no provenance; you have not thought your analogy through. Once in circulation no records are kept of its movement and there is no traceability as no provenance is expected. A respectable manufacturer does not source components from the back of a van or on ebay.
Until parts become unavailable due to shortage and management tells procurement to get the chips from any source they can. Documents telling the origin can be forged BTW. So even in an ISO9001 supply chain you never can be 100% sure. In the heavily controlled food industry they manage to mix in cheap horse meat with beef which ends up at Ikea. And trust me: ISO9001 is a complete joke compared to the quality control systems they have to use in the food industry.
-
It is obvious that there was intent to trash fake chips - the code can serve no other purpose. There is no reason for it to be there on genuine chips.
It is there to test for non-genuine chips. The test writes to EEPROM on non-genuine chips which would eventually wear them out and really brick them. Changing the PID so FTDI drivers are not loaded in the future is a good idea.
I expect if they do change the current drivers they will graciously reserve one of their PIDs for known fake parts and write that to it instead so windows will at least detect them and try to find drivers.
-
I can't believe it! I have what it seems to be an original FT245RL! It passes the FTDI new driver attack.
AFAIK the attack only affects the FT232RL. You still know nothing. ;)
-
I can't believe it! I have what it seems to be an original FT245RL! It passes the FTDI new driver attack.
AFAIK the attack only affects the FT232RL. You still know nothing. ;)
Hmm.. Let me check that for you...
-
It is there to test for non-genuine chips. The test writes to EEPROM on non-genuine chips which would eventually wear them out and really brick them. Changing the PID so FTDI drivers are not loaded in the future is a good idea.
Sure till HungLo Enterprises creates a driver for their chip that looks if there is a HungLo chip attached, if not and it is any other chip such as a FTDI then just set the PID to 0 so the HungLo drivers are not loaded in the future. :palm: You are thinking from a single manufacturer with a single chip. This is an open protocol, any chip from any manufacturer could be there and it should not interfere.
As said many times before in this topic, the only right way to do this is that the driver should do a handshake with the chip to determine for sure if it is a correct chip and it should do this in a non destructive way. For my part are they checking online with the manufacturer a unique Identifier pair or whatever, so the forged chips are identified but no way are you changing data on a chip that is not your creation in the beginning.
-
It's not coded like "oh we found a counterfeit device, go and let's brick it".
No, its much more clever: They write to the EEPROM in a way that is ignored by the original but that makes a fake one unusable.
So they would get away with a lawsuit. It's can't be proved that they deliberately sabotaged "compatible" devices.
The same code is executed for a genuine and a counterfeit device. It "just" happens that a counterfeit dies from it.
Sure we all know that this was the purpose. But that no lawsuit proof evidence.
The legal system is not that stupid. Employees will be deposed under oath and will have to explain what is behind that code, what were the internal discussion at that time, emails will be subpoenaed and nobody will want to go to jail for the company.
Looking how obvious the code is, I doubt the depth of the legal counseling they got, if at all.
-
I can't believe it! I have what it seems to be an original FT245RL! It passes the FTDI new driver attack.
AFAIK the attack only affects the FT232RL. You still know nothing. ;)
Hmm.. Let me check that for you...
Confirmed. FT245RL (USB to Parallel Port) is attacked by the new driver too. You can now add FT245 to the Topic title. I'm attaching the USB transactions and the part were it's trying to do exactly the same as with the FT232RL. No surprise for me, beeing that FTDI used exactly the same die for the FT232RL and their behaviour is 99% similar. Just a couple of things more here and less there in the firmware, and a FT232RL can be easily converted to a FT245RL and viceversa (that was the same thing the counterfeiters must thought too).
I'm attaching an image of the attack in one of my FT245RL (this ones seems to be authentics) (in this request, it's asking to write 0x0000 @ EEPROM address 0x0002 (PID value).
Update: Attached the other part of the attack ( attempt to write 0x1600 @ EEPROM address 0x003E (CHEKCSUM)).
-
For my part are they checking online with the manufacturer a unique Identifier pair or whatever, so the forged chips are identified but no way are you changing data on a chip that is not your creation in the beginning.
So it's impossible to use your device without an internet connection simply due to the verification process?
Reading out any sort of constant identifier is as trivial to fake as the VID/PID. And adding any sort of cryptographic verification would likely require a very significant area overhead.
-
Confirmed. FT245RL is attacked by the new driver too.
Thanks, good to know.
So it's impossible to use your device without an internet connection simply due to the verification process?
Yeah I know not preferred but still better than messing up another manufacturers device.
Reading out any sort of constant identifier is as trivial to fake as the VID/PID.
Not necessarily. A first thought and suggestion could be to have a (rather large) formatted identifier concatenated with a serial number and with a cryptographic hash (aka Message Authentication Code or short MAC) over this total string attached.
The manufacturer can check online the identifier with the MAC and keep a blacklist of copied identifiers.
So yeah the cloners could clone some devices but they would be fast detected (lot of hits in short period of time) and blacklisted. The cloners would not be able to generate their own serialnumbers and MAC unless they have used a weak cipher or too short key to generate the MAC.
And adding any sort of cryptographic verification would likely require a very significant area overhead.
see above the chip just stores the identifier and MAC and does not have to do anything it self.
The easiest hack would be to attack the driver but there is where MS steps in with its updating service and if the cloners are able to hack a driver why would they not hack the current driver to work with their devices and that problem would also be solved.
In any case the biggest problem for FTDI is that they have done nothing to prevent cloning of their devices and now they are pulling bad tricks out of their hats to try to do something. But these things have to be thought of from the start of the design of the device and not afterwards.
-
So it's impossible to use your device without an internet connection simply due to the verification process?
Yeah I know not preferred but still better than messing up another manufacturers device.
That's basically an instant deal-breaker for me if it requires internet-based authentication inside the driver every time the device is connected. It's right up there next to Adobe Creative Cloud (did you hear about their activation servers going down, preventing whole companies from getting work done with no recourse and no compensation for the downtime?). It makes it impossible to use the device without a reliable internet connection. It's a huge reliability issue because now it requires your authentication severs to be accessible. What if the server goes down or you go out of business in so many years and shut the sever down? It also allows the equivalent of remote bricking. What if something gets stuck in a reboot loop or a flakey cable causes a large number of requests, triggering a false positive in your system and denies an authentication? What if the intent is to use the device inside a non-internet connected (e.g. airgapped) network? Far too much risk for me, personally.
Are you not familiar with what happened with the latest Sim City game? It's basically a single-player game, but the software is written in such a way that you must be continuously connected to a server (a la a massively multiplayer game) otherwise it doesn't work. The intent was to prevent piracy, but it was not long at all before people figured out how to patch the game so that it could run without contacting the sever. And it ended up doing little to prevent piracy while also generating a lot of bad press and driving away a large number of users.
-
There exists an open source implementation for FTDI devices using libusb. You could theoretically adapt this driver quite easily to run on Windows. With a little financial help, you could even have this driver signed. This altogether could leave you with a generally useful open source driver that will not brick or block any compatible devices, and will work as a drop-in replacement. That is pretty much within arm's reach.
-
Ok how about the bus lane analogy.
Bus company builds bus lanes and busses to run on them.
The bus lanes were being used by lots of other vehicles.
Bus company installs (without telling anyone) control devices: http://en.wikipedia.org/wiki/Sump_buster (http://en.wikipedia.org/wiki/Sump_buster)
Hilarity ensues as they didn't provide enough warning signs.
Except in this case FTDI didn't irreversibly damage the problem devices. Its FTDI's software driver, if some other product decides it wants to use the driver without co-ordinating or licensing with FTDI then they have no control over what will happen to their device. FTDI didn't publish or offer their interface for free, there is no standard involved, they can do what they like when a device identifies to use their software.
I'm struggling to see if there is a consensus of option. Is it wrong for FTDI to intentionally break clones? I'm not interested in legality, I'm interested in people's opinions on ethics.
This bus lane analogy suggests that FTDI should be able to intentionally break clones provided that they let people know that this is what they are doing. Is that fair enough?
I like analogies, so here's my contribution:
I once went to a wrist watch shop to have a counterfeit watch repaired. Upon inspecting the watch, the shop keeper declared that "normally" he would have to cease and destroy such a counterfeit product, but that he would let me off this time. I didn't say anything at the time but I was certain he was wrong. No individual or company should have the right to destroy other people's possessions simply because the possession imitates something else. Only the legal authorities should be able to do this and only when the possession is intended for criminal activity; I only had one counterfeit watch, I had no intention of selling it, and so no one should be able to take it away from me.
-
Confirmed. FT245RL (USB to Parallel Port) is attacked by the new driver too. You can now add FT245 to the Topic title. I'm attaching the USB transactions and the part were it's trying to do exactly the same as with the FT232RL. No surprise for me, beeing that FTDI used exactly the same die for the FT232RL and their behaviour is 99% similar. Just a couple of things more here and less there in the firmware, and a FT232RL can be easily converted to a FT245RL and viceversa (that was the same thing the counterfeiters must thought too).
The FT245RL also has bcdDevice = 0x600, so this is no surprise. The driver attacks all devices with bcdDevice == 0x6xx that have a valid EEPROM checksum. In fact, I don't even think you can tell those two chips apart - at least the Linux driver considers them the same.
-
Ok how about the bus lane analogy.
Bus company builds bus lanes and busses to run on them.
The bus lanes were being used by lots of other vehicles.
Bus company installs (without telling anyone) control devices: http://en.wikipedia.org/wiki/Sump_buster (http://en.wikipedia.org/wiki/Sump_buster)
Hilarity ensues as they didn't provide enough warning signs.
Except in this case FTDI didn't irreversibly damage the problem devices. Its FTDI's software driver, if some other product decides it wants to use the driver without co-ordinating or licensing with FTDI then they have no control over what will happen to their device. FTDI didn't publish or offer their interface for free, there is no standard involved, they can do what they like when a device identifies to use their software.
I'm struggling to see if there is a consensus of option. Is it wrong for FTDI to intentionally break clones? I'm not interested in legality, I'm interested in people's opinions on ethics.
This bus lane analogy suggests that FTDI should be able to intentionally break clones provided that they let people know that this is what they are doing. Is that fair enough?
I like analogies, so here's my contribution:
I once went to a wrist watch shop to have a counterfeit watch repaired. Upon inspecting the watch, the shop keeper declared that "normally" he would have to cease and destroy such a counterfeit product, but that he would let me off this time. I didn't say anything at the time but I was certain he was wrong. No individual or company should have the right to destroy other people's possessions simply because the possession imitates something else. Only the legal authorities should be able to do this and only when the possession is intended for criminal activity; I only had one counterfeit watch, I had no intention of selling it, and so no one should be able to take it away from me.
Well, there is a difference between a clone and a counterfeit. A clone is not advertised as being an FTDI chip, only FTDI compatible. It speaks the same protocol and necessarily has the same VID and PID (they are an aspect of the protocol) but it is not physically marked as an FTDI chip. A counterfeit is a clone that has been re-marked as an FTDI chip. It is not legal for them to intentionally brick clones. It is also likely not legal for them to brick counterfeits. And since it is not possible for the software to make a determination between clone and counterfeit because it cannot read the package marking.
As for wrong, yes, I personally think it is wrong. It also makes their software less reliable because it is possible that it will kill a legitimate chip. The commands the driver send the chip serve no purpose other than to try to brick it if it is a cloned chip. However, they can also brick legitimate FTDI chips (non-FT232RL). So if a real FTDI chip is misidentified for some reason (e.g. interference changes the chip ID as read by the driver), it is possible that the driver will disable it by mistake. It only has to happen once to cause a major problem since the change is written to nonvolatile memory.
-
So FTDI could just have used their knowledge to detect the counterfeit in their driver and restore it to the original counterfeit configuration right before disallowing the use of their drivers without giving feedback on why it wouldn't work.
That would have trumped the clones and wouldn't have attracted as much attention to them as the path they decided to follow. Right/Wrong, my gut feeling is they are in the right to prevent other manufacturers to cash in, into their efforts by allowing their software to work with competing products. Bricking those devices, well that's unfortunate.
I remember software for the original IBM PC that will only run on original IBM BIOS and this was in the 80s. It was Paint I think. People will purchase the software just to discover that it wouldn't run on their clones. I know this because someone that I knew bought that piece of software and I went with the DOS debug to see what it was going on and changed the fail assembler instruction to do the opposite compare so that he could use the program and it would only run on clones :)
-
Except in this case FTDI didn't irreversibly damage the problem devices. Its FTDI's software driver, if some other product decides it wants to use the driver without co-ordinating or licensing with FTDI then they have no control over what will happen to their device. FTDI didn't publish or offer their interface for free, there is no standard involved, they can do what they like when a device identifies to use their software.
A lot of people are using the "but it's FTDI's driver" argument. This is nonsense. Computer malware is the "the malware author's software" too, and sometimes even comes with an EULA that claims to allow them to do whatever they want. Doesn't mean it isn't malware and isn't illegal. FTDI are not responsible for the unintentional side-effects of their software on products that masquerade as their own, but the moment they explicitly target them with an intent to disable them, that defense flies out the window, both legally and morally. There is no legal and no moral right for FTDI to go vigilante on its users just because they own a counterfeit device (and that's assuming that all clones are counterfeits). Just because someone broke the law doesn't mean the law doesn't apply to you if you attack them. Just because someone did something immoral doesn't mean morality ceases to apply to your actions on them. If the world worked like this it and people/corporations were allowed to respond to evil with evil, it would be chaos.
-
Confirmed. FT245RL (USB to Parallel Port) is attacked by the new driver too. You can now add FT245 to the Topic title. I'm attaching the USB transactions and the part were it's trying to do exactly the same as with the FT232RL. No surprise for me, beeing that FTDI used exactly the same die for the FT232RL and their behaviour is 99% similar. Just a couple of things more here and less there in the firmware, and a FT232RL can be easily converted to a FT245RL and viceversa (that was the same thing the counterfeiters must thought too).
The FT245RL also has bcdDevice = 0x600, so this is no surprise. The driver attacks all devices with bcdDevice == 0x6xx that have a valid EEPROM checksum. In fact, I don't even think you can tell those two chips apart - at least the Linux driver considers them the same.
I think you meant 0x6001 and 0x600x. Sorry. I didn't read that you talked about bcdDevice, not PID. Yes. 6.00 (0x600) is the revision of this version. Still:
You can differentiate them by reading a couple of EEPROM bytes. That's how FTProg does it. I know this chips upside down.
-
I'm not saying that what FTDI did was completely right... but there would have been absolutely no problem for anybody if the "fake" chip designer had simply advertised and sold their own WunHungLo USB-UART Bridge which is completely compatible with the FT232RL, labelled and sold under their own brand.
If you advertise your own Brand X product, and make it completely compatible with the FT232RL, nobody will have a problem with it. FTDI won't have a problem with it, and if you offer the same functionality at a cheaper price I'm sure lots of customers will buy it.
It's the same as the "fake" Arduino boards, to name another common example of a Chinese cottage industry. If you say we are Brand X, we're selling Brand X AVR dev boards, completely Arduino Uno compatible, but ours are half the price, then lots of people will still happily buy them. They're not "fake" or "counterfeit", the product is still exactly the same product at the same price, without the controversy.
But they don't do that - they have to be dishonest about it, and label/market the chip as being an actual FTDI FT232RL, or whatever, and that's where people understandably start getting annoyed.
The test writes to EEPROM on non-genuine chips which would eventually wear them out and really brick them.
But surely you only have to run the test (testing an EEPROM write, the same way the FTDI driver code does it) once. You don't need to run it thousands and thousands of times and wear out the EEPROM.
-
The ethical part is clear if you push the FTDI logic to the extreme. If someone robbed FTDI at gun point and in the open day light of their real chips, and resold these chips. If FTDI later found a way to identify these chips, there are a lot of correct ways to identify the someone who did the damage. NO, FTDI went after the END USERS. "FTDI supporters" follow-on logic on pushing the blame and the responsibilities to the end users is even worse, and pain childish.
Cloning is legal and ethical in a free exonomy. They can break their driver to stop working with clone. But they cannot break the clone to stop working with their driver.
They were not going after counterfriets, they went after the clones, and broke them intentionally. REAL people here must know the difference between "Read" and "Write".
-
So FTDI could just have used their knowledge to detect the counterfeit in their driver and restore it to the original counterfeit configuration right before disallowing the use of their drivers without giving feedback on why it wouldn't work.
Thats almost what they did, in so far as they only changed a small part of the clone devices configuration and didnt blank the whole thing (which would have been evil).
There is an interesting difference between the open source linux drivers where no one cares who supplied/manufacturers/programs the device, and the windows driver which is the effort and property of FTDI where they do care if other products are using their work. Just because there is an open source implementation of a driver doesn't mean FTDI have to let anyone use theirs. If a user complains that they can use a clone device fine on linux but it is attacked by a windows driver, then use your choice and don't use the windows driver which is incompatible with your device.
-
Confirmed. FT245RL (USB to Parallel Port) is attacked by the new driver too. You can now add FT245 to the Topic title. I'm attaching the USB transactions and the part were it's trying to do exactly the same as with the FT232RL. No surprise for me, beeing that FTDI used exactly the same die for the FT232RL and their behaviour is 99% similar. Just a couple of things more here and less there in the firmware, and a FT232RL can be easily converted to a FT245RL and viceversa (that was the same thing the counterfeiters must thought too).
The FT245RL also has bcdDevice = 0x600, so this is no surprise. The driver attacks all devices with bcdDevice == 0x6xx that have a valid EEPROM checksum. In fact, I don't even think you can tell those two chips apart - at least the Linux driver considers them the same.
I think you meant 0x6001 and 0x600x. Sorry. I didn't read that you talked about bcdDevice, not PID. Yes. 6.00 (0x600) is the revision of this version. Still:
You can differentiate them by reading a couple of EEPROM bytes. That's how FTProg does it. I know this chips upside down.
For FT232RL, first two bytes of EEPROM are: 0x03, 0x04
For FT245RL, first two bytes of EEPROM are: 0x01, 0x40
I wonder if, for example, modifying a little your .py code, what would happen if you rewrite a FT232 with the ID word of a FT245 and viceversa. FTProg doesn't allow to write that addresses, of course. But what if FTDI only use one program to rule them both and that EEPROM word decide it all? Could we expect the device to change behaviours? Who knows...
-
yep it worked for me. simple. *thumbsup*
5 seconds and my cable was back up and running again.
go to device manager click update driver and browse to the files in your zip, do the same for the virtual comport driver.
https://onedrive.live.com/redir?resid=86EF72597602DD78!271164&authkey=!AIWwL-755E4FbwU&ithint=file%2czip
-
yep it worked for me. simple. *thumbsup*
5 seconds and my cable was back up and running again.
go to device manager click update driver and browse to the files in your zip, do the same for the virtual comport driver.
https://onedrive.live.com/redir?resid=86EF72597602DD78!271164&authkey=!AIWwL-755E4FbwU&ithint=file%2czip
-
oh I should mention that zip is just a re-signed windows7/8.0/8.1 driver that has PID 0000 in the inf file. simple workaround.. bet FTDI didn't see that one coming.
-
oh I should mention that zip is just a re-signed windows7/8.0/8.1 driver that has PID 0000 in the inf file. simple workaround.. bet FTDI didn't see that one coming.
I've done that a couple of weeks ago. I think it could be good to even change the driver version line with a bigger one in the .inf files. It may discourage OS to update with undesirable new versions
-
oh I should mention that zip is just a re-signed windows7/8.0/8.1 driver that has PID 0000 in the inf file. simple workaround.. bet FTDI didn't see that one coming.
I've done that a couple of weeks ago. I think it could be good to even change the driver version line with a bigger one in the .inf files. It may discourage OS to update with undesirable new versions
Unless I'm mistaken the problem with that approach is that the driver is going to rewrite the PID over and over again.
Depending of the quality of the EEPROM it may wear it out and break the EEPROM in the longterm.
-
Except in this case FTDI didn't irreversibly damage the problem devices. Its FTDI's software driver, if some other product decides it wants to use the driver without co-ordinating or licensing with FTDI then they have no control over what will happen to their device. FTDI didn't publish or offer their interface for free, there is no standard involved, they can do what they like when a device identifies to use their software.
A lot of people are using the "but it's FTDI's driver" argument. This is nonsense. Computer malware is the "the malware author's software" too, and sometimes even comes with an EULA that claims to allow them to do whatever they want. Doesn't mean it isn't malware and isn't illegal. FTDI are not responsible for the unintentional side-effects of their software on products that masquerade as their own, but the moment they explicitly target them with an intent to disable them, that defense flies out the window, both legally and morally. There is no legal and no moral right for FTDI to go vigilante on its users just because they own a counterfeit device (and that's assuming that all clones are counterfeits). Just because someone broke the law doesn't mean the law doesn't apply to you if you attack them. Just because someone did something immoral doesn't mean morality ceases to apply to your actions on them. If the world worked like this it and people/corporations were allowed to respond to evil with evil, it would be chaos.
The clone devices presented themselves with the PID/VID to use the driver, they didnt break the law by doing that alone. But they chose to connect to the FTDI driver on windows systems where they have no contract or law protecting them or ensuring any level of protection/service/support. Pushing the clone device off the PID/VID combination seems like a soft way to address the issue as it hasn't destroyed or damaged anything.
-
Is it wrong for FTDI to intentionally break clones? I'm not interested in legality, I'm interested in people's opinions on ethics.
Wrong question. The question should be is it wrong for FTDI to detect clones and prevent unlicensed use of their driver.
Under windows there are no other drivers so the only reason your clone ever worked was because you were illegally using FTDI drivers.
-
So FTDI could just have used their knowledge to detect the counterfeit in their driver and restore it to the original counterfeit configuration right before disallowing the use of their drivers without giving feedback on why it wouldn't work.
Because it would wear out the clone EEPROM and really brick it eventually.
-
oh I should mention that zip is just a re-signed windows7/8.0/8.1 driver that has PID 0000 in the inf file. simple workaround.. bet FTDI didn't see that one coming.
I've done that a couple of weeks ago. I think it could be good to even change the driver version line with a bigger one in the .inf files. It may discourage OS to update with undesirable new versions
Unless I'm mistaken the problem with that approach is that the driver is going to rewrite the PID over and over again.
Depending of the quality of the EEPROM it may wear it out and break the EEPROM in the longterm.
It could even be worst. Counterfeiters may've used uC ROM Flash to emulate the original EEPROM and save some cents. That could turn down the number of writes to only ~1k. against ~1m-10m writes for an EEPROM.
This could be seen in the decapping images. If an EEPROM is present in the counterfeit chip or not.
-
Is it wrong for FTDI to intentionally break clones? I'm not interested in legality, I'm interested in people's opinions on ethics.
Wrong question. The question should be is it wrong for FTDI to detect clones and prevent unlicensed use of their driver.
Under windows there are no other drivers so the only reason your clone ever worked was because you were illegally using FTDI drivers.
Yes, the only dodgy bit of all of this is the windows update system pushing out the driver without users having to see/read/agree to the licence.
-
If you advertise your own Brand X product, and make it completely compatible with the FT232RL, nobody will have a problem with it. FTDI won't have a problem with it,
Yes they will because it will request FTDI drivers to be loaded and they belong to FTDI and are only licensed for use with genuine FTDI products
The test writes to EEPROM on non-genuine chips which would eventually wear them out and really brick them.
But surely you only have to run the test (testing an EEPROM write, the same way the FTDI driver code does it) once. You don't need to run it thousands and thousands of times and wear out the EEPROM.
The test would be done every time the driver loads, every device plug in and power up. How is FTDI (or anyone else for that matter) supposed to know the EEPROM endurance of an unknown clone chip from an unknown source?
-
The test would be done every time the driver loads, every device plug in and power up. How is FTDI (or anyone else for that matter) supposed to know the EEPROM endurance of an unknown clone chip from an unknown source?
It would have been much cleaner to do that, including risking wearing the EEPROM out, AND showing a message informing the user of what is happening, rather than bricking the clone.
A message like this would be fine : "Warning : you are using a counterfeit chip not manufactured by FTDI with FTDI driver. The device will not start. Continuing using this peripheral with this driver might damage it.".
-
Looking at http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal) images, i'm not seeing any EEPROM at all in the counterfeit chip. This might mean that they're really using ROM to emulate the original EEPROM. That would surely cut down the number of times of writings before that zone of memory starts to fail.
-
A message like this would be fine : "Warning : you are using a counterfeit chip not manufactured by FTDI with FTDI driver. The device will not start. Continuing using this peripheral with this driver might damage it.".
As I understand it there is no facility for drivers to show any kind of message under windows. An error code in the event logs and device manager is probably as much as they could do.
-
A message like this would be fine : "Warning : you are using a counterfeit chip not manufactured by FTDI with FTDI driver. The device will not start. Continuing using this peripheral with this driver might damage it.".
As I understand it there is no facility for drivers to show any kind of message under windows. An error code in the event logs and device manager is probably as much as they could do.
?? FTDI relies on a DLL file for it's driver. They can surely show a popup or whatever they want. A .dll can execute any code it wants to. I'm not seeing any limitation there. I've showned popups in the past writing my own .dlls. without needing nothing more than a OS .dll function call.
-
Yes they will because it will request FTDI drivers to be loaded and they belong to FTDI and are only licensed for use with genuine FTDI products
Devices don't request anything, you are making things up. It's the OS (Microsoft) and the driver (FTDI) that decide what to do with a given device.
-
the clone detector tool that I linked before relied on a patched libftdi (which I hacked up when this saga started and then forgot about...)
*THANKS* I was sure I was doing something wrong. :)
Now to locate the devices I suspect of having FTDI chips in them...
-
big lawyer buffett.
Interesting idea. How do they taste?
Like week old briefs
-
Yes they will because it will request FTDI drivers to be loaded and they belong to FTDI and are only licensed for use with genuine FTDI products
Devices don't request anything, you are making things up. It's the OS (Microsoft) and the driver (FTDI) that decide what to do with a given device.
FFS the device provides the VID and PID which tells the OS what drivers it needs.
-
Yes they will because it will request FTDI drivers to be loaded and they belong to FTDI and are only licensed for use with genuine FTDI products
Devices don't request anything, you are making things up. It's the OS (Microsoft) and the driver (FTDI) that decide what to do with a given device.
FFS the device provides the VID and PID which tells the OS what drivers it needs.
But isn't the provide verb just in the opossite side of the request verb in terms of client-server communications?
The main difference is that, really, the device isn't in position of ask (request) for nothing. The Host (PC in this case) is the one deciding the whole thing. Even if the device provides a specific VID/PID, the Host can simply deny loading the driver, load an alternative one or open a new instance of Paint app.
First rule of USB communications: ALL REQUESTS ARE INITIATED BY THE HOST. Once you deeply understand the true meaning of that law, you may start programming USB related stuff.
-
And as i said a couple of posts before, english isn't my native tongue, so my words may sound harder than what i really meant to. So, excuse me, please, about not always beeing able to choose the best words for what i want to say...
-
FFS the device provides the VID and PID which tells the OS what drivers it needs.
Well, if the FTDI's driver falsely represents to the OS that it can handle that devices but in reality it is not licensed to do so it's FTDI fault. The device is passive, it does not perform driver selection.
-
The test would be done every time the driver loads, every device plug in and power up. How is FTDI (or anyone else for that matter) supposed to know the EEPROM endurance of an unknown clone chip from an unknown source?
It's not our job to solve FTDI chip authentication issues. It's up to them to do it in a non destructive way or not do it at all.
-
But isn't the provide verb just in the opossite side of the request verb in terms of client-server communications?
The main difference is that, really, the device isn't in position of ask (request) for nothing. The Host (PC in this case) is the one deciding the whole thing. Even if the device provides a specific VID/PID, the Host can simply deny loading the driver, load an alternative one or open a new instance of Paint app.
First rule of USB communications: ALL REQUESTS ARE INITIATED BY THE HOST. Once you deeply understand the true meaning of that law, you may start programming USB related stuff.
I don't see the "deeper philosophical relevance" of what you're saying. It is true that in the lower layers of communication, the host always initiates contact, but this is really no different than an SPI master vs an SPI slave. All this means is that the USB device can't modify system memory on the host. (Firewire, I'm looking in your direction.) However, there's still a norm for what the OS should do when it finds a device with a certain VID and PID, and it's usually not launching MS Paint. You could also likewise say that the host isn't in a position to request anything from the device. The device may choose to randomize its VID/PID on each startup, ignore any USB commands, and disconnect, erase its memories, blink a LED or catch fire.
-
FFS the device provides the VID and PID which tells the OS what drivers it needs.
Well, if the FTDI's driver falsely represents to the OS that it can handle that devices but in reality it is not licensed to do so it's FTDI fault. The device is passive, it does not perform driver selection.
The FTDI driver reports through its INF file which devices it supports based on the PID/VID combination. If the device falsely represents a VID, it has broken its part of the contract and is not a USB device but an almost-sorta-kinda-USB device, and it's up to the host what it wants to do on its side.
-
The FTDI driver reports through its INF file which devices it supports based on the PID/VID combination. If the device falsely represents a VID, it has broken its part of the contract and is not a USB device but an almost-sorta-kinda-USB device, and it's up to the host what it wants to do on its side.
That's correct, the host can decide what to do on its side, e.g. ignoring the device, but in the FTDI case it does it on the device's side, intentionally modifying it so other drivers and OS's will not recognize it. No surprise Microsoft slapped them. Any serious OS vendor would do the same.
-
Documents telling the origin can be forged BTW. So even in an ISO9001 supply chain you never can be 100% sure. In the heavily controlled food industry they manage to mix in cheap horse meat with beef which ends up at Ikea. And trust me: ISO9001 is a complete joke compared to the quality control systems they have to use in the food industry.
Could not have put it better myself - working for an ISO9001 company, the base guidelines are actually not much, your local grocery store could declare themselves ISO9001 without having to change anything in how they work, just write down how they do stuff in a "quality manual". And yes forgery is rife, I came across a company in my time in quality that had an ISO9001 certificate that lasts 10 years, errrrrr, you have to be checked and re-certified every 3 years at most, that's the ISO9001 rule! We just have the audit every year but I think every 3 it's a bit bigger.
Our system is actually over ISO9001 but not good enough to be TS2
-
The FTDI driver reports through its INF file which devices it supports based on the PID/VID combination. If the device falsely represents a VID, it has broken its part of the contract and is not a USB device but an almost-sorta-kinda-USB device, and it's up to the host what it wants to do on its side.
That's correct, the host can decide what to do on its side, e.g. ignoring the device, but in the FTDI case it does it on the device's side, intentionally modifying it so other drivers and OS's will not recognize it.
Yes, but the question here was about driver selection based on what the device and your point about "[whether] it can handle that devices but in reality it is not licensed to" and so on. Yes, from a moral point of view, it's evil, but from a strict USB protocol point of view, nothing wrong was done by the driver. It attaches to a device that has given its permission to do so, and then it edits EEPROM values. A genuine FTDI chip could also be bricked in a similar way (manually by the user) by setting the VID/PID to anything that doesn't load the driver.
No surprise Microsoft slapped them. Any serious OS vendor would do the same.
Did they? As far as I gathered, FTDI backed down voluntarily due to concerns from their customers. Is there any evidence Microsoft had any part in their decision?
-
Microsoft would care about stuff that hurts them and it hurts when it looks like the OS is damaging a device, sneaky of FTDI to abuse the system like this for a seek and destroy mission effectively or at least that was their hope.
-
Would, maybe, but is there any evidence they did in this instance?
-
What has not been asked yet is what other changes were there made to the new driver, or was the sole change the bricking code ? if yes them FDTI can't say it was just a random side effect, they made the driver to kill, that was their intention.
-
What has not been asked yet is what other changes were there made to the new driver, or was the sole change the bricking code ? if yes them FDTI can't say it was just a random side effect, they made the driver to kill, that was their intention.
Maybe (as spoken by a lawyer) the intention was to use it simply as a check. Maybe the code could for setting the PID in volatile memory in clone A, whereas clone B also saved the PID to non-volatile memory. The driver would then write and then read back the value to detect clone A. FTDI were then only aware of clone A and could not anticipate the side effects in clone B. Of course, this is another hypothetical, as FTDI has pretty much admitted what they are doing in public already.
-
Now that they appear to have realised the error of their ways, maybe the "I'll never use FTDI again" brigade should consider this :
Company F screws up, realises it and fixes it.
Company S hasn't (yet) screwed up.
Which of the two is more likely to do something stupid like this in the future?
"That guy's error cost me $x000"
"Why didn't you fire him"
"Why should I do that, I just spent $X000 training him..."
No, no, no. This wasn't a mistake. This was an unbelievably unethical decision deliberately made. There is a difference. I will still avoid FTDI Chips henceforth. Fool me once, shame on you. Fool me twice, shame on me.
Cypress Semi has a pin-compatible replacement. I've got a few on order already to test.
You would get my eternal gratitude if you let me know the part humber and how it goes with those tests.
For me atleast ther motives are clear they eather want to brick the copys or make them not work at all with ther drivers so i got alot of work cut out for me just replasing some of these chips to make them "Windows safe"...
I did buy a few cheap products from china and i did not think in a milion years that FTDI would do anything remotely as drastic as screwing me over this hard with spomething like this.
Iwe always trusted that anything "FTDI compatible" would be something i could trust and would work without any hassle... but now i'm even starting to get paranoid with my old usb->rs232 cables iwe had for years.
I mean even the local products that iwe bought over the years from very reputable sellers have not garantee they are the genuine chips in them... i just got a ton of headakes i did not need... i mean there is no way i can check if it's genuine chip or not... some of these consumer products eather are molded in plastic (like the usb->rs232 cables) so you cant read the part number or you void the warranty if you open them... and if you ask the seller they will 99% of the times say "Sure it's FTDI! it says something about FTDI here on the box.. look for yourself!"
I cant trust a product mentioning "ftdi" since there is most of the time no way for me to be sure if it's genuine or not and playing russian roulette is not my thing.
-
I rewrote it to use libusb and made it a lot more useful.
[...]
Tested on both real devices (where it refuses to do anything) and on clones (where all of the above works; I tested it against FTDI's driver too).
Hmmm... It requires root permission (so sudo) and then I get some unexpected results.
Firstly on an "Arduino Nano V3.0" labelled "Made in China". It passes. The index mark on the chip appears like a good one.
Secondly on an older PIC programmer, an FTDI device is identified by the OS (lsusb shows it) but ftdi_clone_tool says "No devices found"
lsusb says:
Bus 002 Device 011: ID 0403:6001 Future Technology Devices International, Ltd FT232 USB-Serial (UART) IC
The chip is a 32 pin LQFP package labelled FTDI/FL232BL/729-1. The last line that I'm assuming to be the date code does not seem to be in the XXYY format specified in the datasheet (http://www.ftdichip.com/Support/Documents/DataSheets/ICs/DS_FT232BL_BQ.pdf (http://www.ftdichip.com/Support/Documents/DataSheets/ICs/DS_FT232BL_BQ.pdf)), and appears larger than is indicated therein.
The only ID on the programmer is www.nbglin.com (http://www.nbglin.com) (and the device looks exactly like this one http://www.nbglin.com/cpjs/dpj39.htm (http://www.nbglin.com/cpjs/dpj39.htm)). I assume it's a copy of something.
I'm shocked that the only two cheap Chinese products I can find that contain this chip appear to use non-fake chips. ???
Although I'm curious as to why the latter device is not detected. Do you have any suggestions? (EDIT: The device version returned is "04.00")
-
up until not long ago when i had to get a serial to USB converter for work I did not realize FTDI was an actual company, I thought it was the name of the generic type of chip (and was trying to work out what FTDI stands for), so stupidly when I realized from farnell listings that FTDI is the manufacturer and others are available I thought well if we keep calling them all "FTDI cables" etc it must be because they are the best......
Never again will i make such a mistake, I should have checked prices on other brands and probably would have but it being for work and me not giving very much of a rats arse what the cost was as I don't like hassle at work.
-
I'm struggling to see if there is a consensus of option. Is it wrong for FTDI to intentionally break clones? I'm not interested in legality, I'm interested in people's opinions on ethics.
Seriously? where have you been the last few days - the whole shitstorm has been a reaction to FTDI breaking people's stuff. 500+comments on Hackahay & Slashdot, almost all of the opinion that breaking people's stuff is going too far.
I like analogies, so here's my contribution:
I once went to a wrist watch shop to have a counterfeit watch repaired. Upon inspecting the watch, the shop keeper declared that "normally" he would have to cease and destroy such a counterfeit product, but that he would let me off this time. I didn't say anything at the time but I was certain he was wrong. No individual or company should have the right to destroy other people's possessions simply because the possession imitates something else. Only the legal authorities should be able to do this and only when the possession is intended for criminal activity; I only had one counterfeit watch, I had no intention of selling it, and so no one should be able to take it away from me.
If they'd destroyed it, then in most jurisdictions it would have been criminal damage and you could have sued them for your losses. There may be some places where there is specific legislation allowing it, but generally speaking, owning a fake item is perfectly legal, so destroying it would be illegal. Even if they have a big sign saying they will destroy fakes, in general you can't override law with terms and conditions.
-
I have a bloke locally that repairs GHD hair straighteners. He has a website that clearly shows what fakes look like and will not repair fakes on safety grounds. If you send them to him he returns them at cost.
-
OK, FTDI is basically saying I have to do my due diligence and make sure I use genuine hardware.
Lets say (for arguments sake) I have 100% solid undeniable proof I got the genuine chips.
In order to make these chips work I need drivers, in this case I want the V2.12.00 drivers.
Obviously I want to be sure sure I get the genuine FTDI drivers. Otherwise my efforts could be wasted and still have disgruntled users of my product.
First of all I need a reliable source for the drivers. It seems to be www.ftdichip.com (http://www.ftdichip.com) is the place to go.
Obviously I need to check if this domain is actually owned by FTDI. So I start checking the internet DNS root servers and gobble down the chain and end up with all the contact data of FTDI. Next I check with the chamber of commerce if that address really belongs to FTDI. Fortunately this checks out and I'm confident www.ftdichip.com (http://www.ftdichip.com) is the place to go for the genuine FTDI drivers.
Next I want to download the drivers and do my due dilligence because I want to make 100% sure the drivers are not compromised or tampered with.
First I noticed albeit port 443 of their website is open for requests it does not serve me any web-pages let alone it is encrypted with a certificate I can check.
Now I must assume the download of these drivers are using an unsafe transport mechanism and I must find another way that proofs the drivers are not tampered with in transport.
For this I check if ALL binaries are digitally signed with a code signing certificate. If this checks out with a full chain of trust I can still be confident about the drivers.
First of all I noticed the file "CDM v2.12.00 WHQL Certified.exe" (which claims to contain the drivers) are indeed signed with a code signing certificate owned by FTDI.
Weird thing is the website states the driver is released at 2014-09-29 while the code signing certificate on the "CDM v2.12.00 WHQL Certified.exe" is signed at 2014-10-22.
This is proof the "CDM v2.12.00 WHQL Certified.exe" is changed after it has been released and cannot be trusted.
It does not proof the the drivers contained in it are tampered with, but it does make me wonder if it still can be proven FTDI can account for the legitimacy of all the binaries for the drivers.
In order to do this I unzip the installer and make sure all the binaries have no chance of being tampered with without me knowing about it.
First fail I see now is that the binary "dp-chooser.exe" is not code signed. This leads me to conclude that this binary was not was not authorized for release by the person/department in charge.
This leaves me no choice other than deleting this offending binary as it cannot be trusted.
But luckily I still can work around this issue for some Windows operating systems by using the "dpinst-amd64.exe" or "dpinst-x86.exe" as they are properly code signed.
That is.... if all the other binaries these two installers are installing are code signed.
As it turns out all the binaries for 64 bit Windows operating systems are properly code signed. Hurray!!!! :-+
But my project also needs to be able to run on 32 bit Windows operating systems, so I better check them out as well.
OH NOOOOO!!!!!!! The binary "ftcserco.dll" has no code signing certificate on it. :palm:
In contrast, the binaries "dp-chooser.exe" and "ftcserco.dll" in the V2.10.00 driver download were code signed.
This leads me to conclude the V2.12.00 drivers on the FTDI website could be compromised/fake and therefore cannot be trusted.
Having said this, it raises the question where FTDI got the guts to force us to control the entire supply chain of their chips if they cannot even control their internal software development and release chain. :box:
-
It is interesting they signed the v2.12 driver package the day this thread got started. It means they already made some changes to it that day. Version 2.12 was already available before that date.
-
Version 2.12 was already available before that date.
Remember that there were two version 2.12's released.
-
It is interesting they signed the v2.12 driver package the day this thread got started. It means they already made some changes to it that day. Version 2.12 was already available before that date.
Looks like only 5 files we changed since the 2014-09-29 release.
26-10-2014 12:04 <DIR> .
26-10-2014 12:04 <DIR> ..
11-09-2014 09:11 <DIR> amd64
22-10-2014 13:01 83.456 dp-chooser.exe
22-10-2014 15:16 1.046.896 dpinst-amd64.exe
22-10-2014 15:16 921.456 dpinst-x86.exe
22-10-2014 13:01 19.875 dpinst.xml
09-09-2014 11:42 40.547 ftd2xx.h
10-09-2014 14:22 13.511 ftdibus.cat
09-09-2014 11:42 16.806 ftdibus.inf
10-09-2014 14:22 12.715 ftdiport.cat
09-09-2014 11:42 14.211 ftdiport.inf
11-09-2014 09:11 <DIR> i386
22-10-2014 13:01 9.143 licence.txt
11-09-2014 09:11 <DIR> Static
My educated guess would be this was done to have the user mandatory accept the license before installing the drivers.
Looks like that shows when the lawyers stepped in when they realized the users/victims were not warned and could have a valid claim against them.
-
Looks like only 5 files we changed since the 2014-09-29 release.
Might be useful also to look at the differences between the two 2.12.00 releases.
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg536122/#msg536122 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg536122/#msg536122)
-
FFS the device provides the VID and PID which tells the OS what drivers it needs.
Well, if the FTDI's driver falsely represents to the OS that it can handle that devices but in reality it is not licensed to do so it's FTDI fault. The device is passive, it does not perform driver selection.
When you plug in something which is not compliant with USB specifications anything can happen. It takes two to tango and trying to blame the compliant, tested, and certified half of the party when something goes wrong is ridiculous.
The test would be done every time the driver loads, every device plug in and power up. How is FTDI (or anyone else for that matter) supposed to know the EEPROM endurance of an unknown clone chip from an unknown source?
It's not our job to solve FTDI chip authentication issues. It's up to them to do it in a non destructive way or not do it at all.
They fixed the device PID to solve the problem which isn't destructive because as you claim the device is passive and does not perform driver selection - lol. It is your job to find drivers to work with your clone/fake.
-
They fixed the device PID to solve the problem which isn't destructive because as you claim the device is passive and does not perform driver selection - lol. It is your job to find drivers to work with your clone/fake.
Of course it's destructive. It used to work on Linux but not anymore.
Rufus, it's OK to sympathise with FTDI but you need to stick to the facts.
-
Is FTDI a listed company? Where if it is listed? Thanks.
-
ftdichip.com
-
They fixed the device PID to solve the problem which isn't destructive because as you claim the device is passive and does not perform driver selection - lol. It is your job to find drivers to work with your clone/fake.
Of course it's destructive. It used to work on Linux but not anymore.
They fixed the Linux drivers to make it work again so obviously the drivers were faulty - lol. You claim FTDI drivers must not assume VID/PID means anything yet claim changing the PID is destructive because Linux drivers make the same assumption.
The double standards and grasping at straws trying to make out FTDI is the bad guy going on here is ridiculous. Maybe you should direct some ire at the manufacturer of these faulty clones and fakes but you don't even know who they are do you.
-
They fixed the device PID to solve the problem which isn't destructive because as you claim the device is passive and does not perform driver selection - lol. It is your job to find drivers to work with your clone/fake.
Of course it's destructive. It used to work on Linux but not anymore.
Rufus, it's OK to sympathise with FTDI but you need to stick to the facts.
Just ignore. If it's up to Rufus he'd drop a nuke on Afganistan, Syria, Irak etc to get rid of every terrorist living there.
-
For all_repair:
Company Details
Name & Registered Office:
FUTURE TECHNOLOGY DEVICES INTERNATIONAL LIMITED
2 SEAWARD PLACE
CENTURION BUSINESS PARK
GLASGOW
G41 1HH
Company No. SC136640
Status: Active
Date of Incorporation: 14/02/1992
Country of Origin: United Kingdom
Company Type: Private Limited Company
Nature of Business (SIC):
26110 - Manufacture of electronic components
Accounting Reference Date: 31/12
Last Accounts Made Up To: 31/12/2012 (GROUP)
Next Accounts Due: 30/09/2014 OVERDUE
Last Return Made Up To: 14/02/2014
Next Return Due: 14/03/2015
Mortgage: Number of charges: 1 ( 1 outstanding / 0 satisfied / 0 part satisfied )
Last Members List: 14/02/2014
Previous Names:
Date of change Previous Name
13/03/1992 CASECHANCE LIMITED
Data from the UK Companies House.
-
They fixed the device PID to solve the problem which isn't destructive because as you claim the device is passive and does not perform driver selection - lol. It is your job to find drivers to work with your clone/fake.
Of course it's destructive. It used to work on Linux but not anymore.
Rufus, it's OK to sympathise with FTDI but you need to stick to the facts.
Just ignore. If it's up to Rufus he'd drop a nuke on Afganistan, Syria, Irak etc to get rid of every terrorist living there.
I was wondering if we would see Godwin's law here, congrats on skipping Godwins and going straight to nuclear holocaust analogies.
-
They fixed the device PID to solve the problem which isn't destructive because as you claim the device is passive and does not perform driver selection - lol. It is your job to find drivers to work with your clone/fake.
Of course it's destructive. It used to work on Linux but not anymore.
Rufus, it's OK to sympathise with FTDI but you need to stick to the facts.
Just ignore. If it's up to Rufus he'd drop a nuke on Afganistan, Syria, Irak etc to get rid of every terrorist living there.
I was wondering if we would see Godwin's law here, congrats on skipping Godwins and going straight to nuclear holocaust analogies.
This has nothing to do with Godwin's law, so why bring it up? Godwin's law is not a fallacy, it is not actually meant to show that a discussion has reached a point of ridiculousness, it merely is about the mention of nazis.
No nazis mentioned here.
Do you perhaps in fact not understand that of which you speak?
-
This has nothing to do with Godwin's law, so why bring it up? Godwin's law is not a fallacy, it is not actually meant to show that a discussion has reached a point of ridiculousness, it merely is about the mention of nazis.
If you read the law very literally, yes. If you read between the lines, the point of Godwin's law is to say that all discussions on the internet will eventually derail into a cesspool of ridiculous and extreme arguments that have nothing to do with the original question. Making the law about Nazis in particular is why the law is memorable enough to be quoted today. If the law simply stated "all discussions will be derailed", you would never have heard of it.
Edit: Oh, and:There are many corollaries to Godwin's law, some considered more canonical (by being adopted by Godwin himself)[3] than others.[1] For example, there is a tradition in many newsgroups and other Internet discussion forums that once such a comparison is made, the thread is finished and whoever mentioned the Nazis has automatically lost whatever debate was in progress.[8] This principle is itself frequently referred to as Godwin's law. It is considered poor form to raise such a comparison arbitrarily with the motive of ending the thread.
With this use, saying that the opponent wants to bomb the Middle East is similar in nature to calling the opponent a Nazi.
Edit 2:
Just ignore. If it's up to Rufus he'd drop a nuke on Afganistan, Syria, Irak etc to get rid of every terrorist living there.
I was wondering if we would see Godwin's law here, congrats on skipping Godwins and going straight to nuclear holocaust analogies.
And while we're at it. The claim here is of skipping Godwin's law and going straight to something worse without passing go. No mentions of Nazis needed.
-
What a mind-blowingly ignorant thing to do. Suddenly the name FTDI has gone from hero to zero in one stupid move.
How long before ebay is full of cheap little inline USB dongles from China that you plug into a USB power supply, then plug your bricked product in and it fixes it by rewriting the address. Or perhaps acts as a buffer in a computers USB port to prevent FTDI's malware from bricking stuff.
I have absolutely no doubt that there are a lot of FTDI "compatible" devices in my collection of Chinese modules. Now I'm going to worry about whether FTDI have launched any new malware in windows updates. :palm:
-
The chip is a 32 pin LQFP package labelled FTDI/FL232BL/729-1.
Yeah, the tool is only for FT232RL chips (and FT245RL, which is a close relative). FT232BL is a different IC. Specifically, it looks for bcdDevice = 0x06xx. I don't know of any FT232BL counterfeits, and the tool won't detect FT232BL chips.
Whether it requires root or not depends on your distro and config. I grant myself full USB access (by being in the 'usb' group), so I don't need root. Some distros automagically grant the console user (users logged into a local console) full USB access.
-
They fixed the Linux drivers to make it work again so obviously the drivers were faulty - lol. You claim FTDI drivers must not assume VID/PID means anything yet claim changing the PID is destructive because Linux drivers make the same assumption.
It was not a 'fix', it was a workaround for FTDI's sabotage. Nothing was wrong with those Linux drivers in the first place.
-
According to the FT232RL datasheet they provide linux 2.4 drivers
-
Is FTDI a listed company? Where if it is listed? Thanks.
I think its privately held. I couldn't find a symbol for it. I curious to see what their revenue looks like in the next 6 mo to a year.
-
Is FTDI a listed company? Where if it is listed? Thanks.
I think its privately held. I couldn't find a symbol for it. I curious to see what their revenue looks like in the next 6 mo to a year.
At least you found the company - try finding the manufacturers of the faulty clones and fakes.
-
Is FTDI a listed company? Where if it is listed? Thanks.
I think its privately held. I couldn't find a symbol for it. I curious to see what their revenue looks like in the next 6 mo to a year.
At least you found the company - try finding the manufacturers of the faulty clones and fakes.
Sounds like FTDI think end users are the counterfeit manufacturers.
-
Is FTDI a listed company? Where if it is listed? Thanks.
I think its privately held. I couldn't find a symbol for it. I curious to see what their revenue looks like in the next 6 mo to a year.
You should be able to pull these numbers from the 'UK Companies House'. In the NL the revenue records for every company are public and must be published in time. I guess it's the same in the UK.
-
At least you found the company - try finding the manufacturers of the faulty clones and fakes.
Rufus, care to share if any relationship or financial interest in FTDI (vs. just being a user)?
BTW, the clones are 'faulty' because FTDI sabotaged them but you already know that.
-
Well, there is a difference between a clone and a counterfeit. A clone is not advertised as being an FTDI chip, only FTDI compatible. It speaks the same protocol and necessarily has the same VID and PID (they are an aspect of the protocol) but it is not physically marked as an FTDI chip. A counterfeit is a clone that has been re-marked as an FTDI chip. It is not legal for them to intentionally brick clones. It is also likely not legal for them to brick counterfeits
I'll would add one category :
- Clone (is also a counterfeit): chip copied 1:1 Infringes FTDI IP, but it's not legal for FTDI to brick it voluntarily.
- Counterfeit : compatible marked with FTDI logo ( infringes the logo only)
- Compatible : protocol wise compatible to FTDI. Legal to produce, sell, but against the EULA to use with the official windows driver (probably not illegal in most countries)
-
This has nothing to do with Godwin's law, so why bring it up? Godwin's law is not a fallacy, it is not actually meant to show that a discussion has reached a point of ridiculousness, it merely is about the mention of nazis.
If you read the law very literally, yes. If you read between the lines, the point of Godwin's law is to say that all discussions on the internet will eventually derail into a cesspool of ridiculous and extreme arguments that have nothing to do with the original question. Making the law about Nazis in particular is why the law is memorable enough to be quoted today. If the law simply stated "all discussions will be derailed", you would never have heard of it.
Edit: Oh, and:There are many corollaries to Godwin's law, some considered more canonical (by being adopted by Godwin himself)[3] than others.[1] For example, there is a tradition in many newsgroups and other Internet discussion forums that once such a comparison is made, the thread is finished and whoever mentioned the Nazis has automatically lost whatever debate was in progress.[8] This principle is itself frequently referred to as Godwin's law. It is considered poor form to raise such a comparison arbitrarily with the motive of ending the thread.
With this use, saying that the opponent wants to bomb the Middle East is similar in nature to calling the opponent a Nazi.
Edit 2:
Just ignore. If it's up to Rufus he'd drop a nuke on Afganistan, Syria, Irak etc to get rid of every terrorist living there.
I was wondering if we would see Godwin's law here, congrats on skipping Godwins and going straight to nuclear holocaust analogies.
And while we're at it. The claim here is of skipping Godwin's law and going straight to something worse without passing go. No mentions of Nazis needed.
Interesting that you choose to defend the troll. I will just point out that your interpretation of Godwins law is incorrect and so your points are moot. The law is about bringing the nazis into a discussion and making comparison to them, not about escalating the discussion or any different ridiculous comparisons. If you want to make a law that is about that, then go ahead, call it "nitro's law". But it's not Godwin's.
Saying that the above was 'skipping godwin's law' demonstrates that the person doesn't understand it. You do not get to the middle east via the nazis.
That's all I have to say on the matter, let's not derail any further if at all possible.
-
With my moderator hat on a bit wonky:
Could we leave godwin, nazis and pointless analogies alone. The situation seems to be pretty unto it's own and analogies are not serving us due to the simultaneous multiple aspects of the situation.
Thank you.
-
So, what exactly was the compelling reason to update this driver in the first place?
I just looked and apparently I'm still using version 2.08 and none of my devices have any problems working. I have always had driver updates turned off, along with all "optional" Windows updates. None of my Windows computers have had problems working in the the last several years that I'm aware of. The only security stuff I use is whatever is built in to Windows (because it's pretty light weight and non-intrusive), Ghostery, NoScript and a humongous hosts file for the web browser.
-
It would seem that the "update" was simply "deployment of the weapon" It would be intersting to hear from FDTI if the driver update was supposed to be anything else.
If i was MS I would ban them from their windows update. That will teach them.
-
At least you found the company - try finding the manufacturers of the faulty clones and fakes.
Rufus, care to share if any relationship or financial interest in FTDI (vs. just being a user)?
None at all. I have purchased a few of their USB to RS232/RS485/TLL serial cables and modules and was happy to pay a premium for known quality and support.
I do hate cheap Chinese shit because it drives quality manufactures out of business eventually leaving a market which only contains cheap Chinese shit. Even more galling in cases like this where it is cheaper because they are stealing support, reputation, and software from the very company they are killing.
-
At least you found the company - try finding the manufacturers of the faulty clones and fakes.
Rufus, care to share if any relationship or financial interest in FTDI (vs. just being a user)?
None at all. I have purchased a few of their USB to RS232/RS485/TLL serial cables and modules and was happy to pay a premium for known quality and support.
I do hate cheap Chinese shit because it drives quality manufactures out of business eventually leaving a market which only contains cheap Chinese shit. Even more galling in cases like this where it is cheaper because they are stealing support, reputation, and software from the very company they are killing.
I think this has been understood and appreciated throughout the discussion, the problem is that FTDI is not actually taking measures to stop counterfeiters and is taking it's pain out on innocent bystanders instead of enlisting their support in getting to the counterfeiters it's branding them along with the counterfeiters and doing them more harm. It spells money grabbing all over. I'm sure we would all like to have genuine chips and virtually no one wants a fake. Every time I query a price to my suppliers saying that others have it cheaper he always tells me that likely they are fake and he can't compete with that, my choice and mine is to buy genuine.
-
I can not trust FTDI and their drivers after this, but on windows we do not have alternatives at the moment.
The pre 2.12 drivers did not have an EULA or limitations as far as I know so in the mean time that looks like the stopgap until we get an alternative.
Sounds like a port of the linux driver to windows supporting all compatible devices would be a solution.
Then FTDI can keep their precious driver to give to their customers (to use if they dare), seems like pre 2.12 was the last FTDI driver version most aware users will ever install.
-
I do hate cheap Chinese shit because it drives quality manufactures out of business eventually leaving a market which only contains cheap Chinese shit. Even more galling in cases like this where it is cheaper because they are stealing support, reputation, and software from the very company they are killing.
Serial over USB is a commodity these days, just like keyboards, mice or flash drives over USB. Microsoft should recognize it and allow generic USB/Serial devices or MCU's with USB/Serial stack to have a no-drivers-out-of-the-box experience.
Currently Microsoft keeps FTDI in this monopolistic position and without it it is dead in the water. FTDI's competitive advantage is it relationship with Microsoft, not its technology or pricing.
-
If a hardware device is working to your satisfaction, there is little reason to update it's driver.
I'm still using the 2.08 version of the FTDI driver, it works fine. Just turn off device driver updates and carry on.
Microsoft is barely able to update Windows correctly, why would anyone want to trust them with more?
-
I think this has been understood and appreciated throughout the discussion, the problem is that FTDI is not actually taking measures to stop counterfeiters and is taking it's pain out on innocent bystanders instead of enlisting their support in getting to the counterfeiters it's branding them along with the counterfeiters and doing them more harm. It spells money grabbing all over.
Yes users of fakes/clones are taking some collateral damage - what do you think FTDI should have done about it - just let them keep on using their drivers? Would you expect Microsoft to let you keep on using a counterfeit copy of Windows or Office because you had been using it a while or didn't know it was counterfeit?
FTDI's driver action is going to hinder counterfeiters look at Sparkfun's response. They are going to double check anything they have doubts about and will be even more careful with their supply chain in the future. FTDI's drivers have identified a whole bunch of fakes which everyone in the chain from user to whoever the hell made them were either blissfully or wilfully unaware of.
I consider the claims of 'never going to use FTDI parts again' to be bluster and bullshit, an admission that they produce low quality shit that may contain fakes of unknown quality and origin and would like to carry on getting away with it. I'm sure the One Hung Los of the world don't like it - screw them.
-
I'd use anyone who made a "genuine" chip that is priced right and does what I want.
-
Currently Microsoft keeps FTDI in this monopolistic position and without it it is dead in the water. FTDI's competitive advantage is it relationship with Microsoft, not its technology or pricing.
Yeah, it's nothing to do with decades of writing and maintaining drivers that actually worked, while other manufacturers came, went, screwed up, disabled clones, and generally were a pain in the arse.
There is no FTDI monopoly, anyone is entirely welcome and able to register their own VID/PID, supply drivers and silicon, and off they go. There's inertia, but I don't think you could sanely call it a monopoly. Not least because Prolific exist, and have suffered exactly the same problems that FTDI are addressing.
You're aware that FTDI have a wide range of variously spiffy products, all with legit drivers? There have been alternatives to FTDI for years, but nobody's bothered, since the FTDI gear pretty much works. My gripe with FTDI, such as it is, is that they let other manufacturers hang on their VID/PID coat-tails for so long, we all took it for granted. (And bricking the devices, rather than some other way of forcing a USB-enumeration Bong-Bong-Bong noise and an error message, was a dick move).
-
And bricking the devices, rather than some other way of forcing a USB-enumeration Bong-Bong-Bong noise and an error message, was a dick move.
Quite, I'd not object to them not letting their driver work with fake parts but to willfully damage someone elses property is no good. Many of the devices are chips in their own right that could have a driver written for them, there was no need for this, to me it seems more like a decision taken after a bottle of scotch than a thought out business strategy.
-
There is no FTDI monopoly, anyone is entirely welcome and able to register their own VID/PID, supply drivers and silicon, and off they go.
You missed the point. A generic driver will not require registration of VID/PID, it will just work, because it is a USB/CDC device.
On my OSX box I can connect USB/CDC devices without having to register any VID/PID.
-
You missed the point. A generic driver will not require registration of VID/PID, it will just work, because it is a USB/CDC device.
So do that. No need to (charitably!) 'piggyback' on FTDI's drivers. There's a proper class for these things, use it.
On my OSX box I can connect USB/CDC devices without having to register any VID/PID.
Yay!
Remind me again what you're so incensed about? Is it that the knockoff silicon vendors chose to go the FTDI-clone route, rather than the CDC route?
(Note - I really don't mind at all if you don't remind me. This entire thing is a typical internet storm in a teacup, and I'll be happy when it becomes a footnote, just like the Prolific driver episode).
-
Yes users of fakes/clones are taking some collateral damage
Some collateral damage is a bit of an understatement here.
what do you think FTDI should have done about it - just let them keep on using their drivers?
Of course not, they should go after the bad guys just like Microsoft does when they spot a counterfeit copy of Windows or Office.
Would you expect Microsoft to let you keep on using a counterfeit copy of Windows or Office because you had been using it a while or didn't know it was counterfeit?
Glad to see we both seem to agree on Microsoft doing the right thing.
The only problem is that Microsoft seems to handle such cases a little bit different than FTDI.
- Microsoft publicly announces to hunt down the bad guys before they take action, whereas FTDI did the reverse at best.
- Microsoft gives the end-user a proper notification if they think a violation is detected, whereas FTDI does not do that.
- Microsoft gives the end-user a graceful period in order to sort things out, whereas FTDI does not do that.
- Microsoft actively hunts down the bad guys, whereas FTDI does not do that.
- Microsoft does not brick the end-users hardware, whereas FTDI chose to do just that.
- Microsoft assists the affected end-user by offering an easy way out, whereas FTDI does not do that.
@Rufus:
I know the last point I mentioned is next to impossible to implement by FTDI, but I would like to remind you that it was you who brought up this analogy.
Analogies are always flawed in some way, as Simon already pointed out.
-
The pre 2.12 drivers did not have an EULA or limitations as far as I know
They did but it was hidden in the .INF files - I had a look through a few old sets of drivers and the "only for use with FTDI parts" condiiton has been in there for quite a few years
-
Whichever way you slice this, the handling of the situation is a major corporate debacle on the order of the http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal (http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal)
It will possibly make Wikipedia's list of http://en.wikipedia.org/wiki/Category:Corporate_scandals (http://en.wikipedia.org/wiki/Category:Corporate_scandals)
Witness, OTOH, what happened with the Intel Pentium FDIV bug...
Though rarely encountered by average users (Byte magazine estimated that 1 in 9 billion floating point divides with random parameters would produce inaccurate results), both the flaw and Intel's initial handling of the matter were heavily criticized. Intel ultimately recalled the defective processors. http://en.wikipedia.org/wiki/Pentium_FDIV_bug (http://en.wikipedia.org/wiki/Pentium_FDIV_bug)
It cost Intel 100s of millions of $$$ to replace all those CPU chips, even though not one in a million of the users would ever be affected by the problem. Somehow I don't expect the same kind of response from FTDI.
-
The pre 2.12 drivers did not have an EULA or limitations as far as I know
They did but it was hidden in the .INF files - I had a look through a few old sets of drivers and the "only for use with FTDI parts" condiiton has been in there for quite a few years
So in other words the user did not hafto agree to the eula it was a silent install with no prompt at all?
I can hardly say that is proof of the users consent on the eula at all if thats the case.
-
But in practical terms, it is not about "consent" or even "notification". It is about FTDI's deliberate boorish and destructive behavior.
They are going to have to hustle if they want avoid this becoming a major negative stain on their corporate reputation.
Whether they were morally in the right or not.
-
In practical terms, OEMs already specifying FTDI chips into their products are likely to continue doing so, since their gear will continue to work fine, either because they have their own VID/PIDs and drivers, or because FTDI drivers have continued to work fine.
OEMs specifying (or allowing) knockoffs are likely to have a hard think - either stay as they were, move to a known vendor, whether that's FTDI or other (possibly going down the driverless CDC route), or some third option I can't think of at the moment. Maybe rip off FTDI's drivers, register a VID/PID (maybe orphaned, if they want it for free?) and deliver a driver / chip combo. Driver certification under modern Windows might be an issue? Those super-cheap 'how do they make it so cheap, and ship it for that?' widgets might cost an extra dollar.
The side effect of temporary (but severe) annoyance for some of the end purchasers of gear containing FTDI knockoffs - yeah, it's an annoyance, and seems to have been done hamfistedly. They're in no way FTDI customers, or probable future FTDI customers. There's a clear recovery route for the damaged hardware. Several, even, and more are likely (and scams based on them, no doubt - 'download FTDIfix.exe and run it as administrator, answer yes to all prompts'...).
However, from FTDI's point of view - isn't this a clear message? Buy legit chips, or stop using FTDI drivers and identification? It could surely have gone better, but I'm not seeing it as a calamity.
-
So in other words the user did not hafto agree to the eula it was a silent install with no prompt at all?
I can hardly say that is proof of the users consent on the eula at all if thats the case.
EULA is irrelevant up to a point, since local law trumps random legal droid vomit.
[x] I hereby agree to grant you the right to brutally murder me because I didn't properly read this sentence.
Nope, still illegal to brutally murder me. And likewise it's still illegal to cause property damages no matter what clever word permutation you crammed in the EULA.
-
On my OSX box I can connect USB/CDC devices without having to register any VID/PID.
Yay!
Remind me again what you're so incensed about? Is it that the knockoff silicon vendors chose to go the FTDI-clone route, rather than the CDC route?
(Note - I really don't mind at all if you don't remind me. This entire thing is a typical internet storm in a teacup, and I'll be happy when it becomes a footnote, just like the Prolific driver episode).
Still missing the point.
"For the Mac you simply need to report your device class correctly and the driver scan picks up the correct drivers. (Windows ignores the device class which is why you need to supply the .inf file)."
http://stackoverflow.com/questions/1176939/do-i-need-to-write-my-own-host-side-usb-driver-for-a-cdc-device (http://stackoverflow.com/questions/1176939/do-i-need-to-write-my-own-host-side-usb-driver-for-a-cdc-device)
Windows does not provide a generic USB/Serial no-driver-out-of-the-box experience as it does with keyboards, mice and flash disks. Having this capability will solve the FTDI cloning issue.
-
Windows does not provide a generic USB/Serial no-driver-out-of-the-box experience as it does with keyboards, mice and flash disks. Having this capability will solve the FTDI cloning issue.
Doesn't this still rely on on device manufacturers stopping pretending (via VID/PID) to be an FTDI chip? Hence actually spending money to register?
If they don't, they'll still get looked up as an FTDI part, and still get FTDI drivers - or am I missing the point?
-
Are they listed on any stock exchange? I've been looking to see if the driver update had any impact on their share prices but can't find anything. What are they a privately owned company?
Line 1 of their Wikipedia entry...
http://en.wikipedia.org/wiki/FTDI (http://en.wikipedia.org/wiki/FTDI)
Future Technology Devices International, commonly known by its abbreviation FTDI, is a Scottish privately held semiconductor device company, specializing in Universal Serial Bus (USB) technology.[1]
privately held - not listed.
-
Windows does not provide a generic USB/Serial no-driver-out-of-the-box experience as it does with keyboards, mice and flash disks. Having this capability will solve the FTDI cloning issue.
Doesn't this still rely on on device manufacturers stopping pretending (via VID/PID) to be an FTDI chip? Hence actually spending money to register?
If they don't, they'll still get looked up as an FTDI part, and still get FTDI drivers - or am I missing the point?
No, it doesn't, the OS will select drivers based on the device class, regardless of VID/PID. Anybody can then have an out-of-the-box-no-driver experience without using FTDI's VID and without having to register with Microsoft. This is what OSX and Linux do.
Of course this will eliminate FTDI's main competitive advantage but that's how the free market works.
-
I think this has been understood and appreciated throughout the discussion, the problem is that FTDI is not actually taking measures to stop counterfeiters and is taking it's pain out on innocent bystanders instead of enlisting their support in getting to the counterfeiters it's branding them along with the counterfeiters and doing them more harm. It spells money grabbing all over.
Yes users of fakes/clones are taking some collateral damage - what do you think FTDI should have done about it - just let them keep on using their drivers? Would you expect Microsoft to let you keep on using a counterfeit copy of Windows or Office because you had been using it a while or didn't know it was counterfeit?
FTDI's driver action is going to hinder counterfeiters look at Sparkfun's response. They are going to double check anything they have doubts about and will be even more careful with their supply chain in the future. FTDI's drivers have identified a whole bunch of fakes which everyone in the chain from user to whoever the hell made them were either blissfully or wilfully unaware of.
I consider the claims of 'never going to use FTDI parts again' to be bluster and bullshit, an admission that they produce low quality shit that may contain fakes of unknown quality and origin and would like to carry on getting away with it. I'm sure the One Hung Los of the world don't like it - screw them.
Rufus, here is your fish...
<°°°))))))))))))))))><
Extra big one with three eyes...
-
From an email exchange I had with the CEO of FTDI concerning this...
Dear XXXXX
Thank you for your recent email regarding our recent driver release – we appreciate your feedback.
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honorable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.
As previously stated, we recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. http://www.ftdichip.com/FTSalesNetwork.htm (http://www.ftdichip.com/FTSalesNetwork.htm)
If you are concerned that you might have a non-genuine device, our support team would be happy to help out.
Yours Sincerely
Fred Dart - CEO
So they do seem to have recognized the error of their ways and are backing off on dorking with others hardware.
-
So in other words the user did not hafto agree to the eula it was a silent install with no prompt at all?
I can hardly say that is proof of the users consent on the eula at all if thats the case.
EULA is irrelevant up to a point, since local law trumps random legal droid vomit.
[x] I hereby agree to grant you the right to brutally murder me because I didn't properly read this sentence.
Nope, still illegal to brutally murder me. And likewise it's still illegal to cause property damages no matter what clever word permutation you crammed in the EULA.
It just sounded like since they had an uela in an file burried somewhere that the end user never even saw made the whole thing perfectly "ok" acording to them.
-
...
I appreciate that your post appears to be genuine. But "Detritus"...posting as a troll? Could you maybe have thought a little more clearly about that?
-
...
I appreciate that your post appears to be genuine. But "Detritus"...posting as a troll? Could you maybe have thought a little more clearly about that?
Nothing trollish about it. It's a real email I got from him. I interrupt it to mean they aren't going to be bricking anyone else's hardware any longer.
I use Detritus as my handle because I'm a big fan of Discworld, and I live in the north, and I tend to think my brain works better when cold. Not that Detritus was a troll in the books.
-
I use Detritus as my handle because I'm a big fan of Discworld, and I live in the north, and I tend to think my brain works better when cold.
Right you are then. Cold heads probably do work better than hot heads :)
-
I wonder how many thousands of Arduninos will be destroyed....
-
From an email exchange I had with the CEO of FTDI concerning this...
Dear XXXXX
Thank you for your recent email regarding our recent driver release – we appreciate your feedback.
As you are probably aware,...
And how is this your "personal email exchange" is different from what was posted 3 days ago on page 38 of this thread , and was also publicly available on FTDI web site?
-
From an email exchange I had with the CEO of FTDI concerning this...
Dear XXXXX
Thank you for your recent email regarding our recent driver release – we appreciate your feedback.
As you are probably aware,...
And how is this your "personal email exchange" is different from what was posted 3 days ago on page 38 of this thread , and was also publicly available on FTDI web site?
Probably nothing, but at the rate new posts have been added to this thread, who can keep up and read them all?
-
I wonder how many thousands of Arduninos will be destroyed....
Two down for me luckely they can be unbricked found this kind sir on twitter with the fix:
https://twitter.com/marcan42/status/525527784026685440
-
I wonder how many thousands of Arduninos will be destroyed....
Two down for me luckely they can be unbricked found this kind sir on twitter with the fix:
https://twitter.com/marcan42/status/525527784026685440
Nice.
I havent plugged mine in in over a week. If I plug it in now, it should be fine right?
I was supposed to be doing development with it all last week. Glad those plans fell through!
-
Fuck, even Dave is using the fucking whatevergate name?
:(
-
For all_repair:
Company Details
Name & Registered Office:
FUTURE TECHNOLOGY DEVICES INTERNATIONAL LIMITED
2 SEAWARD PLACE
CENTURION BUSINESS PARK
GLASGOW
G41 1HH
Company No. SC136640
Are they listed on any stock exchange? I've been looking to see if the driver update had any impact on their share prices but can't find anything. What are they a privately owned company?
Thanks for the replies. I was trying to SHORT the share and inform of my actions later. Looks like it is not listed. If i am their bankers or supplier, I would take concrete actions to withdraw credit. It is a foregone conclusion, FTDI is 50% gone. Unless some drastic measures are taken to gain trust, which I did not see in the previous CEO memo (his mindset likely is the root of this issue).
-
even Dave is using the whatevergate name?
I didn't start it, but I like it.
-
even Dave is using the whatevergate name?
I didn't start it, but I like it.
Yes, I understand, but anything that is even slightly scandalous gets a -gate suffix now. Not very original and misses the point.
But I guess we live in the world of hashtags and clones now, so why not combine the two :/
-
#serialkiller or even #ftdiserialkiller would have been more amusing hashtags.
As posted by someone previously in the thread:
(http://image.bayimg.com/fd5208dbd505b90d30745bcfcc6fb77ed0a68d37.jpg)
-
A smoking Arduino in his right hand would be good to add some drama .
-
I wonder how many thousands of Arduninos will be destroyed....
Two down for me luckely they can be unbricked found this kind sir on twitter with the fix:
https://twitter.com/marcan42/status/525527784026685440
Nice.
I havent plugged mine in in over a week. If I plug it in now, it should be fine right?
I was supposed to be doing development with it all last week. Glad those plans fell through!
If you had drivers already in your windows box disable driver updates atleast until we see what move FTDI does next.
They have recalled the driver from ms update so the ones that does not already have it installed should not get it as i understand it.
Personaly i'm just doing all of my stuff on my linux box and the windows box got an usb ban for now atleast until i see if FTDI laid off the pipe.
Edit: gonna leave this tweet here since it might help some ppl :)
https://twitter.com/marcan42/status/526043019384852480
-
The pre 2.12 drivers did not have an EULA or limitations as far as I know
They did but it was hidden in the .INF files - I had a look through a few old sets of drivers and the "only for use with FTDI parts" condiiton has been in there for quite a few years
So in other words the user did not hafto agree to the eula it was a silent install with no prompt at all?
I can hardly say that is proof of the users consent on the eula at all if thats the case.
This is where the law of it would seem many countries falls down. By using something you are agreeing to stuff that you never knew about. It's like the new rules on in web browsers, total waste of time because as usual the law is not tight enough to stop nasty companies from exploiting loop holes to get their way. Now you have to accept use of cookies, so what have they done ? they create a HUGE banner on top or on the bottom of the website that renders using it useless or very annoying with only the option of accepting cookies on it, result, we are all now legally consenting to use cookies we don't actually agree to because we were forced to. If the website can function without cookies then a company has no (moral) right to force them on users. I have fast learnt that as consumers we have virtually no rights. In the Uk trading standards has been whittled down to a point it's pointless and as a member of the public I am refused the ability to contact them. I have to phone a charity that gives consumer advice and if they think it's a valid cause then they listen to you because they know that if trading standards will listen to them they get paid and that helps run the charity. these days you can't even get through to their phone line.
-
Just wait till the chinese make their clone ignore any attempt to set the PID to 0. :box:
It's one thing to brick a hardware device by accident, doing it on purpose though leaves the company open to things like getting changed with things like software hacking (cracking) or unauthorised access to a computer (the fake FTDI chip could count as a separate computer). Pretty moronic to even consider this sort of thing, much less give it to Microsoft to distribute as a legit driver update.
Capitalism at it's worst here, "the screw you jack, I'm ok" approach. If the chinese can make a FTDI clone cheaper then the legit version, why can't FTDI just lower their prices or design a new version that's cheaper to make ?
-
What surprises me the most is the number of people online justifying the actions of FTDI, like fanboys..
It really make me wonder why so many consumers love to protect corporate interests, instead of the consumer interest.
No one deserves to have their devices bricked because FTDI is in a battle with other corporation that clone their devices.
-
Capitalism at it's worst here, "the screw you jack, I'm ok" approach. If the chinese can make a FTDI clone cheaper then the legit version, why can't FTDI just lower their prices or design a new version that's cheaper to make ?
seconded, as I said before this sounds more like a plan dreamt up with a nearly empty bottle of scotch in hand than one that came out of a sound board meeting. These chips are not the only ones that do this function, they are nothing special these days, if FTDI needs to damage a small amount of consumers in a petty attempt to get at counterfeiters that have already "hit and run" with the money it makes you wonder why these chip are so important to them considering the more advanced range of chips they offer. Leaves me not inclined to invest in any of their products, they are either a nasty company or they are about* to go under.......
*taking into consideration that anything in a serious product needs years of support
-
What surprises me the most is the number of people online justifying the actions of FTDI, like fanboys..
It really make me wonder why so many consumers love to protect corporate interests, instead of the consumer interest.
No one deserves to have their devices bricked because FTDI is in a battle with other corporation that clone their devices.
I don't condone what FTDI did. That said, in the name consumer interest, it would be interesting to see an honest comparison between a genuine ft232 and a clone. Is the clone more likely to drop bytes? Can it do all baud rates that the genuine chip can? Does it jitter a lot at higher baud rates? Will it correctly invert any of the RS232 signals as specified in the EEPROM configuration. Are all features, such as the bitbang mode, there? Does it have the same functionality on it's IO pins, such as the ability to output an auxiliary 6/12/24/48 Mhz clock?
Those are questions I'd much rather see answered out of my own personal "consumer interest". Ie, will getting a clone device matter to me based on the chip's actual quality, rather than any clumsy attempts from FTDI's side to sabotage my use of the chip?
-
The python script at https://twitter.com/marcan42/status/525527784026685440 works but people like me who are new to Linux may have some problems running it. The following notes may help:
1) You need Python installed on your system :) , you can check that it's there by typing 'python' in a terminal window. Type control-d to exit.
2) You need the python USB drivers installed on your system. In Ubuntu and Linux Mint the file is called python-usb and can be installed via Synaptic.
3) Right click on the downloaded Python file and under 'Properties' then 'Permissions' click on 'allow executing the file as a program'.
4) Plug the device in first then in a terminal window go to the directory where the python script is held and type 'python detect_ftdi_clone.py' and follow the program prompts.
-
Well, there is a difference between a clone and a counterfeit. A clone is not advertised as being an FTDI chip, only FTDI compatible. It speaks the same protocol and necessarily has the same VID and PID (they are an aspect of the protocol) but it is not physically marked as an FTDI chip. A counterfeit is a clone that has been re-marked as an FTDI chip. It is not legal for them to intentionally brick clones. It is also likely not legal for them to brick counterfeits
I'll would add one category :
- Clone (is also a counterfeit): chip copied 1:1 Infringes FTDI IP, but it's not legal for FTDI to brick it voluntarily.
- Counterfeit : compatible marked with FTDI logo ( infringes the logo only)
- Compatible : protocol wise compatible to FTDI. Legal to produce, sell, but against the EULA to use with the official windows driver (probably not illegal in most countries)
I wouldn't personally call a 'clone' a counterfeit. I think a clone would be a part that is designed independently to be both protocol and pin compatible - basically a functional equivalent, but not a 1:1 copy as the implementation could be different. A compatible part implies pin compatible or protocol compatible, but not necessarily both. For example, FTDI protocol compatible firmware running on a microcontroller that has a different pinout. Or a pinout compatible chip that uses the CDC protocol. I think all of the current counterfeit chips are likely independent reimplementations that are pin compatible and more or less protocol compatible, but they have then been rebranded by a 3rd party with the FTDI logo and part number.
-
If the chinese can make a FTDI clone cheaper then the legit version, why can't FTDI just lower their prices or design a new version that's cheaper to make ?
The counterfeiters/cloners may be copying the device. FTDI may have done extra design work. Designers (and all the overheads associated e.g. licenses) need paying. If the cloners are doing significant design work then maybe the designs are not being tested as rigorously as FTDI and are not as robust. Maybe the manufacturing is not as good. Maybe they do not even have a specification. Also, FTDI are paying for the driver development, advertising, reputation and all the support which the cloners are exploiting.
Design and project costs are often calculated using future sales predictions such that it may be theoretically possible that FTDI have not yet made any money on this part. Unlikely, but I am trying to make the difference between cost of innovation vs copying clear.
More details here: http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal)
Regarding another comment that an equivalent part has an identical VID but you do not call it a counterfeit, what do you think the acronym means? Isn't using FTDI's VID, without FTDI's permission, fraudulent or maybe you are suggesting that the body responsible for faking the FTDI markings on the package are also changing the VID?
-
Can never be too safe nowadays.
(http://i.imgur.com/Eadcrgw.jpg) (http://imgur.com/Eadcrgw)
-
Can never be too safe nowadays.
(http://i.imgur.com/Eadcrgw.jpg) (http://imgur.com/Eadcrgw)
hahahahaha :-DD love it, the USB condom......... took me a moment to get...... :-DD
-
Hey...
Why not put a little code in the Linux driver: Write the PID value to 0xDEAD and then only work with the chips that accept the new PID? ;D
-
Are all features, such as the bitbang mode, there?
The fakes do bitbang, but not entirely accurate. Somehow there is a difference between the real ones and the fake ones. I haven't had the time to investigate. (i.e. by creating something that will provide a known sample signal).
(I THINK the output channel works just fine, but that here are differences in the synchronous sampling of the input side).
-
I now have 7 fake chips maybe more.
My son came up with a solution to win7 driver problem.
http://arduinotronics.blogspot.dk/2014/10/does-windows-ftdi-update-brick-your.html (http://arduinotronics.blogspot.dk/2014/10/does-windows-ftdi-update-brick-your.html)
It does not solve the problems in winXP.
I can not use this installation method on the winXP machine.
Dear FTDI come up with a solution for reprogramming my fake chips.
I still have to use my boards in winXP.
Should I build a new interface based on Atmel Atmega8U2 or ATmega16U2.
It will definitely mean goodbye to FTDI.
Unfortunately, I am probably not large enough to move on the FTDIs attitude.
I have previously written the following on hackaday.
http://hackaday.com/2014/02/19/ft232rl-real-or-fake/#comment-1947068 (http://hackaday.com/2014/02/19/ft232rl-real-or-fake/#comment-1947068)
Finn Johansen says:
October 3, 2014 at 8:19 am
I’m having trouble with 5 units Arduino Duemilanove and a USB to serial converter. All purchased on Ebay.
FTDI FT232RL
date code
1116-C GN051461 Works
1211-C GN410601 Works
1213-C CN480661 Does not work
1213-C CN480661 Does not work
1403-C GN480661 Does not work
1403-C GN480661 Does not work
1403-C GN480661 Does not work
1403-C GN480661 Does not work
1403-C GN480661 Does not work
It seems that there is no driver solution but that the chips must be replaced.
-
@eevFinn + others
Any chance anyone could send me one or two bricked devices?
I'd really like to give it a try to restore them, but I have windows update disabled ;-)
My plan is to build a kernel driver for PC or Raspberry (might be easier as the USB core is always the same),
that allows reprogramming the damn things.
Greets
Berni
-
simply buy almost any ftdi serial board from amazon. you'll likely get a fake you can 'play with'.
-
Hey,
Just intentionally bricked one of my original FTDI device ;-)
Let's hope it works out as I have in mind xD - otherwhise I have 10€ worth of original garbage...
Greets
Berni
-
All we need is a picture of someone's grandma laying on the floor in a coma with a USB cable connected to her heart monitor or insulin pump with an new hardware found driver screen on the computer and then USB Device not recognized.
-
All we need is a picture of someone's grandma laying on the floor in a coma with a USB cable connected to her heart monitor or insulin pump with an new hardware found driver screen on the computer and then USB Device not recognized.
You trying to scare FTDI or something ? hopefully if anyone down there has a heart attack they get to hospital to find all the equipment just went down.
-
All we need is a picture of someone's grandma laying on the floor in a coma with a USB cable connected to her heart monitor or insulin pump with an new hardware found driver screen on the computer and then USB Device not recognized.
You trying to scare FTDI or something ? hopefully if anyone down there has a heart attack they get to hospital to find all the equipment just went down.
I'm pretty sure someone within the FTDI buildings went to the IT department complaining their USB cable stopped working after a driver update >:D
-
Hey,
as everybody is just ranting over their bricked devices and nobody isn't really doing anything aginst it, I gave it a try.
As I said, I don't have any bricked FT232 devices here, so I "bricked" one of my FT-X intentionally by setting the PID to 0 (that's the problem, at least from what I read) - If I'm wrong - please correct me.
I just created a simple unbricker, that can be downloaded here:
http://xdevelop.at/files/ftdi-unbrick.zip (http://xdevelop.at/files/ftdi-unbrick.zip)
(yes chrome will say it's a virus because it contains the FTDI drivers inf and sys and exe files)
MAKE SURE YOU UNPLUG ALL FTDI DEVICES EXCEPT THE ONE YOU WANT TO UNBRICK, BEFORE RUNNING THE SOFTWARE
What it does:
1. Installs a driver that will install basic FT2DXX support.
2. Use FTProg to restore the original FT232 Settings
Could anyone give it a test?
Yes it may, and will possibly fail (Murphy ;-) ), but please send me a log output or even a video of the problems.
Greets
Berni
PS: Buying a counterfeit device from ebay will not make sense, as FTDI has already withdrawn the driver from their sites and from windows update
-
Does anybody know if devices with an FT232BM chip are affected by this mess? It's rather old, about six or seven years.
-
All this could possibly hope to achieve is that the evil "counterfeiters" tweak their chips so they can't be distinguished from real ones by the driver. It will take them a month or so to get get back in business again.
That's it. Absolute best case scenario.
They absolutely are NOT going to stop making counterfeit chips. Nuh uh.
Proposed solution: Drivers refusing to work on fake chips?
Also not an answer. Imagine I have a device that works one day then suddenly stops working the next. As an end user the *only* lesson I'll learn is to not buy anything else with "FTDI" stamped on it. The idea that I'll suddenly replace all my Arduino programmers with something that costs twice as much is ludicrous.
The only answer is to make it easy to spot fake chips. If that means putting a hologram on them or whatever, then that's what they have to do.
Let's hope they see the light very very soon, put out a genuine apology, offer to replace all the bricked devices, publicly name and shame the moron that approved the brickings (so he can never work again). It will wipe out a year's profit, yes, but the alternative is to wipe out the entire company.
-
PS: Does much hospital equipment run on these things?
-
PS: Does much hospital equipment run on these things?
medical / military tends to use long proven designs and techniques and leave the bleeding edge to commercial stuff that can go wrong and forewarn them without killing anyone....
-
Does anybody know if devices with an FT232BM chip are affected by this mess? It's rather old, about six or seven years.
FT232BL doesn't seem to be affected (device version 04.00). I guess FT232BM is also not affected.
Alexander.
-
Does anybody know if devices with an FT232BM chip are affected by this mess? It's rather old, about six or seven years.
FT232BL doesn't seem to be affected (device version 04.00). I guess FT232BM is also not affected.
I haven't read every message in this thread but: Surely NO genuine chip should be affected by this. Say it ain't so...
-
Yep, no genuine chip is affected. But chips imitating FT232BM, FT232BL (if they exist) should be ok. I make my assumption looking the code of the python script posted here. It looks for specific device version (06.00). I believe FT232BM is a version bellow 6. FT232BL is version 4.
Alexander.
-
All we need is a picture of someone's grandma laying on the floor in a coma with a USB cable connected to her heart monitor or insulin pump with an new hardware found driver screen on the computer and then USB Device not recognized.
nope. wouldn't happen. medical device = traceable parts down to the lot number and production day
-
nope. wouldn't happen. medical device = traceable parts down to the lot number and production day
Ideally, yeah. There are no instances of anyone ever taking the easy route and using non-verified parts or something? I hope not, but it seems unlikely that there's no history of that.
-
All this could possibly hope to achieve is that the evil "counterfeiters" tweak their chips so they can't be distinguished from real ones by the driver. It will take them a month or so to get get back in business again.
The only answer is to make it easy to spot fake chips. If that means putting a hologram on them or whatever, then that's what they have to do.
That will make the genuine chips even more expensive making it more lucrative to produce functional equivalents. The only way for FTDI to stop counterfeiting is to make their devices so cheap that counterfeiting is no longer viable.
-
Dear FTDI come up with a solution for reprogramming my fake chips.
I still have to use my boards in winXP.
Dear FTDI please help me steal your winXP drivers.
Why don't you ask the manufacturer of your fakes to help you?
-
Hey,
Just intentionally bricked one of my original FTDI device ;-)
Let's hope it works out as I have in mind xD - otherwhise I have 10€ worth of original garbage...
Greets
Berni
days ago, the linux 'unbricker' was posted. its proven to work. and if you don't have a linux box, you can boot a live cd, don't install it - just run it - and then build the source and run it. no need for windows de-bricker when its free and easy to use the linux version and the linux version is trustable, up and down the chain (all source, no stupid vendors to mess things up or put hidden timebombs in the code).
-
PS: Does much hospital equipment run on these things?
Stuff like this http://www.bbc.co.uk/news/health-29660705 (http://www.bbc.co.uk/news/health-29660705) probably does.
-
nope. wouldn't happen. medical device = traceable parts down to the lot number and production day
Ideally, yeah. There are no instances of anyone ever taking the easy route and using non-verified parts or something? I hope not, but it seems unlikely that there's no history of that.
not for medical equipment. full traceability is a must.
anyawy. this whole thing looks to me like another intel <> amd war back in the good old days.
AMD made 'clean room' compatible devices ( for the 'unwashed' : clean room is not the same as clean-room. a clean-room is a particle free environment in which chips are made. a 'clean room' is an empty room. clean room copy means : we start with only the specification : pinout and instruction set as specified by the orignial maker . and we attempt to come up with a design that does work exactly the same. we do not look inside the chip , we don;t do a teardown , delamination or anything. datasheet only.
So this is what these chinese dudes did. now, you can have hidden instructions in a device ( intel has multiple ones , that are now known, but were secret back in the day. undocumented. like the routine to do bcd to integer. it turns out you can do any base conversion by loading the 'b' register with the base value. this was not documented. some software tools , made by intel, would run a test on that. ( very few people use base 7 notation or base 11 or whatever weird base apart from decimal or hexadecimal. on an non-genuine intel the outcome would be wrong.
the coe was written cleverly. it performed some operations that left the b register in a state that was not 0 ( hex ) or 10 ( decimal ) and then executed the conversion.
They hade certain compiler tools and other things like iRMX and ISIS that would simply refuse to install or execute when the test failed as you were running on a non genuine intel. and the licence was written : to be used on genuine intel processor only.
So FTDI could do that. Have a couple of hidden instructions that can send 'markers' in the stream. if the markers fail : perform a usb disconnect and pop up a message saying that the device has malfunctioned ( it has, as it did not provide the correct markers ) and should be taken in for service or repair. pop up a messag saying 'Non-Genuine FTDI USB bridge'.
i don;t want fake chinese crap in my hardware. who knows what spy functions they have on board ...
-
Medical device killing patient over serial comm failure wouldn't have a pass sticker.
The problem could occur with devices like Holter monitors.
Alexander.
-
not for medical equipment. full traceability is a must.
anyawy. this whole thing looks to me like another intel <> amd war back in the good old days.
AMD made 'clean room' compatible devices ( for the 'unwashed' : clean room is not the same as clean-room. a clean-room is a particle free environment in which chips are made. a 'clean room' is an empty room. clean room copy means : we start with only the specification
I thought that was called "double-blind" reverse engineering. Are they the same? Double blind reverse engineering is fully legal, cloning and counterfeiting aren't.
And doesn't AMD license the Intel instruction set? I imagine at some point they reversed it, so yeah. The "x64" CPUs we all use now, even the Intel ones, are AMD instruction sets. Bit of justice for Intel, there. They have to license that from AMD.
-
That will make the genuine chips even more expensive making it more lucrative to produce functional equivalents. The only way for FTDI to stop counterfeiting is to make their devices so cheap that counterfeiting is no longer viable.
race to the bottom ... not possible. FTDI is a small company that has heavily invested time and money in the driver base and chips them make.
they could drop price but then the chinese will drop price even more. every dodo in china has access to a chipfab in a shoddy garage that can spit out chips dirt cheap. Labor cost is next to nothing, they get the design for free from university students, and the government subsidizes these fabs heavily. so if you drop the price , they drop the price, you drop it more, they give em away at a price you can't even afford to pay the lady that comes and cleans the toilets in your office...
Doesn't work. you can't compete against china. The chinese can spin chips faster than the western world. That is why i left the chip business. it's over. last bluetooth chipset took 3 years to develop fully integrated apart from 2 caps and the antenna. some chines garage outfit made one in 3 months , half the power consumption , half the die size , antenna integrated , sells it for 1/4 of the price. give it up. it's over.
you can only make money if you create original new products that they can't copy (yet).
Look at the plethora of scopes. the bottom has completely fallen out of the scope market. ( good for hobbyists, bad for the big scope makers )
theres oodles of chinese kits that make, decent to very good basic digital scopes. they sell em at a low pricepoint. think about what it cost them to develop these. with the entire development budget for that scope you can probably hire 2 engineers over here... one will decide what color the case will be , the other will make a powerpoint presentation...
doesn't work.
all the commodity crap (diodes, transistors, ttl, cmos, lm741's , 8051's et al , is useless to pursue. Today, FTDI has become a commodity part... i predict soon we will see chinese AVR and Cortex 'clone' parts ... The only thing holding them back is the army of lawyers that ARM has and some specialised low power processes the chinese haven't mastered yet. but it is coming ...
TSMC and UMC and other chinese wafer fabs have more advanced processes than the western world. simply because they produce more and have more money to upgrade their gear. the fact is that big boys like TI , ST , Infineon are, today , already 2 steps later in technology than the big chinese fabs... only Intel and IBM can surpass them and IBM has recently thrown in the towel as well.
like is said : chips are a commodity. a diode made with 1 square millimeter of silicon is sold for 5 cents. a chip with 100.000 transistors that is also 1 square millimeter also costs 5 cents. it only costs more to design. this is untenable. due to the high development cost , but the fixed area-driven sales price it becomes prohibitive to design anything. budgets are being cut left and right. it's over, apart from the specialty devices the chinese haven't mastered yet.
The titanic has hit the iceberg , and the orchestra stopped playing 2 minutes ago, not because we are sinking , but because we are already completely underwater and on the way down... anyone still on board now is doomed. other ships, leaner ships ( not these huge behemoths that can't react and turn on a dime) are ready and already sailing. the traditional juggernaut of 'we design and fab it' is dead. lean design centers , huge megafabs with cheap labour. that is the current business model.
-
And doesn't AMD license the Intel instruction set? I imagine at some point they reversed it, so yeah. The "x64" CPUs we all use now, even the Intel ones, are AMD instruction sets. Bit of justice for Intel, there. They have to license that from AMD.
If you look at the instruction sets published in the specs, it appears that Intel and AMD have cross-licensing agreements for all the new instructions. The competitive advantage is that if it is an AMD addition, then Intel plays catch-up and it doesn't appear until the NEXT generation, and vice-versa. Of course, AMD seems to be slowly backing out of the processor business since it sold off its fabs and bought ATI.
-
I don't condone what FTDI did. That said, in the name consumer interest, it would be interesting to see an honest comparison between a genuine ft232 and a clone.
A clone? Which one? Do you know how many there are? If you tested a fake/clone today do you know the fake/clone you buy next week would be the same or even from the same manufacturer?
If you test a fake/clone today you could hope the results will hold for the rest of the reel/batch you bought and not much more.
-
My 2 cents.
I think the general consensus here is that FTDI are in their right to stop the non-genuine chips working with their driver and the way they should do that is by simply refusing to work with the non-genuine chips.
Lets look at this.
How much different would the situation have been if FTDI initially pushed an update that simply stopped the clones/counterfeits working, without changing the PID?
To the lay user, their product (if dodgy) stops working. Did that damage the product? The argument that if it stops working then it is damaged has come up in this thread.
Would they be able to sue for damages? That's been suggested, how is it any different?
What would they need to do to 'fix' the damage? Install some older drivers, now pushed by the seller of the clones, not supported by FTDI and most likely withdrawn by FTDI.
What do you need to do now to make the clones work? Almost the same, install some older drivers and run a program that changes the PID back to fake the FT232 PID and now you are at the same point.
I guess there is an extra step there, but to the lay person trying to get it to work again they are just going to run some (possibly dodgy) program that they find online that fixes their problem.
Either way, the steps needed to be taken by the end user with a non-genuine FT232 to get it working again will be essentially the same after a while.
FTDIs thinking must be that the people cloning their chips will now need to get rid of all their stock at a discount because now it is clearly worse than genuine (they were probably hoping that it would get discarded but I doubt that will happen). Also the cloners will have to retool their chip fab to ignore the eeprom write, or work in the same way as the genuine chips, my guess is this is expensive, for such a minor thing and they will more likely just push a software fix of old drivers etc, which will be OK for a lot of people who are computer savvy, but for the people who want to plug something in and have it work then this is no good.
Manufacturers who are knowingly using non-genuine parts will rush to pick up genuine parts (I haven't noticed a drop in stock level on DigiKey though) to make sure that the production run will get out the door, boosting FTDI sales (probably temporarily). But from the outcry it looks like people say they will respin their devices to use something other than FTDI, because there is now a risk with FTDI.
I wonder how many managers will agree to the extra cost of redesigning products, reworking all supporting documentation etc when someone comes and tells them they should no longer use FTDI.
When they ask why they should no longer use FTDI and the response is "FTDI pushed a malicious update to users that damaged fake FTDI chips but did nothing to genuine FTDI chips" what will be the managers response?
I think it would be something along the lines of "We use genuine FTDI chips though, why is this an issue? This just makes our product better than the competition who's product is now failing in the field. I'm not approving any cost to redesign anything."
Or in the case of a company using non-genuine, if that manager has had their head in the sand all this time - "Oh Sh!t".
Another thing on the semantics of non-genuine, clones and counterfeits/fakes.
I'd say that genuine chips are manufactured by FTDI and non-genuine by someone else.
A clone would be a chip that is functionally equivalent, but doesn't present itself as a genuine chip.
A counterfeit/fake would be a chip that may be functionally equivalent (or may not) but does present itself as a genuine chip (either visually or electronically through VID/PID).
In this case I think the chips are clones and counterfeits and would remain counterfeits even if they did not have the FTDI logo or part number on them because they would still identify themselves as genuine chips by presenting the VID and PID which they are not authorised to use on request.
I won't be too surprised if after this debacle that USB.org or manufacturers get more legal protection for their VID and PIDs, making this sort of thing (blocking fakes, not necessarily rewriting the PID) more common in the future and making it hard for non-members i.e. hobbyists or small companies to make a USB product without a great deal of headache.
I used to use a fair few FT232s and I know I would have a hard time justifying the cost of using something else just because the clones of it will now no longer work. But our chips came from DigiKey and if they stopped working I don't think I would be cracking the sh!ts with FTDI but getting a please explain from DigiKey. I guess it was only about 2000 chips a year so never had to look at "alternative" sources of supply.
Please don't shoot me down for voicing what seems to be a less hateful opinion of FTDI than the general backlash, but I don't see much of a difference between it stopped working (because they changed the PID) and it stopped working (because they detected a fake).
Would you all honestly give FTDI the big thumbs up for stopping the clones from working with their driver and then just use the old driver workaround?
-
Medical device killing patient over serial comm failure wouldn't have a pass sticker.
It doesn't have to be a critical life support system, the device that tests your poop would do - a nice backlog of stool samples piling up.
The point is, did the moron who signed off on this even think of all the possible consequences of his actions?
-
I think the general consensus here is that FTDI are in their right to stop the non-genuine chips working with their driver and the way they should do that is by simply refusing to work with the non-genuine chips.
They also have a "right" to burn down their factory.
The question you need to answer is: Does it make any sense to do so?
-
The only answer is to make it easy to spot fake chips. If that means putting a hologram on them or whatever, then that's what they have to do.
Any person can create a lock which they themselves cannot find a way to pick.
Countless companies have stuff made in China, there is nearly nothing that is made elsewhere in the world, that China cannot also duplicate. It's why so many companies... use vendors in China. Create a hologram? Find some Chinese company that does those. Boom, back into business. How about some kind of encryption business on the IC? The Chinese have some excellent cryptographers, and would likely figure out a software hack anyway (think Hardware Dongles). The only means of competing against "us-too" duplicators is to push towards a particular innovation that isn't "near enough" in technology for the copy-cats to copy.
(And no, I'm not a sinophile).
The tragedy here, isn't really the hardware. The innovation was really all in the software.
-
FTDI could move to China! >:D >:D >:D
Alexander.
-
I wonder how many managers will agree to the extra cost of redesigning products, reworking all supporting documentation etc when someone comes and tells them they should no longer use FTDI.
When they ask why they should no longer use FTDI and the response is "FTDI pushed a malicious update to users that damaged fake FTDI chips but did nothing to genuine FTDI chips" what will be the managers response?
I think it would be something along the lines of "We use genuine FTDI chips though, why is this an issue? This just makes our product better than the competition who's product is now failing in the field. I'm not approving any cost to redesign anything."
But that is the same kind of unrealistic world-view that got FTDI into trouble in the first place. Dave explained pretty well what happens out in the procurement and manufacturing worlds, especially when you aren't doing everything for yourself in-house.
This is why critical chips have official second-sources, so that you aren't caught with your pants down when the FTDI official source dries up.
-
Countless companies have stuff made in China, there is nearly nothing that is made elsewhere in the world, that China cannot also duplicate. It's why so many companies... use vendors in China. Create a hologram? Find some Chinese company that does those. Boom, back into business.
It's much easier to track down people who are doing that than if you're trying to trace standard-packaged chips that could have been produced in any number of factories by paying the night-watchman to turn a blind eye for a few hours.
The tragedy here, isn't really the hardware. The innovation was really all in the software.
That value no longer exists. I can program an Atmel Tiny85 to act as a USB-to-RS232 converter for 1/4 the price of an FTDI chip. It will work with my OS's generic drivers.
(And that's an expensive way of doing it).
-
FTDI could move to China! >:D >:D >:D
Their chips are already made somewhere in Asia by a subcontractor. Like many small semiconductor firms FTDI doesn't have their own production facility.
-
FTDI could move to China! >:D >:D >:D
Alexander.
Yes, the Scots gave up on freedom anyway.
Regarding clones, since they are exact copies they shouldn't be affected by the new FTDI driver right? This means that the ones that stop working aren't clones.
-
The tragedy here, isn't really the hardware. The innovation was really all in the software.
That value no longer exists. I can program an Atmel Tiny85 to act as a USB-to-RS232 converter for 1/4 the price of an FTDI chip. It will work with my OS's generic drivers.
(And that's an expensive way of doing it).
Even the ubiquitous Arduino seems to have abndoned FTDI in favor of a second Atmel chip programmed to do the USB-serial function.
-
Even the ubiquitous Arduino seems to have abndoned FTDI in favor of a second Atmel chip programmed to do the USB-serial function.
The Arduino Uno has been doing that for years. Look at the schematic (http://arduino.cc/en/uploads/Main/Arduino_Uno_Rev3-schematic.pdf), there's an ATMega16U2 doing the job that used to be done by the FTDI chip.
On newer designs like the Arduino Leonardo (http://arduino.cc/en/uploads/Main/arduino-leonardo-schematic_3b.pdf) the USB interface has moved to the main microcontroller chip (which now has hardware support for it). It's total integration onto a single chip.
-
The only way for FTDI to stop counterfeiting is to make their devices so cheap that counterfeiting is no longer viable.
race to the bottom ... not possible. FTDI is a small company that has heavily invested time and money in the driver base and chips them make.
they could drop price but then the chinese will drop price even more. every dodo in china has access to a chipfab in a shoddy garage that can spit out chips dirt cheap. Labor cost is next to nothing, they get the design for free from university students, and the government subsidizes these fabs heavily. so if you drop the price , they drop the price, you drop it more, they give em away at a price you can't even afford to pay the lady that comes and cleans the toilets in your office...
The ONLY thing that FTDI had was their name and reputation.
After last week's shitstorm....guess what?
-
The ONLY thing that FTDI had was their name and reputation.
After last week's shitstorm....guess what?
You seem to be confusing cause and effect.
FTDI earned a good name and reputation by making and supporting quality products that just worked.
Their name was being damaged by people stamping it on fake shit of unknown quality and origin.
After last week's shitstorm they still make and support quality products that just work, and a chip with FTDI on it is a bit more likely to be one of them.
-
After last week's shitstorm they still make and support quality products that just work, and a chip with FTDI on it is a bit more likely to be one of them.
Except a lot of chips with "FTDI" stamped on them just stopped working. For no fault of the designer or the consumer who bought them.
Didn't you watch the video? The bit where Dave says, "Even if you try your best to make sure the chips are genuine, you can never be sure because the supply chains have too many links in them..."
(paraphrased)
Why would you continue working with a supplier who unilaterally decides to brick every device they possibly can, instead of, I dunno, put up an alert box saying: "Warning: Your FTDI chips are fake and will stop working in 60 days".
-
FTDI earned a good name and reputation by making and supporting quality products that just worked.
Yep.
Their name was being damaged by people stamping it on fake shit of unknown quality and origin.
???
Nope. Apparently none of the buyers could tell the difference - not until somebody decided to brick them as a way of pointing it out.
-
Medical device killing patient over serial comm failure wouldn't have a pass sticker.
The problem could occur with devices like Holter monitors.
Holter monitors are almost obsolete now. In the last 2 years they've been replaced by one time use, wireless monitors such as the Zio Patch (http://www.irhythmtech.com/zio-solution/zio-patch/).
I can't think of any critical medical device that relies on usb/serial communication though I assume there must be some.
-
What is wrong with "counterfeit" chips (those WITHOUT FTDI logo)? Nothing was. Now it is the driver. Now we cannot know how wide that malware-driver was spread.
Did that chips work as well as original? Probably yes, there were no lot of claims against.
So the only real problem with that ICs - they are cheap!
Probably, Chinese guys can do their manufacturing business much better.
Should we pay for "genuine original innovative bla-bla-bla bullshit" staff ? Is it time for one company to realign the business processes and to focus on what they can deliver (design, not manufacture)?
-
Doesn't work. you can't compete against china. The chinese can spin chips faster than the western world. That is why i left the chip business. it's over. last bluetooth chipset took 3 years to develop fully integrated apart from 2 caps and the antenna. some chines garage outfit made one in 3 months , half the power consumption , half the die size , antenna integrated , sells it for 1/4 of the price.
maybe then the question should be ....why can they make a better cheaper product in 3 months what it took you guys 3 years to develop???
TSMC and UMC and other chinese wafer fabs have more advanced processes than the western world. simply because they produce more and have more money to upgrade their gear. the fact is that big boys like TI , ST , Infineon are, today , already 2 steps later in technology than the big chinese fabs... only Intel and IBM can surpass them and IBM has recently thrown in the towel as well.
if you mean by 2 steps later I assume you are talking about the photolitography technology mainly? I would think that increasing cost pressure from the chinese fabs would drive the big boys to adopt the more advanced super resolution processes or EUV in order to stay ahead of the curve. TSMC UMC may have the $ to buy the expensive new tooling but the big boys do have all that R&D into those advance resolution enhancement technology, unless they neglected research in which case they fully deserve their fate.
-
http://forums.parallax.com/showthread.php/157893-FTDI-s-driver-issues-with-fake-chips-and-Parallax (http://forums.parallax.com/showthread.php/157893-FTDI-s-driver-issues-with-fake-chips-and-Parallax)
Another statement from an FTDI customer.
We don't think we have any problem. If it turns out we have shipped you some fake shit it is definitely our fault.
-
.why can they make a better cheaper product in 3 months what it took you guys 3 years to develop???
Cause companies in the US are run by idiots in HR.
-
When major companies, and the US govt can't stop fakes in their supply chains, what chance do the rest of us have?
Relevent quotes:
Back in 2008, the problem was largely viewed as being limited to aging aircraft no longer in production that needed parts that are tougher to come by. Now, fake parts are making their way into brand new military equipment like the P-8, the C-27J Spartan and even missiles used by the Missile Defense Agency.
Russian aviation officials were alarmed when, upon inspecting 60,000 aircraft parts, they found that nearly a third of them were counterfeits.
Reference:
http://defensetech.org/2011/11/08/counterfeit-parts-found-on-new-p-8-posiedons/ (http://defensetech.org/2011/11/08/counterfeit-parts-found-on-new-p-8-posiedons/)
http://blog.securecomponents.com/blog/bid/315161/CAMA-Counterfeit-Components-Epidemic-Flight-214 (http://blog.securecomponents.com/blog/bid/315161/CAMA-Counterfeit-Components-Epidemic-Flight-214)
-
When major companies, and the US govt can't stop fakes in their supply chains, what chance do the rest of us have?
Relevent quotes:
Back in 2008, the problem was largely viewed as being limited to aging aircraft no longer in production that needed parts that are tougher to come by. Now, fake parts are making their way into brand new military equipment like the P-8, the C-27J Spartan and even missiles used by the Missile Defense Agency.
Russian aviation officials were alarmed when, upon inspecting 60,000 aircraft parts, they found that nearly a third of them were counterfeits.
Wafer fabs are expensive. I wonder why western/russian governments that rely on these sensitive chips do not consider them as 'strategic' assets and invest in fabs like they would in a power plant or any other basic infrastructure?
-
Another statement from an FTDI customer.
We don't think we have any problem. If it turns out we have shipped you some fake shit it is definitely our fault.
It would be so nice if they three (FTDI, Vendor and Supplier ) were able to resolve their issues without end-user intervention. I don't see a reason why end-user should be affected by someone in Vendor's supply chain. Especially, considering the fact the hardware is fully functional.
-
Didn't you watch the video? The bit where Dave says, "Even if you try your best to make sure the chips are genuine, you can never be sure because the supply chains have too many links in them..."
Where is that video?
I saw the other thread about the video but there was no reference.
-
Does eevblog.com use a FTDI chip? The main web site is down.. Or maybe they hacked it. :-DD
-
I've worked for a companies producing lifesaving medical devices. These things are built with constant audits all the way up the supply chain, with the FDA always looming overhead. I've still seen problems caused by vendors substituting counterfit parts without authorization, including major recalls.
If you think it can't happen to you, it probably already has and you just never found out.
-
The best way to deal with this is just stop designing in FDTI's parts. There are plenty of alternatives these days. All I can say is that I will no longer design FTDI's chips into my products [and there are over a dozen older designs that I did that used their parts].
You know what they say: "Fool me once, shame on you, fool me twice, shame on me!"
So you have been shipping product with fake FTDI parts then - where did you buy them?
-
So this explains why a USB/Serial converter that I purchased from DealExtreme (obviously using a fake FTDI232R chip) suddenly stopped working and the two others I plugged in right after also failed. I was looking to buy new FTDI chips from Mouser (CDN$4.88 each for 10) and re-work the boards, but I found a way to un-brick the ones I have (ain't the Internet great). Following the instructions of MNHS Beacon and MrPvallone on YouTube, I installed older drivers (unsigned by-the-way) and used FTDI's own tool, MProg to re-program the product ID.
Excellent rant Dave, and I agree with what you are saying. I do believe though, that FTDI has the 'legal right' to brick fake chips, but not the moral right. They shouldn't have done it. I expect it's pissing off a lot of people and not just engineer types. I'm imagining some average Joe/Jane, who has no understanding of computer systems, suddenly finding that their device stops working. I'd bet there are more than just a few people like that out there.
I've had to deal with upset customers who ran into bugs in products I've designed. Nothing diffuses the situation better than an admission of fault and a quick fix. My customers kept on buying after that.
Thanks Dave, I enjoy your videos a lot.
-
I was looking to buy new FTDI chips from Mouser (CDN$4.88 each for 10) and re-work the boards, but I found a way to un-brick the ones I have (ain't the Internet great). Following the instructions of MNHS Beacon and MrPvallone on YouTube, I installed older drivers (unsigned by-the-way) and used FTDI's own tool, MProg to re-program the product ID.
So you can carry on stealing FTDI drivers - yay!
-
Unless you are personally buying the FTDI chip from FTDI, you have no control over the source of the chip. As Dave has mentioned, even reputable suppliers can get stung with fakes.
Yes FTDI have a right to protect the IP, but not to deliberately destroy consumer products when the vast majority of users will most likely be none technical end users. Legally speaking, I reckon they have broken a few laws and could end up in serious trouble if a big company has been innocently caught out by this.
Long and short is if you're designing a commercial product, you're very unlikely to run in to the problem (though I reckon I will be looking at alternatives in the future). If you're on a budget and doing some hobby stuff and you're source of choice is Ebay, then make sure you have a copy of the old drivers, just in case. I agree knock-offs are damaging but if I get something on the cheap that claims to be genuine but doesn't work because the FTDI is fake, I'm damn well gone make it work.
-
So you can carry on stealing FTDI drivers - yay!
Spot the lack of FTDI copyright in the linux drivers. See for example: http://lxr.free-electrons.com/source/drivers/usb/serial/ftdi_sio.c (http://lxr.free-electrons.com/source/drivers/usb/serial/ftdi_sio.c) And if you look in the other FTDI linux driver files you will see a similar situation
Also spot the fact that the linux driver has been written by non-ftdi employees.
So again: FTDI wants to make their driver refuse to work with non-genuine chippies? Fair enough. They want to alter hardware that is MY property? Not okay, and possibly illegal.
Did you grasp the concept by now that the FTDI using world (genuine or otherwise) does not 100% rely on windoze drivers? Excellent! Because that way when you resort to the broken argument of "but but windows ftdi drivers" again, we can simply reply "linux ftdi drivers" as shorthand notation for "dear Rufus, your driver argument is a load of horse droppings". That will save some time. :)
-
My 2 cents.
I think the general consensus here is that FTDI are in their right to stop the non-genuine chips working with their driver and the way they should do that is by simply refusing to work with the non-genuine chips.
<snip>
Good to see at least some people are thinking straight here. FTDI have no obligations to support fake chips and if you agree with that, then what is the difference "bricking" the fake chip and simply not recognising it at the driver level?
Based on the code that was posted here, the PID is overwritten for all chips, but it only sticks on the fake ones. Is FTDI to blame here? Really? You get scammed and you blame the manufacturer for it...
By the way, I have worked at the company who managed to buy a large quantity of fake FTDI chips. Does anyone think it would have been good for business if the drivers were shouting "Your FTDI device is not genuine!" to the customer's face? We were just glad we found it out at the testing stage and were able to get the money back. The distributor, on the other hand, probably lost quite a bit of money.
-
All we need is a picture of someone's grandma laying on the floor in a coma with a USB cable connected to her heart monitor or insulin pump with an new hardware found driver screen on the computer and then USB Device not recognized.
nope. wouldn't happen. medical device = traceable parts down to the lot number and production day
It would be nice if it actually worked that way.
-
Didn't you watch the video? The bit where Dave says, "Even if you try your best to make sure the chips are genuine, you can never be sure because the supply chains have too many links in them..."
Where is that video?
EEVblog #676 - RANT: FTDI Bricking Counterfeit Chips! (https://www.youtube.com/watch?v=eU66as4Bbds#ws)
-
Did you grasp the concept by now that the FTDI using world (genuine or otherwise) does not 100% rely on windoze drivers? Excellent! Because that way when you resort to the broken argument of "but but windows ftdi drivers" again, we can simply reply "linux ftdi drivers" as shorthand notation for "dear Rufus, your driver argument is a load of horse droppings". That will save some time. :)
Clever argument, except this whole discussion is based on windows drivers. Those same drivers which FTDI wrote and which the counterfeiters are basing their business model on. Or was it linux drivers that bricked the chips?
-
So you can carry on stealing FTDI drivers - yay!
Spot the lack of FTDI copyright in the linux drivers.
Did craigh mention Linux at all?
Yes I know - if you try to use unlicensed software on a windows box it subsequently screws up on a Linux box, a screw up which has already been fixed with a driver update - like I said before cry me a river. If you don't want shit like that happening buy USB devices which comply with USB specifications.
-
My 2 cents.
I think the general consensus here is that FTDI are in their right to stop the non-genuine chips working with their driver and the way they should do that is by simply refusing to work with the non-genuine chips.
<snip>
Good to see at least some people are thinking straight here. FTDI have no obligations to support fake chips and if you agree with that, then what is the difference "bricking" the fake chip and simply not recognising it at the driver level?
Based on the code that was posted here, the PID is overwritten for all chips, but it only sticks on the fake ones. Is FTDI to blame here? Really? You get scammed and you blame the manufacturer for it...
By the way, I have worked at the company who managed to buy a large quantity of fake FTDI chips. Does anyone think it would have been good for business if the drivers were shouting "Your FTDI device is not genuine!" to the customer's face? We were just glad we found it out at the testing stage and were able to get the money back. The distributor, on the other hand, probably lost quite a bit of money.
Do you think its better for business if a high percentage of your devices simply fail out of the box for no apparent reason?
-
Wafer fabs are expensive. I wonder why western/russian governments that rely on these sensitive chips do not consider them as 'strategic' assets and invest in fabs like they would in a power plant or any other basic infrastructure?
The NSA has it's own wafer fab.
-
The NSA has it's own wafer fab.
Scary to think what NSA has access to when it can beat Yahoo back to your router.....
-
Do you think its better for business if a high percentage of your devices simply fail out of the box for no apparent reason?
A recall would be due in either case. I wouldn't blame FTDI for it though.
-
Good to see at least some people are thinking straight here. FTDI have no obligations to support fake chips and if you agree with that, then what is the difference "bricking" the fake chip and simply not recognising it at the driver level?
Based on the code that was posted here, the PID is overwritten for all chips, but it only sticks on the fake ones. Is FTDI to blame here? Really? You get scammed and you blame the manufacturer for it...
By the way, I have worked at the company who managed to buy a large quantity of fake FTDI chips. Does anyone think it would have been good for business if the drivers were shouting "Your FTDI device is not genuine!" to the customer's face? We were just glad we found it out at the testing stage and were able to get the money back. The distributor, on the other hand, probably lost quite a bit of money.
FTDI has obligations to support customers. It doesn't matter if customer got some "not genuine" chip from some vendor.
Yes, driver may show some Warning window, and should operate properly after that. At this point FTDI could ask end-user to claim the manufacturer the board is suspicious. Also FTDI could kindly ask end user to report the issue to FTDI itself.
It is NOT the end user failed when got counterfeit part, it is FTDI failed to allow some supply chain to violate fair play.
Brand protection here is not kicking end user off the market. It is about to stop using "bad" parts in manufacturing.
-
For those considering moving to using Prolific, keep in mind they did THE SAME THING YEARS AGO and used their windows drivers to hurt any end users who had unknowingly purchased devices containing fake prolific chips as well. Why do these stupid companies think hurting the END USER is the solution to what is obviously a international commerce, patent, trademark issue?!
https://www.eevblog.com/forum/reviews/note-how-to-not-get-scammed-with-prolific-(pl2303)-usb-serial-adapters/ (https://www.eevblog.com/forum/reviews/note-how-to-not-get-scammed-with-prolific-(pl2303)-usb-serial-adapters/)
Why I find humorous about this FTDI thing, is the above is why I originally switched from preferring Prolific to strictly only using FTDI whenever possible for the last few years. I guess now I won't use either one, because they both have now shown idiocy.
-
Is it just me who was getting gateway errors trying to access eevblog.com for the last 5 days? Anyhow, I don't want to miss the opportunity to participate in this historic thread:
Dammit FTDI! :wtf: I have been recommending and using your products for over 10 years. So far this year I bought about 1000 FT230XS and over 600 FT232RL, all originals from DigiKey. My next PCB version is very unlikely to include your ICs anymore.
Jesus
-
The NSA has it's own wafer fab.
very interesting.... although with 52 'trusted' suppliers I wonder how secure the chain really is
http://www.ndia.org/Divisions/Divisions/SystemsEngineering/Documents/Past%20Meetings/06-20-12%20Division%20Meeting/04%20-%20Trusted%20Foundry%20Program,%20Ortiz,%20NDIA%20SE%20Talk%2020120620%20cjo2.pdf (http://www.ndia.org/Divisions/Divisions/SystemsEngineering/Documents/Past%20Meetings/06-20-12%20Division%20Meeting/04%20-%20Trusted%20Foundry%20Program,%20Ortiz,%20NDIA%20SE%20Talk%2020120620%20cjo2.pdf)
-
FTDI think their poor chip is so innovative and precious, yea you bet, they must be raking in money on these chips bit time:
FTDI prices: http://www.findchips.com/search/FT232RL (http://www.findchips.com/search/FT232RL)
ATmega16u2 with USB port, serial port and a who MCU: http://www.findchips.com/search/atmega16u2 (http://www.findchips.com/search/atmega16u2)
looks like they are so innovative the FT232RL was the last good part they made....... they have staked everything on it and protect it so fiercely
-
So you can carry on stealing FTDI drivers - yay!
The drivers I used to revert to were old FTDI drivers.
I did purchase the USB/Serial converters quite innocently, the chips looked genuine to me. I couldn't figure out why they converter boards 'died', though. I didn't know the chips were fake until now.
I suppose I could design and build my own USB/Serial converter boards using FTDI chips. But how I would know if the parts I purchase are real. Counterfeit parts still do slip into the supply chain of legitimate distributors such as Mouser, DigiKey, Element14, etc.
Let me give a real-life example. I had a client that asked me to look into why a product of theirs was failing final production testing. Turned out to be a run-of-the-mill quad opamp. The whole reel they were using was fake. I tested a few parts and they didn't behave like a proper opamp should. When the bad parts were replaced with parts from another reel, the product passed final test with no problems. The fake parts looked legit; logo, date codes, etc. looked right. I checked with the company's purchaser and they assured me the reel came from a reputable supplier, who also supplied the good reel (from the same order I believe). I was later told that this wasn't the first time something like this had happened.
I believe we all want to support legitimate manufacturers, but until counterfeit parts can be easily spotted before being put into products, we're going to be stuck with them. I don't know what the solution will be...
-
So you can carry on stealing FTDI drivers - yay!
Since when is using free of charge software outside it's license agreement called stealing?
ps: If anyone cares to know what I was thinking when I read the quoted text above click here (http://3.bp.blogspot.com/-CHlUlfxJMyQ/U0TP4oTq-HI/AAAAAAAAMHQ/8-dIJfIK_vU/s1600/stifling.png)
-
Is there any inherent reason why a USB to serial chip needs to have firmware that can be modified via USB connection?
-
Is there any inherent reason why a USB to serial chip needs to have firmware that can be modified via USB connection?
Can the FTDI chips have their firmware changed over USB ? the fakes are probably the ones that can be programmed as they are made with different technology.
-
Is there any inherent reason why a USB to serial chip needs to have firmware that can be modified via USB connection?
For companies using their own VID:PID and their own string identifier to their product.
Alexander.
-
FTDI think their poor chip is so innovative and precious, yea you bet, they must be raking in money on these chips bit time:
FTDI prices: http://www.findchips.com/search/FT232RL (http://www.findchips.com/search/FT232RL)
ATmega16u2 with USB port, serial port and a who MCU: http://www.findchips.com/search/atmega16u2 (http://www.findchips.com/search/atmega16u2)
looks like they are so innovative the FT232RL was the last good part they made....... they have staked everything on it and protect it so fiercely
http://www.findchips.com/search/FT231X (http://www.findchips.com/search/FT231X)
Thank you, come again.
Is there any inherent reason why a USB to serial chip needs to have firmware that can be modified via USB connection?
Can the FTDI chips have their firmware changed over USB ? the fakes are probably the ones that can be programmed as they are made with different technology.
Please take the time to read the datasheet. Or the thread..
-
For those considering moving to using Prolific, keep in mind they did THE SAME THING YEARS AGO and used their windows drivers to hurt any end users who had unknowingly purchased devices containing fake prolific chips as well. Why do these stupid companies think hurting the END USER is the solution to what is obviously a international commerce, patent, trademark issue?!
https://www.eevblog.com/forum/reviews/note-how-to-not-get-scammed-with-prolific-(pl2303)-usb-serial-adapters/ (https://www.eevblog.com/forum/reviews/note-how-to-not-get-scammed-with-prolific-(pl2303)-usb-serial-adapters/)
Why I find humorous about this FTDI thing, is the above is why I originally switched from preferring Prolific to strictly only using FTDI whenever possible for the last few years. I guess now I won't use either one, because they both have now shown idiocy.
Prolific did not do the same thing. They did, and maybe still do, what is considered acceptable: stop their drivers working with clones. Not only that they educate people on their web site of the situations. But people still think that is a hassle to get prolific due to the uncertainty. That was the biggest reason that gave FTDI a brand advantage and price premium. People could just buy FTDI at ease. My reason of buying FTDI was thinking FTDI had a much control of their supply chain. Since they could not control their supply chain well, and could not behave in a responsible manner to the end users, their price premium is gone. It is more hassle, more painful and much more uncertain (the last memo from their CEO) to buy FTDI chips over any other non-FTDI. My FTDI cables are still working well, but it shall always be a concern that they maybe bricked or stopped working one day. Many manufacturers using FTDI, but did not personally collected their chips hot from the factory oven, are having these concerns now and into the future, just when FTDI is going to pull the next trigger and the next trigger. And will these triggers hit them?
-
Hi Forum,
this is my first post, just registered, as i want to be take part in this thing, let´s see what that #FTDIGate will become ;)
Thanx everyone in here for making this as huge as it is now, and let us - the enduser, the engineers, the designer, the coders -
make this so big that FTDI will be forced to just revert the whole thing.
It can not be that a company will just ruin a product that they do not own, and do not have any relationship on it, besides that this product has a USB plug on it and communicate with a computer via an (fake)FTDI-chip.
Even worse, when the enduser can not do anything about it, as he does *not* know that there are fake FTDI chips out there anyway, anyhow....!
Thanx FTDI for beeing that clever!!
still can´t believe this,
TubiCal
-
FTDI have no obligations to support fake chips and if you agree with that,
I agree with that.
then what is the difference "bricking" the fake chip and simply not recognising it at the driver level?
"bricking" a chip that FTDI does not own, or does not have its owner's consent to brick, is quite different from not working with that chip.
If I had one of those bricked chips, I would talk to some of the nastiest lawyers and sue anyone within 1000 miles of this thing, including FTDI and Microsoft.
-
What I really would like to know if FTDI released new OEM drivers to their corporate customers. The ones with changed VID and PID.
If they did, and if disassembly shows that they also contain the "brick" feature FTDI played Russian Roulette with a shotgun.
-
...and IBM has recently thrown in the towel as well.
Oh, they did ?
;)
-
Davis video blog about this subject says it all. :clap: To brick peoples product must be illegal though - hope a court will follow up on the issue :)
-
Time to switch to the silicon labs CP2104/2102.
-
maybe then the question should be ....why can they make a better cheaper product in 3 months what it took you guys 3 years to develop???
because a western world has enough money to put 5 engineers on it and it then takes for 3 years. they cant put more on because they can't employ more ( costs too much )
the chinese just open 5 containers of students in government sponsored universities, they slap on some ip they 'found' on the internet and shove it out the door.
So yeah, they can do it dirt cheap. old joke about the chinese : how do you solve the pollution in large cities ? simply send in 1 billion people , give the command : everybody breathe in deeply. all the bad air is gone and the vacuum replaced by an inrush of clean air.
-
So, it seems that FTDI tried to push this new driver into Linux as well, but it got rebuffed:
https://lkml.org/lkml/2014/10/23/151
The original post, with the diff for the patch:
https://lkml.org/lkml/2014/10/23/129
You can see where they are trying to change the vendor ID...
-
No, the Linux patch was an attempt to troll Linus Torvalds into a rant.
Did not work out as intended. =) Instead a different patch got accepted, it also treats FTDI devices with PID 0 as FT232. "Because the windows driver bricked them."
-
Is there any inherent reason why a USB to serial chip needs to have firmware that can be modified via USB connection?
It's not a firmware, it's simply configuration bits. Those are used, as mentioned, to be able to change the VID and PID to a custom value, as well as change various options. You can make it output an auxiliary clock, invert any of the RS232 signals, and output control signals for driving an activity status LED. All in all useful options.
As for the clone chips, they are using a mask ROM for the firmware (which is an actual firmware in that case) so that could not be updated.
-
Here is what I am wondering...
In the EULA that FTDI bundled with this Microsoft approved silent update is the following language:
1.5 The Software will not function properly on or with a component that is not a Genuine FTDI Component. Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.
So Microsoft knowingly released this update after having read that EULA.
How does MS get out of the liability for all the customer's devices that have been destroyed?
Do they play the 'Oh, no one ever reads those things anyway. And we didn't read it before we approved it.' card? I seem to remember them being a big advocate of the Shrink Wrap EULA crowd.
Or is their credibility so screwed up over this that they finally have to admit that EULA's have no legal standing?
Anyway how does MS get out of sharing the blame (and the financial damages) for all the hardware that has been damaged?
-------
Cecil
-
@CRCasey
I agree, MS must stand up and face the music as well.
-
@CRCasey
I agree, MS must stand up and face the music as well.
Well, I don't know about this one. I think there is a good chance that they are very pissed off with FTDI for using their update distribution infrastructure as a weapon against the cloned chips. It's quite likely they either pulled the drivers themselves or gave FTDI an ultimatum (we will give you x amount of time to pull the drivers yourselves and save face, otherwise we pull them for you). The issue of whether they are responsible or not is a completely different issue. I think they do some testing internally, but they can't verify every single line of code. And the issue of driver sourcing is another issue - how do you ensure the driver you're using came from a reputable source and is not malicious? Microsoft's update infrastructure should help with ensuring the driver is signed and from a reputable source, but it's not clear how much testing they do on the functionality of the driver itself.
-
Is there a nice easy way for me to find out if my USB to Serial adapters are "fake" or not?
(You know, the sort of tools FTDI should be providing people with instead of just bricking everything in sight...)
-
1.5 The Software will not function properly on or with a component that is not a Genuine FTDI Component. Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.
So Microsoft knowingly released this update after having read that EULA.
How does MS get out of the liability for all the customer's devices that have been destroyed?
What liability? How can anyone guarantee that a driver sending commands to an unknown USB device over which they have no control will not damage that device?
I could manufacture a USB device which looks enough like an FTDI part to get FTDI drivers to load but physically explodes when you set the baud rate. How could FTDI be held liable for that explosion because they wrote the drivers or MS because they distributed them?
See what www.MSandFTDIbrickedthepieceofshitIboughtfromebaylawyers4u.com (http://www.MSandFTDIbrickedthepieceofshitIboughtfromebaylawyers4u.com) have to say.
Moving on it looks like flaky fakes have been causing problems with FTDI drivers long before they tried to detect them.
http://www.adafruit.com/blog/2014/02/18/ftdi-ft232rl-real-vs-fake/ (http://www.adafruit.com/blog/2014/02/18/ftdi-ft232rl-real-vs-fake/)
http://www.gearhead-efi.com/Fuel-Injection/showthread.php?2150-New-cable-no-workie&p=26855&viewfull=1#post26855 (http://www.gearhead-efi.com/Fuel-Injection/showthread.php?2150-New-cable-no-workie&p=26855&viewfull=1#post26855)
Olimex seem to have been caught out without actually admitting they shipped fake parts.
https://www.olimex.com/forum/index.php?topic=2031.0 (https://www.olimex.com/forum/index.php?topic=2031.0)
All chips with the same 1213-C date code - not that it means much stamped on a fake. Who is to say a batch of this year's fakes won't be as bad or that fake Silicon image or Prolific parts will be any safer?
Well, I don't know about this one. I think there is a good chance that they are very pissed off with FTDI for using their update distribution infrastructure as a weapon against the cloned chips.
They had no problem using it to distribute critical updates as a weapon against Windows activation hacks and cracks to 'brick' counterfeit copies of Windows.
Microsoft's update infrastructure should help with ensuring the driver is signed and from a reputable source, but it's not clear how much testing they do on the functionality of the driver itself.
I think WHQL driver certification is very clear about how much testing is done. It won't include the client having to submit and pay for an unknown number of different fake and clone hardware devices to be tested with their drivers.
-
How can anyone guarantee that a driver sending commands to an unknown USB device over which they have no control will not damage that device?
You can't...
...but we have their source code and tweets saying they did it deliberately.
The liability is in their intent. They knowingly hacked/damaged people's computers.
-
Rufus:
I sincerely admire your stamina in defending your viewpoint. It is commendable. I also think it is pointless. If I were to agree with you 100%, and if I conceded that FTDI was doing the right thing and the only thing they could do, it still is a stupid move.
We, the members of this forum, are the "one percenters", or even less. What I mean is that we are the educated, well versed, and experienced few. The rest of the world, the uneducated and inexperienced, will just view this as FTDI broke their gadget. That is all they will know, care to know, and want to know. These "unwashed masses" are the main money flow for FTDI.
Instead of showing the world how bad FTDI has it with counterfeiters, all they have managed to do is piss off their biggest customer base who basically didn't even know that FTDI existed. Well they do now! And how do they know FTDI? They know them as the ones who broke their gadgets. This is what would not call a great PR success.
So the moral high ground goes to FTDI as they sink to the bottom of the ocean. They made themselves famous by breaking things that people own. The sheeple will give not one flying fuck what a company is facing when that company broke their gadget. That is all they know. FTDI loses because they didn't play the social game correctly, morally and legally right or not.
I empathize with anyone fighting against IP and copyright thieves. I am a multimedia producer myself. But as a person dealing with PR and making people feel all warm and fuzzy I can tell that this move was the equivalent of stomping a dog (possibly rabid) to death in a theater whilst wearing my company logo. It was a stupid move, right or wrong.
-
How does MS get out of the liability for all the customer's devices that have been destroyed?
We don't really know how the relationship between MS and driver vendors works. Their contract might specify that all liability is borne by the driver writer, or something along those lines. MS obviously isn't disassembling drivers that are sent in for certification to look for malicious code, so they can point the finger at FTDI if someone asks them why the auto update broke things. At this point, it becomes something for corporate lawyers to figure out. As a user, you can probably sue MS for this, but they might have arrangements in place such that FTDI ends up with all the financial liability either way. MS certainly didn't have any knowledge of this or malicious intent, which is a very important point in civil law.
-
Perhaps we are seeing the pre-trial testing of the expert witness's arguments in support of the Defendant.
-
I sincerely admire your stamina in defending your viewpoint. It is commendable. I also think it is pointless. If I were to agree with you 100%, and if I conceded that FTDI was doing the right thing and the only thing they could do, it still is a stupid move.
I don't that much care if it hurts or helps FTDI. It is the half assed backwards logic, false sense of entitlement and mis-direction of blame in this thread that has annoyed me especially when there are real scum of the earth bad guys in this story. They get no blame at all because no one knows who they are and people whine that they are difficult to find and would rather pretend they don't exist and the fakes they churn out are real.
What FTDI have done has raised awareness of fakes and has caused people to look more closely at their supply chains which in my book is a good thing. If FTDI end up taking one for the team over it then so be it. I thank them anyway.
-
Sooooooooo...
It's glaringly apparent that you can 'reprogram' the PID of a FTDI chip.
It's equally apparent (from the datasheets) that you can also reprogram the VID too.
Perhaps it's time to start writing a 'custom' driver that will 'brick' any device that has a GENUINE FTDI chip in it. (And along the way will also 'unbrick' any device with a fake chip just to be nice)
The only remaining question... Should the 'new' device with the 'GENUINE' FTDI chip be switched to a VID / PID of 0000:0000, or should it be morphed into thinking that it's suddenly become some other, totally unrelated device?
If it's to be the latter, then it would logically have to be morphed into a VID of 0x045E since we already EXPECT any such devices to be 'faulty by design'.
-
What FTDI have done has raised awareness of fakes
What the heck you are talking about? What awareness? They acted silently, didn't they. If there is awareness now it is a byproduct of public outrage after FTDI was caught with their pants down.
-
How does MS get out of the liability for all the customer's devices that have been destroyed?
We don't really know how the relationship between MS and driver vendors works.
I could be wrong (it's happened before) but I thought part of the WHQL process was that your drivers have to undergo a code review at Microsoft. That's why WHQL certification costs so much money.
So either:
a) FTDI hid this new feature from Microsoft
or
b) Microsoft approved of it.
-
Moving on it looks like flaky fakes have been causing problems with FTDI drivers long before they tried to detect them.
http://www.adafruit.com/blog/2014/02/18/ftdi-ft232rl-real-vs-fake/ (http://www.adafruit.com/blog/2014/02/18/ftdi-ft232rl-real-vs-fake/)
You got that ass-backward.
According to your linked article FTDI drivers have deliberately been causing problems for users before when they detected fake chips.
Their drivers corrupted the data being transmitted so it looked like the chips weren't working properly. The chips were working fine, it was the driver deliberately altering the data so it looked like they weren't. I wonder how much money and debugging headaches that little trick cost the world?
Why the sneakiness? Why can't their drivers just come out and say "Your chip is fake!"...?
-
How does MS get out of the liability for all the customer's devices that have been destroyed?
We don't really know how the relationship between MS and driver vendors works.
I could be wrong (it's happened before) but I thought part of the WHQL process was that your drivers have to undergo a code review at Microsoft. That's why WHQL certification costs so much money.
So either:
a) FTDI hid this new feature from Microsoft
or
b) Microsoft approved of it.
For the USB drivers I've had WHQL certified, you create the driver, sign it with your own certificate and run the WHQL test suite on it on your own computers. The results get wrapped up along with the signed driver and sent to Microsoft. Assuming the driver passed the test suite, your driver then gets signed by Microsoft with the WHQL certificate and you download it. That's it.
The WHQL test suite makes sure that your driver installs and uninstalls without causing a BSOD. It also makes sure you don't leave anything behind on uninstall. It tests that your driver responds correctly to certain USB standard requests (power management, device arrival, removal etc.). Depending on the class of the device, there may be other tests.
What the WHQL test suite did not and cannot do is test the effect of vendor control transfers. The whole point of the vendor specified control transfers is that the vendor specifies what they do, not the USB standards. The vendor is responsible for testing that they work correctly.
So, if a vendor makes vendor transfers that 'brick' a device, it is entirely the vendor's responsibility, whether it was done deliberately or not.
I am no fan of Microsoft and the next time I have to do a WHQL test will be too soon, but I really don't see Microsoft being at fault here.
-
I could be wrong (it's happened before) but I thought part of the WHQL process was that your drivers have to undergo a code review at Microsoft. That's why WHQL certification costs so much money.
For the USB drivers I've had WHQL certified, you create the driver, sign it with your own certificate and run the WHQL test suite on it on your own computers. The results get wrapped up along with the signed driver and sent to Microsoft. Assuming the driver passed the test suite, your driver then gets signed by Microsoft with the WHQL certificate and you download it. That's it.
OK ... maybe USB is different because it can't really destabilize Windows (it's just a data transfer device).
-
One thing people need to remember about shrink-wrap/click-wrap EULA's is that they are often written by totally overjealous marketing and business executives who feel an overwhelming need to include language that doesn't stand a chance in hell of being legally binding. A lot of contractual writing includes phrasing which sounds official enough to feel like "law" but all too often just amounts to an incredible amount of bullshit meant to scare someone from taking action or recourse. Patent claims are often similarly ridiculous on this level.
The person who wrote half of that probably understands less about the law of the jurisdictions where it has a chance of coming under the microscope than the arbitrary next person down the chain the software is handed to. Attorneys typically only audit those documents (often loosely); profit motivation and CYA is what pens them.
http://www.regent.edu/acad/schlaw/student_life/studentorgs/lawreview/docs/issues/v16n2/Vol.%2016,%20No.%202,%207%20Condon.pdf (http://www.regent.edu/acad/schlaw/student_life/studentorgs/lawreview/docs/issues/v16n2/Vol.%2016,%20No.%202,%207%20Condon.pdf)
https://digital.law.washington.edu/dspace-law/bitstream/handle/1773.1/395/vol3_no3_art11.pdf?sequence=1 (https://digital.law.washington.edu/dspace-law/bitstream/handle/1773.1/395/vol3_no3_art11.pdf?sequence=1)
-
I don't understand what the fuss about this is other than their obviously poor/abysmal PR spin control.
Simple facts are that from now on its technically not very legal to use counterfeit chips with FTDI drivers (even old drivers). So any counterfeit product that relies on FTDI's default driver is doing so illegally and if using a modern driver will always not work. So end result they are all bricks, Linux/Windows/Mac's driver repositories would either not include the driver at all or would be crossing some legal lines by keeping the older driver around.
Plenty of drivers, software, printers, photocopiers, have literal anti-counterfeiting traps built in (Its all in the EULA thing), even windows has it now as well, intel too, and so on. Attempting to photocopy monetary instruments (a form of counterfeiting which we can all say is very illegal) can and will cause certain photocopiers to brick themselves and lock in a special (call the FBI code) which will probably land someone in jail if they don't realize what the error means (The photocopier will also mangle the output physically and digitally and leave a lot of trace). (Conceivably networked/fax connected ones will literally call the cops) At least FTDI is nice enough not to abuse the driver to rootkit your computer and call the cops if you connect more than x number of fake FTDI chips. (Photoshop also has detections for many types of money as well I think, I believe there is even a standard for currency so devs can design the software to easily detect counterfeiting attempts)
Changing the PID to the "get your own driver" value of 0 is not destructive, changing the clock config and committing that to NV would be very destructive in many cases and would physically/electrically brick the chip/product in a very non-reversible manner. (Just look at the manual there are ways to reprogram the PID even after you mess up but there are far more dire warnings about setting things like external clock enable when you don't have an external clock as fixing this would require physical re-work/modification which for a BGA type one would be basically impossible if the pins are not broken out)
The proper way to phrase their new approach is that FTDI drivers assign unknown chips with an default unknown PID to allow a person to set their own driver up on a different ID. And add on the use of older drivers to circumvent this is a breach of terms. In any case a counterfeit chip even in a 99.9% genuine product is still trash/rework needed.
Write your own driver basically if your going to counterfeit (for the mfg), as the product still works electrically it is just that FTDI is not going to let you use their driver to make it work plug-in play with a signed FTDI driver. (If they are too lazy then the user is going to have a brick.)
-
Plenty of drivers, software, printers, photocopiers, have literal anti-counterfeiting traps built in (Its all in the EULA thing), even windows has it now as well, intel too, and so on.
Again, anyone can write an arbitrary one-sided agreement with whatever amount of utter nonsense penned in there they would like.
Contract validity is altogether something different. Don't assume one simply equates to the other.
As an example... I signed a non-compete with the company I work for when I returned back on with them a few years ago. Except funny how in Oregon it's completely unenforceable because I don't make $69k a year (the median income for a 4-person family). Simple as that, the entire non-compete (with any other clauses they rolled into that specific agreement) nullified. I was kind enough to let them know so they didn't have to hand out any more useless forms to non-execs... ^-^
-
Plenty of drivers, software, printers, photocopiers, have literal anti-counterfeiting traps built in (Its all in the EULA thing), even windows has it now as well, intel too, and so on.
Again, anyone can write an arbitrary one-sided agreement with whatever amount of utter nonsense penned in there they would like.
Contract validity is altogether something different. Don't assume one simply equates to the other.
As an example... I signed a non-compete with the company I work for when I returned back on with them a few years ago. Except funny how in Oregon it's completely unenforceable because I don't make $69k a year (the median income for a 4-person family). Simple as that, the entire non-compete (with any other clauses they rolled into that specific agreement) nullified.
No you don't understand photocopiers will literally brick themselves (only certain models that are a "threat") and if any official tech ever sees the error code (the machine locks out as well and requires service to be unlocked) the legal hammer would come shortly. (Counterfeiting is illegal, no contract is required)
FTDI would be classified as "bricking" the counterfeit chips if they went and messed around with the clock configs to either overclock/source a non-existent clock or just corrupt the entire NV memory. Changing the PID to 0 is not damaging anything. The device won't ever work with the stock FTDI drivers and requires a 3rd party driver to work.
A breaking a non-compete isn't criminal nor uniform, counterfeiting of physical goods is typically very illegal in most of the world.
-
Moving on it looks like flaky fakes have been causing problems with FTDI drivers long before they tried to detect them.
http://www.adafruit.com/blog/2014/02/18/ftdi-ft232rl-real-vs-fake/ (http://www.adafruit.com/blog/2014/02/18/ftdi-ft232rl-real-vs-fake/)
You got that ass-backward.
According to your linked article FTDI drivers have deliberately been causing problems for users before when they detected fake chips.
Their drivers corrupted the data being transmitted so it looked like the chips weren't working properly. The chips were working fine, it was the driver deliberately altering the data so it looked like they weren't. I wonder how much money and debugging headaches that little trick cost the world?
Why the sneakiness? Why can't their drivers just come out and say "Your chip is fake!"...?
Making debugging tricking is actually part of the cat/mouse game. Making your special fake chip detection result in a constant stream of "Your chip is fake!" will literally make finding the code that does the detection trivial in reverse engineering the driver binaries as simple as looking for a constant of that very string.
But if the driver sticks in random bad data for detecting a fake chip and uses clever obfuscation techniques it can require extensive reverse engineering to find it if ever. (This along with any in text stream isn't very nice and is potentially dangerous)
The best option in my opinion (for safety/detection) would probably to just immediately BSOD the machine on enumeration (plugging it in) and give a cryptic error code with debug data so that if someone reports it in they can figure out what types of fakes are out there. Having the driver bring up a msgbox would be an even more dead giveaway for the critical code as it wouldn't really blend in with the background. (I've seen tons of USB devices BSOD my computer or even stall the boot process so most people wouldn't suspect a thing, other than thinking its broken/incompatible)
In the end I think the enterprising counterfeiters will figure out how they are detecting the fakes and you should eventually be able to buy cheap/fake FTDI chips that work with the current driver soon in all likelihood. They already gave away the code by doing something simple like setting the PID to 0 so that too isn't very good implementation on FTDIs part. (Changing the user facing behavior is just going to make it even easier to find)
-
Yep, apparently if you get an old enough driver it should work fine for you. It might be "legitimate" breakage due to missing features or something in the counterfeits, but it appears it was common after a certain driver version. Or just use Linux and they all work fine...
So, could one confirm that no problem what so ever on Linux machines with any FTDI chips even counterfeit ones?
How to recognize those FTDI counterfeit chips? Only when we have them in our hands -they look different or automatic by some kind of communication protocol small differences if any?
Anyway, If those FTDI counterfeit chips works under Linux without any problem and are much cheaper than those original FTDIchip.com "idiots" chips, are there any way to find those counterfeit chips from their competitors and use on custom PCB since this device will never be connected to Micro$oft Window$, but of course embedded Linux system will be used?
Any problems with those FTDI counterfeit chips on small Linux ARM platforms?
Lets forget about company like @ftdichip.com as well as Window$ :o
-
No you don't understand photocopiers will literally brick themselves (only certain models that are a "threat") and if any official tech ever sees the error code (the machine locks out as well and requires service to be unlocked) the legal hammer would come shortly. (Counterfeiting is illegal, no contract is required)
FTDI would be classified as "bricking" the counterfeit chips if they went and messed around with the clock configs to either overclock/source a non-existent clock or just corrupt the entire NV memory. Changing the PID to 0 is not damaging anything. The device won't ever work with the stock FTDI drivers and requires a 3rd party driver to work.
A breaking a non-compete isn't criminal nor uniform, counterfeiting of physical goods is typically very illegal in most of the world.
You're mistaking having a legal argument for being judge, jury and executioner. Whether or not FTDI is "right" or not doesn't matter as either way it fails to give them the legal ground to automatically enforce a decision to destroy the offending device (this would be akin to the owner of a port being the person that decides to seize a shipment of a device he knows infringes on a friend's product, which also happens to be a version of tortious interference). That would be FTDI acting with the same authority as the government agency that actually has the judicial power to do such a thing. Additionally, there's been plenty of posts that get into what likely constitutes "bricked" in the real-world for an average user vs. semantics. You've simply invented your own self-assured definition. It's unlikely to hold up in a court (at least in the U.S.) but hey, whatever floats your boat.
Which is all besides the point anyway. I wasn't even talking about the difference of criminal vs. civil cases. I was only talking about EULAs. Anyone assuming that because joe-blow production manager demanded an EULA clause be inserted that technically allows FTDI's driver to destroy anything that looks like a fake they're all set from a legal standpoint has not thought this through real hard. FTDI's actions are not only (likely) unconscionable but show specific intent. Hell, you might even have gross negligence from failure to inform the end-user as to the action that is being taken. As someone else here or on hackaday has mentioned, the court case almost writes itself.
-
All we need is a picture of someone's grandma laying on the floor in a coma with a USB cable connected to her heart monitor or insulin pump with an new hardware found driver screen on the computer and then USB Device not recognized.
nope. wouldn't happen. medical device = traceable parts down to the lot number and production day
It would be nice if it actually worked that way.
I doubt it does, people have mentioned "audits" yea, big word means nothing other than "we will try to catch you out once now and then having warned you we are coming to have a go so that you have time to put things in order for this one time".
Less face facts, people are dishonest and don't give a shit about anyone but themselves and their bottom line.
-
Another point, FTDI's registered trademarks only covers the words + design:
http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4801:j94gqz.2.1 (http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4801:j94gqz.2.1)
http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4801:j94gqz.2.2 (http://tmsearch.uspto.gov/bin/showfield?f=doc&state=4801:j94gqz.2.2)
Neither are standard character marks (which cover just the letters or word without regard to typeface/font/etc), which means a chip that just shows "FTDI" without the actual logo/design are fine (bit of a stretch but still). Also, in many countries, unless your trademark is registered (i.e. in that country) the best you'll get away with is "passing-off" or civil charges or some kind (not criminal). It's already been shown that the chips themselves are not even a reverse engineered design.
-
Making debugging tricking is actually part of the cat/mouse game. Making your special fake chip detection result in a constant stream of "Your chip is fake!" will literally make finding the code that does the detection trivial in reverse engineering the driver binaries as simple as looking for a constant of that very string.
But if the driver sticks in random bad data for detecting a fake chip and uses clever obfuscation techniques it can require extensive reverse engineering to find it if ever. (This along with any in text stream isn't very nice and is potentially dangerous)
Nope.
They don't need to disassemble FTDI's Windows driver code.
All the cloners care about is the data that appears on their end of the USB bus. You can get big USB debugging tools for that. If FTDI changes anything they'll just compare it with the data sent by last month's (working) driver to see what changed and update their FTDI emulation software accordingly.
-
FTDI would be classified as "bricking" the counterfeit chips if they went and messed around with the clock configs to either overclock/source a non-existent clock or just corrupt the entire NV memory. Changing the PID to 0 is not damaging anything. The device won't ever work with the stock FTDI drivers and requires a 3rd party driver to work.
Word games won't save you in court.
If a machine was working yesterday and stopped working today because of something FTDI knowingly planned/did then they broke some laws.
If enough people complain (and I suggest you do!) then it could even become a class-action lawsuit that destroys their company. I wouldn't shed any tears, the world doesn't need companies that think/act like FTDI.
-
Has anyone actually taken them to court yet?
Someone in the UK with a product that was bricked by the driver could easily take them to Small Claims Court. It costs about £30 IIRC, and you don't need a lawyer or anything. The venue will be your local court, so they would have to come down from Scotland to where you are if they want to defend it. You can claim for the cost of a replacement Arduino or whatever, plus the £30 court fee and any time you took off work, bus fare etc.
Small claims can be a lottery, even for cases that don't involve highly technical issues. I'm not sure what happens where a case is deemed too complex to use the Small Claims track but I guess it could get expensive.
At the very least you'd probably have to hire an expert witness, the cost of whoch would probably not be recoverable.
-
This must be the first time, but I agree with Rufus.
I don't see any reason why FTDI's driver can't do what it wants to any device that enumerates as one manufactured by FTDI. Those devices could and probably are giving FTDI a bad name. Some times the shit has to hit the fan to make your point. ie. Which manufacturers are supplying fake FTDI chips.
FTDI in retrospect is probably wishing they hadn't gone down this path though.
As to what is legal or not, who knows, nobody yet, and it would depend upon your legal jurisdiction anyway so it's probably going to be a whole range of outcomes.
No sarcasm here,
whoch is a nice word, whoch could be added to the English language.
-
Has anyone actually taken them to court yet?
Someone in the UK with a product that was bricked by the driver could easily take them to Small Claims Court. It costs about £30 IIRC, and you don't need a lawyer or anything. The venue will be your local court, so they would have to come down from Scotland to where you are if they want to defend it. You can claim for the cost of a replacement Arduino or whatever, plus the £30 court fee and any time you took off work, bus fare etc.
Small claims can be a lottery, even for cases that don't involve highly technical issues. I'm not sure what happens where a case is deemed too complex to use the Small Claims track but I guess it could get expensive.
At the very least you'd probably have to hire an expert witness, the cost of whoch would probably not be recoverable.
Quite the UK is a shit hole of very little consumer rights, dedicated "overseeing bodies" are more interested in procedures :blah: :blah: :blah: Trading standards won't talk to the public and the cittizens advice beureu (CAB) are a charity that run the "Consumer direct helpline" that you have to make contact with and thre then put it through trading standards if they feel it's worth it, they are totally non technical.
I have already been down this route for that stupid fraudulent course I was put on that was technically flawed (I said technically, no matters of opinion), CAB the consumer helpline said go find your own expert witness and Ofqual which is the government regulator are a load of bollocks because they are not interested in any claim of fraud and have no interest in the qulaity of teaching materials and told me to go to trading standards (if only... sigh...), all they are interested in is if the private company that oversees the private company I got my course from followed their procedures in dealing with the company i bought the materials from, they have no interest in the company i dealt with they will only go one level down.
Welcome to the total lack of consumer rights in the UK! oh and half of the laws you think apply don't because Scottish laws apply to Scottish companies and so it adds complexity. I wished to god they got their fucking independence in name because they have it in fact anyway and take the piss!
-
This must be the first time, but I agree with Rufus.
I don't see any reason why FTDI's driver can't do what it wants to any device that enumerates as one manufactured by FTDI. Those devices could and probably are giving FTDI a bad name. Some times the shit has to hit the fan to make your point. ie. Which manufacturers are supplying fake FTDI chips.
FTDI in retrospect is probably wishing they hadn't gone down this path though.
As to what is legal or not, who knows, nobody yet, and it would depend upon your legal jurisdiction anyway so it's probably going to be a whole range of outcomes.
No sarcasm here,
whoch is a nice word, whoch could be added to the English language.
It would seem the linux drivers do not belong to FTDI and anyone can write a driver to work with the chips if they choose. The problem here is that there are 2 tings: Software copyright, and counterfeiting of physical goods. FTDI don't seem to care about the counterfeiting but the software copyright, so instead of dealing with the software copyright they damage peoples goods which are fully functional units that don't necessarily need their drivers.
-
Fwiw, I don't think FTDI actually care much about protecting their innovation. Serial-USB drivers aren't that innovative really and I haven't seen FTDI do anything out-of-the-box ever.
This smells to me like "hey, since we don't have anymore good ideas... how else can we make more money without oozing disingenuity ??"
-
Fwiw, I don't think FTDI actually care much about protecting their innovation. Serial-USB drivers aren't that innovative really and I haven't seen FTDI do anything out-of-the-box ever.
This smells to me like "hey, since we don't have anymore good ideas... how else can we make more money without oozing disingenuity ??"
Exactly what I've been saying, hence I'll not touch them as i have no interest in a company that is probably about to go under and the desperation of this move leads me to that conclusion.
-
I'm inclined to agree. Why is it that, even with a completely fresh, straight-off-the-DVD installation of Windows, I can get a picture on my monitor, use my keyboard and mouse and access storage devices, but not send "hello world" to a COM port?
Perhaps the real problem here is the lack of a standard way to access a USB connected COM port, and a standard driver that performs this basic function. Relying on manufacturer-specific drivers seems like a fundamental omission.
If I can plug in a mouse and have it 'just work', why not a serial port?
-
I'm inclined to agree. Why is it that, even with a completely fresh, straight-off-the-DVD installation of Windows, I can get a picture on my monitor, use my keyboard and mouse and access storage devices, but not send "hello world" to a COM port?
Perhaps the real problem here is the lack of a standard way to access a USB connected COM port, and a standard driver that performs this basic function. Relying on manufacturer-specific drivers seems like a fundamental omission.
If I can plug in a mouse and have it 'just work', why not a serial port?
I think it's something to do with requiring a mouse, keyboard and monitor as a minimum requirement to interact with the machine and be able to install manufacturer specific drivers, infact a driver is not even needed, how do you think you can get into a PC's bios with no windows installed or drivers running. I'm sure it's also part down to harware manufacturers agreeing a base minimum standard/protocol else the whole thing fails to even work. Com ports on USB are not essential, they are additions to the most basic system. But yes I can't see why all of these devices can't use a generic driver. I think ram memory does not need a driver for a reason, if you have to boot the machine to load the driver you can't boot the machine, it's chicken and egg
-
May have already been posted, but it seems that FTDI have released their driver source code here:
https://lkml.org/lkml/2014/10/23/129
-
I get the technical argument... it's more of a philosophical point, really. For something that's inherently manufacturer-specific like, say, a debug adapter for an MCU, or a piece of instrumentation, then I've no problem with a particular driver being needed.
A COM port, though, is a completely uninteresting, commodity item that either works or it doesn't. The lack of a common interface standard and baseline driver (as a part of the OS) seems like a glaring omission.
-
All FTDI had to do do keep counterfitters at bay was to not let the latest driver or any after it work and recommend that the last usable version was installed. Before long people would be flocking to buy genuine chips or make more effort to not get stung. The old driver could be available from FTDI only officially causing so much hassle for fakes that people would want genuine while not actually doing any damage.
-
May have already been posted, but it seems that FTDI have released their driver source code here:
https://lkml.org/lkml/2014/10/23/129
No, this is a 'funny' patch for the Linux kernel to make Linux brick non-original devices.
-
May have already been posted, but it seems that FTDI have released their driver source code here:
https://lkml.org/lkml/2014/10/23/129
This is a joke, and the author of that patch works for TI.
Later on in the thread, there's a useful patch which teaches the kernel to load the FTDI-compatible driver for devices with PID 0x0000, thereby fixing devices broken by the Windows driver.
-
No you don't understand photocopiers will literally brick themselves (only certain models that are a "threat") and if any official tech ever sees the error code (the machine locks out as well and requires service to be unlocked) the legal hammer would come shortly. (Counterfeiting is illegal, no contract is required)
In the unlikely event that any of that is true, please name the manufacturers and jurisdictions in question, so that I may avoid them.
The fact that a copier thinks it has seen a Eurion (http://en.wikipedia.org/wiki/EURion_constellation) constellation is nowhere near grounds to brick itself, let alone prosecute anybody.
-
No you don't understand photocopiers will literally brick themselves (only certain models that are a "threat") and if any official tech ever sees the error code (the machine locks out as well and requires service to be unlocked) the legal hammer would come shortly. (Counterfeiting is illegal, no contract is required)
In the unlikely event that any of that is true, please name the manufacturers and jurisdictions in question, so that I may avoid them.
The fact that a copier thinks it has seen a Eurion (http://en.wikipedia.org/wiki/EURion_constellation) constellation is nowhere near grounds to brick itself, let alone prosecute anybody.
I think this idea was proposed some 10 years or more ago and received scorn all around due to it's stupidity and impracticability.
-
All FTDI had to do do keep counterfitters at bay was...
What have they got against people who install kitchens?
-
All FTDI had to do do keep counterfitters at bay
What have they got against people who install kitchens?
:-+ :-DD :-DD :-DD :-DD well at least I spelt it right |O
-
All FTDI had to do do keep counterfitters at bay
What have they got against people who install kitchens?
well at least I spelt it right
What does dinkel wheat have to do with FTDI drivers?
-
All FTDI had to do do keep counterfitters at bay
What have they got against people who install kitchens?
well at least I spelt it right
What does dinkel wheat have to do with FTDI drivers?
oh god lighten up, if you want the latest just start reading from the start, at this stage we are just going round in circles anyway with new comers jumping in at the end as they just found us. Until FTDI make another move (assuming they dare flinch) theres nothing new to say around here. I think we have a world wide record for the thread that stayed on topic for so many posts :palm:
-
I am still fairly new to Electronic Engineering. I was going to make something using a FTDI part but with all of the conservancy I don't want to use them. What is a good alternative to FTDI?
-
well at least I spelt it right
What does dinkel wheat have to do with FTDI drivers?
Not sure how serious that comment was, but in case you are unaware, spelt is not a misspelling, but the preferred spelling of "spelled" in British English.
-
well at least I spelt it right
What does dinkel wheat have to do with FTDI drivers?
Not sure how serious that comment was, but in case you are unaware, spelt is not a misspelling, but the preferred spelling of "spelled" in British English.
Well I am a little dyslexic, see what you mean, is "dinkel wheat" anything in particular ?
-
I am still fairly new to Electronic Engineering. I was going to make something using a FTDI part but with all of the conservancy I don't want to use them. What is a good alternative to FTDI?
CP210x from Silabs. I have used these in the past and they are actually more stable than the FT232 in a nasty electrical environment. An FT232 often stops when something at the UART side is switched on/off. In my experience a CP2102 is much less prone to this behaviour. Anyway, I need an RS485 board so I'm going to combine that into an existing FT232 design and use a CP2102 instead.
-
I am still fairly new to Electronic Engineering. I was going to make something using a FTDI part but with all of the conservancy I don't want to use them. What is a good alternative to FTDI?
Ten seconds with google:
http://www.ti.com/product/tusb3410 (http://www.ti.com/product/tusb3410)
http://www.microchip.com/wwwproducts/devices.aspx?dDocName=en546923 (http://www.microchip.com/wwwproducts/devices.aspx?dDocName=en546923)
-
well at least I spelt it right
What does dinkel wheat have to do with FTDI drivers?
Not sure how serious that comment was, but in case you are unaware, spelt is not a misspelling, but the preferred spelling of "spelled" in British English.
Hoist with my own petard... :-DD
-
I don't understand what the fuss about this is other than their obviously poor/abysmal PR spin control.
Simple facts are that from now on its technically not very legal to use counterfeit chips with FTDI drivers (even old drivers). So any counterfeit product that relies on FTDI's default driver is doing so illegally and if using a modern driver will always not work. So end result they are all bricks, Linux/Windows/Mac's driver repositories would either not include the driver at all or would be crossing some legal lines by keeping the older driver around.
Apparently you haven't been reading the previous few dozen pages, but I've already posted this:
http://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984#Reverse_engineering_not_prohibited (http://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984#Reverse_engineering_not_prohibited)
The SCPA permits competitive emulation of a chip by means of reverse engineering.
FTDI might not like it but they don't have an exclusive right to the API their chips use. The only way around this is a patent, but I haven't seen them claiming anything about patents here...
And for this same reason the "FTDI-compatible" serial cables that use a COB package are completely legal since there is nothing in them branded FTDI. They may have FTDI's VID:PID but those are necessary for interoperability and those numbers cannot be copyrighted.
-
Then we face a situation where a massive amount of lawsuits is a real danger for the company.....and maybe Microsoft also are in danger. It could be a good thing to get the courts in play just to make sure noone else bricks peoples equipment in the future.
-
Moving on it looks like flaky fakes have been causing problems with FTDI drivers long before they tried to detect them.
http://www.adafruit.com/blog/2014/02/18/ftdi-ft232rl-real-vs-fake/ (http://www.adafruit.com/blog/2014/02/18/ftdi-ft232rl-real-vs-fake/)
You got that ass-backward.
According to your linked article FTDI drivers have deliberately been causing problems for users before when they detected fake chips.
Their drivers corrupted the data being transmitted so it looked like the chips weren't working properly. The chips were working fine, it was the driver deliberately altering the data so it looked like they weren't. I wonder how much money and debugging headaches that little trick cost the world?
Why the sneakiness? Why can't their drivers just come out and say "Your chip is fake!"...?
But if the driver sticks in random bad data for detecting a fake chip and uses clever obfuscation techniques it can require extensive reverse engineering to find it if ever. (This along with any in text stream isn't very nice and is potentially dangerous)
The much more plausible explanation is the fakes were flakey and didn't work with some driver improvement. The article I linked said "The guy at FTDI seemed truly excited to get samples of chips from the same lot that both worked and failed".
How could the FTDI driver choose to corrupt operation of some fake chips and not others and do the same thing every time for the same chip? Why would they choose to ignore some fakes even if they could. They would have to keep a database of fake chip serial numbers that they had chosen to ignore or base it on some property of the chip serial number.
-
CP210x from Silabs. I have used these in the past and they are actually more stable than the FT232 in a nasty electrical environment. An FT232 often stops when something at the UART side is switched on/off. In my experience a CP2102 is much less prone to this behaviour. Anyway, I need an RS485 board so I'm going to combine that into an existing FT232 design and use a CP2102 instead.
Do they run on OSX, Linux and Windows without having to install drivers?
-
If a machine was working yesterday and stopped working today because of something FTDI knowingly planned/did then they broke some laws.
The machine was working yesterday because you were stealing FTDI drivers. The machine is not working today because FTDI stopped you stealing their drivers.
Why don't you try stealing something from a shop and see how far you get accusing a cop taking back that something of theft?
-
If a machine was working yesterday and stopped working today because of something FTDI knowingly planned/did then they broke some laws.
The machine was working yesterday because you were stealing FTDI drivers. The machine is not working today because FTDI stopped you stealing their drivers.
Why don't you try stealing something from a shop and see how far you get accusing a cop taking back that something of theft?
Why don't you stop trolling this thread with ludicrous assertions and terminally flawed analogies?
-
CP210x from Silabs. I have used these in the past and they are actually more stable than the FT232 in a nasty electrical environment. An FT232 often stops when something at the UART side is switched on/off. In my experience a CP2102 is much less prone to this behaviour. Anyway, I need an RS485 board so I'm going to combine that into an existing FT232 design and use a CP2102 instead.
Do they run on OSX, Linux and Windows without having to install drivers?
They run on Linux for sure. The Linux driver is from 2005. On Windows you have to install a driver but that is true fro any USB-to-serial device. Actually installing a driver manually is quicker than waiting several minutes before Windows finds the driver by itself. You can download a driver for OSX from Silabs if it doesn't work out of the box. The CP210x devices are used a lot and have been around for over a decade.
-
If a machine was working yesterday and stopped working today because of something FTDI knowingly planned/did then they broke some laws.
The machine was working yesterday because you were stealing FTDI drivers. The machine is not working today because FTDI stopped you stealing their drivers.
Why don't you try stealing something from a shop and see how far you get accusing a cop taking back that something of theft?
Again a silly analogy, but as you insist: it's like when my grandmother moved to the UK from italy in 1945. At that time us britts were a bit more ignorant and stupid than we are now regarding food and her local fish monger was happy to give her all the squid she wanted "for the dogs". What she didn't know my grandmother was actually cooking it for the family. Then her sister in law who was a nasty bitch went and told the fish monger that she was feeding it to the family not the dogs. So next time my grandmother wanted squid "for the dogs" (which incidentally the fish monger usually threw away) she charged my grandmother for them. However because my grandmother had eaten loads of the free squid the fish monger did not shoot my grandmother............. :phew: :palm:
-
Hi,
A slight debacle, but seems FTDI might not be quite dead in the water just yet. Have this wizard new processor will be announcing sometime soonish!
http://www.mikroe.com/forum/viewtopic.php?f=185&t=61797 (http://www.mikroe.com/forum/viewtopic.php?f=185&t=61797)
Hopefully my fake FT232RL will be able to talk to it!?
Mike.
-
Why don't you try stealing something from a shop and see how far you get accusing a cop taking back that something of theft?
I love to see the reaction if I take a free piece of saucage from the butcher shop and feed it to my dog :palm: What is the butcher going to do legally even if he puts up a sign saying 'don't give free saucage samples to your pets' ? Remember FTDI gives the drivers away for free!
-
The machine was working yesterday because you were stealing FTDI drivers. The machine is not working today because FTDI stopped you stealing their drivers.
Why don't you try stealing something from a shop and see how far you get accusing a cop taking back that something of theft?
Bad analogy again, the board is not 'stolen' but FTDI damaged it anyway. With your analogy, FTDI should delete their driver from your computer to 'take it back'.
Anyway, it's clear now that designing with FTDI is a risky choice.
-
I love to see the reaction if I take a free piece of saucage from the butcher shop and feed it to my dog :palm: What is the butcher going to do legally even if he puts up a sign saying 'don't give free saucage samples to your pets' ? Remember FTDI gives the drivers away for free!
"FTDI drivers may be used only in conjunction with products based on FTDI parts"
Free and only licensed for use with FTDI parts not with fakes and clones of FTDI parts.
Bad analogy again, the board is not 'stolen' but FTDI damaged it anyway. With your analogy, FTDI should delete their driver from your computer to 'take it back'.
Correcting an invalid PID isn't damage. The 'board' still works under Linux with a driver update so it clearly isn't damaged. The machine is not working today because you don't have any driver for the fake chip.
-
The machine was working yesterday because you were stealing FTDI drivers. The machine is not working today because FTDI stopped you stealing their drivers.
Why don't you try stealing something from a shop and see how far you get accusing a cop taking back that something of theft?
Bad analogy again, the board is not 'stolen' but FTDI damaged it anyway. With your analogy, FTDI should delete their driver from your computer to 'take it back'.
Anyway, it's clear now that designing with FTDI is a risky choice.
I'm with Zapta.
AT WORST it is a trademark violation of the cloning fabs, since FTDI IP wasn't used in creating the chips, and the chips were labeled FTDI. It's the labeling that's the issue, unless FTDI have some patents on USB<->Serial conversion which were infringed.
There's no excuse for them to have rendered hardware inoperable. Warn the end-user? PLEASE. Disable, for all intents and purposes, end-user hardware? NO, no no NO NO NO NO NO.
-
Correcting an invalid PID isn't damage. The 'board' still works under Linux with a driver update so it clearly isn't damaged. The machine is not working today because you don't have any driver for the fake chip.
Damage: "physical harm caused to something in such a way as to impair its value, usefulness, or normal function."
-
Hi,
A slight debacle, but seems FTDI might not be quite dead in the water just yet. Have this wizard new processor will be announcing sometime soonish!
http://www.mikroe.com/forum/viewtopic.php?f=185&t=61797 (http://www.mikroe.com/forum/viewtopic.php?f=185&t=61797)
Hopefully my fake FT232RL will be able to talk to it!?
Mike.
Exactly, with products like that why do they need to be so stupid over such a small thing ? they have just damaged their reputation for use of their more expensive and cutting edge technology..........
-
The machine was working yesterday because you were stealing FTDI drivers. The machine is not working today because FTDI stopped you stealing their drivers.
"Stealing" is theft, the taking of property with intent to permanently deprive the owner. Using a software driver without consent of the copyright holder is more akin to pillage and murder on the high seas, so we prefer to call it "piracy" or "terrorism".
Most people do not demand that FTDI's precious drivers work with counterfeit chips, just that they not intentionally destroy them.
Apparently you are sure that you never have and never will obtain a device containing a fake FT232. Apparently you think that anyone who has obtained such a device is a cheapskate who thoroughly deserves to have their hardware bricked, possibly long after it is out of warranty,
Even disregarding how wrong you are about that, you ignore the effects on FTDI's reputation. They quickly back-tracked, but you continue to defend their original, malicious, behavior. Previously it was suggested you were an FTDI shill, but I think you are more likely an anti-FTDI shill, defending a policy long discontinued in order to sow further doubt.
-
I tried the new counterfeit-crippling driver with my pool of FTDI-based cables, boards ...
It seems I got 3 counterfeit chips after all. Anyway, using the FTDI chips might be a risky business even in the future. :phew:
I have a couple of CP210x and they're fine however they seem hard to get sometimes. Has anyone tried the MCP2221 from Microchip?
-
On the subject of currency copying that was discussed earlier. I was once I.T. Manager at a company that had a high-end Xerox color copier installed in the Advertizing and Sales Department. The handbook warned us that internal software would prevent making copies of bank notes so with the installation engineer present I tested this with a brand new 20 Euro note.
The machine printed a copy of the note but with the Xerox logo in the center, it then shut down and would not restart until the installation engineer reset an internal flag (could have been an EEPROM or flash) using his laptop. The machine did NOT phone home but the particular internal flag was only set after attempting to copy currency.
Now back to our regular programming :)
-
"FTDI drivers may be used only in conjunction with products based on FTDI parts"
That's like saying Microsoft Office telling people in the EULA that they aren't allowed to write hate mail with it. It's both silly and useless.
-
I could be wrong (it's happened before) but I thought part of the WHQL process was that your drivers have to undergo a code review at Microsoft. That's why WHQL certification costs so much money.
For the USB drivers I've had WHQL certified, you create the driver, sign it with your own certificate and run the WHQL test suite on it on your own computers. The results get wrapped up along with the signed driver and sent to Microsoft. Assuming the driver passed the test suite, your driver then gets signed by Microsoft with the WHQL certificate and you download it. That's it.
OK ... maybe USB is different because it can't really destabilize Windows (it's just a data transfer device).
A kernel mode USB driver sure can destabilize any operating system and cause panics/BSODs/whatever your OS calls it. The WHQL test suite makes (most?) all the calls to the driver that every USB driver/device must support, but as I said, the driver can make vendor specific calls that the WHQL tests cannot validate.
As for deliberate BSODs, that is the absolute worst thing they could do. Bricking the device is bad enough, but potentially trashing my filesystem is much worse. Besides, if I get A BSOD, I run WinDbg on the dump and look for the cause. If I were to see an FTDI driver as the cause, I would think that FTDI write crappy drivers and it is yet another reason to avoid them like the plague, just like I avoid Prolific chips now. (I have a most-likely-counterfeit 'Prolific' USB-serial cable. New drivers refuse to load; old drivers BSOD as soon as you transfer any reasonable amount of data. That the BSOD was deliberate was news to me... I had assumed bad drivers or bad chip. The result was that I used to advise that one should use FTDI based cables rather than Prolific. )
-
So I'm dumb and the clone detector tool that I linked before relied on a patched libftdi (which I hacked up when this saga started and then forgot about...)
So instead I rewrote it to use libusb and made it a lot more useful. Now it can:
- Tell you if you have a clone chip
- Fix bricked clones (by undoing exactly what the FTDI driver did, restoring the PID to 6001 but also reverting the value at 0x3e - this might fix string data corruption if your strings area was full when the FTDI driver did its dirty work, or if user data was in use)
- NEW: immunize clone chips against the evil driver by deliberately breaking the EEPROM checksum. This reverts all settings to defaults (and loses the serial number), but if those work for you, then FTDI's driver will not brick your device and will happily work with it. You can also revert this change.
https://mrcn.st/t/ftdi_clone_tool.py
Tested on both real devices (where it refuses to do anything) and on clones (where all of the above works; I tested it against FTDI's driver too).
A big thanks to marcan for this script. I have a couple of devices that came from unknown sources in China and which I suspected may contain fake FTDI chips. marcan's script has confirmed that both devices actually contain genuine FTDI chips which came as a bit of a surprise.
One thing to note is that when running the script I was getting the following timeout error:-
Detecting device...
Found FTDI FT232R device (0403:6001)
Traceback (most recent call last):
File "ftdi_clone_tool.py", line 234, in <module>
sys.exit(main())
File "ftdi_clone_tool.py", line 106, in main
dev.unlock_eeprom()
File "ftdi_clone_tool.py", line 68, in unlock_eeprom
timeout=self.timeout)
File "/usr/local/lib/python2.7/site-packages/usb/legacy.py", line 205, in controlMsg
timeout = timeout)
File "/usr/local/lib/python2.7/site-packages/usb/core.py", line 971, in ctrl_transfer
self.__get_timeout(timeout))
File "/usr/local/lib/python2.7/site-packages/usb/backend/libusb0.py", line 528, in ctrl_transfer
timeout
File "/usr/local/lib/python2.7/site-packages/usb/backend/libusb0.py", line 380, in _check
raise USBError(errmsg, ret)
usb.core.USBError: [Errno None] error sending control message: Connection timed out
To resolve this I needed to update the self.timeout value on line 60 to something higher than 100. An extended timeout may have been needed because my Linux distro is running under a VM within Windows so it might well take the VM longer to talk to the USB port devices (I'm not sure) but after a few unsuccessful attempts at slightly larger values I eventually found that a value of 2000 worked successfully under my setup.
-
The machine was working yesterday because you were stealing FTDI drivers. The machine is not working today because FTDI stopped you stealing their drivers.
"Stealing" is theft, the taking of property with intent to permanently deprive the owner. Using a software driver without consent of the copyright holder is more akin to pillage and murder on the high seas, so we prefer to call it "piracy" or "terrorism".
Most people do not demand that FTDI's precious drivers work with counterfeit chips, just that they not intentionally destroy them.
Yawn - I shall continue to call unlicensed use of software stealing for as long as other call modifying a USB device PID destroying.
-
Don't care if it's legal. Don't care if it's ethical. Don't care if it's destruction or not destruction. Don't care if it's reversable.
From the perspective of a designer, FTDI has just introduced considerable risk in using their product. That's all that matters to a designer. "I might get burned if I use this part - even if I specify genuine parts." Well - there are several alternatives without that risk - so that's what I'm going to use from now on. I just pulled an FTDI chip from a new design today in fact - I'm sure I'm not the only one.
-
[...] The result was that I used to advise that one should use FTDI based cables rather than Prolific. )
And there is the moneyshot of this whole debacle.
Why are companies using FTDI in the first place? Because FTDI chips work(ed), pretty much no matter what.
Maybe because they have better supply chain controls.
Maybe because the FTDI fakes, if someone slipped you them into the supply chain, are better than the others.
We now know that FTDI, unlike Prolific, did not play games with their drivers - so far. We also know from decapped fakes that at least some of them use newer production methods than the originals.
Maybe someone in CN said "Gee, reproducing the functions of the FT232 is so damn easy, lets go all the way so that we don't get complaints and have to do it again next month." Because guess what, selling chips for profit that are known not to work is damn hard even if you trade in counterfeits.
Now you have a situation where products that tested perfectly fine in manufacturing could be bricked bay a parts supplier days or even years after they have been sold. Not cool and definitely a red flag for any company.
-
Yep, apparently if you get an old enough driver it should work fine for you. It might be "legitimate" breakage due to missing features or something in the counterfeits, but it appears it was common after a certain driver version. Or just use Linux and they all work fine...
So, could one confirm that no problem what so ever on Linux machines with any FTDI chips even counterfeit ones?
How to recognize those FTDI counterfeit chips? Only when we have them in our hands -they look different or automatic by some kind of communication protocol small differences if any?
Anyway, If those FTDI counterfeit chips works under Linux without any problem and are much cheaper than those original FTDIchip.com "idiots" chips, are there any way to find those counterfeit chips from their competitors and use on custom PCB since this device will never be connected to Micro$oft Window$, but of course embedded Linux system will be used?
Any problems with those FTDI counterfeit chips on small Linux ARM platforms?
Lets forget about company like @ftdichip.com as well as Window$ :o
Technically what your talking about doing is illegal especially since your willingly attempting to get counterfeit chips. The legal way would be to find an FTDI pin compatible but non-FTDI PID/non-FTDI labeled chip.
-
I am still fairly new to Electronic Engineering. I was going to make something using a FTDI part but with all of the conservancy I don't want to use them. What is a good alternative to FTDI?
Ten seconds with google:
http://www.ti.com/product/tusb3410 (http://www.ti.com/product/tusb3410)
http://www.microchip.com/wwwproducts/devices.aspx?dDocName=en546923 (http://www.microchip.com/wwwproducts/devices.aspx?dDocName=en546923)
Ten seconds on the datasheet. Both require 12Mhz external oscillators and so on. I like FTDI's design and functionality.
-
From the perspective of a designer, FTDI has just introduced considerable risk in using their product. That's all that matters to a designer. "I might get burned if I use this part - even if I specify genuine parts."
You might get burned by fakes of unknown quality and origin regardless of which manufacturer they are faking.
You are saying that you will choose a part which is more likely to let you get away with shipping low quality shit - nice one, care to let us know what products we should be avoiding?
In the future I will be taking the use of FTDI parts as an indication of a supplier who cares about the quality of their products and has confidence in their supply chain.
-
The machine was working yesterday because you were stealing FTDI drivers. The machine is not working today because FTDI stopped you stealing their drivers.
"Stealing" is theft, the taking of property with intent to permanently deprive the owner. Using a software driver without consent of the copyright holder is more akin to pillage and murder on the high seas, so we prefer to call it "piracy" or "terrorism".
Most people do not demand that FTDI's precious drivers work with counterfeit chips, just that they not intentionally destroy them.
Yawn - I shall continue to call unlicensed use of software stealing for as long as other call modifying a USB device PID destroying.
Source: http://www.thefreedictionary.com/steal (http://www.thefreedictionary.com/steal)
steal (stl)
v. stole (stl), sto·len (stln), steal·ing, steals
v.tr.
1. To take (the property of another) without right or permission.
2. To present or use (someone else's words or ideas) as one's own.
3. To get or take secretly or artfully: steal a look at a diary; steal the puck from an opponent.
4. To give or enjoy (a kiss) that is unexpected or unnoticed.
5. To draw attention unexpectedly in (an entertainment), especially by being the outstanding performer: The magician's assistant stole the show with her comic antics.
6. Baseball To advance safely to (another base) during the delivery of a pitch, without the aid of a base hit, walk, passed ball, or wild pitch.
Source: http://www.thefreedictionary.com/destroy (http://www.thefreedictionary.com/destroy)
de·stroy (d-stroi)
v. de·stroyed, de·stroy·ing, de·stroys
v.tr.
1. To ruin completely; spoil: The ancient manuscripts were destroyed by fire.
2. To tear down or break up; demolish. See Synonyms at ruin.
3. To do away with; put an end to: "In crowded populations, poverty destroys the possibility of cleanliness" (George Bernard Shaw).
4. To kill: destroy a rabid dog.
5. To subdue or defeat completely; crush: The rebel forces were destroyed in battle.
6. To render useless or ineffective: destroyed the testimony of the prosecution's chief witness.
@Rufus
(http://3.bp.blogspot.com/-CHlUlfxJMyQ/U0TP4oTq-HI/AAAAAAAAMHQ/8-dIJfIK_vU/s1600/stifling.png)
-
On the subject of currency copying that was discussed earlier. I was once I.T. Manager at a company that had a high-end Xerox color copier installed in the Advertizing and Sales Department. The handbook warned us that internal software would prevent making copies of bank notes so with the installation engineer present I tested this with a brand new 20 Euro note.
The machine printed a copy of the note but with the Xerox logo in the center, it then shut down and would not restart until the installation engineer reset an internal flag (could have been an EEPROM or flash) using his laptop. The machine did NOT phone home but the particular internal flag was only set after attempting to copy currency.
Now back to our regular programming :)
It probably also prints your machine Serial No and various other info on the color printouts in any case (the yellow dot pattern) its a good way to verify important documents yourself and is probably worse than phone in since every color document has the info, timestamp, ...
-
Technically using a driver that says FTDI with a non physically FTDI chip is stealing since your both using their software and hardware IP directly but illegitimately.
Modifying the PID is not breaking anything the device still works properly and if you wrote your own driver it would communicate with that. And if you get WHQL certification your driver can be plug-in play as well. Kills is a poor way to say it in reality it is just the drivers that are saying get your own driver.
If they killed the chips electrically which is possible via the config then that would be considered breaking it.
-
I don't understand what the fuss about this is other than their obviously poor/abysmal PR spin control.
Simple facts are that from now on its technically not very legal to use counterfeit chips with FTDI drivers (even old drivers). So any counterfeit product that relies on FTDI's default driver is doing so illegally and if using a modern driver will always not work. So end result they are all bricks, Linux/Windows/Mac's driver repositories would either not include the driver at all or would be crossing some legal lines by keeping the older driver around.
Apparently you haven't been reading the previous few dozen pages, but I've already posted this:
http://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984#Reverse_engineering_not_prohibited (http://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984#Reverse_engineering_not_prohibited)
The SCPA permits competitive emulation of a chip by means of reverse engineering.
FTDI might not like it but they don't have an exclusive right to the API their chips use. The only way around this is a patent, but I haven't seen them claiming anything about patents here...
And for this same reason the "FTDI-compatible" serial cables that use a COB package are completely legal since there is nothing in them branded FTDI. They may have FTDI's VID:PID but those are necessary for interoperability and those numbers cannot be copyrighted.
Yes reverse engineering is allowed but branding something FTDI and using FTDI's software is not legal. Pin compatible, PID 0, unmarked FTDI chips are legal and technically function the same.
I'm talking about reverse engineering the software to find out any detection means or additional hidden functions. (Last time I checked the driver is not a semiconductor chip but a file on your computer, which goes into the DMCA land of things)
-
Can someone create a tool to reproduce the "kill" operation of the 2.12 driver? If this is a "thing" that can happen, I'd prefer to add a few seconds of production test time to screen parts that might cause the end-user grief down the road. This is, in essence, a vulnerability without a clear way to patch it - so the easiest route I can do is attempt to brick any devices that might get a non genuine part in the lot. (I buy all my parts from Mouser and Digikey, but they're not omnipotent or flawless).
Here is some code that will non-destructively test for clones and also fix them if bricked.
https://mrcn.st/t/ftdi_clone_tool.py
It should work on a Linux system with Python2 and libftdi1 with Python bindings. I have not tested it on clones as I don't have any, but I believe it should work. AIUI libftdi also works on Mac OS X and Windows, so you should be able to get it to work on those OSes too.
It should work on a Linux system with Python2 and PyUSB. I have tested it and it accurately detects and restores clones. It should also work on Windows and Mac OS X if you have PyUSB with a working backend installed (although I guess Windows > XP might still complain about the zero PID; haven't tested that, if you do please report back).
Edit: I am dumb and forgot that I was using a patched libftdi1 to make this work. Rewrote the entire thing to use libusb instead. You need PyUSB (under Ubuntu, apt-get install python-usb).
I tested several of my el cheapo FTDI device under Windows7 (Python 2.7.8 and pyusb-1.0.0.b2, used Zadig to exchange driver with libusb) and they were all detected as genuine. I'm honestly surprised. They were ultra cheap and I bought them from the typical eBay dealers you would suspect now to have sold you clones. Note that I was aware at that time that clones even existed.
-
Technically using a driver that says FTDI with a non physically FTDI chip is stealing since your both using their software and hardware IP directly but illegitimately.
Modifying the PID is not breaking anything the device still works properly and if you wrote your own driver it would communicate with that. And if you get WHQL certification your driver can be plug-in play as well. Kills is a poor way to say it in reality it is just the drivers that are saying get your own driver.
If they killed the chips electrically which is possible via the config then that would be considered breaking it.
How can that first example be stealing by the way, when it's not physically taking or copying anything.
I've posted this before in the thread, the way their EULA is like so:
The licence only allows use of the Software with, and the Software will only work with Genuine FTDI Components (as defined in the Licence Terms). Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.
It is your responsibility to make sure that all chips you use the Software as a driver for are Genuine FTDI Components. If in doubt then contact FTDI.
That sounds like the driver is intended to be used with FTDI, and it's not tested beyond that. The damage sounds more like a disclaimer than anything else. It's my own responsibility to check on this, otherwise I may get trouble.
Doesn't that mean that is a FTDI-compatible (not saying FTDI-marked; because obviously that's a trademark deal) device is connected, it may work but is not intentional.
The download page says:
"FTDI drivers may be used only in conjunction with products based on FTDI parts."
I personally think "may be used" is not a very strict term, but I could be wrong as English is not my mother tongue.
-
Correcting an invalid PID isn't damage. The 'board' still works under Linux with a driver update so it clearly isn't damaged. The machine is not working today because you don't have any driver for the fake chip.
So, it looks like it affects only Window$ customers, but while most of them fight with trojans, virususes and other malware on daily basis than simply marking this fake FTDI driver as a trojan by security antyvirus software community and preventing from updating existing good drivers to this fake version could help many potential victims who bought something and payed real money for it and one sunny day they can think Window$ sucks again, but it is FTDI driver :o
Any reliable source of those updated FTDI Linux drivers which changes this PID to valid one or simply opensource community quickly made such patch to existing drivers?
The non-FTDI hardware is a functional equivalent design which is perfectly legal to create, own and use.
Nice, so using it under Linux should be fine even now.
Another reason to forget about Window$, but there is hope that Micro$oft will make lawsuit vs FDTI while they probably has much more emergency calls and its support is overloaded by this fake FTDI driver issue right now :-DD
-
Technically using a driver that says FTDI with a non physically FTDI chip is stealing since your both using their software and hardware IP directly but illegitimately.
Actually no and no. The software is provided for free. Ofcourse FTDI would like very much that people use their software with their hardware but there is no legal ground to enforce that. The non-FTDI hardware is a functional equivalent design which is perfectly legal to create, own and use.
-
if someone would ask me how to solve a situation @ FTDI (before they decided to do what they did) then i would suggest the following:
1. start online selling drivers for FTDI compatible chips a.k.a. fake FTDI chips (e.g. $ 3.99 one time fee)
2. make that driver to accept a specific PID reserved for fake devices
3. add code to free FTDI drivers which will warn the users, that their product is using counterfeit FTDI product and they should buy another version of the driver in order to keep using it.
4. wait few months to let all the users buy the affordable $3.99 driver.
5. make a release which will re-program all fakes to that specific PID chosen for fake devices
-
Don't FTDI also do some fancy graphics controller FT800 or similar with aspirations in to the Micro processor market. Might be why this whole situation arose. They might have required some additional cash. In the scheme of things are a very small fish. The bigger cloning fish have stolen money from them.
These companies have no teeth to actually chases the criminals, so simple using Microsoft easy to victimise innocent people. This high flying processor will never get off the ground as no money to make this actually happen. I will wear a kilt in public if this ever happens!
Regards
Mike.
-
Don't FTDI also do some fancy graphics controller FT800 or similar with aspirations in to the Micro processor market. Might be why this whole situation arose. They might have required some additional cash. In the scheme of things are a very small fish. The bigger cloning fish have stolen money from them.
These companies have no teeth to actually chases the criminals, so simple using Microsoft easy to victimise innocent people. This high flying processor will never get off the ground as no money to make this actually happen. I will wear a kilt in public if this ever happens!
Regards
Mike.
I think FTDI have just lowered the likelihood of people wanting to use their processors, I think it's called shooting yourself in the foot!
-
Why don't you try stealing something from a shop and see how far you get accusing a cop taking back that something of theft?
I love to see the reaction if I take a free piece of saucage from the butcher shop and feed it to my dog :palm: What is the butcher going to do legally even if he puts up a sign saying 'don't give free saucage samples to your pets' ? Remember FTDI gives the drivers away for free!
licence clause says to be used with ftdi parts only. they may be free but they are restricted to use in conjuction with real FTDI parts.
-
there are some people in this thread asking why we need a ftdi driver at all. why not use the default cdc class.
simple: the ftdi parts implement much more functionality than the cdc class has functions for.
- unique serial numbers
- bitbanging the pins
- the MPSE that can do spi and i2c
these chips have lots of capabilities going beyond default CDC operation. so yes, you need the FTDI driver.
now, that said , that may be an avenue to check for real or fake. pretty sure the fakes can only do the serial stuff, none of the other functionality a real ftdi had
-
Technically using a driver that says FTDI with a non physically FTDI chip is stealing since your both using their software and hardware IP directly but illegitimately.
Actually no and no. The software is provided for free. Ofcourse FTDI would like very much that people use their software with their hardware but there is no legal ground to enforce that.
The drivers are copyrighted and the holder can place whatever restrictions they like on their use. Are you suggesting GPL and all the other various open source licences have no legal standing because you were not charged for what they cover?
if someone would ask me how to solve a situation @ FTDI (before they decided to do what they did) then i would suggest the following:
1. start online selling drivers for FTDI compatible chips a.k.a. fake FTDI chips (e.g. $ 3.99 one time fee)
Complete non-starter. FTDI have absolutely no control over fakes, you and they can't even tell who manufactured them. No way would they take on the responsibility for making drivers work with hardware which is effectively undefined.
-
From the perspective of a designer, FTDI has just introduced considerable risk in using their product. That's all that matters to a designer. "I might get burned if I use this part - even if I specify genuine parts." Well - there are several alternatives without that risk - so that's what I'm going to use from now on. I just pulled an FTDI chip from a new design today in fact - I'm sure I'm not the only one.
Nathan Crum, that's exactly a 1000% right. You are not alone, I am currently in the process of replacing a FT230X with a CY7C65211 from Cypress.
The evaluation kit should come tomorrow.
I got the first call today from a customer having a problem with his meter connecting to USB.
He was asking, almost accusing if me, we could have used one of the counterfeit FTDI's.
I am 99.999% sure that's not the case since production only buys from FTDI listed suppliers.
Now some of our end customers start worrying if they might have gotten a counterfeit chip in their meters and whenever USB is not working those who got the news start asking/ thinking.
In the end FTDI is now damaging our reputation, I am even afraid that some customers might stay off our products BECAUSE we use FTDI.
This situation is inacceptable.
Until that call today I thought "We are fine... all genuine". I didn't even think that that could even bite me in that way.
You can understand that I am pretty pissed. FTDI DICKHEADS
-
Complete non-starter. FTDI have absolutely no control over fakes, you and they can't even tell who manufactured them.
Ask any owner of a bricked fake device. I'm pretty sure they don't share your opinion of having no control over fakes.
No way would they take on the responsibility for making drivers work with hardware which is effectively undefined.
If the hardware of the fake chip was effectively undefined there would be no breach of IP on the hardware side of things would it?
-
The CP2104 has all of the right characteristics-- built-in osc, etc. that I need in my designs, and the low-cost development kit [above] is "icing on the cake".
Try searching Aliexpress for the number of vendors feeling the need to describe that part as authentic or genuine or original to get an idea of how likely buying fake CP2104s is.
-
After all the usual suspect proved they were surprisingly genuine, I finally found a clone where I didn't suspect it: in my Gamebuino (https://www.indiegogo.com/projects/gamebuino-an-arduino-handheld-console).
I guess we can agree that the guy behind this project was not aware they would use fake FTDI chips when he ordered a thousand or so populated boards...
Not surprisingly the reaction is to avoid FTDI in the next revision.
-
You might get burned by fakes of unknown quality and origin regardless of which manufacturer they are faking.
That's a fair point. But the chances of an unintended FTDI fake substitution are probably higher than others. Until now - that didn't carry unnecessary additional risk that it might work fine (pass all testing) and get passed onto the customers where it could be e-firebombed without warning.
You are saying that you will choose a part which is more likely to let you get away with shipping low quality shit.
No. I'm saying I'll choose a part that's both less likely to be imitated and less likely to be destroyed without warning if it is imitated. There are many quality manufacturers making good alternatives. FTDI was just a convenient choice before now.
In the future I will be taking the use of FTDI parts as an indication of a supplier who cares about the quality of their products and has confidence in their supply chain.
We have an extremely well qualified supply chain, but,
A. As a designer, I have no control over it and
B. To use a part with blind optimism that your supply chain can't possibly screw up is equivalent to playing Russian roulette. I'd prefer to use the products from a company who is proactive about increasing reliability through thoughtful design and part selection. You're saying I should add risk to an extremely critical system just to demonstrate my confidence in 3 or 4 layers of supply chain removed from our company? No thanks.
-
Ftdi's driver carries their trademark and crypto signature/trust so to be completely legal you have to have an unbranded/unsigned driver as well. The reprogrammable pidvid is for that purpose.
-
From the perspective of a designer, FTDI has just introduced considerable risk in using their product. That's all that matters to a designer. "I might get burned if I use this part - even if I specify genuine parts." Well - there are several alternatives without that risk - so that's what I'm going to use from now on. I just pulled an FTDI chip from a new design today in fact - I'm sure I'm not the only one.
Nathan Crum, that's exactly a 1000% right. You are not alone, I am currently in the process of replacing a FT230X with a CY7C65211 from Cypress.
The evaluation kit should come tomorrow.
I got the first call today from a customer having a problem with his meter connecting to USB.
He was asking, almost accusing if me, we could have used one of the counterfeit FTDI's.
I am 99.999% sure that's not the case since production only buys from FTDI listed suppliers.
Now some of our end customers start worrying if they might have gotten a counterfeit chip in their meters and whenever USB is not working those who got the news start asking/ thinking.
In the end FTDI is now damaging our reputation, I am even afraid that some customers might stay off our products BECAUSE we use FTDI.
This situation is inacceptable.
Until that call today I thought "We are fine... all genuine". I didn't even think that that could even bite me in that way.
You can understand that I am pretty pissed. FTDI DICKHEADS
Yes, FTDI trashed their good reputation.
I'm a ham radio operator. Lots of different ham radio models use a serial interface for programming frequencies and tones into the radio's memories. They usually use a cable with a USB to serial converter in it to connect the radio to the computer. The "radio side" of the cable varies from one radio model to the next, so hams with multiple radios tend to collect lots of cables. Cables are available from various sources, some of which may be a bit shady. I've heard many hams talking on the air about issues getting their radios, cables, computers, and software to work properly together. Many times on the air I've heard something like, "make sure to buy a cable with an FTDI chip, not a Prolific chip, because Prolific has a bunch of problems with clones that don't work, while FTDI chips just always work reliably".
Something tells me I won't be hearing that advice so much in the future. FTDI might now be deterring counterfeiters, but they're also losing their own reputation among end users.
Reputation is a tricky thing. The detailed facts aren't nearly as important as people's perception of the facts in the big picture.
-
We have an extremely well qualified supply chain, but,
A. As a designer, I have no control over it and
B. To use a part with blind optimism that your supply chain can't possibly screw up is equivalent to playing Russian roulette. I'd prefer to use the products from a company who is proactive about increasing reliability through thoughtful design and part selection. You're saying I should add risk to an extremely critical system just to demonstrate my confidence in 3 or 4 layers of supply chain removed from our company? No thanks.
It's interesting to note, that you're touching upon the same basic idea as calibration: a level of certainty. I doubt this other person has any product that shipped more than 100 lifetime-units, so the notion is simply not there. The only way to have the highest certainty of working parts is to buy direct from the supplier (note, not guaranteed certainty, just the highest. :) ), but as Dave pointed out, FTDI has been fickle with direct-sales support. Once part supply is handed off to a distributor, a whole new level of uncertainty is present. The guarantee of an absolute isn't there. With these distys (i.e. Arrow or Avnet), there is at least tractability to the source of the parts. If one buys from One-Hung-Far-Low Deep discount parts on eBay, well there is no certainty at all.
What you're essentially expressing above, is the same as my view: controlling device selection for a minimum level of confidence in the final product. The other guy, seems to argue that there is no reason to doubt his test gear to be in calibration, as it's all made by highly reputable manufacturers.
-
This story is just beginning, and it will be interesting to see if FTDI will be able to survive the thousands of legal battles that are sure to come...
I don't think that there are going to be many law suits since most victims only got a few device with FTDI clones. It wouldn't make much sense to take FTDI into court for a few bucks. Too much hassle. But I'd suppose something else will hurt FTDI. Their customers are looking for alternatives. The ICs are already quite expensive and now that driver debacle which causes trouble for FTDI's customers. There are more reasons to replace FTDI chips with something else than to keep buying them.
-
Technically using a driver that says FTDI with a non physically FTDI chip is stealing since your both using their software and hardware IP directly but illegitimately.
Modifying the PID is not breaking anything the device still works properly and if you wrote your own driver it would communicate with that. And if you get WHQL certification your driver can be plug-in play as well. Kills is a poor way to say it in reality it is just the drivers that are saying get your own driver.
If they killed the chips electrically which is possible via the config then that would be considered breaking it.
Are you a FTDI employee/engineer by any chance?
How can that first example be stealing by the way, when it's not physically taking or copying anything.
I've posted this before in the thread, the way their EULA is like so:
The licence only allows use of the Software with, and the Software will only work with Genuine FTDI Components (as defined in the Licence Terms). Use of the Software as a driver for a component that is not a Genuine FTDI Component MAY IRRETRIEVABLY DAMAGE THAT COMPONENT.
It is your responsibility to make sure that all chips you use the Software as a driver for are Genuine FTDI Components. If in doubt then contact FTDI.
That sounds like the driver is intended to be used with FTDI, and it's not tested beyond that. The damage sounds more like a disclaimer than anything else. It's my own responsibility to check on this, otherwise I may get trouble.
Doesn't that mean that is a FTDI-compatible (not saying FTDI-marked; because obviously that's a trademark deal) device is connected, it may work but is not intentional.
The download page says:
"FTDI drivers may be used only in conjunction with products based on FTDI parts."
I personally think "may be used" is not a very strict term, but I could be wrong as English is not my mother tongue.
No I'm not an ftdi employee I'm an employee at the University of British Columbia, Canada and use ftdi chips in teaching labs. I did get free chips from them as we give out free boards students build/program themselves for project work along with a small digikey budget. One of the steps if reprogramming the config to work with our proprietary hardware and software.
Students bad flashing chips has lead to people trying to over clock an msp430 which ends horribly which is a destructive config type example as is the source a clock that doesn't exist for the ftdi chip.
Ftdi chips and drivers carry their trademark and crypto signature and abusing that by marking it physically and software as an ftdi part is illegal in most countries.
Also you still not accepting that to kill a chip you have to literally disable it which is certainly possible via the clock config as one example.
Also the fact your paranoid that I'm an ftdi employee is telling.
-
Also you still not accepting that to kill a chip you have to literally disable it which is certainly possible via the clock config as one example.
Also the fact your paranoid that I'm an ftdi employee is telling.
*You're.
A mechanic has no issue rebuilding an engine when it spins a bearing. The average person has little capacity to do this job. Therefore as one small group of people can fix a problem that those outside the group cannot, it's not killed as the latter perceive?
-
Also you still not accepting that to kill a chip you have to literally disable it which is certainly possible via the clock config as one example.
Also the fact your paranoid that I'm an ftdi employee is telling.
*You're.
A mechanic has no issue rebuilding an engine when it spins a bearing. The average person has little capacity to do this job. Therefore as one small group of people can fix a problem that those outside the group cannot, it's not killed as the latter perceive?
No fixing is simple software magic people already wrote automatic tools to bypass, correct, and prevent detection in this very thread. It could not be done at all with software if you actually wrote a malicious config that can only be fixed by physically replacing the chip or modding a fix.
It is like saying Mercedes and bmw 's proprietary automatic diagnostics systems are liable for overwriting a custom ecu and any damage or lost value that results.
Pid0 is valid as the driver is saying as it can that you should write your own driver. I have our own custom drivers and automatic programmoing tools and it's the mfg fault for not tracing properly in any case and since I'm paranoid I can/do id fakes and report them. In the airplane part counterfit industry it has gotten to the point where people are counterfeiting the counterfit preventing documents.
-
What you're essentially expressing above, is the same as my view: controlling device selection for a minimum level of confidence in the final product. The other guy, seems to argue that there is no reason to doubt his test gear to be in calibration, as it's all made by highly reputable manufacturers.
If I am supposed to be the other guy I am not arguing that at all. Say X and Y make voltmeters and fakes of both are being manufactured in China. You have reason to doubt both of them because they might be fakes of unknown quality, specification and origin. Now company X says we can identify these fakes and instruct calibration labs to refuse calibration of them effectively turning them into bricks. The 'other' guy is arguing that he should buy Y in the future because if he did buy something that ought to be a brick he would prefer not to know about it.
I argue that preferring not to know something is a fake of unknown quality and origin is not an acceptable stance for a supplier of quality equipment and because X can and will brick fakes you are more likely to end up with a fake Y than a fake X.
-
Ftdi's driver carries their trademark and crypto signature/trust so to be completely legal you have to have an unbranded/unsigned driver as well. The reprogrammable pidvid is for that purpose.
There is no need for an unsigned binary in the genuine FTDI drivers.
When using genuine FTDI chips in your design you can also include the FTDI drivers in your own product package as per license agreement.
If you choose to create your own drivers because you changed the PID and VID on the genuine FTDI chips you are free to create your own drivers and sign them as well.
Nothing illegal there either.
This raises the question why FTDI did not sign the binary "ftcserco.dll" in their latest driver.
I really would like FTDI to answer this question.
-
So, in searching for a replacement for FTDI, I found this:
http://www.silabs.com/products/interface/Pages/cp2104-mini.aspx (http://www.silabs.com/products/interface/Pages/cp2104-mini.aspx)
....
I haven't tested this with my Linux Workstation [Ubuntu 14.04 LTS], but I *think* it should "just work" with no problems.
Thx for this link-just was looking for something like this :-+
I looks like it fits my needs, while in one project I need to make USB interface from PC to MPU on small PCB:
"The CP2104 is a USB 2.0 full-speed device with integrated USB clock, voltage regulator and programmable memory reducing BOM costs and simplifying the design"
It''s 4 GPIO's might be usefull too, eg. for software I2C interface I'd like to have also implemented via USB 8)
"The CP2104 supports four user-configurable GPIO pins for status and control information. Each of these GPIO
pins are usable as inputs, open-drain outputs, or push-pull outputs. Three of these GPIO pins also have alternate
functions which are listed in Table 11."
Just recompiled and installed under Linux 2.6.x latest CP210x USB to UART Bridge VCP Drivers (http://www.silabs.com/products/mcu/pages/usbtouartbridgevcpdrivers.aspx)
http://www.silabs.com/Support%20Documents/Software/Linux_2.6.x_VCP_Driver_Source.zip (http://www.silabs.com/Support%20Documents/Software/Linux_2.6.x_VCP_Driver_Source.zip)
Window$ drivers there: http://www.silabs.com/Support%20Documents/Software/CP210x_VCP_Windows.zip (http://www.silabs.com/Support%20Documents/Software/CP210x_VCP_Windows.zip)
Linux_2.6.x_VCP_Driver_Source]$ make
make -C /lib/modules/2.6.39.1-eneuro_server/build M=/tmp/Linux_2.6.x_VCP_Driver_Source modules
make[1]: Entering directory `/nomoreftdi/kernel/src/linux-2.6.39.1-eneuro_server'
CC [M] /tmp/Linux_2.6.x_VCP_Driver_Source/cp210x.o
/tmp/Linux_2.6.x_VCP_Driver_Source/cp210x.c:181: warning: initialization from incompatible pointer type
/tmp/Linux_2.6.x_VCP_Driver_Source/cp210x.c:184: warning: initialization from incompatible pointer type
/tmp/Linux_2.6.x_VCP_Driver_Source/cp210x.c:185: warning: initialization from incompatible pointer type
Building modules, stage 2.
MODPOST 1 modules
CC /tmp/Linux_2.6.x_VCP_Driver_Source/cp210x.mod.o
LD [M] /tmp/Linux_2.6.x_VCP_Driver_Source/cp210x.ko
There is also GPIO example cp210x_gpio_example.c which shows how to use the two IOCTLs to toggle CP2104 GPIOs.
They included also some kind of CP2104 Mini design, so it looks like it is time to design own PCB based on this schematic
CP2104-MINIEB-Schematic.pdf (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115241)
There are a lot of interface application notes there: http://www.silabs.com/products/Interface/Pages/interface-application-notes.aspx (http://www.silabs.com/products/Interface/Pages/interface-application-notes.aspx)
Very interesting and up to date is this: Integrating the CP210x Virtual COM Port Driver into the Android Platform (http://www.silabs.com/Support%20Documents/TechnicalDocs/an809.pdf) - connecting Android to our PCB - awersome :clap:
Lets :-/O and see how it works in practice.
So, lets DIY nice USB -> PCB interface and...
I hope, I can forget about FTDI :--
FTDI?, no thanks !
-
Ftdi's driver carries their trademark and crypto signature/trust so to be completely legal you have to have an unbranded/unsigned driver as well. The reprogrammable pidvid is for that purpose.
There is no need for an unsigned binary in the genuine FTDI drivers.
When using genuine FTDI chips in your design you can also include the FTDI drivers in your own product package as per license agreement.
If you choose to create your own drivers because you changed the PID and VID on the genuine FTDI chips you are free to create your own drivers and sign them as well.
Nothing illegal there either.
This raises the question why FTDI did not sign the binary "ftcserco.dll" in their latest driver.
I really would like FTDI to answer this question.
I don't think windows likes unsigned drivers so it would be uprising if that was actually pushed out without a cryptographic signature. Simple facts are that FTDI/Silicon Labs drivers are "free" to use with their hardware and not fakes. Anything relying on these drivers and has a fake chip is going to be useless anyways.
The simple solution is to either go the gray legal route of bypass everything and be on your merry way or use you own drivers and just say they are FTDI pin-compatible chips.
Not signing a driver would be very unusual if it was typically signed. In controlled setups automatic updates are always off and we always use the exact image that was the original. You can use group policy to control this and on my dev machine obtaining online drivers is actually disabled because it slows down the driver install time by quite a bit when you already have the driver on ssd.
-
So, I guess it would be ok if one of these 'clone' makers who have devices that are protocol compatible with the FTDI chip, slapped a new product code and name on their product to make it 'legit', and created a driver that borked offical FTDI chips.....that would be ok too?
-
Hi !
That's what I put together within the last days.
Possible FTDI replacements in alphabetical order:
Atmel ATMEGA8U2 16U2 with Arduino USBSerial Firmware (see Arduino UNO R3)
ASIX MCS7810 http://www.asix.com.tw (http://www.asix.com.tw)
Cypress CY7C65211 with battery charger detection http://www.cypress.com/?mpn=CY7C65211-24LTXI (http://www.cypress.com/?mpn=CY7C65211-24LTXI)
Prolific PL2303HX (Pin compatible to FT232R) http://www.prolific.com.tw/us/ShowProduct.aspx?p_id=156&pcid=41 (http://www.prolific.com.tw/us/ShowProduct.aspx?p_id=156&pcid=41)
Microchip MCP2200 www.microchip.com/MCP2200 (http://www.microchip.com/MCP2200)
Silicon Labs CP210x http://www.silabs.com/products/interface/usbtouart/Pages/usb-to-uart-bridge.aspx (http://www.silabs.com/products/interface/usbtouart/Pages/usb-to-uart-bridge.aspx)
Texas Instruments TUSB3410 http://www.ti.com/product/TUSB3410?keyMatch=tusb3410&tisearch=Search-EN (http://www.ti.com/product/TUSB3410?keyMatch=tusb3410&tisearch=Search-EN)
WCH-IC Chinese CH340 http://wch-ic.com/product/usb/ch340.asp (http://wch-ic.com/product/usb/ch340.asp)
-
Hi !
That's what I put together within the last days.
Possible FTDI replacements in alphabetical order:
Atmel ATMEGA8U2 16U2 with Arduino USBSerial Firmware (see Arduino UNO R3)
ASIX MCS7810 http://www.asix.com.tw (http://www.asix.com.tw)
Cypress CY7C65211 with battery charger detection http://www.cypress.com/?mpn=CY7C65211-24LTXI (http://www.cypress.com/?mpn=CY7C65211-24LTXI)
Prolific PL2303HX (Pin compatible to FT232R) http://www.prolific.com.tw/us/ShowProduct.aspx?p_id=156&pcid=41 (http://www.prolific.com.tw/us/ShowProduct.aspx?p_id=156&pcid=41)
Microchip MCP2200 www.microchip.com/MCP2200 (http://www.microchip.com/MCP2200)
Silicon Labs CP210x http://www.silabs.com/products/interface/usbtouart/Pages/usb-to-uart-bridge.aspx (http://www.silabs.com/products/interface/usbtouart/Pages/usb-to-uart-bridge.aspx)
Texas Instruments TUSB3410 http://www.ti.com/product/TUSB3410?keyMatch=tusb3410&tisearch=Search-EN (http://www.ti.com/product/TUSB3410?keyMatch=tusb3410&tisearch=Search-EN)
WCH-IC Chinese CH340 http://wch-ic.com/product/usb/ch340.asp (http://wch-ic.com/product/usb/ch340.asp)
Cypress CY7C65213 would probably be better than the '211 - even boasts FT232R pin-compatibility and lower power consumption: http://www.cypress.com/?rID=83118 (http://www.cypress.com/?rID=83118)
-
Cypress CY7C65213 would probably be better than the '211 - even boasts FT232R pin-compatibility and lower power consumption: http://www.cypress.com/?rID=83118 (http://www.cypress.com/?rID=83118)
Interesting, I will get one of them tomorrow. I noticed "QFN32" but didn't check if they are pin compatible.
However, their features are very different. The Cypress got Battery Charger Detection but no RS485 control.
Anyway, this definetly fits the list perfectly.
-
Making debugging tricking is actually part of the cat/mouse game. Making your special fake chip detection result in a constant stream of "Your chip is fake!" will literally make finding the code that does the detection trivial in reverse engineering the driver binaries as simple as looking for a constant of that very string.
But if the driver sticks in random bad data for detecting a fake chip and uses clever obfuscation techniques it can require extensive reverse engineering to find it if ever. (This along with any in text stream isn't very nice and is potentially dangerous)
Nope.
They don't need to disassemble FTDI's Windows driver code.
All the cloners care about is the data that appears on their end of the USB bus. You can get big USB debugging tools for that. If FTDI changes anything they'll just compare it with the data sent by last month's (working) driver to see what changed and update their FTDI emulation software accordingly.
People already disassembled the driver code I did it just now to look. There is no need to debug anything physical. Its faster and once you lock in on the relevant code much more trivial to fix and robust than a replay attack.
-
No fixing is simple software magic people already wrote automatic tools to bypass, correct, and prevent detection in this very thread. It could not be done at all with software if you actually wrote a malicious config that can only be fixed by physically replacing the chip or modding a fix.
It is like saying Mercedes and bmw 's proprietary automatic diagnostics systems are liable for overwriting a custom ecu and any damage or lost value that results.
Pid0 is valid as the driver is saying as it can that you should write your own driver. I have our own custom drivers and automatic programmoing tools and it's the mfg fault for not tracing properly in any case and since I'm paranoid I can/do id fakes and report them. In the airplane part counterfit industry it has gotten to the point where people are counterfeiting the counterfit preventing documents.
Then following that argument, since fixing a spun bearing is simply pulling the crank off and replacing the $2 bearings is straight forward (as there are many guides on the internet) anyone can do it and therefore there is never such thing as a dead engine to the standard consumer. The rest of your post is irrelevant against this particular discussion point.
-
Then following that argument, since fixing a spun bearing is simply pulling the crank off and replacing the $2 bearings is straight forward (as there are many guides on the internet) anyone can do it and therefore there is never such thing as a dead engine to the standard consumer. The rest of your post is irrelevant against this particular discussion point.
lol...Im loving the car repair analogies....I love wrenching actually
-
FTDI would be classified as "bricking" the counterfeit chips if they went and messed around with the clock configs to either overclock/source a non-existent clock or just corrupt the entire NV memory. Changing the PID to 0 is not damaging anything. The device won't ever work with the stock FTDI drivers and requires a 3rd party driver to work.
Word games won't save you in court.
If a machine was working yesterday and stopped working today because of something FTDI knowingly planned/did then they broke some laws.
If enough people complain (and I suggest you do!) then it could even become a class-action lawsuit that destroys their company. I wouldn't shed any tears, the world doesn't need companies that think/act like FTDI.
Not actually since now that you know you have a fake product your technically supposed to destroy and report it anyways (I'd try to de-lid the fake chips since we have semi-conductor cleanroom with wetbenches and the chemicals to do it). The customs officials can then go and find the shipments and inspect/seize/destroy them in route. (In Canada the CBSA do inspect packages randomly at the UPS depot as I've seen regularly)
Distribution and resale is illegal in most countries, even transporting/carrying large/commercial amounts of a counterfeit is illegal and subject to forfeiture and destruction.
The only thing a class action lawsuit is going to do is pay lawyers a ton of money. The gray legal route of bypassing the software protections is the likely route and has already worked and it will just take a bit of time for the counterfeiters to adopt the changes.
-
No fixing is simple software magic people already wrote automatic tools to bypass, correct, and prevent detection in this very thread. It could not be done at all with software if you actually wrote a malicious config that can only be fixed by physically replacing the chip or modding a fix.
It is like saying Mercedes and bmw 's proprietary automatic diagnostics systems are liable for overwriting a custom ecu and any damage or lost value that results.
Pid0 is valid as the driver is saying as it can that you should write your own driver. I have our own custom drivers and automatic programmoing tools and it's the mfg fault for not tracing properly in any case and since I'm paranoid I can/do id fakes and report them. In the airplane part counterfit industry it has gotten to the point where people are counterfeiting the counterfit preventing documents.
Then following that argument, since fixing a spun bearing is simply pulling the crank off and replacing the $2 bearings is straight forward (as there are many guides on the internet) anyone can do it and therefore there is never such thing as a dead engine to the standard consumer. The rest of your post is irrelevant against this particular discussion point.
No unlike a car the software requires no physical change and the product physically still works (electrical, software, mechanical) all fine. The PID is just set to 0 and can be changed to work with any driver or if you use tools people already made work with the FTDI official driver.
Its like saying to fix a bearing on your car you just goto a website and press fix car. (Its like saying to download some RAM)
-
What you're essentially expressing above, is the same as my view: controlling device selection for a minimum level of confidence in the final product. The other guy, seems to argue that there is no reason to doubt his test gear to be in calibration, as it's all made by highly reputable manufacturers.
If I am supposed to be the other guy I am not arguing that at all. Say X and Y make voltmeters and fakes of both are being manufactured in China. You have reason to doubt both of them because they might be fakes of unknown quality, specification and origin. Now company X says we can identify these fakes and instruct calibration labs to refuse calibration of them effectively turning them into bricks. The 'other' guy is arguing that he should buy Y in the future because if he did buy something that ought to be a brick he would prefer not to know about it.
I argue that preferring not to know something is a fake of unknown quality and origin is not an acceptable stance for a supplier of quality equipment and because X can and will brick fakes you are more likely to end up with a fake Y than a fake X.
In no part of this claim does it fit with the earlier premises of your post.
If you buy a Tektronix scope, direct from the factory, do you not bother to have it calibrated as you know it comes from the factory, and by the standard of their known quality that is sufficient?
If you bought that same scope from an authorized distributor, do you still opt to not get calibrations since the product is still genuine Tektronix and their history of quality is sufficient?
Would you buy that same model scope from OneHungLowElectronics on eBay, and only then get a calibration to figure out if it's within spec?
-
No unlike a car the software requires no physical change and the product physically still works (electrical, software, mechanical) all fine. The PID is just set to 0 and can be changed to work with any driver or if you use tools people already made work with the FTDI official driver.
Its like saying to fix a bearing on your car you just goto a website and press fix car. (Its like saying to download some RAM)
To the end user, how is the end result differentiated (inoperable engine vs. inoperable device)?
-
No you don't understand photocopiers will literally brick themselves (only certain models that are a "threat") and if any official tech ever sees the error code (the machine locks out as well and requires service to be unlocked) the legal hammer would come shortly. (Counterfeiting is illegal, no contract is required)
In the unlikely event that any of that is true, please name the manufacturers and jurisdictions in question, so that I may avoid them.
The fact that a copier thinks it has seen a Eurion (http://en.wikipedia.org/wiki/EURion_constellation) constellation is nowhere near grounds to brick itself, let alone prosecute anybody.
Adobe (photoshop, ...) have it, Xerox, HP, Brother, Canon, Dell, Epson, IBM, Konica Minolta, ... only certain software/hardware have the anti-counterfeiting systems with high end color ones being very likely to have it. Production level ultra-high end gear is very likely to have lockouts as with the right stock you could probably print money that looks very real. Printer stenography is pretty standard and I use it to verify documents regularly as well. (its funny when you see people not setting the clock correctly, you can trace it right down to the printer that printed it)
Or as wikipedia says "In the late twentieth century advances in computer and photocopy technology made it possible for people without sophisticated training to copy currency easily. In response, national engraving bureaus began to include new more sophisticated anti-counterfeiting systems such as holograms, multi-colored bills, embedded devices such as strips, microprinting, watermarks and inks whose colors changed depending on the angle of the light, and the use of design features such as the "EURion constellation" which disables modern photocopiers. Software programs such as Adobe Photoshop have been modified by their manufacturers to obstruct manipulation of scanned images of banknotes.[18] There also exist patches to counteract these measures."
The dot stenography coding is also an additional "feature" on many color printers, some brands are inconsistent while others have it on every color printer. A few don't bother with it but I don't remember which models they are. (If you print black and white it doesn't print the dot patterns)
-
Microchip`s MCP2221
www.microchip.com/wwwproducts/Devices.aspx?product=MCP2221 (http://www.microchip.com/wwwproducts/Devices.aspx?product=MCP2221)
Has anyone tried it? I will buy a couple of DIPs to play with them and share the results.
No more FTDI for me ...
-
No unlike a car the software requires no physical change and the product physically still works (electrical, software, mechanical) all fine. The PID is just set to 0 and can be changed to work with any driver or if you use tools people already made work with the FTDI official driver.
Its like saying to fix a bearing on your car you just goto a website and press fix car. (Its like saying to download some RAM)
To the end user, how is the end result differentiated (inoperable engine vs. inoperable device)?
The device is still working to the end user and does still enumerate in windows as an unknown device which is technically true. An inoperable engine physically will not work and you cannot just visit a website and press fix to make it work. There are miles apart in differences.
If FTDI did the re-config to never work actually again config then your example works. The fix is "simple" you just de-solder the chip and attach an external crystal to it. (That would be the situation where your example applies since it is now physically non-functional and in some cases may actually electrically fail)
-
The device is still working to the end user and does still enumerate in windows as an unknown device which is technically true. An inoperable engine physically will not work and you cannot just visit a website and press fix to make it work. There are miles apart in differences.
If FTDI did the re-config to never work actually again config then your example works. The fix is "simple" you just de-solder the chip and attach an external crystal to it. (That would be the situation where your example applies since it is now physically non-functional and in some cases may actually electrically fail)
So a car that does not run, is miles apart from a device which does not work? How is this, when neither perform as expected?
-
From the perspective of a designer, FTDI has just introduced considerable risk in using their product. That's all that matters to a designer. "I might get burned if I use this part - even if I specify genuine parts."
You might get burned by fakes of unknown quality and origin regardless of which manufacturer they are faking.
You are saying that you will choose a part which is more likely to let you get away with shipping low quality shit - nice one, care to let us know what products we should be avoiding?
In the future I will be taking the use of FTDI parts as an indication of a supplier who cares about the quality of their products and has confidence in their supply chain.
LMFAO :-DD Rufus, you really are a card. A Trollington McTroll with his very own Troll Bridge. But the joke is wearing thin now...
-
The device is still working to the end user and does still enumerate in windows as an unknown device which is technically true. An inoperable engine physically will not work and you cannot just visit a website and press fix to make it work. There are miles apart in differences.
If FTDI did the re-config to never work actually again config then your example works. The fix is "simple" you just de-solder the chip and attach an external crystal to it. (That would be the situation where your example applies since it is now physically non-functional and in some cases may actually electrically fail)
So a car that does not run, is miles apart from a device which does not work? How is this, when neither perform as expected?
The device does work otherwise it won't enumerate with the operating system. The board can still send data to the chip and it will still send the data back upto the computer. The device works just fine.
The "engine"/device isn't broken if you want a car example your counterfeit ECU gets rejected and the engine is disabled and the car says unknown ecu installed. (You can bypass it easily with a software mod to trick the controller/drivers that do the detection but I doubt you would risk that when an ECU is basically like a FADEC just for the ICE instead of a gas turbine and you don't want to mess around with that)(I'm sure medical devices with FTDI chips know with 100% certainty that they have real chips)
The physically kill on detection of counterfeit example for the car would be upon detecting a fake ECU the car demands a damaging load to the engine and destroys the engine instantly. At which point you will need a lot of guides on rebuilding the engine and no amount of software is going to help you.
In one case the device is refused access while the other the devices dies in a fire. (One is truely easy to fix with software and the other is "simple" to fix by replacing the bearing(s), human(s)... or the component(s))
-
If I am supposed to be the other guy I am not arguing that at all. Say X and Y make voltmeters and fakes of both are being manufactured in China. You have reason to doubt both of them because they might be fakes of unknown quality, specification and origin. Now company X says we can identify these fakes and instruct calibration labs to refuse calibration of them effectively turning them into bricks. The 'other' guy is arguing that he should buy Y in the future because if he did buy something that ought to be a brick he would prefer not to know about it.
I argue that preferring not to know something is a fake of unknown quality and origin is not an acceptable stance for a supplier of quality equipment and because X can and will brick fakes you are more likely to end up with a fake Y than a fake X.
In no part of this claim does it fit with the earlier premises of your post.
This is what I said in the post I think you are referring to.
You might get burned by fakes of unknown quality and origin regardless of which manufacturer they are faking.
You are saying that you will choose a part which is more likely to let you get away with shipping low quality shit - nice one, care to let us know what products we should be avoiding?
In the future I will be taking the use of FTDI parts as an indication of a supplier who cares about the quality of their products and has confidence in their supply chain.
I see no conflict between the things I said.
-
The device does work otherwise it won't enumerate with the operating system. The board can still send data to the chip and it will still send the data back upto the computer. The device works just fine.
If the end user plugs in the device, does it operate as they expect or as intended? Yes, or no?
-
I see no conflict between the things I said.
You're very welcome to answer to things other than the topic at hand, but for a discussion perhaps you wish to answer the questions presented to you?
-
I don't think windows likes unsigned drivers so it would be uprising if that was actually pushed out without a cryptographic signature.
Just look at this screenshot and look for the missing "Digital Signatures" tab.
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115266;image)
-
The device does work otherwise it won't enumerate with the operating system. The board can still send data to the chip and it will still send the data back upto the computer. The device works just fine.
If the end user plugs in the device, does it operate as they expect or as intended? Yes, or no?
No, it does not operate as the user expects and they should demand a refund and report the product.
Yes, it operates as intended fake products shouldn't work/be used/exist.
(Expectations of a real product means you should go after the seller and they too if they expected a real product should go after the next level) Its like saying did a fake ECU operate as intended the mfg would say yes it operates fine as it doesn't do anything when we detect it.
(If the buyer expects the real thing then they have been duped and so on until you get the counterfeiter or people who knew)
Throw it in the trash that is why I'd do upon finding that out or I'd rework in a real chip.
Heck I open non-openable power supplies to see the internal quality and parts if its fake then its into the garbage.
If cellphones could detect fake/bad power supplies and disable the USB charging that would be good as in the case of mains/line voltage stuff there is no messing around especially at 240V a fake product shouldn't work and should be disabled in software when possible. ( http://www.gizmodo.com.au/2014/06/please-dont-buy-cheap-phone-chargers-and-cables/ (http://www.gizmodo.com.au/2014/06/please-dont-buy-cheap-phone-chargers-and-cables/) ) Low voltage USB cables don't really for safety but the mixed voltage mains adapter does.
Also your ignoring the whole die in a fire on fake detect vs. refusing to talk to a fake device.
-
No, ...
But you just said that unlike the engine which does not run, this was "miles apart." So which is it?
-
I don't think windows likes unsigned drivers so it would be uprising if that was actually pushed out without a cryptographic signature.
Just look at this screenshot and look for the missing "Digital Signatures" tab.
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115266;image)
Strange indeed. I guess for WHQL only the package needs to be signed (the .cat file) which contains the hashes for the files. But since the older drivers have the .dll signed its unusual that the latest one isn't.
-
No, ...
But you just said that unlike the engine which does not run, this was "miles apart." So which is it?
The engine does run which is the problem with your example and where the miles apart is. The fact the driver does not work with the fake is as intended and expected.
The consumer with their broken presumption of a real product should go after the producer and so on.
I don't presume anything I take it apart to find out so I would not be caught off guard, seriously fake garbage is garbage.
I said specifically that the device is electrically, physical, and even in firmware software working. The driver just refuses to talk to it and brands it with a "IT'S A FAAAKE" PID of 0000. Bypassing this is simple and it is not damaging the chip in any way.
-
The engine does run which is the problem with your example and where the miles apart is.
With a damaged bearing, it does not. It's blown. Non operational, which is consistent with everything else I've stated. You've now had to alter your original position "The engine does not run, the device does," to "The engine runs, the device does not." You're contradicting yourself, so again, which is it?
-
Dave, I like your double facepalm, but here's a more appropriate one :
http://ptrace.fefe.de/fpalm30c3.jpg (http://ptrace.fefe.de/fpalm30c3.jpg)
( at the 30C3, fefe did this to dedicate to the worst thing this year)
Too bad it's alredy dedicated to apple for not giving the new HW to their SW developers berfore release : http://blog.fefe.de/?ts=aadb7a77 (http://blog.fefe.de/?ts=aadb7a77)
-
No, ...
But you just said that unlike the engine which does not run, this was "miles apart." So which is it?
Your attempts at oversimplifying the example is crude at best.
An engine can be defined as a discrete physical part that can be defined as functional if when attached to a car it runs. Should you attempt to substitute fake parts that somehow the car as a whole can detect and reject the engine still "works" but is disabled and a simple software bypass or using a real part will enable operation.
Inversely an evil malicious act would be on detection to cause either unintended acceleration to kill the driver or various other mechanically contradictory actions that result in the physical destruction of the car/engine/humans. (Evil, Mean, Not Nice, Nice, Not Evil)(It isn't a black and white world its a black to white world, yes/no type situation as those are extremely rare)
Refusing to work with fake parts in cars/airplanes/medical devices where possible to detect is actually a very good thing to do. (In addition to branding it as codes of "It's a fake") I would rather a automatic defibrillator for example say nope I can't zap this person because those electrodes are fake and you might end up killing the person instead because they don't match spec or the expiry cannot be verified.
FTDI is just horrible at spinning things the right way around. They should have started by telling the community that there is a problem with fakes and that newer drivers will give them a PID of 0000 and if people find that their stuff has PID0000 it's a fake and they should report it. Then they should just reference in the FT_PROG guide on how to change the PID and even just have a one click reset PID tool (With a note that a fake will just get pid 0000 again).
-
The engine does run which is the problem with your example and where the miles apart is.
With a damaged bearing, it does not. It's blown. Non operational, which is consistent with everything else I've stated. You've now had to alter your original position "The engine does not run, the device does," to "The engine runs, the device does not." You're contradicting yourself, so again, which is it?
I think your confused the engine in my statement is the fake chip (As in your example is wrong because the "engine"/chip still works vs. your example where your saying the "engine"/chip don't work) it does run (it is electrically still operational, the firmware is valid, the mechanical state of the chip is good probably, and so on) the only thing that doesn't work is the driver which refuses to talk to the "engine" so to speak which is to be expected upon detecting a fake part.
Your example specifically says the engine does not work but the fake chip still does work which is the contradiction. If a python script can both detect, reprogram, communicate, bypass the FTDI driver the chip definitely is still working. But if FTDI messed up the clock config then no software could repair it and it would not enumerate at all and would be bricked.
-
Your attempts at oversimplifying the example is crude at best.
Your attempts to evade the contradictions of your position are not masked with such remedial dismissals.
You have, at this point admitted that for all intents and purposes to the end user, there is no distinguishable difference between a blown engine which fails to perform, and a dead device which fails to perform. Once you were cornered into the "simple example" where your logic failed, you began contradicting yourself and throwing up irrelevant distractions to try and rationalize your belief.
Also you still not accepting that to kill a chip you have to literally disable it which is certainly possible via the clock config as one example.
The underlying requirement of your premises, is that every end user has the equivalent of the mechanic's knowledge on rebuilding the engine, for recovering the functionality of the end device. This is self-evidently false. Thus for all intents and purposes, to the general public, there is zero difference between the blown engine and the 'dead' device, as both can be "easily" fixed when one possesses the essential knowledge and the right tools but the average user does not possess either.
-
That's a fair point. But the chances of an unintended FTDI fake substitution are probably higher than others. Until now - that didn't carry unnecessary additional risk that it might work fine (pass all testing) and get passed onto the customers where it could be e-firebombed without warning.
So basically what I said - your are prepared to take the risk of shipping crap built with fake parts but the risk of being found out when you do tips the balance and steers you towards parts which are less likely to be shown to be fakes.
In the future I will be taking the use of FTDI parts as an indication of a supplier who cares about the quality of their products and has confidence in their supply chain.
B. To use a part with blind optimism that your supply chain can't possibly screw up is equivalent to playing Russian roulette. I'd prefer to use the products from a company who is proactive about increasing reliability through thoughtful design and part selection. You're saying I should add risk to an extremely critical system just to demonstrate my confidence in 3 or 4 layers of supply chain removed from our company? No thanks.
You mean the added risk of being found out when you ship product built with fakes. So again what I said - I will have more confidence in a company who have enough confidence in their supply chain to consider that added risk insignificant. If two companies tell me a gun is unloaded I will believe the one prepared to play Russian roulette with it.
-
Please stop declaring things illegal which are not illegal. Doing so is illegal and you'll be arrested. It says so right here in the EULA I didn't show you but you agreed to by reading this post.
Using a fake chip is not illegal, buying a fake chip is not illegal. Using a driver with a device you bought from amazon without the slightest idea in the world what chips are in it - because no one does, not even you - is not illegal.
Intentionally rendering a users device inoperable is often illegal, though. Even if its easy to fix.
-
Your attempts at oversimplifying the example is crude at best.
Your attempts to evade the contradictions of your position are not masked with such remedial dismissals.
You have, at this point admitted that for all intents and purposes to the end user, there is no distinguishable difference between a blown engine which fails to perform, and a dead device which fails to perform. Once you were cornered into the "simple example" where your logic failed, you began contradicting yourself and throwing up irrelevant distractions to try and rationalize your belief.
Also you still not accepting that to kill a chip you have to literally disable it which is certainly possible via the clock config as one example.
The underlying requirement of your premises, is that every end user has the equivalent of the mechanic's knowledge on rebuilding the engine, for recovering the functionality of the end device. This is self-evidently false. Thus for all intents and purposes, to the general public, there is zero difference between the blown engine and the 'dead' device, as both can be "easily" fixed when one possesses the essential knowledge and the right tools but the average user does not possess either.
The contradiction is in your example. I adjusted the example to be more valid but you don't seem to be reading those posts and are as a result getting confused because your internal state isn't updated correctly.
The device does work vs. an engine that does not. Your example is invalid in its very premise. The device appears in windows, can be configured, is electrically still functional, ... (As in the engine which in your example which is the chip still works)
For all intensive purposes the only missing bit is the readme saying PID 0000 = counterfeit, tough luck and the user is now aware the device still works it is just a fake.
Your ignoring the fact the contradiction is with your example at which point I modified it to correct it and then you say I'm contradicting myself when it is in fact just you that are confused.
The device still works windows still detects it as (FTDI Vendor Detect, Unknown device which is true in every respect) and it does not require physical replacement of a 2 dollar bearing/component to bypass.
I don't understand how it can be classified as killed/broken/damaged in any way because it isn't.
-
Your attempts at oversimplifying the example is crude at best.
Your attempts to evade the contradictions of your position are not masked with such remedial dismissals.
You have, at this point admitted that for all intents and purposes to the end user, there is no distinguishable difference between a blown engine which fails to perform, and a dead device which fails to perform. Once you were cornered into the "simple example" where your logic failed, you began contradicting yourself and throwing up irrelevant distractions to try and rationalize your belief.
Also you still not accepting that to kill a chip you have to literally disable it which is certainly possible via the clock config as one example.
The underlying requirement of your premises, is that every end user has the equivalent of the mechanic's knowledge on rebuilding the engine, for recovering the functionality of the end device. This is self-evidently false. Thus for all intents and purposes, to the general public, there is zero difference between the blown engine and the 'dead' device, as both can be "easily" fixed when one possesses the essential knowledge and the right tools but the average user does not possess either.
The contradiction is in your example. I adjusted the example to be more valid but you don't seem to be reading those posts and are as a result getting confused because your internal state isn't updated correctly.
The device does work vs. an engine that does not. Your example is invalid in its very premise. The device appears in windows, can be configured, is electrically still functional, ... (As in the engine which in your example which is the chip still works)
For all intensive purposes the only missing bit is the readme saying PID 0000 = counterfeit, tough luck and the user is now aware the device still works it is just a fake.
Your ignoring the fact the contradiction is with your example at which point I modified it to correct it and then you say I'm contradicting myself when it is in fact just you that are confused.
The device still works windows still detects it as (FTDI Vendor Detect, Unknown device which is true in every respect) and it does not require physical replacement of a 2 dollar bearing/component to bypass.
I don't understand how it can be classified as killed/broken/damaged in any way because it isn't.
Before said driver was installed, the device performed its intended function. After the driver was installed, the device stopped performing its intended function because the device was intentionally modified to stop it from functioning as it did before, by an entity without right or permission to do so.
That is the only test that actually matters, so please stop with the tortured analogies.
-
The contradiction is in your example. I adjusted the example to be more valid but you don't seem to be reading those posts and are as a result getting confused because your internal state isn't updated correctly.
The device does work vs. an engine that does not. Your example is invalid in its very premise. The device appears in windows, can be configured, is electrically still functional, ... (As in the engine which in your example which is the chip still works)
For all intensive purposes the only missing bit is the readme saying PID 0000 = counterfeit, tough luck and the user is now aware the device still works it is just a fake.
Your ignoring the fact the contradiction is with your example at which point I modified it to correct it and then you say I'm contradicting myself when it is in fact just you that are confused.
The device still works windows still detects it as (FTDI Vendor Detect, Unknown device which is true in every respect) and it does not require physical replacement of a 2 dollar bearing/component to bypass.
I don't understand how it can be classified as killed/broken/damaged in any way because it isn't.
If you're rewriting the question in order to answer it how you wish, then you're not answering the question or the issue. Yet again, you say here,
The device does work vs. an engine that does not.
and only a few posts earlier, The engine does run which is the problem with your example and where the miles apart is.
so have no consistency. None. Zero.
Every single utterance you're putting to the keyboard, is attempting to evade the basic reality that the device, for all intents and purposes to the end user, is dead. You are unable to refute this. Everything else you're spewing is aimless evasion to what you've now already admitted. The device, for the end user after FTDI had their way with it, does not work. Period. That's it. It's fixable to the person who has the know-how and the tools, and for everyone else, it's no different than a brick. QED.
-
Please stop declaring things illegal which are not illegal. Doing so is illegal and you'll be arrested. It says so right here in the EULA I didn't show you but you agreed to by reading this post.
Using a fake chip is not illegal, buying a fake chip is not illegal. Using a driver with a device you bought from amazon without the slightest idea in the world what chips are in it - because no one does, not even you - is not illegal.
Intentionally rendering a users device inoperable is often illegal, though. Even if its easy to fix.
It is not illegal to possess counterfeit goods but the resale, marketing, distribution of said goods is illegal. Holding large amounts of the fake goods even in part is subject to seizure. So technically using a fake chip can be illegal it is just if its on a commercial scale. End users that get caught up in the mess should case after the mfg/seller and so on until the counterfeiters are found out.
Breaking digital lock can be illegal (in the US for example) and the devices will not be operable form this point onwards since FTDI is under no obligation to work with a fake part. (PID 0000 or not Linux/FOSS OSes will just pull the drivers or write their own bypasses and windows will not ever work plug-in play WHQL style)
The crux of the matter is that the fake chip is still operable in every respect it is just the driver that won't talk to it, the chip works fine you can bypass the software driver detection easily just wait for updated Linux drivers or use a third party windows one. Nothing is broken with the chip.
The chip is not an FTDI official chip so it makes sense that you should use a non-FTDI driver it is not an issue to detect a PID 0000 value.
-
Your attempts at oversimplifying the example is crude at best.
Your attempts to evade the contradictions of your position are not masked with such remedial dismissals.
You have, at this point admitted that for all intents and purposes to the end user, there is no distinguishable difference between a blown engine which fails to perform, and a dead device which fails to perform. Once you were cornered into the "simple example" where your logic failed, you began contradicting yourself and throwing up irrelevant distractions to try and rationalize your belief.
Also you still not accepting that to kill a chip you have to literally disable it which is certainly possible via the clock config as one example.
The underlying requirement of your premises, is that every end user has the equivalent of the mechanic's knowledge on rebuilding the engine, for recovering the functionality of the end device. This is self-evidently false. Thus for all intents and purposes, to the general public, there is zero difference between the blown engine and the 'dead' device, as both can be "easily" fixed when one possesses the essential knowledge and the right tools but the average user does not possess either.
The contradiction is in your example. I adjusted the example to be more valid but you don't seem to be reading those posts and are as a result getting confused because your internal state isn't updated correctly.
The device does work vs. an engine that does not. Your example is invalid in its very premise. The device appears in windows, can be configured, is electrically still functional, ... (As in the engine which in your example which is the chip still works)
For all intensive purposes the only missing bit is the readme saying PID 0000 = counterfeit, tough luck and the user is now aware the device still works it is just a fake.
Your ignoring the fact the contradiction is with your example at which point I modified it to correct it and then you say I'm contradicting myself when it is in fact just you that are confused.
The device still works windows still detects it as (FTDI Vendor Detect, Unknown device which is true in every respect) and it does not require physical replacement of a 2 dollar bearing/component to bypass.
I don't understand how it can be classified as killed/broken/damaged in any way because it isn't.
Before said driver was installed, the device performed its intended function. After the driver was installed, the device stopped performing its intended function because the device was intentionally modified to stop it from functioning as it did before, by an entity without right or permission to do so.
That is the only test that actually matters, so please stop with the tortured analogies.
The driver is not the product or the chip. The driver has nothing that says it is guaranteed to work with fake chips. The device still works the driver doesn't want to talk to it. The device can and shortly will work even on Linux and windows once third party drivers are written. It is just that you can no longer use windows WHQL and FTDI signed drivers automatically.
-
The contradiction is in your example. I adjusted the example to be more valid but you don't seem to be reading those posts and are as a result getting confused because your internal state isn't updated correctly.
The device does work vs. an engine that does not. Your example is invalid in its very premise. The device appears in windows, can be configured, is electrically still functional, ... (As in the engine which in your example which is the chip still works)
For all intensive purposes the only missing bit is the readme saying PID 0000 = counterfeit, tough luck and the user is now aware the device still works it is just a fake.
Your ignoring the fact the contradiction is with your example at which point I modified it to correct it and then you say I'm contradicting myself when it is in fact just you that are confused.
The device still works windows still detects it as (FTDI Vendor Detect, Unknown device which is true in every respect) and it does not require physical replacement of a 2 dollar bearing/component to bypass.
I don't understand how it can be classified as killed/broken/damaged in any way because it isn't.
If you're rewriting the question in order to answer it how you wish, then you're not answering the question or the issue. Yet again, you say here,
The device does work vs. an engine that does not.
and only a few posts earlier, The engine does run which is the problem with your example and where the miles apart is.
so have no consistency. None. Zero.
Every single utterance you're putting to the keyboard, is attempting to evade the basic reality that the device, for all intents and purposes to the end user, is dead. You are unable to refute this. Everything else you're spewing is aimless evasion to what you've now already admitted. The device, for the end user after FTDI had their way with it, does not work. Period. That's it. It's fixable to the person who has the know-how and the tools, and for everyone else, it's no different than a brick. QED.
If a question is flawed like asking if the users expectations are the same thing as what the intention of the driver is then yes I will automatically correct it.
Device does work vs. the engine in your example doesn't that is the contradiction that is automatically fixed as well.
Your example states that the engine which is the chip doesn't work (it is physically broken) which is completely factually incorrect.
So there it is spelled out for you. The fake chip is undamaged, still functions, and when linux updates the drivers and people here write a workaround you can use fake chips all you like. It is just not going to be automatic and plug-in play install but that isn't a legal obligation FTDI has to a fake chip. PID 0000 is a non-issue and does no damage.
The basic reality is the device works but the driver does not want to talk to it and that is intended. The user may not expect that to happen and should go after the seller and so on so that the fake chips can be rooted out.
The device works and your just trying to use words to get around that fact when I in fact just forced a PID of 0000 onto a real FTDI chip and it works fine. (not with the VCP driver of course but there are countless other ways of using the product) The fake chip works fine as well with a 0000 PID and drivers/3rd party workarounds are already out there and that is it. It still works just FTDI doesn't want you using their driver but with a third party bypass you can do that as well.
It isn't physically broken or even non-functional that is the core problem with your engine example.
-
The driver is not the product or the chip.
Irrelevant. They modify the device.
The driver has nothing that says it is guaranteed to work with fake chips.
Irrelevant. They modify the device.
The device still works the driver doesn't want to talk to it.
But would have done so before the device was modified
The device can and shortly will work even on Linux and windows once third party drivers are written. It is just that you can no longer use windows WHQL and FTDI signed drivers automatically.
Which doesn't change the fact that they modified a device to prevent it from functioning normally. That someone found a workaround does not remove the intent. None of this squabbling would hold up in court. You can't just modify someone elses property because you don't like what its doing, even if you handwave the modification as not a big deal because they can always fix it.
FTDI has every right to do whatever they want *within their driver*. When they start messing with the device - with they do not own, control, or have rights to - with the intent to prevent it from functioning, no matter how easy it is to circumvent, they step outside the bounds of what they are legally permitted to do.
-
The device does work otherwise it won't enumerate with the operating system. The board can still send data to the chip and it will still send the data back upto the computer. The device works just fine.
Oh yeah, I get it. Kind of like how I can push the gas pedal down in a car with fouled spark plugs and flood the engine with gas. It just doesn't enumerate with the crankshaft into an actual rotary motion.
-
The driver is not the product or the chip.
Irrelevant. They modify the device.
The driver has nothing that says it is guaranteed to work with fake chips.
Irrelevant. They modify the device.
The device still works the driver doesn't want to talk to it.
But would have done so before the device was modified
The device can and shortly will work even on Linux and windows once third party drivers are written. It is just that you can no longer use windows WHQL and FTDI signed drivers automatically.
Which doesn't change the fact that they modified a device to prevent it from functioning normally. That someone found a workaround does not remove the intent. None of this squabbling would hold up in court. You can't just modify someone elses property because you don't like what its doing, even if you handwave the modification as not a big deal because they can always fix it.
FTDI has every right to do whatever they want *within their driver*. When they start messing with the device - with they do not own, control, or have rights to - with the intent to prevent it from functioning, no matter how easy it is to circumvent, they step outside the bounds of what they are legally permitted to do.
The driver is what is not working is the issue. So highly relevant.
A driver in the course of normal operation modify the device on enumeration if some IP protection measure is part of the routine even if new then that is also normal/intended. (FTDI is just horrible PR) I'm sure HASP does this as well and probably will physically try to render a chip actually inoperable if it detects counterfeit license keys. (emulation is joke though and you can't damage a virtual key).
Modifying the device is part of the API and a PID 0000 is an accurate description of the fake device. (A change list could say, Fake/counterfeit chips will be updated to a PID of 0000 to match the unknown device)
The past drivers are not using the latest code so may allow fake chips to operate and modifying the PID ensures backwards (in)compatibility with the latest intended functionality of the driver.
The simple fact is that this is all really just about the driver not any damage being done to the fake chips. There is no obligation for the windows FTDI driver to ever work with fake chips if FTDI got tricky they could even get Microsoft to blacklist the old keys so you get very dire warnings above even unsigned driver ones if you try to install old drivers which is probably completely legal. Linux will probably automatically enumerate PID 0000 chips when they update and counterfeiters will just hard code the bypass into updated chips.
The driver is the hardware interface control layer so certainly manipulation of the hardware is exactly what it is supposed to be doing. Automatic re-programming is just a new "feature" which works as intended so to speak and is there poor way of telling people that the chip is fake since it should be in big bold letters in the readme, download link, and the driver should be an installer instead of a compact silent one so the warning is abundantly clear.
I think FTDI could have communicated it far better than what they did but in no way is the device killed. If they re-programmed the chip to make it actually die then I would agree with you because that would be unauthorized damage which would be intentional on FTDI's part. The PID/VID values are mutable and are supposed to be hardware descriptors and a PID of 0000 is technically correct since the product is unknown and nothing is broken. (The old drivers are working as intended just as the new driver is working as intended one just as a IP protection "feature")
-
The device does work otherwise it won't enumerate with the operating system. The board can still send data to the chip and it will still send the data back upto the computer. The device works just fine.
Oh yeah, I get it. Kind of like how I can push the gas pedal down in a car with fouled spark plugs and flood the engine with gas. It just doesn't enumerate with the crankshaft into an actual rotary motion.
If your engine did not enumerate the crankshaft then there would be no motion possible as it wouldn't "exist". The device does still enumerate and is electrically/physically/software still working.
Also cars use ECUs now and I'm sure if you tried messing around with that poorly the car could very well say nope check engine light and the ECU is faulty/defective/fake. (Or it could explode but that would be mean/illegal/deadly/bad design)
The fake chips work properly and is just no longer plug and play and have a correct PID of unknown. Bypassing this is simple and on Linux probably possible to be automatic, a broken spark plug requires physical replacement and if you have direct injection fouled cylinders are even worse.
-
That's a fair point. But the chances of an unintended FTDI fake substitution are probably higher than others. Until now - that didn't carry unnecessary additional risk that it might work fine (pass all testing) and get passed onto the customers where it could be e-firebombed without warning.
So basically what I said - your are prepared to take the risk of shipping crap built with fake parts but the risk of being found out when you do tips the balance and steers you towards parts which are less likely to be shown to be fakes.
In the future I will be taking the use of FTDI parts as an indication of a supplier who cares about the quality of their products and has confidence in their supply chain.
B. To use a part with blind optimism that your supply chain can't possibly screw up is equivalent to playing Russian roulette. I'd prefer to use the products from a company who is proactive about increasing reliability through thoughtful design and part selection. You're saying I should add risk to an extremely critical system just to demonstrate my confidence in 3 or 4 layers of supply chain removed from our company? No thanks.
You mean the added risk of being found out when you ship product built with fakes. So again what I said - I will have more confidence in a company who have enough confidence in their supply chain to consider that added risk insignificant. If two companies tell me a gun is unloaded I will believe the one prepared to play Russian roulette with it.
Also if a shoe string university lab can do basic QC/QA on chips students get for random projects I would not trust a company that doesn't at least periodically check their stock for fakes by sending samples to a lab. It is probably true a product that used to ship with FTDI chips suddenly switching to another brand may be an indication that they don't actually have much confidence and definitely don't do direct verification. A site like Sparkfun says they check their own stuff and it all works fine no fakes (they did catch a fake micro before though) and they are going over third party products as well. Making a perfect physical clone is difficult small minor differences in the finish, metal, color, markings can be a dead giveaway if you compare the chips with other sources (I do have a microscope but even with a magnifying glass you can look closely). Checking the erratum for accuracy can even be automated to make sure it matches the rev you expect. And if for some reason the erratum is different or many don't apply for some reason that would be automatically suspicious.
I actually found out that you can delid things safely and rapidly with a small creme brulee torch (~less than 20$) so its easy/cheap to verify chips visually at least even without the "proper" acid method. I took the dies out of a old broken OCZ flash drive to go image on a microscope using such a method. (Just do it outside as the fumes are that magic smoke which is the encapsulate as your going to burn off the entire package basically) Also make sure your holding the torch parallel/at a non-direct face manner to the die to drive the residue off as it burns.
With that said you can collect die images and use it as a method to detect fakes directly or at least make it so that they have to be basically identical.
-
FTDI has every right to do whatever they want *within their driver*. When they start messing with the device - with they do not own, control, or have rights to - with the intent to prevent it from functioning,
Their intent and the actual result was to prevent the device indicating to the operating system that it should load FTDI drivers which are not licensed for use with that device. The device remains as functional as it ever was if you provide drivers for example by plugging it into a Linux box.
-
I just got an idea. I'm going to delid an FTDI chip right now. Hold on I'm going to play with fire.
-
FTDI has every right to do whatever they want *within their driver*. When they start messing with the device - with they do not own, control, or have rights to - with the intent to prevent it from functioning,
Their intent and the actual result was to prevent the device indicating to the operating system that it should load FTDI drivers which are not licensed for use with that device. The device remains as functional as it ever was if you provide drivers for example by plugging it into a Linux box.
Yep, the windows driver is provided to the user with a licence requiring it to be used with their hardware. They decided to start enforcing that requirement with a lasting but not damaging technique to prevent the clone devices from working with the software, it still works just not with the licensed software.
People taking issue with Microsoft and FTDI wanting to protect the underlying USB compatibility is hilarious, PID/VID codes match software to hardware, its not an end to end API that FTDI are providing for use.
-
lasting but not damaging technique to prevent the clone devices from working with the software, it still works just not with the licensed software.
It is slightly worse than that because I believe Win 7 and 8 somehow don't like devices with zero PIDs. Maybe Win 7/8 knows there will be no drivers for a zero PID without even bothering to check. Not that it makes any practical difference because there are no other drivers for Windows.
-
I just got an idea. I'm going to delid an FTDI chip right now. Hold on I'm going to play with fire.
Done, not at work right now so I just used an ancient HP scanjet which I really doubt actually has 2400DPI of actual resolution. Also the scan plate glass is a bit cloudy and so is the sensor I think not sure why its really old. It also appears to be out of focus for some reason (I may or may not have dropped it in the past).
(http://i58.tinypic.com/2dwhniu.jpg)
Note that I burnt it a bit too long (overcooked) as I didn't realize the die was so thick and their package is much more flame resistant than OCZs.
-
Now FTDI is sending in trolls to kill this thread. Way to go FTDI. They can't be that stupid !!!! :palm: :palm: :palm:
@Dave, they likely to hack your server and they can print their license to kill as they want. :palm: :palm: :palm: :palm:
-
So I wonder how many young (pre-engineers) will remember this in 5 years. Next year or month when a product is up for redesign will the designer think twice about using any FTDI product. Will it become a topic that has staying power in the lab? There are always other choices when it comes to 99.9 percent of the chips out there.
I'm thinking about the FTDI brand in particular not this particular chip, their legal right, and so on. The brand will suffer but how much is the question.
-
edit: Post above says basically the same thing. Posted whilst I was typing.
For all of the people claiming that the cloned chips are illegal, how do you know that all of the chips affected are actually counterfeit and not legitimate clones?
Dealing with clones
From the information presented so far in this thread, the cloning of chips is legal.
So if you produce a clone product without reverse engineering and then either don't brand it, or, put your own brand on it everything is fine and dandy.
FTDI has no right to damage this chip, as doing so is anti-competitive and is illegal in various parts of the world.
The problem is that the FTDI driver cannot determine if the chip has a fake logo on it before it affects its operation. Therefor FTDI have taken the position that clone products are fair game and FTDI are causing damage to someone else's product (the cloned chip). This then causes damage to the end users legitimately purchased product (FTDI have not proved that its a counterfeit) and must be held to account for the costs of repairing the now damaged equipment. Finally FTDI have not notified the end user of an issue, but rather just damaged the operation of the device.
As for the cloners using the FTDI VID/PID, this also is not illegal.
Its against the rules of an industry body, if your product has a USB certified logo on it or the documentation/packaging or makes various claims.
But if the product does not, then the cloners are not even breaking the rules. They are simply making a clone device.
Dealing with counterfeits
Taking a clone chip and putting a fake FTDI logo on the chip makes it a counterfeit.
FTDI and the appropriate authorities should take action against this.
The vendors of the products, their suppliers etc should all be investigated and the appropriate punishments delivered.
Organisations like eBay, PayPal, Amazon and their various vendors should also be informed and refunds/replacements of the products delivered. As the sale to the customer has involved a counterfeit product and a fraud has been perpetrated, the product warranty conditions and/or vendor returns rules would be difficult to enforce by the vendor in this situation.
Similarly the vendor needs to make a claim on their supplier and so on.
Given the current level of interest in this topic, it would be sensible for everyone people/companies affected to mass return these items and force the distribution channels for these counterfeit products to be held accountable.
Note: The only examples that I have personally seen did have the FTDI logo printed on them and therefor are counterfeit. In both cases I have approached the vendors involved for a refund or replacement. PayPal has been notified of the issue as well. Neither has responded at this stage.
-
So if you produce a clone product without reverse engineering and then either don't brand it, or, put your own brand on it everything is fine and dandy.
Has such a chip ever been found in the wild?
-
So if you produce a clone product without reverse engineering and then either don't brand it, or, put your own brand on it everything is fine and dandy.
Has such a chip ever been found in the wild?
Not that I have seen. I do have an unlabelled chip at home but its something entirely different and nothing to do with the discussion other than it prompted me to ask the question you have quoted above.
-
Simple question
I loan you my working USB to serial cable, did I receive back a cable that still works with my computer on the cable's return?
If NO, then you are responsible for the damage!
C
-
I've finally finished working through all my devices that could possibly have included a USB->Serial convertor inside them.
I managed to find 28 of them of which 15 had FTDI convertors in them. (The rest were predominantly Arduino Mega2560 with the Atmel USB device)
Of those 15 devices, a whopping 9 proved to be contain FTDI chips (all of which were FT232R).
I'm pleased to announce that each of those 9 devices has now been 'consigned to the bin', but not before I had some fun.
First step was to reprogram the VID/PID such that they enumerated as a Micro$oft keyboard. For some weird reason, I was unable to find the 'ANY' key?
Second step was to switch them over to use the (non-existent) external oscillator.
I've chosen to apply a 'collective name' to all 9 devices... "PHIL"... (As in 'Land-Phil')
Needless to say, I will never again knowingly use a device with a genune FTDI chip in it.
Rest-In-Pieces FTDI (aka F**k The Devices Internally)
-
FTDI has every right to do whatever they want *within their driver*. When they start messing with the device - with they do not own, control, or have rights to - with the intent to prevent it from functioning,
Their intent and the actual result was to prevent the device indicating to the operating system that it should load FTDI drivers which are not licensed for use with that device. The device remains as functional as it ever was if you provide drivers for example by plugging it into a Linux box.
Yep, the windows driver is provided to the user with a licence requiring it to be used with their hardware. They decided to start enforcing that requirement with a lasting but not damaging technique to prevent the clone devices from working with the software, it still works just not with the licensed software.
People taking issue with Microsoft and FTDI wanting to protect the underlying USB compatibility is hilarious, PID/VID codes match software to hardware, its not an end to end API that FTDI are providing for use.
ONE MORE TIME for those of you that are a little thick-headed:
FTDI does *NOT* "OWN" the VID/PID associated with this device. ANYONE can use the *same* VID/PID if they want to with *NO* legal repercussions. It is perfectly *legal* for a company to make a "clone" [i.e. "works alike"] device that has the same VID/PID as the FTDI device.
It is unethical, illegal, and a "tort" for FTDI to maliciously and willfully [with forethought] modify and/or damage someone else's property without their permission.
FTDI broke the law. FTDI left themselves open to a class action lawsuit. FTDI gave themselves a "black eye". FDTI decision makers that approved these actions are *IDIOTS*, and they should be FIRED. Even the CEO can be fired by the board of directors. Heads will roll. This will be remembered by every design engineer that needs a USB-serial chip for their design. This will cost FTDI dearly, and that is if the company survives at all.
IN ADDITION: Let's talk semantics. A "work alike clone" is *not* illegal unless the company making it tries to pass it off as a chip made by FTDI. There is no way for the driver to know if there is trademark infringement on the chip's package-- and so the driver just may well "brick" a legal, legitimately owned "clone" as well as a "counterfeit" part. It is illegal for FTDI to knowingly and willfully modify the PID and/or VID of a device that they don't own-- PERIOD.
Technically if someone managed to get a WHQL driver through or trick people into installing a conflict works with everything "driver" that would be quite damaging for everyone. For the sake of continued usability of USB devices in general abusing the VID/PID system is a very bad idea the next thing you'll get is the requirement to get a private key signed by USB-IF to stop such abuse and they will call it "secure USB". In light of that honor system to VID/PIDs people should not write fake values for devices as this can easily cause everyone problems.
The driver has FTDI's trademark on it and even is for the most part signed with their own digital signature so you know for a fact it is FTDI's official driver which by faking the VID/PID number the counterfeiter essential even if physically unmarked on the chip have branded your device as an FTDI original. Courts look at the simple matter at hand FTDI's driver is for real FTDI chips, faking that means breaking trademarks. For copyright law it just matters how it visually appears to users and if they can't see the chip label visually the official signed driver saying this is a FTDI FT23XX chip is as good as any label. Now if you use that latest driver FTDI's driver it correctly identifies a non-FTDI chip and gives it a correct label of an unknown device that claims to be an FTDI chip.
It would be like AMD faking IDs to trick intel's tools into identifying it as an Intel chip which would be a breach of trademark (digitally) even if AMD has a x86 compatible, supports all the extensions, in software it works properly just on board its an AMD branded or unbraded chip. I'm sure Intel has a ton of anti-counterfeiting stuff going on so doing so won't be as simple as faking a VID/PID combo but courts don't really care about that bit.
Your case would be more valid if FTDI went looking for knockoffs regardless of their VID/PID combination.
"When the alleged infringer and the trademark owner deal in competing goods or services, the court rarely needs to look beyond the mark itself; infringement will usually be found if the two marks at issue are sufficiently similar that consumer confusion can be expected."
Consumers are confused the fake FTDI chips act as if they are real ones to the driver in windows the mfg label says (FTDI) and the driver says it is a real FT chip. The user has committed no crime but the counterfeiter has. A pin compatible clone like other have mentioned from real legitimate companies do not advertise that they work with FTDI signed VCP drivers and one listed in this very thread doesn't seem to even come with any software and other similar ones come with their own VCP drivers. Emulating the physical chip is fine but faking information to trick the driver into running with it and displaying FTDI's trademarked stuff isn't.
Simple fact is that the chips are fake and should get their own driver. This obviously will make devices not work with FTDI's drivers but this isn't illegal in any sense, changing the PID to 0000 is the first step in allowing a 3rd party driver to pick up the pieces as having a conflict VID/PID driver is a very bad idea even if not illegal so them having a different PID is expected.
-
So if you produce a clone product without reverse engineering and then either don't brand it, or, put your own brand on it everything is fine and dandy.
Has such a chip ever been found in the wild?
Not that I have seen. I do have an unlabelled chip at home but its something entirely different and nothing to do with the discussion other than it prompted me to ask the question you have quoted above.
To remain unbranded you also have to use unbranded software. Faking information to make it show up as an official FTDI chip is going to appear visually that it is official FTDI FT series chips. I don't see any problem with a pin compatible, API emulating chip that has no FTDI branding and doesn't use their driver clone the function but don't rip off the entire thing. (Copying the actual die exactly would also be illegal as would "re-branding" the official driver)
Lets put it this way Google emulated Oracle IP very well but did it cleanroom style so very little meaningful infringement. FTDI's competitors are perfectly allowed to do the same thing functionally speaking just with their own work.
-
Simple question
I loan you my working USB to serial cable, did I receive back a cable that still works with my computer on the cable's return?
If NO, then you are responsible for the damage!
C
Your cable works fine. The official driver just is upset with the fake chip. Use a third party driver and your good to go. FTDI trademark is all over their driver so 3rd party would be the legit way to do it.
I'd personally just say you have a fake cable and I replaced the chip/cable with a real one (i have a mountain of chips for students) for you and ask you where you bought it from and report them for you. You get value add if you loan me stuff, quality control inspection, free rework, debug, I really like opening/inspecting hardware even if it costs thousands/millions (even more so). My own stuff I don't treat so nicely, failed OCZ drive mangled some of my documents (set it on fire) test results indicate the chips are not UL94-V0 type packages. Drive was later subjected to corrosion testing in concentrated household bleach, maybe I'll throw it in the acid waste for good measure at work after triple rinsing of course. (Also securely erased, digitally and physically)
-
Of those 15 devices, a whopping 9 proved to be contain FTDI chips (all of which were FT232R).
I'm pleased to announce that each of those 9 devices has now been 'consigned to the bin', but not before I had some fun.
And how does your face look without a nose?
.
.
.
.
.
.
If you need it explaining http://en.wikipedia.org/wiki/Cutting_off_the_nose_to_spite_the_face (http://en.wikipedia.org/wiki/Cutting_off_the_nose_to_spite_the_face)
-
Of those 15 devices, a whopping 9 proved to be contain FTDI chips (all of which were FT232R).
I'm pleased to announce that each of those 9 devices has now been 'consigned to the bin', but not before I had some fun.
And how does your face look without a nose?
.
.
.
.
.
.
If you need it explaining http://en.wikipedia.org/wiki/Cutting_off_the_nose_to_spite_the_face (http://en.wikipedia.org/wiki/Cutting_off_the_nose_to_spite_the_face)
Adding onto that,
Why not just put a pin compatible FTDI chip into them and give FTDI the finger twice over considering some of the equipment I have is so old there is no replacement and some of it is so expensive an unique that trashing them because you don't like the mfg is like saying eew not a San Ace fan and trashing a perfectly good power supply which is trivial to replace the fan with your own. Or if you want to really say screw you FTDI go use obviously fake FTDI chips exclusively and apply the driver detection bypass on your hardware so they all still work with FTDI's latest driver even with their detection.
In any case I hope your recycling those electronics properly.
-
Just Boycott FTDI.
-
...
Hey now you are free to do whatever you want with your designs. I have no employment or affiliation with FTDI other than using their chips as you have in previous designs. Keep it nice and friendly please accusing people of being a plant is baseless and "yelling" isn't helping your statements.
The driver is copyrighted and trademarked and abusing the not illegal to abuse PID/VID system to trick a driver is the same kind of argument that Google tried with but the people's wifi's were not encrypted so I copied their data because that was so easy it doesn't count an invasion of privacy. To a user the fake chip appears branded as an FTDI official device as the driver reports it which then infringes on the trademark.
Other mfg with competing chips and even pin compatible ones do not use FTDI's drivers simple fact of the matter. See Google copied Oracles API but they did it themselves and used something called cleanroom development so very little meaningful copying happened in that case (which is legal, in my opinion) but if Google just copied directly then thats worse. Even worse would be if AMD tricked intel's tools into saying a physically marked AMD chip is an genuine intel chip because they found out that intel just uses a trivial id check that is definitely not going to be legal.
(Edit: Here is an explanation of legal copyright/trademark evasion via clean room development, https://en.wikipedia.org/wiki/Clean_room_design (https://en.wikipedia.org/wiki/Clean_room_design) , it of course doesn't work on patents, heck even more direct reverse engineering is still legal but directly copying/re-purposing software in its entirety is not a best practice)
Fake chips can use their own third party drivers or user performed bypasses its pretty simple really. (Also these fake chips are they or are they not also physically branded FT parts which they probably are so what your talking about is a hypothetical while the reality is probably very different)(So trademark infringement is probably both digital and physical otherwise people would know its a fake and demand a very low price)
For an official FTDI tool to reprogram the PID use FT_PROG (http://www.minipwner.com/index.php/unbrickftdi000 (http://www.minipwner.com/index.php/unbrickftdi000))
For a bypass use (not made by me)
#!/usr/bin/env python2
# FTDI Clone Tool v0.2 by @marcan42
# Licensed under the terms of the 2-clause BSD license, which follow:
#
# Copyright (c) 2014 Hector Martin <hector@marcansoft.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
import sys, struct
try:
import usb
except ImportError:
print "Error: please install PyUSB. The package is called python-usb in Ubuntu."
sys.exit(1)
def find_device():
busses = usb.busses()
found = 0
for bus in busses:
devices = bus.devices
for dev in devices:
if (dev.idVendor == 0x0403
and dev.idProduct in (0x6001, 0x0000)
and dev.deviceVersion.split(".")[0] == "06"):
print "Found FTDI FT232R device (%04x:%04x)" % (dev.idVendor, dev.idProduct)
found_dev = dev
found += 1
if found == 0:
print "No devices found"
sys.exit(1)
if found > 1:
print "More than one device found. Please connect only one FTDI device."
sys.exit(1)
return found_dev
class FTDIDevice(object):
def __init__(self, usbdev):
self.handle = usbdev.open()
self.timeout = 100
def unlock_eeprom(self):
self.handle.controlMsg(requestType=0x40,
request=0x09,
value=0x77,
index=1,
buffer="",
timeout=self.timeout)
def read_eeprom(self, addr):
data = self.handle.controlMsg(requestType=0xc0,
request=0x90,
value=0,
index=addr,
buffer=2,
timeout=self.timeout)
assert len(data) == 2
return data[0] | (data[1] << 8)
def write_eeprom(self, addr, data):
self.handle.controlMsg(requestType=0x40,
request=0x91,
value=data,
index=addr,
buffer="",
timeout=self.timeout)
def calc_checksum(self, eeprom):
check = 0xaaaa
for i in eeprom[:0x3f]:
check = check ^ i
check = ((check << 1) | (check >> 15)) & 0xffff
return check
def forge_checksum(self, eeprom):
check = 0xaaaa
for i in eeprom[:0x3e]:
check = check ^ i
check = ((check << 1) | (check >> 15)) & 0xffff
check ^= ((eeprom[0x3f] >> 1) | (eeprom[0x3f] << 15)) & 0xffff
return check
def main():
print "Detecting device..."
dev = FTDIDevice(find_device())
dev.unlock_eeprom()
print "Reading EEPROM..."
eeprom = [dev.read_eeprom(i) for i in range(0x40)]
print "EEPROM contents:"
for i in range(0, 0x40, 8):
print " " + " ".join("%04x" % j for j in eeprom[i:i+8])
check = dev.calc_checksum(eeprom)
checksum_correct = check == eeprom[0x3f]
if checksum_correct:
print " EEPROM checksum: %04x (correct)" % eeprom[0x3f]
else:
print " EEPROM checksum: %04x (incorrect, expected %04x)" % (eeprom[0x3f], check)
print "Detecting clone chip..."
old_value = eeprom[0x3e]
print " Current EEPROM value at 0x3e: %04x" % old_value
new_value = (old_value + 1) & 0xffff
print " Writing value: %04x" % new_value
dev.write_eeprom(0x3e, new_value)
read_value = dev.read_eeprom(0x3e)
print " New EEPROM value at 0x3e: %04x" % read_value
if read_value != old_value:
print " Reverting value: %04x" % old_value
dev.write_eeprom(0x3e, old_value)
if read_value == old_value:
print "Chip is GENUINE or a more accurate clone. EEPROM write failed."
print "Nothing else to do."
return 0
print '===================================================================='
print 'Chip is a CLONE or not an FT232RL. EEPROM write succeeded.'
if checksum_correct:
if eeprom[2] == 0:
print '===================================================================='
print "Your device has a Product ID of 0, which likely means that it"
print "has been bricked by FTDI's malicious Windows driver."
print
print "Do you want to fix this?"
print " - Type YES (all caps) to continue."
print " - Type anything else (or just press enter) to exit."
ret = raw_input("> ")
if ret != "YES":
print "No changes made."
return 0
# Try to undo what the FTDI driver did. If it corrupted the value at
# 0x3e (if it wasn't unused), this should fix it, assuming the
# checksum at 0x3f is correct for the right value.
eeprom[0x02] = 0x6001
eeprom[0x3e] = dev.forge_checksum(eeprom)
dev.write_eeprom(0x02, eeprom[0x02])
dev.write_eeprom(0x3e, eeprom[0x3e])
if eeprom[0x3e] == 0:
print "Product ID restored to 0x6001. All changes made by FTDI's driver"
print "have been reverted."
else:
print "Product ID restored to 0x6001. However, the value at 0x3e has not"
print "been set to zero. Reasons why this may have happened:"
print " - The PID was set to 0 by other means, not FTDI's driver."
print " - The original PID was not 0x6001"
print " - The PID was set to 0 by FTDI's driver, then fixed with"
print " another tool, then set to 0 again by FTDI's driver."
print " - Your device has very long vendor/product/serial number strings,"
print " and FTDI's driver may have accidentally corrupted the last"
print " character. If this is the case, it has been restored."
print " - You or your software have used the EEPROM's free/user area and"
print " FTDI's driver has corrupted the last word. If this is the case,"
print " it has been restored."
print " - For some other reason the free area of your EEPROM was not"
print " filled with zeros."
print "This is probably harmless, but you may want to take note."
print "Press enter to continue."
raw_input()
print "===================================================================="
print "Deliberately corrupting the checksum of your device\'s EEPROM will"
print "protect it from being bricked by the malicious FTDI Windows driver,"
print "while still functioning with said driver. However, if you do this,"
print "ALL SETTINGS WILL REVERT TO DEFAULTS AND THE DEVICE SERIAL NUMBER"
print "WILL NO LONGER BE VISIBLE. Most devices that use the FT232 as a"
print "standard USB-serial converter will function with default settings,"
print "though the LEDs on some converters might be inverted. Specialty"
print "devices, devices which use bitbang mode, and devices which use"
print "GPIOs or nonstandard control signal configurations may cease to"
print "work properly. If you are NOT 100% certain that this is what you"
print "want, please do not do this. YOU HAVE BEEN WARNED. You can revert"
print "this change by using this tool again."
print
print " - Type CORRUPTME (all caps) to set an invalid EEPROM checksum."
print " - Type anything else (or just press enter) to exit."
ret = raw_input("> ")
if ret != "CORRUPTME":
print "EEPROM checksum left unchanged."
return 0
if eeprom[0x3f] == 0xdead:
# Bad luck!
dev.write_eeprom(0x3f, 0xbeef)
else:
dev.write_eeprom(0x3f, 0xdead)
print "EEPROM checksum corrupted. Run this tool again to revert the change."
print "Disconnect and reconnect your device for the changes to take effect."
print "Press enter to exit."
raw_input()
return 0
else:
print "===================================================================="
print "Your device has an incorrect EEPROM checksum, probably because you"
print "ran this tool to do so, with the intent of protecting your device"
print "from the malicious Windows driver."
print
print " - Type FIXME (all caps) to restore your EEPROM checksum."
print " - Type anything else (or just press enter) to exit."
ret = raw_input("> ")
if ret != "FIXME":
print "EEPROM checksum left unchanged."
return 0
dev.write_eeprom(0x3f, check)
print "EEPROM checksum corrected. Disconnect and reconnect your device for"
print "the changes to take effect. Press enter to exit."
raw_input()
if __name__ == "__main__":
sys.exit(main())
-
>> The driver is copyrighted and trademarked and abusing the not illegal to abuse PID/VID system to trick a driver
Yeah, the compatible and clone counterfeit chip maker are bad boys for letting you, the windows user in a gray area when using the official FTDI driver.
It's not nice, but not illegal. It's the point of a compatible to be compatible.
The EULA is not agreed by most people using recent windows, there is no EULA on th FOSS driver, so most people did not agree to respect anything in the EULA.
-
a210210200
Think you are missing the point, noting in or on the loaned cable is illegal.
If you you used that driver for windows that changes the VID/PID, them you would be returning a cable that no longer works and are responsible for the damage!
FTDI is between a rock and a hard place. They have no right to change the VID/PID while the cable is on loan to you and if you allow this change to happen then you broke the cable.
You were using the cable, not me so as long as the cable is plain with no USB logo or FTDI logo then the damage is totally on you.
Re-programing the VID/PID is not something the driver is suppose to do!
Adding any communications over USB in the attempt to find counterfeits could be viewed as malice, causing harm or damage as the previous versions of the driver did not have this extra communications.
I see only one option for FTDI and that is a new VID/PID pair where FTDI clearly state that they will be doing counterfeit checks above what USB requires between the driver and their chip for the new VID/PID pair.
C
-
a210210200
Think you are missing the point, noting in or on the loaned cable is illegal.
If you you used that driver for windows that changes the VID/PID, them you would be returning a cable that no longer works and are responsible for the damage!
FTDI is between a rock and a hard place. They have no right to change the VID/PID while the cable is on loan to you and if you allow this change to happen then you broke the cable.
You were using the cable, not me so as long as the cable is plain with no USB logo or FTDI logo then the damage is totally on you.
Re-programing the VID/PID is not something the driver is suppose to do!
Adding any communications over USB in the attempt to find counterfeits could be viewed as malice, causing harm or damage as the previous versions of the driver did not have this extra communications.
I see only one option for FTDI and that is a new VID/PID pair where FTDI clearly state that they will be doing counterfeit checks above what USB requires between the driver and their chip for the new VID/PID pair.
C
I'm not sure what your talking about I'm not about to return a fake cable to you I already said I would be able to detect, replace, report the cable at no cost to you. Its trivial stuff really I have boxes of real cables from dev kits lying around. I freely give out USB memory sticks (cleaned, securely erased, verified to be erased, ...) to people when needed. The FTDI branded chip (balance of probability says its going to be marked in a way that people think its an FT original) which is illegal if it is fake and more so if it uses a driver they never wrote. But since you loaned it to me you can have two/more cables it is a hypothetical question after all and in reality I'm perfectly capable of carrying it out my answer, I really have nothing good to do with so many cables one time I made a physical loop back cable by putting some them end to end (null modem adapter may be required).
I've even demonstrated with images how I can easily do die verification at home for you as well with a 15$ torch in minutes. (The image is original and I think I damaged the die a bit but enough is recognizable to id a real from a fake even with a cheap old consumer scanner) For a mfg not to check is very bad QA/QC.
Re-programming VID/PID is what the driver is supposed to do its one of the functions of it. (The added function to relabel unknown to an unknown PID chips is also a function of the driver) If they went and did a scan of all usb devices and all VID/PID combos to find fake or competing USB UART chips and damaged them then that is very bad behavior. It would be bad if they messed up the clock config as that could cause real physical damage. Neither of which is the case here.
As I've said its just a simple third party driver or user performed bypass to make the working chip usable with software including FTDI's drivers (gray zone but no one is going to catch individuals doing it). And in a few months the counterfeiters will catch wind of this and fix it in hardware and future fake chips will probably work fine as well with official FTDI drivers.
-
I applaud FTDI. Sod the people that buy cheap knock-offs. If you want to buy clones then you deserve to get it bricked. :-+
-
>> The driver is copyrighted and trademarked and abusing the not illegal to abuse PID/VID system to trick a driver
Yeah, the compatible and clone counterfeit chip maker are bad boys for letting you, the windows user in a gray area when using the official FTDI driver.
It's not nice, but not illegal. It's the point of a compatible to be compatible.
The EULA is not agreed by most people using recent windows, there is no EULA on th FOSS driver, so most people did not agree to respect anything in the EULA.
Microsoft has that covered for their online services, (If you have windows you agreed to the EULA, and same for all the online services like windows update) Don't like the terms and they suggest returning the software or disabling/not using services which you do not want. FTDI's driver license is very explicit about how mad they will get if you use fake chips with their software. (Microsoft is a lot more livid though about how bad counterfeit Microsoft windows and the ways they can make it go wrong for you the user, might break the OS, no updates, things might not work if we feel like it, ...)
"7.4. How is the software updated? We may automatically check your version of the software. We may also automatically download updates to the software from time to time. You agree to accept such updates subject to these terms unless other terms accompany the updates. If so, those other terms apply. Microsoft isn't obligated to make any updates available and doesn't guarantee that we'll support the version of the system for which you licensed the software. Such updates may not be compatible with software or services provided by third parties."
A transitive ToS. I'm surprised microsoft has just one general ToS for "Microsoft Services" (The built in EULA is similar although it has pages and pages of what happens if you are detected as a fake windows copy and all the ways Microsoft will be mad at you and what will break and how Microsoft can mangle your OS to "repair" the counterfeiting) For Microsoft their view is you don't like our terms don't use the service basically. Actually they do seem to have supplemental ones and all manner of them scattered about.
(They also say nothing about loss of use or damage should windows genuine advantage (such a happy name for a DRM system that also calls home) get angry at you even if you didn't originally install windows)(For a time Microsoft did bad things to fake copies but now they are less forceful and its more a nag to death type system than dead system type of thing, Vista really sucked on that front and it functionally acted as a timebomb type program, SP1 "fixed" that to the normal nagging)
A third party written driver has no obligation to use FTDI's anti-counter fitting measures and would be perfectly legal as a piece of software and could be called fully compatible with PID0000 fake and real FTDI parts but just directly cloning FTDI's software is not legal. As others have said PID/VID collisions themselves are not illegal so the driver can even advertise such PID/VID combos to FTDI's chagrin just nothing in the driver can refer to FTDI just call it the "very compatible very drunk virtual serial port driver". Write your own config tools (probably not very complicated) and you can be FTDI trademark/copyright free.
-
I applaud FTDI. Sod the people that buy cheap knock-offs. If you want to buy clones then you deserve to get it bricked. :-+
Might want to read the entire topic before posting something that has been posted and replied to hundreds of times already. :palm:
-
I applaud FTDI. Sod the people that buy cheap knock-offs. If you want to buy clones then you deserve to get it bricked. :-+
Plus isn't the saying don't turn it on take it apart. I always take things apart (especially commodity things that can easily contain fakes) power supplies, adapters, even cables get torn down. Detecting fakes is a skill that anyone in the industry should learn and practice.
For power supplies it is critical to detect fakes as it can actually kill you or just start a fire randomly. If it feels cheap or is too light then smashing open for inspection is certain. Even my machine shop supervisor who has no electrical experience has found fakes and can figure out basic safety aspects for power supply stuff since killing students by lack of proactive action is probably criminal negligence. The cheap and simple things are most likely to be faked as it is fairly easy to make it "function". Faking an intel i7 that actually works is another story and is probably very difficult (intel will probably get really pissed far before you even finish).
If something is too good to be true it very likely is. (Super cheap, there is going to be something traded off for that price) I buy things knowing that I could get burned and I have (One time I got lightbulb adapters instead of an LED lamp... but I'm sure worse subtle things can happen as well)
There are quality China sourced OEMs that use real parts and somehow seem to be able to actually keep a clean supply chain so if they can do it we can do it, one would hope.
-
I applaud FTDI. Sod the people that buy cheap knock-offs. If you want to buy clones then you deserve to get it bricked. :-+
Might want to read the entire topic before posting something that has been posted and replied to hundreds of times already. :palm:
I have read, and added my opinion... :-//
-
FTDI devices are crap, overpriced, and produced by a company clearly run by a bunch of retards. It's a sad day when it's cheaper to use a whole separate Atmel device, AND foot the cost of having it programmed to basically do what the FTDI chip did - screw them, leave the FTDI bottom feeders in here to keep using their overpriced products, while the people with brains use devices from companies who actually care about the end users. Destroying hardware is not OK, no matter how you try and twist the story to make it look OK. Fine, most people here can probably figure out a workaround, but the other 95%? Nope, as far as they're concerned the hardware is fucked. Throw it in the bin, along with FTDI themselves.
-
Throw it in the bin, along with FTDI themselves.
Uninstall the driver while you are at it.
I don't see why everyone is getting so angry.
Just move on to a competitor or buy FTDI stuff, your choice.
Let the courts decide what is legal or not, I don't see how people can be so sure of what is even legal.
My bet is it will be hard to get one cent from FTDI from the legal system in whichever country someone may try to sue them.
Compared to what the large multinationals do, it's a drop in the ocean. If you want to kick someone for really doing the wrong thing kick Google.
Last year it was revealed Google's Australian arm paid just $74,000 in tax in 2011, despite an estimated $2 billion in revenue from Australian ads.
http://www.smh.com.au/national/tax-crackdown-has-to-be-global-20130723-2qhj1.html (http://www.smh.com.au/national/tax-crackdown-has-to-be-global-20130723-2qhj1.html) Sydney Morning Herald.
-
Sod the people that buy cheap knock-offs. If you want to buy clones then you deserve to get it bricked. :-+
SIL 2104 (CP2104) is not any clone, but it's cheap and its PCB design stright forward
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115307)
BTW: No need to buy anything with IDTF (read from right to left since I do not want even write this name anymore) :-DD
-
I applaud FTDI. Sod the people that buy cheap knock-offs. If you want to buy clones then you deserve to get it bricked. :-+
Might want to read the entire topic before posting something that has been posted and replied to hundreds of times already. :palm:
I have read, and added my opinion... :-//
Still your opinion is wrong in so many ways. In most civilised countries laws are organized in a way that the number of victims of a criminal act are minimised and therefore what FTDI did is illegal in dozens of countries. Two wrongs don't make right. Again nobody wants functional equivalent chips in their products or sell products with such chips. But in the event it does happen without their knowledge they want to have the opportunity to make things right without getting stuck between a rock and a hard place. That is what this entire thread is about. The actions of FTDI turned people with nothing but good intentions into victims by causing them a lot of problems and loss of time (=money). If FTDI had made their driver to show a pop-up saying a non-original FTDI chip had been detected and it will stop working in 90 days the problem would be clear (no time wasted on figuring out why a device suddenly stopped working) and people can take action to set things right.
-
Where are those USB to serial modules available from? I might get a few just in case a friend finds themselves in an FTDI type problem.
-
FTDI devices are crap, overpriced, and produced by a company clearly run by a bunch of retards. It's a sad day when it's cheaper to use a whole separate Atmel device, AND foot the cost of having it programmed to basically do what the FTDI chip did - screw them, leave the FTDI bottom feeders in here to keep using their overpriced products, while the people with brains use devices from companies who actually care about the end users. Destroying hardware is not OK, no matter how you try and twist the story to make it look OK. Fine, most people here can probably figure out a workaround, but the other 95%? Nope, as far as they're concerned the hardware is fucked. Throw it in the bin, along with FTDI themselves.
1. They are not crap. If you are concerned about compatibility, FTDI devices are the first choice. If fake fail on you, this is not FTDI fault.
2. Atmel device still needs a USB stack and driver.
-
In most civilised countries laws are organized in a way that the number of victims of a criminal act are minimised and therefore what FTDI did is illegal in dozens of countries.
You spoke like a true authority, :)
-
Still your opinion is wrong in so many ways. In most civilised countries laws are organized in a way that the number of victims of a criminal act are minimised and therefore what FTDI did is illegal in dozens of countries.
I had almost that exact quote in my copy buffer before I read dannyfs reply.
If it is so obviously illegal then the appropriate law would have something to identify it, like a name or number.
Let me know what that particular law is.
And is it criminal law? If so you better let Scotland Yard know and they will send someone around.
My point is people who cry 'illegal' without a particular law of a particular jurisdiction in mind could be just grandstanding.
As to the civilised countries, I'd like to hear more on that one. ;)
-
1. They are not crap. If you are concerned about compatibility, FTDI devices are the first choice. If fake fail on you, this is not FTDI fault.
2. Atmel device still needs a USB stack and driver.
I've had so many fail from simple EMI issues ON BOARD in commercial products it's not funny, and before you blame bad PCB design, the EMI was through the USB cable. It's entirely FTDI's fault, there are much better alternatives out there.
2. So do FTDI devices, it is (was) just conveniently included in newer versions of Windows. At least I know Atmel isn't going to push an update that kills my devices. I wouldn't be surprised in the least if MS pulls FTDI as a trusted software distributor after this and pulls their drivers from any future releases, if not sue them into the ground for the probably hundreds of thousands of people smashing their support staff right now for an update that supposedly killed their device (because, in the end, all people are going to see is that windows updated, and suddenly their device is no longer working. Who are they gonna go to?).
Only reason people still use them is because they've been around for so long, and the chip does what they need. They aren't gonna continue using it if they are at risk of their devices randomly bricking, and if they find out they can get something better, and for, GASP, cheaper!
-
Everybody here is missing the point
The point is not that FTDI are doing something legal or not, or moral or not. The real point is that Tony Abbott and his minions must be rid
-
Of those 15 devices, a whopping 9 proved to be contain FTDI chips (all of which were FT232R).
I'm pleased to announce that each of those 9 devices has now been 'consigned to the bin', but not before I had some fun.
And how does your face look without a nose?
.
.
.
.
.
If you need it explaining http://en.wikipedia.org/wiki/Cutting_off_the_nose_to_spite_the_face (http://en.wikipedia.org/wiki/Cutting_off_the_nose_to_spite_the_face)
There are some DISEASES that require nothing less than radical surgery.
Luckily for me in this case, the CANCER I had been infected with has now been totally eradicated.
And since I was able to catch that CANCEROUS GROWTH rather rapidly, I only had to remove a few organs that I hadn't required for a long time.
BTW, I _assume_ that you have STOLEN that wikipedia reference??? <Grins>
Oh look, there's a ball... It appears to be... IN YOUR COURT.
-
Where are those USB to serial modules available from? I might get a few just in case a friend finds themselves in an FTDI type problem.
Appears to be the Pololu CP2104 USB-to-Serial Adapter Carrier http://www.pololu.com/product/1308 (http://www.pololu.com/product/1308)
In addition to the traditional 5-pin interface for programming microcontrollers, etc. It also features several additional I/O pins and functionality. And in a small, very convenient footprint compatible for breadboard use, etc. and sells for US$5.95
And for €5,66 from: http://www.exp-tech.de/Shields/Schnittstelle/CP2104-USB-to-Serial-Adapter-Carrier.html (http://www.exp-tech.de/Shields/Schnittstelle/CP2104-USB-to-Serial-Adapter-Carrier.html)
-
Still your opinion is wrong in so many ways. In most civilised countries laws are organized in a way that the number of victims of a criminal act are minimised and therefore what FTDI did is illegal in dozens of countries.
I had almost that exact quote in my copy buffer before I read dannyfs reply.
If it is so obviously illegal then the appropriate law would have something to identify it, like a name or number.
The Dutch criminal law says 2 years in jail or a 20k euro fine if you render something which isn't yours useless:
http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350 (http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350)
-
I am not a lawyer nor live in the US but they have the same kind of laws if I google superficially:
http://www.statutes.legis.state.tx.us/Docs/PE/htm/PE.28.htm (http://www.statutes.legis.state.tx.us/Docs/PE/htm/PE.28.htm)
Sec. 28.03. CRIMINAL MISCHIEF. (a) A person commits an offense if, without the effective consent of the owner:(1) he intentionally or knowingly damages or destroys the tangible property of the owner;(2) he intentionally or knowingly tampers with the tangible property of the owner and causes pecuniary loss or substantial inconvenience to the owner or a third person;
-
So if you produce a clone product without reverse engineering and then either don't brand it, or, put your own brand on it everything is fine and dandy.
Has such a chip ever been found in the wild?
Not that I have seen. I do have an unlabelled chip at home but its something entirely different and nothing to do with the discussion other than it prompted me to ask the question you have quoted above.
An "SR9700" USB-ethernet adapter, by any chance? Might be made by the same company that's making FT232 clones:
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/?topicseen#msg535577 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/?topicseen#msg535577)
There are USB-RS232 adapters using a COB that has no FTDI (or Prolific) branding. Here's a USB-ethernet one (probably the SR9700/RD9700) that has no marking at all on the IC:
https://projectgus.com/2013/03/anatomy-of-a-cheap-usb-ethernet-adapter/ (https://projectgus.com/2013/03/anatomy-of-a-cheap-usb-ethernet-adapter/)
-
I am not a lawyer nor live in the US but they have the same kind of laws if I google superficially:
http://www.statutes.legis.state.tx.us/Docs/PE/htm/PE.28.htm (http://www.statutes.legis.state.tx.us/Docs/PE/htm/PE.28.htm)
Sec. 28.03. CRIMINAL MISCHIEF. (a) A person commits an offense if, without the effective consent of the owner:(1) he intentionally or knowingly damages or destroys the tangible property of the owner;(2) he intentionally or knowingly tampers with the tangible property of the owner and causes pecuniary loss or substantial inconvenience to the owner or a third person;
The Dutch criminal law says 2 years in jail or a 20k euro fine if you render something which isn't yours useless:
http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350 (http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350)
Ok that's what I was asking for. Thanks.
Now my point is will it apply in this case?
A number of questions spring to mind,
How does it apply internationally?
I assume the actual devices aren't permanently damaged here, but like most of this stuff it is arguable.
How do you prove it was intentional to damage or inconvenience?
Or was the intention something else, like to stop other devices from using their driver? And the bricking was a side effect?
Was it rendered useless?
I dont know what the legal people of various countries would make of this, if it ever came to court.
If I had to guess I would say not much.
As a result I am far from sure that it was an illegal thing to do.
-
I've had so many fail from simple EMI issues ON BOARD in commercial products it's not funny, and before you blame bad PCB design, the EMI was through the USB cable. It's entirely FTDI's fault, there are much better alternatives out there.
So was there EMI filtering present on USB 5V rail as should be (choke/capacitors)? BTW EMI problems on USB actually are very common, especially if the device have high power electronics inside.
-
Now my point is will it apply in this case?
A number of questions spring to mind,
How does it apply internationally?
I assume the actual devices aren't permanently damaged here, but like most of this stuff it is arguable.
How do you prove it was intentional to damage or inconvenience?
Or was the intention something else, like to stop other devices from using their driver? And the bricking was a side effect?
Was it rendered useless?
I dont know what the legal people of various countries would make of this, if it ever came to court.
If I had to guess I would say not much.
As a result I am far from sure that it was an illegal thing to do.
You are jumping the facts here. To take it to an extreme: It's like saying having sex with an underage girl is OK if she likes it. A crime is a crime.
-
I dont know what the legal people of various countries would make of this, if it ever came to court.
I rather doubt it's going to court anywhere. The very big players either don't have counterfeit, or will simply rectify counterfeit in their products when/if detected. Given that the driver's been rolled back for now, they even get a small reprieve. The smaller players - especially individuals who may have a USB-serial cable modified - they're not going to start any lawsuit, they'll just complain about it on the internet, and then run whatever tool is needed to get it working again.
In the mean time, FTDI has said "sorry" somewhere: http://www.eetimes.com/author.asp?section_id=36&doc_id=1324420 (http://www.eetimes.com/author.asp?section_id=36&doc_id=1324420)
Still more of a "sorry we got caught and the backlash was this severe, but" than a "sorry we used end-users as pawns, here's how we intend to make it right", but at least the word "sorry" is in there.
-
If a question is flawed like asking if the users expectations are the same thing as what the intention of the driver is then yes I will automatically correct it.
Just because you say it's flawed, does not make it so. What you actually mean, is that you have no logical rebuttal to the essentials of the issue.
Device does work vs. the engine in your example doesn't that is the contradiction that is automatically fixed as well.
You've stated in response to the end user's experience, the device is broken. You can't keep your own answers straight. Both are broken for the end user's experience. They do not work. The only way your position works, is if the user possesses the required knowledge to undo the "damage." You have no grounds to refute that, so you just keep going with...
Your example states that the engine which is the chip doesn't work (it is physically broken) which is completely factually incorrect.
..styles of rewriting what was stated, in order to frame the issue to support your premises. In both cases, neither device has been "utterly disintegrated" - it merely requires the right tools and an appropriate fix. You've yet to rebut this, because you can't. You have to rewrite the statement in order to frame it in a way that confirms your broken position. This is verified by the fact you cannot keep your own answers straight.
So there it is spelled out for you.
...
The basic reality is the device works but the driver does not want to talk to it and that is intended. The user may not expect that to happen and should go after the seller and so on so that the fake chips can be rooted out.
Babbling justifications of trivial and irrelevant nonsense
It isn't physically broken or even non-functional that is the core problem with your engine example.
So as you're vomiting the technicolor word salad with this nonsense, you're spinning in place with your contradiction. You have neither an argument nor a compelling case. What you have is a belief which you have to load up with qualifiers and conditions in order to hide the fact, which you agreed with, that to the typical end user, there is no difference between one device which does not perform as they expect suddenly, and another device which suddenly does not perform as they expect. You have to refute this fact, before any of your drivel has a leg to stand on. Perhaps with your next response I'll just go back and refute you with your own statements, since you've made enough contradictions.
-
How do you prove it was intentional to damage or inconvenience?
By looking at the code in the driver that did the bricking. The disassembly makes it very clear that this was an targetted attack. That code does nothing on original devices, so it is not needed for them. So the only purpose it could ever have is to tamper with non-FTDI devices. In this case it is really easy to prove/show.
It would be a completely different thing if, lets say, they use an init-sequence that these chips (original and "counterfeit") need, but would have found a sequence order that still works on the FTDI part but causes trouble on non-FTDI parts. Then it would be quite hard to prove intent. If they would then subsequently kept their mouth shut and did not brag on the web about it, like they did with this issue.
Greetings,
Chris
-
In the mean time, FTDI has said "sorry" somewhere: http://www.eetimes.com/author.asp?section_id=36&doc_id=1324420 (http://www.eetimes.com/author.asp?section_id=36&doc_id=1324420)
Yea, riiight. Reading stuff like:
... and a side effect is that counterfeit devices are putting themselves into a noncompatible state ...
only shows that theyy are fully aware that what they actually did is really not legal in many (most? all?) jusrisdictions. There was no "side effect". This was a targetted attack.
Man, they are so full of bullshit now...
Greetings,
Chris
-
Well every campaign needs a driving style song. https://www.youtube.com/watch?v=oUjUTG3hwyQ# (https://www.youtube.com/watch?v=oUjUTG3hwyQ#)
Mine is from New Order Temptation.
Up down, turn around please don't let FTDI hit the ground. Never seen a serial port like you before.
After this update believe have lost some. Just like a Microsoft update inside. Up down turn around please don't let FTDI hit the ground.
Tonight I think will work alone. Find myself a substitute. Each way I turn.
Oh you've got counterfeit chips, never seen anyone like you before.
When we package this all up have no place to go. Oh it's the last time. Oh you've got grey eyes, oh you've got blue eyes.
Thoughts from above piss off people down below. Oh it's the last time. Have never met a company quite like you before!
Mike.
-
So I emailed FTDI because I wasn't happy with the "statement" they released over the matter.
Dear Daniel,
Thank you for your recent email regarding our recent driver release – we appreciate your feedback and your comments have been noted.
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honorable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected. We’ll try and flag some kind of message to alert users, but as the drivers reside at Kernel mode it’s not as straightforward as it seems.
Although in some parts of the media it has been implied that there was some form of counterfeit detection algorithm in the driver, this was in fact absolutely untrue. There was no mechanism of that description in place and hence no flagging up of a counterfeit device ever occurred. Exactly the same commands were sent to a genuine chip and a counterfeit chip. Some counterfeit devices simply failed to handle certain commands correctly and quarantined themselves.
Support1 email has been around for years – it sends it to a team rather than an individual – whoever is available will answer your enquiry, nothing sinister. I’m not sure what’s being going on with the Twitter thing but I’ll look into it.
Yours Sincerely
Fred Dart - CEO
The Email part was because their email address listed on the site was support1@ftdi... and it seemed odd to me to have support1@ instead of support@ and asked if the address was changed to curb a tide of incoming mail.
The Twitter part was me asking why twitter comments seemed to come across as a "Tough Shit" attitude towards customers.
Although in some parts of the media it has been implied that there was some form of counterfeit detection algorithm in the driver, this was in fact absolutely untrue... Exactly the same commands were sent to a genuine chip and a counterfeit chip.
While it is true that the commands were sent to both legit and fake chips it does make me wonder why FTDI were trying to set their legit chips to a PID of 0.
As for me personally, I went though all my FTDI equipped devices with the bad driver and "tested" them, thankfully not a single issue. I still do not like what happened, I did not like the statement they released, I do not like how they seem to be covering the issue up (But with the cover up thing, that is probably damage control and so they don't get sued over the issue) but as Mike pointed out in a earlier post...
Now that they appear to have realised the error of their ways, maybe the "I'll never use FTDI again" brigade should consider this :
Company F screws up, realises it and fixes it.
Company S hasn't (yet) screwed up.
Which of the two is more likely to do something stupid like this in the future?
"That guy's error cost me $x000"
"Why didn't you fire him"
"Why should I do that, I just spent $X000 training him..."
I'm not sure about discarding them just yet, but this whole issue has made (and probably will for some time) think twice about FTDI.
EDIT: Silly me I pushed submit on wrong tab and submitted the "unfinished" preview.
EDIT2: I checked the WayBack Machine and the support1@ address has been in use for a while so was no way a method to avoid email.
-
The Dutch criminal law says 2 years in jail or a 20k euro fine if you render something which isn't yours useless:
http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350 (http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350)
Well if you want to press on with bullshit legal arguments I'll raise you with the DMCA. The VID and PID of a USB device could reasonably be considered to be an access control method for drivers which may be copyrighted.
Anyone using a non-genuine FTDI USB device with VID and PID causing access to copyrighted FTDI drivers without licence would be guilty of circumventing access controls and people selling such USB devices guilty of trafficking circumvention tools.
-
It also features several additional I/O pins and functionality. And in a small, very convenient footprint compatible for breadboard use, etc. and sells for US$5.95
Yep, perfect guess it is was Pololu ;)
However, on DigiKey in evaluation and demonstration boards and kits found also something like this for 6$: digikey: CP2104-MINIEK (http://www.digikey.com/product-detail/en/CP2104-MINIEK/336-2613-ND/4490531)
Its schematics I've included earlier in this thread are there:
http://www.silabs.com/Support%20Documents/Software/CP2104-MINIEB_Board_Files.zip (http://www.silabs.com/Support%20Documents/Software/CP2104-MINIEB_Board_Files.zip)
Looks more compact than Pololu.
While need to make galvanic insulated USB <-> I2C PCB too, so I'm of couse more interested in CP2104 itself which is also available at DigiKey for less than $1.5.
Adding a few fast optocouplers to its 4 GPIO's will change this SIL2104 (CP2104) into a few kV insulated USB <-> I2C 8)
No need to play with FTDI I2C which is not galvanic insulated USB <-> I2C I guess, so simply useless in my project and even do not want look into its datasheet after all this mess with FT232 >:(
-
Maybe "fake" is a good word for a counterfeit chip, but a CLONE is NOT a "fake".
Completely irrelevant. The issue is the unlicensed use of copyright FTDI drivers with chips which were not manufactured by FTDI.
On top of that modification of a non-genuine FTDI chip so it no longer loads unlicensed drivers is not damage - the chip will work as well as it ever did if you get some other drivers.
-
"A month ago, we did an update to our driver, and a side effect is that counterfeit devices are putting themselves into a noncompatible state," Gordon Lunn, global customer engineer support manager at FTDI, told us. "The same API calls go out to all devices, whether genuine or nongenuine. The fake ones are not as compatible as you would expect.
Trying to imply that it wasn't deliberate..
However, the company has specifically said there is no "fake detection" algorithm in the driver.
Again, Twisting the truth to imply something other than their intention
There is also a potential security issue (which we highlighted last month) with microcontroller-based USB devices being reprogrammed with malware. "Our understanding is we think they are microcontroller based, so they are potentially more vulnerable," Lunn said. "You can't change what a genuine device actually does."
trying to spread FUD
-
Rufus, you would have to legally argue two things:
1. That a PID/VID is copyrightable - which only brings with it "who holds the copyright, FTDI or the USB-IF? And if the latter, was FTDI granted the right to effectively police that copyright on USB-IF's behalf?". Though that is part of a larger discussion of whether VID/PID can be seen as intellectual property at all, and is of no consequence to..
2. ..it being used as an 'access control mechanism' under the DMCA; which doesn't apply in all countries in the first place*, and which I think you'll find is not necessarily as strong a defense as you might think; see Lexmark International, Inc. v. Static Control Components, Inc. With that as precedent, you would then have to argue, somehow, that the duplication of PID/VID constitutes a new program if seen within the larger context of the device's entire workings - even though the PID/VID are all that are needed for the driver invocation.
* In Germany, for example, a legal analysis:
http://www.golem.de/news/ftdi-treiber-darf-keine-geraete-deaktivieren-1410-110161.html (http://www.golem.de/news/ftdi-treiber-darf-keine-geraete-deaktivieren-1410-110161.html)
( I do stress that this is Germany, and a legal analysis - not a court case. In fact, they conclude that even though it may well break German law, FTDI being a Scottish company makes it a cross-border conflict that is not easily fought. )
In many ways I wish there were a lawsuit (preferably in the USA), because it would make for a very interesting court case on things like intent, ownership of (counterfeit) hardware, interoperability laws, intellectual property laws, manufacturer's rights, license agreements (both FTDI and MSFT) applicability both 'as is' and when implied (at best) through automatic update mechanisms, and many, many more.
-
On top of that modification of a non-genuine FTDI chip so it no longer loads unlicensed drivers is not damage - the chip will work as well as it ever did if you get some other drivers.
Rufus, are you still pushing this silly theory? :palm:
I think the legal departments beg to differ about the "not damage" idea. What do you think, why did they pull the driver update? I somehow doubt it was because of the sudden charitable enlightenment towards the counterfeiters ...
Yeah, technically you are right - but law doesn't hinge on such USB technicalities when drawing the line between what is legal and what is not. Was the product intentionally sabotaged? Yes. Was it unauthorized by the user? Yes. That's alone sufficient for prosecution for criminal damage to property. Whether or not the damage is recoverable or not is *irrelevant* - for all intents or purposes the device is dead, because there is *no* alternative driver that its owner can use with the modified IDs. So why are you still pushing this BS?
And that is not even taking into account the dubious enforceability of the driver EULA in many places in the first place.
-
EE Times
http://www.eetimes.com/author.asp?section_id=36&doc_id=1324420 (http://www.eetimes.com/author.asp?section_id=36&doc_id=1324420)
No comment
-
Rufus, you would have to legally argue two things:
1. That a PID/VID is copyrightable - which only brings with it "who holds the copyright, FTDI or the USB-IF? And if the latter, was FTDI granted the right to effectively police that copyright on USB-IF's behalf?". Though that is part of a larger discussion of whether VID/PID can be seen as intellectual property at all, and is of no consequence to..
StuB, I think this is pretty much a red herring anyway - nobody is asserting that the VID/PID is copyrighted. The mechanism they were trying to use is that the *drivers* are and it is *their* EULA that forbids use with unauthorized products.
Whether this is enforceable or not is a different discussion - copyright license cannot normally be used to restrict *use*, only duplication of the work. That's why the typical EULAs are actually *contracts*, not licenses from the legal point of view, regardless of which word they use to describe it.
However, contract cannot be concluded without some explicit action of both parties (unlike providing a license), that's why many places require at least a click-through wrapper where you must explicitly accept the contract for it to be binding. Even that may not be sufficient - depends on the country, some require more than just clicking on some silly button for the contract to be considered valid. Bundling a contract somewhere on the hard drive with the work or having it on a website has no legal power - that's why if the license wasn't shown during the driver update, they could be in hot water over that as well.
-
Whether or not the damage is recoverable or not is *irrelevant* - for all intents or purposes the device is dead, because there is *no* alternative driver that its owner can use with the modified IDs. So why are you still pushing this BS?
There being no alternative driver with any ID is a clear admission that the device was always dead. FTDI has no obligation to support chips they didn't manufacture. People had created zombies with the illegal use of FTDI drivers and now they can't.
-
The VID/PID is only part of an "open" hardware interface, and it is actually the operating system that "decides" [through whatever mechanism, and VID/PID is only one of those available mechanisms] to "attach" a specific driver to a USB device. So, in this case, the criterion for a violation of the DMCA is not met.
Because you say so or because you know it has been tested in a court?
There is no requirement in the DMCA for the access control method to be secret or challenging to circumvent.
-
Rufus, you would have to legally argue two things:
1. That a PID/VID is copyrightable - which only brings with it "who holds the copyright, FTDI or the USB-IF? And if the latter, was FTDI granted the right to effectively police that copyright on USB-IF's behalf?". Though that is part of a larger discussion of whether VID/PID can be seen as intellectual property at all, and is of no consequence to..
StuB, I think this is pretty much a red herring anyway - nobody is asserting that the VID/PID is copyrighted. The mechanism they were trying to use is that the *drivers* are and it is *their* EULA that forbids use with unauthorized products.
Whether this is enforceable or not is a different discussion - copyright license cannot normally be used to restrict *use*, only duplication of the work.
The DMCA has separate provisions for access control mechanisms and duplication of copyright works.
-
... illegal ...
I don't think that word means what you think it means.
ESPECIALLY because most of the world doesn't recognize the DMCA as law, you know, not being in the US and all...
-
Rufus,
I largely agree with what you have written (although I disagree with FTDI's actions - they could have gone for a much more PR-positive approach and, with appropriate marketing, had a more meaningful debate about counterfeits and what to do about them, and eradily identified infringing parties Though I recognize that may not have been their goal in the first place. )
However, you keep repeating this (or things along the same line such as "it was always a brick"):
There being no alternative driver with any ID is a clear admission that the device was always dead.
Is there any chance I can convince you to say "the device was always unsupported"?
To say "it was always dead", even though users had clearly been using them for many years, is absurd (if a bit Michelangeloic). That's like suggesting that, upon its confiscation due to it having been stolen, a car that you've been driving around in for 15 years never actually moved a millimeter.
-
Whether or not the damage is recoverable or not is *irrelevant* - for all intents or purposes the device is dead, because there is *no* alternative driver that its owner can use with the modified IDs. So why are you still pushing this BS?
There being no alternative driver with any ID is a clear admission that the device was always dead.
Wrong again. The functional equivalent also stops working on Linux and OSX (for which FTDI didn't provide the drivers).
-
Whether or not the damage is recoverable or not is *irrelevant* - for all intents or purposes the device is dead, because there is *no* alternative driver that its owner can use with the modified IDs. So why are you still pushing this BS?
There being no alternative driver with any ID is a clear admission that the device was always dead.
Wrong again. The functional equivalent also stops working on Linux and OSX (for which FTDI didn't provide the drivers).
Not to mention that I was actually talking about the *changed IDs*, not the original ones (for which there obviously is a driver!), whether one provided by FTDI or a third-party one (in Linux, for ex.).
And DMCA |O Since when is DMCA applicable to a company in Scotland (UK) and laws broken e.g. in France, Germany or Netherlands? It probably wouldn't apply even in the US - there is a fairly clear procedure of what one has to do in order to obtain relief under it. Vigilantism and disabling of supposedly infringing (only a court could determine whether something infringes, btw) devices is certainly no part of that.
Rufus is obviously trolling, I don't think it is worth to keep debunking this nonsense.
-
If a question is flawed like asking if the users expectations are the same thing as what the intention of the driver is then yes I will automatically correct it.
Just because you say it's flawed, does not make it so. What you actually mean, is that you have no logical rebuttal to the essentials of the issue.
Device does work vs. the engine in your example doesn't that is the contradiction that is automatically fixed as well.
You've stated in response to the end user's experience, the device is broken. You can't keep your own answers straight. Both are broken for the end user's experience. They do not work. The only way your position works, is if the user possesses the required knowledge to undo the "damage." You have no grounds to refute that, so you just keep going with...
Your example states that the engine which is the chip doesn't work (it is physically broken) which is completely factually incorrect.
..styles of rewriting what was stated, in order to frame the issue to support your premises. In both cases, neither device has been "utterly disintegrated" - it merely requires the right tools and an appropriate fix. You've yet to rebut this, because you can't. You have to rewrite the statement in order to frame it in a way that confirms your broken position. This is verified by the fact you cannot keep your own answers straight.
So there it is spelled out for you.
...
The basic reality is the device works but the driver does not want to talk to it and that is intended. The user may not expect that to happen and should go after the seller and so on so that the fake chips can be rooted out.
"Babbling justifications of the most critical and fundamental nature" (Automatically fixed that for you)
It isn't physically broken or even non-functional that is the core problem with your engine example.
So as you're vomiting the technicolor word salad with this nonsense, you're spinning in place with your contradiction. You have neither an argument nor a compelling case. What you have is a belief which you have to load up with qualifiers and conditions in order to hide the fact, which you agreed with, that to the typical end user, there is no difference between one device which does not perform as they expect suddenly, and another device which suddenly does not perform as they expect. You have to refute this fact, before any of your drivel has a leg to stand on. Perhaps with your next response I'll just go back and refute you with your own statements, since you've made enough contradictions.
The facts make your statement flawed. So instead of attempting to counter my statements you just keep saying the same thing that the device is physically dead when it isn't.
From the user perspective the device is fake the internet made that so abundantly clear. (Literally simple fact is the fake device is not broken)
A better example would be the car engine doesn't work and the person checks google and finds out he was scammed and the engine does "work" it just doesn't work with his car (FTDI's driver) because it is fake.
The fundamental difference is the car engine requires physical repair the fake chip does not. Rebut that please. One can even work with Linux after an automatic update and on windows probably not without a user installed bypass.
You don't need a 2 dollar bearing if you use linux you may not even have to do anything at all if you have automatic updates. On windows ignoring microsoft and using a 3rd party bypass will work as well. (This is the miles apart thing, if the chip was physically damaged as you so claim even slightly you would have to spend physical time/tools/money to fix it)
If you like simple questions then:
Is the device (Fake chip) physically damaged?
Is the device (Fake chip) not operable with other non-FTDI software?
What is the cost/time for replacing a bearing on an engine?
Can a physical bearing be downloaded into a broken engine automatically?
-
There being no alternative driver with any ID is a clear admission that the device was always dead.
Is there any chance I can convince you to say "the device was always unsupported"?
To say "it was always dead", even though users had clearly been using them for many years, is absurd (if a bit Michelangeloic). That's like suggesting that, upon its confiscation due to it having been stolen, a car that you've been driving around in for 15 years never actually moved a millimeter.
If you could convince other people not to keep saying the FTDI drivers killed, bricked, damaged, rendered inoperable, etc the device?
The devices were on life support provided by the illegal use of FTDI drivers, FTDI figured out how to and turned off the switch. I believe it was within their rights to do so. No one is stopping you resurrecting the corpses by writing some other drivers or using the legal ones on Linux.
-
As for "word games", notice that the FTDI paid shills on this forum incessantly use the word "fake"-- over and over and over again to drive it into your brain that the problem is these "fake chips".
Maybe "fake" is a good word for a counterfeit chip, but a CLONE is NOT a "fake".
In "engineer lingo" ::
CLONE != FAKE
This is all a smoke screen to keep you off of the most important aspect of this case, and that is that *someone* inside of FTDI gave the order to write and distribute ILLEGAL MALWARE to damage [otherwise] innocent end-users products. THAT ACT was a [so-called] "cyber-crime" and is a class-I felony in the USA, and will get you about 20 years in federal prison! AND, since the act was [by FTDI's own admission] not an "honest mistake", but was actually a malicious act carried out with malice and forethought, and with full knowledge and intent, then the normal "corporate shield" that protects officers and directors of corporations from criminal prosecution and/or civil litigation does not apply in this case. In other words, whomever gave the order at FTDI is subject to arrest, AND their personal assets can be attached and/or seized pending any civil litigation. WAY TO GO FTDI! {...idiots!...}
It would not surprise me greatly to learn that someone from the US department of Just-Us is investigating this matter, and arrests could be imminent. It would also not surprise me to learn that somewhere out there is an "ambulance chasing" attorney that is looking at this case as his [or her] next "class-action cash cow".
CLEARLY, FTDI took this action without consulting their legal counsel first.
Another prediction: This will open up the eyes of the Just-Us department, and I would not be surprised to learn that they are also investigating *other* companies that have engaged in similar activities-- [i.e. Prolific et. al.].
Question how many of the fake FTDI chips lack any FTDI markings. And how many of them enumerate using their own drivers. A proper legal clone has its own VCP driver, its own branding. People themselves have listed proper real clones which either don't have a USB stack or provide their own drivers free of any FTDI copyright/trademarks.
Microsoft distributed Windows Genuine Advantage and with windows Vista it was basically a time bomb type application and actually did have a ton of false positives but they never committed a cyber crime because their EULA said so and they technically do have many rights since the software (as is the FTDI driver) is not really "owned" by you it is just licensed for limited use.
I highly doubt the US is going to go after such companies as there are bigger fish to fry and anti-counterfeiting measures are technically allowed including disablement systems.
Part of the HDMI HDCP protocol is something called certificate revocation which any blu-ray can contain an updated list which all devices are required to update to NV memory and since every device must check the entire device chain for validity if your cheap knock off adapter gets revoked it would blank your screen and your system would stop working. (It is perfectly "legal" to disable a system permanently for copy protection, anti-counterfeiting) The HDCP protocol is adopted globally as well (basically everything runs it even DVI, Displayport, ... support it)
-
And DMCA |O Since when is DMCA applicable to a company in Scotland (UK) and laws broken e.g. in France, Germany or Netherlands?
Maybe you should look up the EU InfoSoc directive which also protects "Technological Protection Measures" and in some ways is more restrictive than the DMCA.
-
"A month ago, we did an update to our driver, and a side effect is that counterfeit devices are putting themselves into a noncompatible state," Gordon Lunn, global customer engineer support manager at FTDI, told us. "The same API calls go out to all devices, whether genuine or nongenuine. The fake ones are not as compatible as you would expect.
Trying to imply that it wasn't deliberate..
However, the company has specifically said there is no "fake detection" algorithm in the driver.
Again, Twisting the truth to imply something other than their intention
There is also a potential security issue (which we highlighted last month) with microcontroller-based USB devices being reprogrammed with malware. "Our understanding is we think they are microcontroller based, so they are potentially more vulnerable," Lunn said. "You can't change what a genuine device actually does."
trying to spread FUD
Hmm, if they claim the fakes have micro-controller based chips shouldn't it be possible to fuzz them to check for any bootloaders that would allow for re-programming. More intensively you would have to de-lid the chip to access the not accessible programming pins which would put it right into the FUD territory.
FTDI has beyond horrible PR is what it seems and doesn't seem to realize the we are sorry here is what we are going to do thing. Instead they are using the often tried and always fails cover it up and lie after the facts have all been laid out.
It is pretty obvious there is an anti-counterfeiting detection being done on FTDI side. (Last time I checked in order to check if something is real you have to ask everyone the same question and just see which ones answer wrong, if they already knew which ones were fake before any communications that would make no sense)
-
There being no alternative driver with any ID is a clear admission that the device was always dead.
Is there any chance I can convince you to say "the device was always unsupported"?
To say "it was always dead", even though users had clearly been using them for many years, is absurd (if a bit Michelangeloic). That's like suggesting that, upon its confiscation due to it having been stolen, a car that you've been driving around in for 15 years never actually moved a millimeter.
If you could convince other people not to keep saying the FTDI drivers killed, bricked, damaged, rendered inoperable, etc the device?
The devices were on life support provided by the illegal use of FTDI drivers, FTDI figured out how to and turned off the switch. I believe it was within their rights to do so. No one is stopping you resurrecting the corpses by writing some other drivers or using the legal ones on Linux.
The use wasn't illegal. Most people had the drivers installed automatically without being shown the EULA (in fact it was buried in an INF file somewhere) or knowing about the terms attached to the drivers. Clearly you can't break a contract that you haven't agreed to and haven't seen. Even if it is shown, whether the EULA is legally binding is questionable.
Whether FTDI could be prosecuted for what they did depends on whether evidence could be found showing they did it intentionally.
-
The Dutch criminal law says 2 years in jail or a 20k euro fine if you render something which isn't yours useless:
http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350 (http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350)
Well if you want to press on with bullshit legal arguments I'll raise you with the DMCA. The VID and PID of a USB device could reasonably be considered to be an access control method for drivers which may be copyrighted.
Anyone using a non-genuine FTDI USB device with VID and PID causing access to copyrighted FTDI drivers without licence would be guilty of circumventing access controls and people selling such USB devices guilty of trafficking circumvention tools.
Hi Rufus,
The VID/PID is only part of an "open" hardware interface, and it is actually the operating system that "decides" [through whatever mechanism, and VID/PID is only one of those available mechanisms] to "attach" a specific driver to a USB device. So, in this case, the criterion for a violation of the DMCA is not met.
The FTDI clone companies are simply creating a "works like" compatible device, and nothing had to be "hacked" to make that happen, and everything needed to do it is in the public domain.
Now, if one of those clone companies try to pass their chips off as genuine FTDI, well that is illegal, and there are proper legal remedies for that-- none of which involves distributing illegal malware to damage innocent end-user's equipment [which is a *crime* BTW].
Regards,
Ken
HDCP has built in standardized revocation lists which have the sole purpose of disabling your system and making an offending device functionally incompatible with other components. (This is legal and bypassing it is technically illegal)
VID/PID is open but DMCA doesn't care. It is like saying the password was in plain text so I broke the lock for "compatibility" it was just too easy.
The VID/PID is used to match up trademarked and proprietary software and forms a very easy to bypass digital lock of sorts.
FTDI clones should have their own driver and the real legitimate pin compatible ones do or allow you to make your own.
-
There being no alternative driver with any ID is a clear admission that the device was always dead.
Is there any chance I can convince you to say "the device was always unsupported"?
To say "it was always dead", even though users had clearly been using them for many years, is absurd (if a bit Michelangeloic). That's like suggesting that, upon its confiscation due to it having been stolen, a car that you've been driving around in for 15 years never actually moved a millimeter.
If you could convince other people not to keep saying the FTDI drivers killed, bricked, damaged, rendered inoperable, etc the device?
The devices were on life support provided by the illegal use of FTDI drivers, FTDI figured out how to and turned off the switch. I believe it was within their rights to do so. No one is stopping you resurrecting the corpses by writing some other drivers or using the legal ones on Linux.
The use wasn't illegal. Most people had the drivers installed automatically without being shown the EULA (in fact it was buried in an INF file somewhere) or knowing about the terms attached to the drivers. Clearly you can't break a contract that you haven't agreed to and haven't seen. Even if it is shown, whether the EULA is legally binding is questionable.
Whether FTDI could be prosecuted for what they did depends on whether evidence could be found showing they did it intentionally.
I doubt it was tested in courts but many EULAs also say you automatically agree by using the software/service and if you don't agree then remove/return/disable the software/service to disagree to the terms. (Most websites tuck away the pages of legal stuff in another link how many people click on those links, same goes for tucking it into the inf no one reads the stuff and they are all "automatically" agreeing through use)
-
This is all a smoke screen to keep you off of the most important aspect of this case, and that is that *someone* inside of FTDI gave the order to write and distribute ILLEGAL MALWARE to damage [otherwise] innocent end-users products.
On their website there is relase date of this useless Windows driver-is it correct date?
Windows* 2014-09-29
2.12.00 WHQL Certified
Available as setup executable
However, it might not be date when included to autoupdates in Micro$soft?
Downloaded one of the Linux versions from http://www.ftdichip.com/Drivers/VCP/Linux/ftdi_sio.tar.gz (http://www.ftdichip.com/Drivers/VCP/Linux/ftdi_sio.tar.gz) to see what they do in this driver during module initiation, but it looks like latest release date is: Linux 2009-05-14 version 1.5.0 .
Is it latest official version of this driver or somewhere exists newer versions, eg. included in latest kernel sources?
In this from their website moduel init looks like this:
static int __init ftdi_init (void)
{
int retval;
dbg("%s", __FUNCTION__);
if (vendor > 0 && product > 0) {
/* Add user specified VID/PID to reserved element of table. */
int i;
for (i = 0; id_table_combined[i].idVendor; i++)
;
id_table_combined[i].match_flags = USB_DEVICE_ID_MATCH_DEVICE;
id_table_combined[i].idVendor = vendor;
id_table_combined[i].idProduct = product;
}
retval = usb_serial_register(&ftdi_sio_device);
if (retval)
goto failed_sio_register;
retval = usb_register(&ftdi_driver);
if (retval)
goto failed_usb_register;
info(DRIVER_VERSION ":" DRIVER_DESC);
return 0;
failed_usb_register:
usb_serial_deregister(&ftdi_sio_device);
failed_sio_register:
return retval;
}
Is this part of the driver code which forced to stop working those competitors USB dongles even under strong Linux?
if (vendor > 0 && product > 0) {
/* Add user specified VID/PID to reserved element of table. */
int i;
for (i = 0; id_table_combined.idVendor; i++)
;
id_table_combined.match_flags = USB_DEVICE_ID_MATCH_DEVICE;
id_table_combined.idVendor = vendor;
id_table_combined.idProduct = product;
}
Anyway it looks like this Linux driver on his webpage is old and only simply overides vendor and product id's, but ONLY when BOTH module parameters are > 0 and hopefully only PC memory.
But, where are those patched versions of this ftdi_sio.c Linux driver module which reprogram back those product Id's I guess to correct value to be able use bricked products even under Windows with good old drivers ?
Downloading latest Linux kernel 3.17.1 from http://kernel.org (http://kernel.org) for SIL CP2104 , so will also take a look what is inside ftdi_sio.c , while it looks like on kernel.org there is no patches for this file ???
Just in the case if one of friends of mine bought any product bricked by FTDI to give it second life... under Linux >:D
-
I doubt it was tested in courts but many EULAs also say you automatically agree by using the software/service and if you don't agree then remove/return/disable the software/service to disagree to the terms. (Most websites tuck away the pages of legal stuff in another link how many people click on those links, same goes for tucking it into the inf no one reads the stuff and they are all "automatically" agreeing through use)
Those kind of EULAs are null & void in the EU. Yes they have been tested in court. In the EU you have to agree to the terms before buying a product. Not upon opening or installing the product.
-
I doubt it was tested in courts but many EULAs also say you automatically agree by using the software/service and if you don't agree then remove/return/disable the software/service to disagree to the terms. (Most websites tuck away the pages of legal stuff in another link how many people click on those links, same goes for tucking it into the inf no one reads the stuff and they are all "automatically" agreeing through use)
http://en.wikipedia.org/wiki/Specht_v._Netscape_Communications_Corp. (http://en.wikipedia.org/wiki/Specht_v._Netscape_Communications_Corp.)
IIRC the situation is similar in the EU (FTDI are based in Scotland)
-
I doubt it was tested in courts but many EULAs also say you automatically agree by using the software/service and if you don't agree then remove/return/disable the software/service to disagree to the terms. (Most websites tuck away the pages of legal stuff in another link how many people click on those links, same goes for tucking it into the inf no one reads the stuff and they are all "automatically" agreeing through use)
http://en.wikipedia.org/wiki/Specht_v._Netscape_Communications_Corp. (http://en.wikipedia.org/wiki/Specht_v._Netscape_Communications_Corp.)
IIRC the situation is similar in the EU (FTDI are based in Scotland)
Problem with that was the license display was explicit from Microsoft way back when you installed. It includes provisions that you agree to follow the terms of automatically installed software or you should disable automatic updates if you disagree. That case is hiding the EULA so no one knows it exists but if another EULA specifically says that others exist and if you want to read them yourself and not automatically agree then you should not use automatic updates.
Not to mention there is no need for a EULA for HDCP to perform similar NVram disablement functions so nothing illegal has occurred. (In HDCP a working device that has its keys revoked is technically supposed to commit the revoke command to flash and it will no longer validate on an HDCP device chain and blank screen is what you'll get)
-
Whether FTDI could be prosecuted for what they did depends on whether evidence could be found showing they did it intentionally.
There's no shortage of that...
-
I doubt it was tested in courts but many EULAs also say you automatically agree by using the software/service and if you don't agree then remove/return/disable the software/service to disagree to the terms. (Most websites tuck away the pages of legal stuff in another link how many people click on those links, same goes for tucking it into the inf no one reads the stuff and they are all "automatically" agreeing through use)
Those kind of EULAs are null & void in the EU. Yes they have been tested in court. In the EU you have to agree to the terms before buying a product. Not upon opening or installing the product.
Microsoft has terms that people agreed to before buying or during install (wait a second, please refer the EU case that install/run time EULAs are void that makes no sense what happens if you don't buy something and they display a must read prompt that makes zero sense) which covers Microsoft services and if you don't like automatic updates and automatic terms then you should disable it. (Which is easy to do and it gives you the choice right directly as well)
-
I think that there is enough evidence to show that FTDI did this intentionally, and with some forensic software people looking at their code [and supported with depositions, etc.], I think that fact can be proven beyond a reasonable doubt.
What FTDI *should* have done, is simply detect that a non-FDTI device was connected, and then send a message to the system-event log in Windows to log the problem, then disable the device in Device Manager [through an API call]. That way, the experience that the end-user would have is that the non-FTDI device would simply stop working on a Windows based machine. If they wanted to dig deeper [or an IT person could dig deeper], they would find the exception in the system event log, which would clearly say that the FTDI driver found a non-FTDI device and is refusing to work with it. FTDI owns the driver, so this would be a perfectly legitimate thing to do.
But, did they do that? Nope. They decided to commit a crime instead.
Instead of doing the *Right* thing, they made a conscious decision to order their people to write some illegal malware [illegal in the USA and many western nations, and in some nations it is treated as terrorism] to "hack" the actual hardware, and damage it in a way where it would not work [even in Linux]. AND they did this without knowing if the device they were damaging was a legitimate clone, or an illegal counterfeit part-- [which is mostly irrelevant-- it is still a crime as it is not their hardware and they don't have permission from the owner to damage it].
So, once again, I see postings from forum users that initiated their account here on this forum a day or so after this "problem" became a PR issue. These forum users have only commented in this thread and have no other postings in any other thread. AND they "say" that-- "Oh no, we are not a paid shill for FTDI! How could you say such a thing!". Also, by the shear number of times the word "fake" is used in their postings, it leads me to believe that they are getting paid based on the number of times they use the word "fake"...
As for Rufus, I have seen his postings in the past, and he seems to be a competent engineer that likes to stir the shit just for fun. Nothing wrong with that I guess. Although, I think he [as an engineer] should show a little bit more solidarity on this issue, because it really is an important one that will have consequences for FTDI and maybe other companies in the future that attempt to do the same thing.
So, what so you day Rufus? How about you pull your head out of FTDI's ass, and come over to *our* side?
Writing revocation information to nvram is not a crime. Proper HDCP complaint devices will happily revoke their own access upon getting an automatically installed revocation list. Removing the revocation is technically not very feasible short of removing HDCP from your system which is probably breaking the DMCA in many ways.
FTDI is technically doing the same thing. (Writing 0000 = revoked access)
-
Hmm, if they claim the fakes have micro-controller based chips shouldn't it be possible to fuzz them to check for any bootloaders that would allow for re-programming. More intensively you would have to de-lid the chip to access the not accessible programming pins which would put it right into the FUD territory.
It seems like the fakes are using mask ROM for their firmware, so no reprogramming would be possible.
-
The fundamental difference is the car engine requires physical repair the fake chip does not. Rebut that please.
If you have a car that requires repair, you need a mechanic.
If you have a chip that needs to be reprogrammed, you need an engineer/knowledgeable person in that area.
These both have a cost if you are not already a mechanic or engineer yourself. And even then, your time is valuable, and you are wasting it on an issue that did not exist but for the fact someone maliciously made it so that your car/device would not work for you as you expected.
What you fail to understand repeatedly, is that it does not have to be broken beyond repair for it to be an issue.
It still requires remedy, and this has a cost, whoever you are.
I have a toyota, and if I put a non-toyota part in my car, and toyota sent someone in the dead of night to interfere with the car so that it would not run, because I had the non-toyota part, I would have a pretty obvious cause for complaint. You can't just interfere with people's property (yes even though it is fake, it is still their property) because you feel an injustice has been done. That's the bottom line, there is nowhere to go with the argument after this.
Unless you like doing logical loop-the-loops. Which I await with baited breath.
-
The fundamental difference is the car engine requires physical repair the fake chip does not. Rebut that please.
If you have a car that requires repair, you need a mechanic.
If you have a chip that needs to be reprogrammed, you need an engineer/knowledgeable person in that area.
These both have a cost if you are not already a mechanic or engineer yourself. And even then, your time is valuable, and you are wasting it on an issue that did not exist but for the fact someone maliciously made it so that your car/device would not work for you as you expected.
What you fail to understand repeatedly, is that it does not have to be broken beyond repair for it to be an issue.
It still requires remedy, and this has a cost, whoever you are.
I have a toyota, and if I put a non-toyota part in my car, and toyota sent someone in the dead of night to interfere with the car so that it would not run, because I had the non-toyota part, I would have a pretty obvious cause for complaint. You can't just interfere with people's property (yes even though it is fake, it is still their property) because you feel an injustice has been done. That's the bottom line, there is nowhere to go with the argument after this.
Unless you like doing logical loop-the-loops. Which I await with baited breath.
Someone else gets it. :)
I actually just got a response from FTDI Chip. They're working on a "detection" tool which will be released "soon" so we can have EOL testing for legit parts. It's something, at least!
-
The fundamental difference is the car engine requires physical repair the fake chip does not. Rebut that please.
If you have a car that requires repair, you need a mechanic.
If you have a chip that needs to be reprogrammed, you need an engineer/knowledgeable person in that area.
These both have a cost if you are not already a mechanic or engineer yourself. And even then, your time is valuable, and you are wasting it on an issue that did not exist but for the fact someone maliciously made it so that your car/device would not work for you as you expected.
What you fail to understand repeatedly, is that it does not have to be broken beyond repair for it to be an issue.
It still requires remedy, and this has a cost, whoever you are.
I have a toyota, and if I put a non-toyota part in my car, and toyota sent someone in the dead of night to interfere with the car so that it would not run, because I had the non-toyota part, I would have a pretty obvious cause for complaint. You can't just interfere with people's property (yes even though it is fake, it is still their property) because you feel an injustice has been done. That's the bottom line, there is nowhere to go with the argument after this.
Unless you like doing logical loop-the-loops. Which I await with baited breath.
If you have a car that requires software you need a techi. (Cars have tons of software and probably some have optional locked features too) Engines have electronic limiters and even modification detection code (with subsequent disablement if they catch you). So your statement worked a decade ago but cars are stuffed to the brim with electronics and reprogrammable interfaces and the such. (That is where the difference is the car is not physically broken it is just being disabled in software because your not doing things the mfg likes)
The chip doesn't need to be reprogrammed other software can still detect use it. It is just FTDI's drivers that won't work with it because they are mad at the fake chips.
You don't even need an engineer to do an automatic update (linux), pressing a button or downloading a 3rd party program that does it all for you is not a highly technical activity. Using a custom system to re-write a car ECU and bypassing all the protections and unlocking things they don't want unlocked does require technical knowledge but that is a different case entirely nor is it strictly something the mfg has to allow. (Going into the dealer and if they plug in the auto-diagnostics is going to get your work at best overwritten automatically no EULA required)
You somehow manage to plug a non-toyota ECU into the car a proper system would detect that invalid part and disable the car (this isn't illegal and makes a lot of sense for a car in terms of safety). If for some reason an old software rev didn't but you went into scheduled maintenance and they did automatic diagnostics and updated the firmware and found the invalid part then they would not only remove it and charge you for replacing it they would probably send legal people to ask how you tricked the car into doing that and get statements that you did not do this to any other Toyota cars at all and you alone are responsible for any damages the fake part may have caused to your engine or car.
-
The fundamental difference is the car engine requires physical repair the fake chip does not. Rebut that please.
If you have a car that requires repair, you need a mechanic.
If you have a chip that needs to be reprogrammed, you need an engineer/knowledgeable person in that area.
These both have a cost if you are not already a mechanic or engineer yourself. And even then, your time is valuable, and you are wasting it on an issue that did not exist but for the fact someone maliciously made it so that your car/device would not work for you as you expected.
What you fail to understand repeatedly, is that it does not have to be broken beyond repair for it to be an issue.
It still requires remedy, and this has a cost, whoever you are.
I have a toyota, and if I put a non-toyota part in my car, and toyota sent someone in the dead of night to interfere with the car so that it would not run, because I had the non-toyota part, I would have a pretty obvious cause for complaint. You can't just interfere with people's property (yes even though it is fake, it is still their property) because you feel an injustice has been done. That's the bottom line, there is nowhere to go with the argument after this.
Unless you like doing logical loop-the-loops. Which I await with baited breath.
Someone else gets it. :)
I actually just got a response from FTDI Chip. They're working on a "detection" tool which will be released "soon" so we can have EOL testing for legit parts. It's something, at least!
Still haven't answered the simple questions,
Is the device (Fake chip) physically damaged?
Is the device (Fake chip) not operable with other non-FTDI software?
What is the cost/time for replacing a bearing on an engine?
Can a physical bearing be downloaded into a broken engine automatically?
-
I doubt it was tested in courts but many EULAs also say you automatically agree by using the software/service and if you don't agree then remove/return/disable the software/service to disagree to the terms. (Most websites tuck away the pages of legal stuff in another link how many people click on those links, same goes for tucking it into the inf no one reads the stuff and they are all "automatically" agreeing through use)
LOL. Are you for real? OK, let's see.
By reading this post you automatically agree to my EULA. Which, among other things, stipulates that you have to pay me 50$ within 7 days of reading this post. Please contact me by PM to give you details about how the payment can be made.
And you are wrong. It has been tested in courts (although i am only aware of Germany/EU rulings, obviously). Shrink-wrap licenses have absolutely no legal power. None at all. The customer needs to be made aware of the terms and conditions of any such agreement _beforehand_. Then there is all that meeting-of-minds stuff.
Really, you are grasping at straws. In the meantime, i'll await your PM so i can give you the payment details.
Greetings,
Chris
-
The facts make your statement flawed. So instead of attempting to counter my statements you just keep saying the same thing that the device is physically dead when it isn't.
Prove it.
From the user perspective the device is fake the internet made that so abundantly clear. (Literally simple fact is the fake device is not broken)
By what standard? You're making the assumption that they automatically know. I doubt, given your circular logic that would make an ancient theist proud, you have the omniscience to grant every living being this particular knowledge. Please prove as a philosophical universal how everyone knows this. Otherwise, you have nothing to go on.
A better example would be ....
"Let me just go ahead and answer a question you didn't ask, so I can be right." Not "here is why your analogy is flawed," but "You see when you frame it in a way that lets me win..." - You must be observing the US politician's "That's a very interesting question, and now let me lead to somewhere away from the issue" methodology. :)
If you like simple questions then:
Is the device (Fake chip) physically damaged?
If the end user plugs in the device, does it operate as they expect or as intended? Yes, or no?
No, it does not operate as the user expects...
QED.
Different mechanisms for the same net result: something that doesn't work.
As to,
"What is the cost/time for replacing a bearing on an engine?
Can a physical bearing be downloaded into a broken engine automatically?"
You're free to add all sorts of conditions you wish to rationalize it, plenty of southerners did the same when it came to lynching black people.
At the end of the day, the question you refuse to answer, and respond with meaningless with counter questions, is that for the end user, neither function. You cannot refute this, so you just go on and on in circles. :)
-
Is there any chance I can convince you to say "the device was always unsupported"?
To say "it was always dead", even though users had clearly been using them for many years, is absurd (if a bit Michelangeloic). That's like suggesting that, upon its confiscation due to it having been stolen, a car that you've been driving around in for 15 years never actually moved a millimeter.
If you could convince other people not to keep saying the FTDI drivers killed, bricked, damaged, rendered inoperable, etc the device?
Oh how I wish I could :)
( In their defense, in the case of somebody who is not technologically inclined, 'rendered inoperable' is mostly correct at least where communication is concerned. Killed/bricked/damaged and other such terms are completely false, though. )
-
I think that there is enough evidence to show that FTDI did this intentionally, and with some forensic software people looking at their code [and supported with depositions, etc.], I think that fact can be proven beyond a reasonable doubt.
What FTDI *should* have done, is simply detect that a non-FDTI device was connected, and then send a message to the system-event log in Windows to log the problem, then disable the device in Device Manager [through an API call]. That way, the experience that the end-user would have is that the non-FTDI device would simply stop working on a Windows based machine. If they wanted to dig deeper [or an IT person could dig deeper], they would find the exception in the system event log, which would clearly say that the FTDI driver found a non-FTDI device and is refusing to work with it. FTDI owns the driver, so this would be a perfectly legitimate thing to do.
But, did they do that? Nope. They decided to commit a crime instead.
Instead of doing the *Right* thing, they made a conscious decision to order their people to write some illegal malware [illegal in the USA and many western nations, and in some nations it is treated as terrorism] to "hack" the actual hardware, and damage it in a way where it would not work [even in Linux]. AND they did this without knowing if the device they were damaging was a legitimate clone, or an illegal counterfeit part-- [which is mostly irrelevant-- it is still a crime as it is not their hardware and they don't have permission from the owner to damage it].
So, once again, I see postings from forum users that initiated their account here on this forum a day or so after this "problem" became a PR issue. These forum users have only commented in this thread and have no other postings in any other thread. AND they "say" that-- "Oh no, we are not a paid shill for FTDI! How could you say such a thing!". Also, by the shear number of times the word "fake" is used in their postings, it leads me to believe that they are getting paid based on the number of times they use the word "fake"...
As for Rufus, I have seen his postings in the past, and he seems to be a competent engineer that likes to stir the shit just for fun. Nothing wrong with that I guess. Although, I think he [as an engineer] should show a little bit more solidarity on this issue, because it really is an important one that will have consequences for FTDI and maybe other companies in the future that attempt to do the same thing.
So, what so you day Rufus? How about you pull your head out of FTDI's ass, and come over to *our* side?
FTDI has horrible abysmal PR that is pretty obvious but nothing is illegal about revoking a device by altering its NVram. HDCP can does this as well and is not illegal.
Writing to the windows system event log won't work on a mac, linux so they must have thought 0000 is the most "compatible" way to revoke access and have a user visible change. Tying in microsoft dependencies is going to bloat a driver.
And if you want ask the admins to check my IP because I'm based in Canada and work at the University of British Columbia. I can even post from internal machines that you can directly map to our engineering department since all our workstations get external public addresses. These baseless accusations should stop now, I subscribe to EEVblog youtube and used FTDI chips as you have in the past so when I saw the video I decided to go hop over to the forum what is wrong with doing that.
The fake chips are fakes its in the OPs title...
I think FTDI did a horrible job at stopping counterfeits because they caused such a large backlash. They should have first released tools to select trusted distributors and oems to test chips out to see how bad the problem is then release it to the public and post public news about it everywhere then lock down the driver access and do the PID0000 if they so choose to. (No one would be surprised and if they did outreach with DIY/Hacker groups they could give everyone ample notice)
-
Microsoft has terms that people agreed to before buying or during install (wait a second, please refer the EU case that install/run time EULAs are void that makes no sense what happens if you don't buy something and they display a must read prompt that makes zero sense) which covers Microsoft services and if you don't like automatic updates and automatic terms then you should disable it. (Which is easy to do and it gives you the choice right directly as well)
What a load of bullshit. Microsoft and FTDI are two entirely separate entities. Agreeing to terms from Microsoft can in no way mean to automatically agree to any terms that a third party may come up with in the future, let alone with any third party terms that the customer has never been shown.
Like, i have a contract with my landloard to rent the place i am in. That does not mean that i have to blindly agree to any terms that, for example, the electricity company makes to supply me with electricity in said place. It doesn't matter at all what terms and conditions have been agreed to between the user and Microsoft, as far as third party stuff is concerned. Those terms only apply between MS and the customer, and no one else.
Of course, MS could say "well, yes, we adopt FTDI's terms now, and thus they are ours as well". But in that case the user has to be notified of that fact, and still shown those terms.
Greetings,
Chris
-
@a210210200: Mate... chill a bit, you're going to pop... a cable or something!
The VID/PID is used to match up trademarked and proprietary software and forms a very easy to bypass digital lock of sorts.
Every word in that phrase makes sense individually. The complete phrase is, however, a steaming pile of crap. Either you have no idea what you're writing about... or those that call you a shill are right. Or both. ;)
-
I doubt it was tested in courts but many EULAs also say you automatically agree by using the software/service and if you don't agree then remove/return/disable the software/service to disagree to the terms. (Most websites tuck away the pages of legal stuff in another link how many people click on those links, same goes for tucking it into the inf no one reads the stuff and they are all "automatically" agreeing through use)
LOL. Are you for real? OK, let's see.
By reading this post you automatically agree to my EULA. Which, among other things, stipulates that you have to pay me 50$ within 7 days of reading this post. Please contact me by PM to give you details about how the payment can be made.
And you are wrong. It has been tested in courts (although i am only aware of Germany/EU rulings, obviously). Shrink-wrap licenses have absolutely no legal power. None at all. The customer needs to be made aware of the terms and conditions of any such agreement _beforehand_. Then there is all that meeting-of-minds stuff.
Really, you are grasping at straws. In the meantime, i'll await your PM so i can give you the payment details.
Greetings,
Chris
The forum's EULA does not have a transitive property so your post doesn't apply. Microsoft's online services EULA does. And the point is moot automatic revocation doesn't require an EULA, HDCP and the like can do it perfectly legally and anti-counterfeiting including disablement systems are regularly used. FTDI just is horrible at introducing it.
Also to agree to a contract something has to be material has to be exchanged (Microsoft provides a legitimate service, the forum provides a place to post messages, FTDI provides software) you are just posting a demand for money which doesn't constitute an EULA or a contract of any sort.
Sorry, EULA means I have to gain some rights as well as well as an ability to decline the terms (It is also for software not a verbal agreement). So I regret but I have to decline to agree.
You can decline microsofts terms as well as FTDIs by not using automatic updates (which you could have disabled during install with a very explicit screen and not using the driver)
-
Microsoft has terms that people agreed to before buying or during install (wait a second, please refer the EU case that install/run time EULAs are void that makes no sense what happens if you don't buy something and they display a must read prompt that makes zero sense) which covers Microsoft services and if you don't like automatic updates and automatic terms then you should disable it. (Which is easy to do and it gives you the choice right directly as well)
What a load of bullshit. Microsoft and FTDI are two entirely separate entities. Agreeing to terms from Microsoft can in no way mean to automatically agree to any terms that a third party may come up with in the future, let alone with any third party terms that the customer has never been shown.
Like, i have a contract with my landloard to rent the place i am in. That does not mean that i have to blindly agree to any terms that, for example, the electricity company makes to supply me with electricity in said place. It doesn't matter at all what terms and conditions have been agreed to between the user and Microsoft, as far as third party stuff is concerned. Those terms only apply between MS and the customer, and no one else.
Of course, MS could say "well, yes, we adopt FTDI's terms now, and thus they are ours as well". But in that case the user has to be notified of that fact, and still shown those terms.
Greetings,
Chris
Microsoft provides WHQL certified drivers signed by microsoft. If you don't like microsoft's services they have the option to disable that service at install in a nice big (want automatic updates or not)
FTDI doesn't even need an EULA to stop counterfeits from functioning it is very similar to HDCP disabling your purchased hardware forever without you agreeing to install an revocation list on inserting a new bluray.
If you sign an agreement with your landlord and the landlord has signed other contracts you very well could get tied up in a legal mess automatically. Legal systems are not totally isolated entering a relationship with one group can cause you to be related to many other groups.
-
Hmm, if they claim the fakes have micro-controller based chips shouldn't it be possible to fuzz them to check for any bootloaders that would allow for re-programming. More intensively you would have to de-lid the chip to access the not accessible programming pins which would put it right into the FUD territory.
It seems like the fakes are using mask ROM for their firmware, so no reprogramming would be possible.
That would make sense and it is total FUD then.
-
So, once again, I see postings from forum users that initiated their account here on this forum a day or so after this "problem" became a PR issue. These forum users have only commented in this thread and have no other postings in any other thread. AND they "say" that-- "Oh no, we are not a paid shill for FTDI! How could you say such a thing!". Also, by the shear number of times the word "fake" is used in their postings, it leads me to believe that they are getting paid based on the number of times they use the word "fake"...
Grasping at straws there - at one time 1400 guests were reading this thread - directed here from hackaday and other sites that ran the story. Hardly surprising that some of them registered in order to join in the debate, perhaps the ones that felt most strongly about it happened to be on the side of the argument you don't like.
I'm sure Dave is pleased as punch with the publicity the forum and he has got from this shitstorm, this thread is currently at 114k views.
So, what so you day Rufus? How about you pull your head out of FTDI's ass, and come over to *our* side?
I'll be staying on the side I think is right. What FTDI did is not that great but I don't think it was wrong or illegal. The few FTDI parts I have in equipment are fine and I have never designed one in so it hasn't caused me any problem.
The shitstorm has raised awareness of fake Chinese crap and made others look hard at their supply chains which I consider to be a good thing, it means I can worry a tiny bit less about fake parts and my and my customer's supply chains. From a purely selfish point of view I thank FTDI for what they have done.
On the fake/clone thing (not that it is relevant) if you think there are legitimate clones out there point me to a data sheet for one?
-
The facts make your statement flawed. So instead of attempting to counter my statements you just keep saying the same thing that the device is physically dead when it isn't.
Prove it.
From the user perspective the device is fake the internet made that so abundantly clear. (Literally simple fact is the fake device is not broken)
By what standard? You're making the assumption that they automatically know. I doubt, given your circular logic that would make an ancient theist proud, you have the omniscience to grant every living being this particular knowledge. Please prove as a philosophical universal how everyone knows this. Otherwise, you have nothing to go on.
A better example would be ....
"Let me just go ahead and answer a question you didn't ask, so I can be right." Not "here is why your analogy is flawed," but "You see when you frame it in a way that lets me win..." - You must be observing the US politician's "That's a very interesting question, and now let me lead to somewhere away from the issue" methodology. :)
If you like simple questions then:
Is the device (Fake chip) physically damaged?
If the end user plugs in the device, does it operate as they expect or as intended? Yes, or no?
No, it does not operate as the user expects...
QED.
Different mechanisms for the same net result: something that doesn't work.
As to,
"What is the cost/time for replacing a bearing on an engine?
Can a physical bearing be downloaded into a broken engine automatically?"
You're free to add all sorts of conditions you wish to rationalize it, plenty of southerners did the same when it came to lynching black people.
At the end of the day, the question you refuse to answer, and respond with meaningless with counter questions, is that for the end user, neither function. You cannot refute this, so you just go on and on in circles. :)
Simple questions not answered so it is pretty clear you don't have an answer.
No one comes with "automatic" knowledge about a fake FTDI chip but you know google is very easy to use. Type in "FTDI" and what do you get on the top of the page. Is google really that hard to use? Do I have to pray to google..........
Answer the questions first and actually quote the full thing instead of cutting it off.
You didn't answer the question with a yes/no. (You are free to extend your answer) What the user expects can be updated by something called the news. If the device is actually killed is not a exception but a fact (that it isn't killed).
You answered another question does it work as a user used to expect. Calling kettle black basically now.
It does work with other software FTDI has no obligation to work with the chip and assigning it another non-conflict value is not illegal as modifying PID/VID is simple and non-destructive. Linux can pick it up without dropping a beat and microsoft users have to run a third party tool to bypass FTDI's checks.
I did answer the double question (You just quoted me answering it) No the user does not expect it to be fake, and Yes it does work as intended by the driver.
Answer the questions directly. You added a combo question by having an or in the question itself so I answered in two parts one for each option. My questions are simple
Is the device physically damaged?
Is the device not still communicating with other software?
Does the device require physical repair?
The driver disabled/revoked access to FTDI's drivers but this is intended behavior and just as HDCP does that to devices NVram with revocation lists so can FTDI. You never agreed to any EULA when you bought a TV, HDMI switch, disk yet the disc and render a device functionally useless to the user. (It still "works" you just have to bypass HDCP)
-
In the USA, we go by the UCC [Uniform Commercial Code], which [basically] says that both parties must be aware of all of the terms of an agreement, and that both parties must benefit from the agreement, and that both parties must enter into the agreement will full knowledge and consent. If one or more of these requirements are missing, the agreement will [most likely] be easily nullified in court.
You also cannot sell someone a product, and then [later] inform them that the product that they already paid for [and they expected to "just work"] won't work unless they agree to some contractual relationship-- that is very close to "compelling to contract", which is a felony-- and is only alleviated if you offer their money back if they don't want to agree to the terms.
So. shrink-wrap licensing and EULA's are very close to being criminal let alone being almost unenforceable in court.
Thanks, good information. Wasn't aware that the US handles shrink-wrap stuff pretty much the same as the EU, what with those license styles are predominantly comming from there.
Greetings,
Chris
-
The way how the civilized world handles a random violation:
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115377;image)
The way how FTDI would have handled such violation.
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115379;image)
-
Sorry, EULA means I have to gain some rights as well as well as an ability to decline the terms (It is also for software not a verbal agreement). So I regret but I have to decline to agree.
Now, now. You really want to have your cake and eat it too? Or are you just acting that stupid? On one side you defend what FTDI did, babbling about how that is in their license, and that user agreed to an EULA from Microsoft for updates, etc., completely ignoring that the user was never made aware of any of the terms that are attached to the automatic driver update for the FTDI stuff, and thus never had a chance to decline those terms. And now you want to weasel yourself out of paying me according to my EULA by telling me that you haven't been made aware of the terms i set and thus had no ability to decline?
You are nothing more than a prime example of corporate hypocrisy. If you demand that other stick to some imaginary legalese, you better be prepared to stick to such stuff yourself as well. Declining to do so, while wanting other to do so is, well, "stupid" doesn't even begin to capture it.
But at least i have to thank you for making it blatantly clear that you are just an idiotic shill.
Greetings,
Chris
-
On the fake/clone thing (not that it is relevant) if you think there are legitimate clones out there point me to a data sheet for one?
Amyk showed one example, days ago:
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg535577/#msg535577)
They have a datasheet but unfortunately it's just not available to their customers (7th link):
http://www.corechip-sz.com/endownload.asp?classid=108 (http://www.corechip-sz.com/endownload.asp?classid=108)
Wraper also showed one in the next message after Amyk's. A different one, with a linked and downloadable datasheet.
Presumably both of those get.... "molested" by FTDI's latest driver yet are only functional clones, not counterfeits. No idea about the ages involved so the gravity of the... "despicable act" is debatable. Mind you, not the despicability per se. :)
-
In the USA, we go by the UCC [Uniform Commercial Code], which [basically] says that both parties must be aware of all of the terms of an agreement, and that both parties must benefit from the agreement, and that both parties must enter into the agreement will full knowledge and consent. If one or more of these requirements are missing, the agreement will [most likely] be easily nullified in court.
You also cannot sell someone a product, and then [later] inform them that the product that they already paid for [and they expected to "just work"] won't work unless they agree to some contractual relationship-- that is very close to "compelling to contract", which is a felony-- and is only alleviated if you offer their money back if they don't want to agree to the terms.
So. shrink-wrap licensing and EULA's are very close to being criminal let alone being almost unenforceable in court.
Thanks, good information. Wasn't aware that the US handles shrink-wrap stuff pretty much the same as the EU, what with those license styles are predominantly comming from there.
Greetings,
Chris
Thanks DiligentMinds for the law directly,
You agreed to automatic updates including third party microsoft signed updates (full consent, knowledge) it was pretty clear to me when I install windows. (Sometimes I do disable auto updates to prevent just such issues with drivers being updated automatically potentially breaking thing). So full consent given for auto updates. Revocation of hardware is not something that even needs to be listed in a EULA. (DHCP demonstrates this with its auto/silent revocation system that does modify user hardware and can functionally make a part incompadible like FTDI's driver)
You also demonstrated how mamalala example is highly flawed because we never had a mutual benefit. (Microsoft automatic updates are a service and Microsoft gets info on your machine and that windows ecosystem is updated properly and you get convenience) FTDI's clause about only genuine parts being safe doesn't even need to be there as fake parts are illegal and HDCP has no such EULA that you even click on and still can carry out far harder to bypass (just a tiny bit harder) hardware modifying revocation. In addition to that the fake parts themselves are not irreparably damage in any way shape or form and a linux update can handle it without skipping a beat.
So you nullified mamalala example but not microsoft's.
Microsoft provides clear choices to users and does not hide the options as they are very visible choices. FTDI is using a system like HDCP which doesn't even have EULA.
-
Microsoft provides WHQL certified drivers signed by microsoft. If you don't like microsoft's services they have the option to disable that service at install in a nice big (want automatic updates or not)
FTDI doesn't even need an EULA to stop counterfeits from functioning it is very similar to HDCP disabling your purchased hardware forever without you agreeing to install an revocation list on inserting a new bluray.
If you sign an agreement with your landlord and the landlord has signed other contracts you very well could get tied up in a legal mess automatically. Legal systems are not totally isolated entering a relationship with one group can cause you to be related to many other groups.
Again, what a load of bullshit. Microsoft is not the one who wrote the malicious code, they merely distributed it. Any EULA one has with MS can only refer to their services and code and other terms. It can never, ever, refer to any terms, conditions, contracts or EULA's from third parties sight unseen. That's simply not how it works.
And nope, a contract mith my landlord has in no way any legal meaning as far as third parties are concerned. For example, part of that contract is stuff like wastewater, for which i pay a small fee every month, depending on fresh water usage. However, i can go ahead and dispute the amount requested for that by my landlord and get her to chose a cheaper option. And in any case, i have to be made aware of the terms of that stuff, which happens every year with the "Nebenkostanabrechnung" for me, where every item for such stuff is listed, so that i have a chance to dispute them.
What happened with the auto-installed FTDI driver isn't even close to that. It was silently installed onto the machines of users, without showing them any terms or license for that driver. None at all. Heck, the license language in the .inf file even changed between previous versions and that particular version, So even if someone bothered to dig into the .inf file and read that blurb before, and agree to it, those terms had changed without the user knowing anything about it.
Your attempts to whitewash this crap are beyond idiotic. Care to try that thing called "reality" any time soon? If so, feel free to get back to me with something that resembles a sane argument.
Greetings,
Chris
-
Simple questions not answered so it is pretty clear you don't have an answer.
Given your history, I suppose you certainly have experience to state this.
Is the device completely disintegrated? No.
Is the device usable (as you're inferring) by the end user? Also no.
Is there a difference as far as the end user is concerned? Still no.
QED.
No one comes with "automatic" knowledge about a fake FTDI chip but you know google is very easy to use. Type in "FTDI" and what do you get on the top of the page. Is google really that hard to use? Do I have to pray to google..........
Again, you inject "FTDI" as a prerequisite. I have a device in my hand, tell me what components are in it. Use google or any other tool to tell me whats in it. You can't. You require a minimum level of knowledge that not every end user has.
Answer the questions first and actually quote the full thing instead of cutting it off.
Ah the demands of the loser, "I won't actually address the root questions you're presenting, but man are you a insufferable twit for not answering my questions!" As to "cutting the rest off," your needless qualifiers don't justify the ends.
You didn't answer the question with a yes/no. (You are free to extend your answer) What the user expects can be updated by something called the news. If the device is actually killed is not a exception but a fact (that it isn't killed).
You answered another question does it work as a user used to expect. Calling kettle black basically now.
You realize with this last sentence, then if nothing else, that you're admitting you're trying to dodge the issue? When you yourself are not going to bother to close the first point before raising the next question, I get to do the same. Your presumed moral high ground does not exist here.
"If the device is actually killed is not an exception but a fact that it isn't killed" - taking this at face value, you apparently live in a subjective world where a device can be dead and not dead at the same time. What I'll assume, given the usual banging on you do, is that because you have the capacity to fix it, just as a mechanic has the means to repair an engine, you conclude that everyone else can too. Which does not follow at all.
I did answer the double question (You just quoted me answering it) No the user does not expect it to be fake, and Yes it does work as intended by the driver.
if one device stops working, and another device stops working (guess which one is the engine, and which is the semiconductor), to the end user, both are in an equal state of non-operation. The quote I copied, agreed with this, which means every other bit of your rambling is moot. Pointless. Your entire basis requires that your answer to there being a difference was not 'no,' but 'yes.'
Answer the questions directly. You added a combo question by having an or in the question itself so I answered in two parts one for each option. My questions are simple
Is the device physically damaged?
Is the device not still communicating with other software?
Does the device require physical repair?
1. See top; no.
2. What is "other software"
3. Just to be pedantic. Technically yes, given that EEPROM is a physical thing and in one physical state it's inoperable, in another it's functional and it depends on 'repairing' the bits to be in the right electrical state.
You're welcome to cake on anything else you want, but your feelings on the matter are irrelevant to the reality that the end user sees: the fact that between one inoperable device and another, they're both dead as far as the end user is concerned. They are not "miles apart."
-
My issue is that there are few alternatives to the FTDI chip. The Prolific chip suffers even worse counterfeiting than the FTDI chip. I have used both and can positively state that the FTDI chip is more stable across a wider range of environments than the Prolific chip.
It's easy to say that I will no longer use the FTDI chipset, but it's a whole other ballgame to actually put it into practice.
-
Sorry, EULA means I have to gain some rights as well as well as an ability to decline the terms (It is also for software not a verbal agreement). So I regret but I have to decline to agree.
Now, now. You really want to have your cake and eat it too? Or are you just acting that stupid? On one side you defend what FTDI did, babbling about how that is in their license, and that user agreed to an EULA from Microsoft for updates, etc., completely ignoring that the user was never made aware of any of the terms that are attached to the automatic driver update for the FTDI stuff, and thus never had a chance to decline those terms. And now you want to weasel yourself out of paying me according to my EULA by telling me that you haven't been made aware of the terms i set and thus had no ability to decline?
You are nothing more than a prime example of corporate hypocrisy. If you demand that other stick to some imaginary legalese, you better be prepared to stick to such stuff yourself as well. Declining to do so, while wanting other to do so is, well, "stupid" doesn't even begin to capture it.
But at least i have to thank you for making it blatantly clear that you are just an idiotic shill.
Greetings,
Chris
You are made very aware of automatic updates it is part of windows and you had the option to disable it then and you still do have full control over it now. Turning it off is how to disagree with that aspect of Microsoft's services. They cannot rip out all the software that does windows update as it is too integrated into the OS.
(http://www.vistax64.com/attachments/tutorials/2384d1200093335-windows-update-windows-automatic-updating-settings.jpg)
You can decline you can even prevent automatic device driver updates. It isn't hidden or hard to change.
I did decline but your contract had nothing to say what happens if I decline because I can't delete your message or remove it from the forum.
Your legal contract is highly flawed and ignores the basic rules of contract law.
Ad hominem attack just make your statements appear all the more fallacious.
-
You are made very aware of automatic updates it is part of windows and you had the option to disable it then and you still do have full control over it now. Turning it off is how to disagree with that aspect of Microsoft's services. They cannot rip out all the software that does windows update as it is too integrated into the OS.
You can decline you can even prevent automatic device driver updates. It isn't hidden or hard to change.
I did decline but your contract had nothing to say what happens if I decline because I can't delete your message or remove it from the forum.
Your legal contract is highly flawed and ignores the basic rules of contract law.
Ad hominem attack just make your statements appear all the more fallacious.
To make your line of argument even remotely work, you need to provide the following:
1) Where does the EULA between a user an Microsoft say that by using the automatic update/driver function the user automatically agrees to any T&C, licenses, etc. attached to third party upgrades and drivers. That is, software that is not property of Microsoft.
2) Where does said EULA state that any such T&C's or licenses are valid because said updates/drivers are distributed through a function of the Windows OS.
3) Where does said EULA state that any such terms, even if the are pertaining to Microsoft software or drivers, are automatically accepted by the user by the mere act of having the auto-update/driver feature enabled, while the user is never shown any such terms/licenses for the software/driver pieces in question?
4) Even if there would be such a clause or clauses in the Microsoft EULA, please provide the laws that in turn acknowledge that this even can be done.
Unless you can provide that info, your arguments are moot.
Also, you don't know what my contract (which, by your reasining, you agreed to by having access to my stuff through a third party channel) says or does not say. Like, you know, a user getting an update or driver through the auto-stuff of Windows doesn't know what the specific terms, license, contract, etc. for a particular piece of third-party-software or -driver that came through it was.
Again, you want to have your cake and eat it too.
Greetings,
Chris
-
Just because HDCP does something bad, doesn't make it right [or legal] for FTDI to do it.
Don't worry, that HDCP stuff they bring up is nothing but a red herring meant to distract from the real issue.
Greetings,
Chris
-
Simple questions not answered so it is pretty clear you don't have an answer.
Given your history, I suppose you certainly have experience to state this.
Is the device completely disintegrated? No.
Is the device usable (as you're inferring) by the end user? Also no.
Is there a difference as far as the end user is concerned? Still no.
QED.
No one comes with "automatic" knowledge about a fake FTDI chip but you know google is very easy to use. Type in "FTDI" and what do you get on the top of the page. Is google really that hard to use? Do I have to pray to google..........
Again, you inject "FTDI" as a prerequisite. I have a device in my hand, tell me what components are in it. Use google or any other tool to tell me whats in it. You can't. You require a minimum level of knowledge that not every end user has.
Answer the questions first and actually quote the full thing instead of cutting it off.
Ah the demands of the loser, "I won't actually address the root questions you're presenting, but man are you a insufferable twit for not answering my questions!" As to "cutting the rest off," your needless qualifiers don't justify the ends.
You didn't answer the question with a yes/no. (You are free to extend your answer) What the user expects can be updated by something called the news. If the device is actually killed is not a exception but a fact (that it isn't killed).
You answered another question does it work as a user used to expect. Calling kettle black basically now.
You realize with this last sentence, then if nothing else, that you're admitting you're trying to dodge the issue? When you yourself are not going to bother to close the first point before raising the next question, I get to do the same. Your presumed moral high ground does not exist here.
"If the device is actually killed is not an exception but a fact that it isn't killed" - taking this at face value, you apparently live in a subjective world where a device can be dead and not dead at the same time. What I'll assume, given the usual banging on you do, is that because you have the capacity to fix it, just as a mechanic has the means to repair an engine, you conclude that everyone else can too. Which does not follow at all.
I did answer the double question (You just quoted me answering it) No the user does not expect it to be fake, and Yes it does work as intended by the driver.
if one device stops working, and another device stops working (guess which one is the engine, and which is the semiconductor), to the end user, both are in an equal state of non-operation. The quote I copied, agreed with this, which means every other bit of your rambling is moot. Pointless. Your entire basis requires that your answer to there being a difference was not 'no,' but 'yes.'
Answer the questions directly. You added a combo question by having an or in the question itself so I answered in two parts one for each option. My questions are simple
Is the device physically damaged?
Is the device not still communicating with other software?
Does the device require physical repair?
1. See top; no.
2. What is "other software"
3. Just to be pedantic. Technically yes, given that EEPROM is a physical thing and in one physical state it's inoperable, in another it's functional and it depends on 'repairing' the bits to be in the right electrical state.
You're welcome to cake on anything else you want, but your feelings on the matter are irrelevant to the reality that the end user sees: the fact that between one inoperable device and another, they're both dead as far as the end user is concerned. They are not "miles apart."
Is the device completely disintegrated? No.
Is the device usable (as you're inferring) by the end user? Also no.
Is there a difference as far as the end user is concerned? Still no.
You just answered yes to the device is physically damaged (also false it in no way is even remotely physically damaged)
You also just said it is unusable (false linux has an update already) and countless end user programs work with it)
You also said is there a different to the end user, well I'm an end user and I can tell the difference so you statement is false based on the mere existence of me an end user that doesn't agree with you, I detect fakes and report them as a responsible end user should.
See my previous posts you have script that uses FT_PROG, and a .py file that can work with it. You even have official FTDI instructions on how to change the PID/VID. So I proved your #2 answer so wrong and proved you don't actually read my posts as well but keep discounting what I'm saying.
The device is no longer compatible with FTDI's software that is normal HDCP does this and modifies user hardware silently and automatically.
The device itself still works and is not physically damaged in any sense. So no as an end user I would be able to tell the difference.
I admitted nothing just assuming your statement of deflection and you deflecting later it is a clear kettle black situation. Did I ever say I deflect? It is only you who claim this.
No the device is clearly functional it just doesn't work with FTDI's drivers anyone can make it work since linux will have a patch for it which people can I hope apply unless they are running totally unpatched systems which is dangerous. And for windows if people can't use google then thats a pretty big problem.
If your talking about some hypothetical end user that has no knowledge of anything computer related and has no idea what they are plugging in, then nothing is broken to them as they don't even know how to click on things or what the bubble is even saying let alone what they are holding and what it does or is supposed to do. For all they know that is what is supposed to happen. Seriously people can use google its easy to use doesn't require arcane rituals and is a pretty fundamental skill unless you don't have internet at which point automatic updates wouldn't even work.
Your making a fundamental logical fallacy to say I somehow do not count as an end user.
Answer this new question,
Don't we all count as end users, even though we differ on what we expect/think?
-
Just because HDCP does something bad, doesn't make it right [or legal] for FTDI to do it.
Don't worry, that HDCP stuff they bring up is nothing but a red herring meant to distract from the real issue.
Greetings,
Chris
How so HDCP is not illegal and the revocation function works very similar to FTDIs system and has no user notification and is too very silent. An automatic update revokes a device by altering a nv memory to ban a product. It will even modify other products so that they too will not work with that product. The product if compliant will even store its own revocation itself.
-
My questions are simple :
1) Is the device physically damaged?
2) Is the device not still communicating with other software?
3) Does the device require physical repair?
The driver disabled/revoked access to FTDI's drivers but this is intended behavior and just as HDCP does that to devices NVram with revocation lists so can FTDI. You never agreed to any EULA when you bought a TV, HDMI switch, disk yet the disc and render a device functionally useless to the user. (It still "works" you just have to bypass HDCP)
1) Yes, the device was damaged. The electrons in the EEPROM were moved around to make the device inoperable to non-FTDI drivers [i.e., *BSD's, Linix, etc.].
2) After FTDI intentionally damaged the device, it no longer communicates with legitimate non-FTDI drivers in Linux and the *BSD's.
3) Yes-- the device *can* be repaired, at considerable cost in time and labor, not to mention any tertiary financial damage that was done due to temporary loss of use of the device.
Just because HDCP does something bad, doesn't make it right [or legal] for FTDI to do it.
FTDI does not "own" the hardware, and regardless of whether it is a legal clone or a illegal counterfeit device [which the driver would not be able to distinguish], they have no right to render inoperative a device that is owned by the end-user and is useful for other purposes on other systems [Linux for example].
FTDI needs to release a *NEW* driver that both fixes the clone and/or "fake" devices that they damaged, and also [optionally] it can refuse to work with these devices once they have been repaired. I think this would go a long way to repairing the PR damage that they did to their firm and their brand.
If there are counterfeit devices "in the wild", then there are proper legal remedies to find and punish the counterfeiters [and I would agree with that action].
I think FTDI should also issue a *real* heartfelt apology to all of the innocent end-users that were caught up in this debacle.
The various law enforcement agencies should also follow up to find out if any criminal wrongdoings need to be prosecuted, and the FTDI company should probably be fined for their illegal actions.
If all of that happens, then it might be possible over time to forgive FTDI and start using their parts again.
And FTDI-- if you're reading this post, please don't fire a "sacrificial programmer" in your driver department, and then have him "suicided"...
BUT-- continuously denying what they did, blaming others, and refusing to admit that they made a mistake will only add fuel to the fire. FTDI should be on their knees begging for forgiveness-- not stomping around, arrogantly boasting that they did something "Good". A good start for this would be a long heartfelt apology from the CEO of FTDI on YouTube. They need to fix this, and fast...
1) Nope it is not physically damaged reprogramming the PID/VID is a valid and normal operation and is mutable and reversible.
2) FTDI has no legal obligation to make the fake device work with their driver, linux updated their code and third party tools exist (I already posted even the source for you here) to communicate, bypass, and correct the change if a user chooses to do so.
3) The device is not broken, it requires no physical repair, a fix is purely in software. (Great cost is laughable when free tools exist and linux will probably automatically handle it from here on out)
FTDI does own the driver and the driver can distinguish the fakes currently and the device is no inoperable it is just incompatible with FTDI's driver.
FTDI should have given the community warning and a tool to check for fakes before updating the driver so news stories will not be of surprised communities and people could talk it out before shit hit the fan so to speak.
Counterfeit devices are illegal and that is all that needs to be said. If a device uses its own driver, has its own completely independent brand but is better or exactly the same as FTDI's stuff just made all with their own work then that is perfectly good clone and if FTDI damaged that device which has no relation at all then that would be very very bad behavior and very likely illegal. (No good MFG would cause a VID/PID collision that is just horrible for USB in general even if not illegal, get their own number offer the same type of stuff for cheaper and people will flock to your company)
HDCP being bad doesn't make it illegal. Just like FTDI being bad doesn't make it illegal.
-
Thanks DiligentMinds for the law directly,
You agreed to automatic updates including third party microsoft signed updates (full consent, knowledge) it was pretty clear to me when I install windows.
No, I run Linux, not Windows. I didn't agree to *any* terms on a Windows machine. If I loan my [legitimate clone] "FTDI-like" device to another user, and he plugs it into a Windows machine, and FTDI's drivers do something to render the device inoperable [back on my Linux machine], then I have been legally "damaged" because it will take time to troubleshoot and/or the problem, and/or money to buy a new "legitimate clone" device. FTDI had no right to modify *MY* device. They have every right to not allow their driver to talk to it, and could have done that without resorting to terrorism.
Note that the friend I loaned the cable to had no knowledge that the FTDI driver was going to do what it was going to do, so there was no intent, and he is without liability. FTDI [on the other hand] was *well* aware of what they were doing, and so *ARE* liable for my damages, and thus I have "standing" in court to bring a lawsuit against them.
This is one of the reasons I switched to Linux-- I simply grew weary of fighting with fascist companies like FTDI, and their unilateral decisions to run my life the way they want. So, I said goodbye to Windows in 2005 and never looked back.
The problem comes in when I am designing something for a client that requires a USB-serial converter. Prior to FTDI showing their penchant for fascist behavior, I would have designed in one of their parts [as I have in the past]. Now, I will use another part [probably the CP2104]-- and it is even less expensive-- which I would never have found out if FTDI did not open my eyes to their true nature.
I think that the decision maker in FTDI that ordered this idiocy should probably go to jail-- maybe just a year or two-- just as an example to other company executives that are thinking along the same lines... Only time will tell if this happens.
A user who hands you something that was updated on their machine did agree to it however. The fact you did not agree to it doesn't matter. A rational thinking user would realize that something bad happened and would try to figure out what happened. And if they are any bit tech savvy (plus what kind of non-technical user needs a random RS-232 cable very little modern consumer stuff has a serial port on it) they will figure out what it was. (Its all over google)
As I said I run all OSes and do university teaching labs with some designs using FTDI chips and MSP430s and if you lent it to me I would detect the fake and give you a real one back. It is the nice thing to do I could even re-work the exact cable with a real part if you wanted. End users need to be able to detect fakes otherwise counterfeiting will just get worse. FTDI has done the wrong thing in surprising everyone and with their horrible PR response.
The person who you lent it to did agree to the microsoft agreement including transfer of liability. So they are aware of the automatic updates and what it does. I can tell you with great certainty that basically no chance of a criminal case.
Using the HDCP example if you lent your cheap HDMI switch to someone who needed it for a party and they stuck a brand new bluray that updated the switch NV memory to ban the device you would be returned with a non-HDCP compatible switch and you would find it very hard to go after anyone as that is "feature" for HDCP.
-
The devices were on life support provided by the illegal use of FTDI drivers, FTDI figured out how to and turned off the switch. I believe it was within their rights to do so. No one is stopping you resurrecting the corpses by writing some other drivers or using the legal ones on Linux.
The use wasn't illegal. Most people had the drivers installed automatically without being shown the EULA
I am not a lawyer. I find it hard to see how an EULA makes any difference. The drivers (like all software) are copyright. The copyright holder FTDI allow the use of their drivers under certain conditions. No agreement is required it is just a fact and using their drivers outside of those conditions is an illegal violation of their copyright. Not agreeing that you are aware of those conditions would at best only support a defence of ignorance for that violation.
-
All of your arguments are irrelevant. If FTDI modified my device in *ANY* way that costs me time and/or money to discover and/or remedy, then *I* have been [legally speaking] "damaged", and can sue FTDI for compensatory and/or punitive damages. Because FTDI did this knowingly, then the punitive damages can be three times what the compensatory damages might be.
I think everyone that has a device that FTDI modified without authorization, should bring a lawsuit against FTDI-- not as a class action, but millions of individual lawsuits that FTDI will have to defend against. This [of course] will BANKRUPT them-- probably a fitting end for a fascist company like FTDI.
HDCP modifies devices in the same way and is harder to bypass or fix and in the US is probably illegal to "fix". You have no control over the revocation system and HDCP can revoke legitimate and fake devices alike if they deem its key has been compromised or abused in some way. There is no court that they have to goto they just update a list of numbers that gets automatically written by HDCP ready devices (Which may even include the target devices).
You have no recourse basically other than to go after the seller and so on. The device is fake or deemed not compatible you can do whatever you want to use it outside of the FDTI/HDCP framework but to bypass it is a bit gray but very easy for FTDI's case and fairly easy on HDCP's case.
Again "yelling" in text statements doesn't make it true. You are always free to sue people for whatever you think but that does not ensure you will not be charged for fees and end up paying instead of getting anything in return.
-
And DMCA |O Since when is DMCA applicable to a company in Scotland (UK) and laws broken e.g. in France, Germany or Netherlands?
Maybe you should look up the EU InfoSoc directive which also protects "Technological Protection Measures" and in some ways is more restrictive than the DMCA.
That is still not relevant, Rufus, sorry.
The directive text is here:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001L0029:EN:HTML (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001L0029:EN:HTML)
a) The directive talks about "circumvention of effective technological measures" (btw, DMCA has the same requirement). That alone makes your theory wrong - VID/PID are not designed to act as a technological measure to prevent access to anything (let alone an effective one!), they are simply identifiers facilitating finding of a correct driver by the host. So your argument is falling apart right there.
b) The directive has provisions for interoperability
c) There is also section 48, so even if we accept that the borking of end-user's device is a "technological measure" in the sense of the directive, then:
Such legal protection should be provided in respect of technological measures that effectively restrict acts not authorised by the rightholders of any copyright, rights related to copyright or the sui generis right in databases without, however, preventing the normal operation of electronic equipment and its technological development. ...
d) The redress in case of a copyright violation has to be sought according to law - the directive leaves that to the individual countries to implement. E.g. in France that means sending cease&desists first, then a court action. There is *zero* provision for vigilantism and breaking of supposedly illegal stuff, no matter what the right owners may wish for. You call that "due process" in the US, I believe.
Rufus, you have no clue what you are talking about and only grasping at straws. Better read (and understand) the stuff you are trying to use to support your arguments first next time.
Sorry man, no cigar. :palm:
-
If you can agree that FTDI owns the driver IP, and you own the clone. Then FTDI can modify the driver to not function with the clone. They are not allowed to modify the clone to not work with the driver. Pretty simple no?
-
If you can agree that FTDI owns the driver IP, and you own the clone. Then FTDI can modify the driver to not function with the clone. They are not allowed to modify the clone to not work with the driver. Pretty simple no?
FTDI like HDCP does not own the device yet it modifies them and it is allowed to do so. FTDI driver is just revoking the number. Its a joke to put it back (unlike HDCP revoking) but both modify a user's device automatically.
It isn't a nice thing to do but it isn't illegal. The mfg of the fake chips is doing very illegal stuff however.
A legal clone would use its own VCP driver and have no brand relation at all to FTDI other than it functions the same with completely cloned everything that another company put work into making.
-
.... probably a fitting end for a fascist company like FTDI.
Godwin's law proven at last.
-
The devices were on life support provided by the illegal use of FTDI drivers, FTDI figured out how to and turned off the switch. I believe it was within their rights to do so. No one is stopping you resurrecting the corpses by writing some other drivers or using the legal ones on Linux.
The use wasn't illegal. Most people had the drivers installed automatically without being shown the EULA
I am not a lawyer. I find it hard to see how an EULA makes any difference. The drivers (like all software) are copyright. The copyright holder FTDI allow the use of their drivers under certain conditions. No agreement is required it is just a fact and using their drivers outside of those conditions is an illegal violation of their copyright. Not agreeing that you are aware of those conditions would at best only support a defence of ignorance for that violation.
Ahhhhhhh.... NOW we are getting the to crux of the problem. You see, it was *NOT* the "device" that is using the driver, it is the O/S that chose to associate that driver with the device. This association was not intentionally done by the end-user [and in law, "intent" is almost everything]. The driver from FTDI CLEARLY has the ability to determine if it is communicating with a genuine FTDI device, and FTDI could have simply written the driver to refuse to work with non-FTDI devices. That would have been perfectly legitimate. BUT, FTDI took it too far-- they went on to actually *MODIFY* the non-FTDI device, which WAS NOT THEIR RIGHT TO DO-- and this modification rendered the device useless to LEGITIMATE drivers on Linux. This, no doubt, probably at least cost the end-user some time, and possibly some money, and THAT my friend, gives them "standing" in court to sue the crap out of FTDI.
It really doesn't matter what the modification was, or whether it's reversible, or not. If it cost the end-user time and/or money, then they were "damaged" by FDTI, and there are grounds for a lawsuit.
The *smart* move [for FTDI] would have been to have their driver simply ignore non-FTDI devices. It looks like there are not so many "smart" people directing the company at FTDI. Oops!
The device is using the driver it reports its ID to the computer so it can talk to the correct driver. The O/S is only acting to read the .inf file the driver has to match the two together. (This is what an operating system is supposed to do) The association is intentional by the counterfeiters because normal companies making real legal clones use other VCP drivers with their own numbers (even if not illegal to have colliding PID/VID values it is a very very bad idea to cause a collision intentionally) damage may very well occur in such a situation.
FTDI did a bad thing in revoking the device just like HDCP is bad but it isn't illegal.
-
The devices were on life support provided by the illegal use of FTDI drivers, FTDI figured out how to and turned off the switch. I believe it was within their rights to do so. No one is stopping you resurrecting the corpses by writing some other drivers or using the legal ones on Linux.
The use wasn't illegal. Most people had the drivers installed automatically without being shown the EULA
I am not a lawyer. I find it hard to see how an EULA makes any difference. The drivers (like all software) are copyright. The copyright holder FTDI allow the use of their drivers under certain conditions. No agreement is required it is just a fact and using their drivers outside of those conditions is an illegal violation of their copyright. Not agreeing that you are aware of those conditions would at best only support a defence of ignorance for that violation.
I'd like to see how copyright can disallow use of software for other than intended purposes. After all copyright only deals with rights to distribute 'a work' not how 'the work' is used.
-
And DMCA |O Since when is DMCA applicable to a company in Scotland (UK) and laws broken e.g. in France, Germany or Netherlands?
Maybe you should look up the EU InfoSoc directive which also protects "Technological Protection Measures" and in some ways is more restrictive than the DMCA.
That is still not relevant, Rufus, sorry.
The directive text is here:
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001L0029:EN:HTML (http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001L0029:EN:HTML)
a) The directive talks about "circumvention of effective technological measures" (btw, DMCA has the same requirement). That alone makes your theory wrong - VID/PID are not designed to act as a technological measure to prevent access to anything (let alone an effective one!), they are simply identifiers facilitating finding of a correct driver by the host. So your argument is falling apart right there.
b) The directive has provisions for interoperability
c) There is also section 48, so even if we accept that the borking of end-user's device is a "technological measure" in the sense of the directive, then:
Such legal protection should be provided in respect of technological measures that effectively restrict acts not authorised by the rightholders of any copyright, rights related to copyright or the sui generis right in databases without, however, preventing the normal operation of electronic equipment and its technological development. ...
d) The redress in case of a copyright violation has to be sought according to law - the directive leaves that to the individual countries to implement. E.g. in France that means sending cease&desists first, then a court action. There is *zero* provision for vigilantism and breaking of supposedly illegal stuff, no matter what the right owners may wish for. You call that "due process" in the US, I believe.
Rufus, you have no clue what you are talking about and only grasping at straws. Better read (and understand) the stuff you are trying to use to support your arguments first next time.
Sorry man, no cigar. :palm:
Arguably you could say HDCP isn't legal either since the master key is leaked and it is no longer an "effective technical measure" it isn't really as anyone can make new HDCP keys themselves. But HDCP still is allowed to disable user equipment and is not banned in the EU and I don't think is facing any current legal challenges. Also with HDCP 2.2 it is just going to get even "better...", now it will be not backwards compatible, have distance latency checks, and all sorts of fun stuff.
The electronic equipment still operates normally (FT_PROG can still access it and the official documents for invalid PID use still apply and is normal operation for the device as dictated by FTDI's documentation) development is not inhibited it is just you can no longer use FTDI's official driver which is their property.
-
I'd like to see how copyright can disallow use of software for other than intended purposes. After all copyright only deals with rights to distribute 'a work' not how 'the work' is used.
Uh, I think Steam, Microsoft, FTDI, every media company in existance, ... use copyright and trademarks to control the use of their software/media for non-intended purposes.
Certain protections exist for commentary, education, ... but there are a ton of ways companies can restrict your ability to use a "work". (DRM comes as an easy example, time limited demos, always online checks, and all manner of bad but not illegal control of use measures)
Edit: Most actually forbid you from distributing it at all and then go on to say how you can't do this and that and use in this and that is forbidden. Some will even go into detail about what happens if they think your bad and how the use of the product may be restricted, revoked, altered automatically. Most software you strictly speaking only "licensed" to use and the use is contingent on a bunch of terms or just their goodwill.
-
If you can agree that FTDI owns the driver IP, and you own the clone. Then FTDI can modify the driver to not function with the clone. They are not allowed to modify the clone to not work with the driver. Pretty simple no?
FTDI like HDCP does not own the device yet it modifies them and it is allowed to do so. FTDI driver is just revoking the number. Its a joke to put it back (unlike HDCP revoking) but both modify a user's device automatically.
It isn't a nice thing to do but it isn't illegal. The mfg of the fake chips is doing very illegal stuff however.
A legal clone would use its own VCP driver and have no brand relation at all to FTDI other than it functions the same with completely cloned everything that another company put work into making.
You're assuming they have legal ownership over the VID and PID, which I don't believe they do, for a number of reasons stated previously in this very long thread. Also can we remove all the HDCP discussion, its meant to prevent direct copies of video content, not to prevent you from watching CSI or a clone of the show because you should be watching NCIS. (I hate all the metaphors, its like comparing apples to oranges, so I'll refrain from using them.)
Also they didn't change the VID, only the PID, can you justify only modifying the one?
You've been posting non-stop which is pretty determined, so I wonder which machine shop at UBC you work at being former UBC engineering student. :)
I'm quite amazed that DigilentMinds.com and others have had the stamina to continue arguing with you. |O
-
FTDI did a bad thing in revoking the device just like HDCP is bad but it isn't illegal.
Please ask a lawyer to explain to you why FTDI committed a crime. Based on the local law it's either willful damage to property or computer sabotage / cyber-whatever. FTDI knows that. That's also the reason for the lousy response of the CEO. If FTDI would admit any wrongdoing they would be liable for any damages immediately. It's a game to protect the company (and themselves vs. share holders) and to make it harder for victims to request any compensation.
-
If you can agree that FTDI owns the driver IP, and you own the clone. Then FTDI can modify the driver to not function with the clone. They are not allowed to modify the clone to not work with the driver. Pretty simple no?
FTDI like HDCP does not own the device yet it modifies them and it is allowed to do so. FTDI driver is just revoking the number. Its a joke to put it back (unlike HDCP revoking) but both modify a user's device automatically.
It isn't a nice thing to do but it isn't illegal. The mfg of the fake chips is doing very illegal stuff however.
A legal clone would use its own VCP driver and have no brand relation at all to FTDI other than it functions the same with completely cloned everything that another company put work into making.
You're assuming they have legal ownership over the VID and PID, which I don't believe they do, for a number of reasons stated previously in this very long thread. Also can we remove all the HDCP discussion, its meant to prevent direct copies of video content, not to prevent you from watching CSI or a clone of the show because you should be watching NCIS. (I hate all the metaphors, its like comparing apples to oranges, so I'll refrain from using them.)
Also they didn't change the VID, only the PID, can you justify only modifying the one?
You've been posting non-stop which is pretty determined, so I wonder which machine shop at UBC you work at being former UBC engineering student. :)
I'm quite amazed that DigilentMinds.com and others have had the stamina to continue arguing with you. |O
Mechanical, Electrical, Engineering Physics are all shops I've used for prototyping and small production runs for course development work (teaching labs). I'm working with a bunch of different groups so it has perks. I've worked with students and class work at AMPEL (Brimacombe Building), KAIS, HEBB, MCLD, ICCS, ...
I'm sitting on a few terabytes of image data that are processing so I have time to spare as I have to wait a bit to check each record after it gets processed. Needs so much memory only my home computer has enough memory to do it.
To the non stop part I give you, http://xkcd.com/386/ (http://xkcd.com/386/)
(Technically speaking I'm working too, well the computer is working on it actually, I'm just waiting for it)
Modifying the VID would be very bad as it would be difficult to detect afterwards what the device might do a VID of 0000 and a PID of 0000 could be anything really. (It would be impossible to automatically detect it with certainty as certain error edge cases exist with VID 0000 and PID 0000 will get reported when a device is not working properly)
VID FTDI and PID 0000 Means unknown (probably changed by FTDI) device and automatic tools can use these facts reliably.
There is no legal ownership of PID/VID but there is also nothing that says FTDI can't change a PID of something that connects to it should it decide to. Most USB devices do not support this if a device connects to the wrong driver then bad things like the driver intentionally kicking the device out is certainty possible.
HDCP will permanently black list a number and people have no recourse and it doesn't even care if your caught in the cross fire. (Bad but not illegal)
Not true HDCP and its ilk can stop you from using analog outputs, connecting certain devices, control video quality, resolution, audio quality (Including disabling or restricting access to content as the flags dictate) and HDCP certainly is concerned with fake/clone devices that advertise HDCP compliance but are not. Which is exactly what FTDI did they revoked the PID number just as HDCP revokes a device (just that revocation is going to stick in most situations)
I'm talking about the hardware protection side of HDCP which is for anti-clone/unauthorized hardware.
-
FTDI did a bad thing in revoking the device just like HDCP is bad but it isn't illegal.
We will just have to agree to disagree, and our opinions matter very little-- this will all have to be decided in the courtroom.
Doubt it if you want you can get started on it. Civil courts are pretty open to starting cases up. Just be prepared for sticker shock. Suing isn't the solution, jumping up and down isn't the solution, talking things out in a nice structured manner is a good way to figure things out.
For one the fake device isn't dead. Secondly the fake chips certainly do have physical brand infringement which we both agree is very illegal. Thirdly a consumer should go after the seller and the mfg should go after the distributor and so on until the counterfeiters are caught. The end user has the ability as a rational thinking person to say hey this is a fake, I want a refund. And then the seller says hey this is a fake I want a refund. Then the distributor is like crap who sold us this junk and so on until people point the finger at a company and customs can be informed so that their products are seized on import and legal cases can be setup.
-
I am not a lawyer. I find it hard to see how an EULA makes any difference. The drivers (like all software) are copyright. The copyright holder FTDI allow the use of their drivers under certain conditions. No agreement is required it is just a fact and using their drivers outside of those conditions is an illegal violation of their copyright. Not agreeing that you are aware of those conditions would at best only support a defence of ignorance for that violation.
Technically, it would be a violation of their LICENSE, not a violation of their copyright. Redistributing the drivers would be a violation of their copyright.
Now I can't violate their license, because I have NEVER BEEN ASKED TO AGREE TO THEIR LICENSE. They choose to include their software with Windows and they choose to never require the end user to even read, much less to agree to their license. It is idiotic to call someone in violation of something they don't even know exists. They plug in a device they purchased and for all the end user knows, Microsoft made the driver in Windows to make it work.
Now the user has a device with a legal clone in it, and by violating nothing they have agreed to, FTDI willfully destroys their property. It really is quite simple.
-
FTDI did a bad thing in revoking the device just like HDCP is bad but it isn't illegal.
Please ask a lawyer to explain to you why FTDI committed a crime. Based on the local law it's either willful damage to property or computer sabotage / cyber-whatever. FTDI knows that. That's also the reason for the lousy response of the CEO. If FTDI would admit any wrongdoing they would be liable for any damages immediately. It's a game to protect the company (and themselves vs. share holders) and to make it harder for victims to request any compensation.
The counterfeiter caused willful damage to FTDI's image and induced really dumb PR (Like FTDI's PR seems to be literally doing all the wrong things) actions to occur and as a result caused even further damage to their public image. Users have had their expectations of a legitimate genuine product broken and have now what amounts to third party chips with little to no official driver support depriving them of their expected access. All in all the company that made the products is the really obviously illegal company as are their distributors/sellers. Any mfg complicit is also performing commercial scale illegal activities. These all easily qualify for government legal action and seizure of fake product shipments and the such.
Failure of an illegal product due to anti-counterfeiting protections that intentionally revoke access to official software and hardware is not illegal unless you think HDCP is illegal which I don't think is being challenged in any country currently.
They should just say we are sorry that we failed to communicate with the community the counterfeiting problem and our countermeasures. Another site already contacted FTDI but they remained silent until the issue blew up right now.
-
I am not a lawyer. I find it hard to see how an EULA makes any difference. The drivers (like all software) are copyright. The copyright holder FTDI allow the use of their drivers under certain conditions. No agreement is required it is just a fact and using their drivers outside of those conditions is an illegal violation of their copyright. Not agreeing that you are aware of those conditions would at best only support a defence of ignorance for that violation.
Technically, it would be a violation of their LICENSE, not a violation of their copyright. Redistributing the drivers would be a violation of their copyright.
Now I can't violate their license, because I have NEVER BEEN ASKED TO AGREE TO THEIR LICENSE. They choose to include their software with Windows and they choose to never require the end user to even read, much less to agree to their license. It is idiotic to call someone in violation of something they don't even know exists. They plug in a device they purchased and for all the end user knows, Microsoft made the driver in Windows to make it work.
Now the user has a device with a legal clone in it, and by violating nothing they have agreed to, FTDI willfully destroys their property. It really is quite simple.
Again the device is in no way "destroyed" FTDI's drivers do not have to legally interoperable or even allow them to keep the same PID they report. Altering the PID is not a damaging action and only prevents it from working with FTDI's drivers, third party programs and tools can still use the chip normally.
The clone is only very legal if it uses its own driver with its own physical/digital branding. Re-use of another companies device driver is not a good idea legally speaking especially since the driver does a lot of the functionality/branding/copyrights as well.
The driver is tricked into thinking the device is a real device and it reports it as an FTDI chip that alone breaks the copyright/trademark. The fact that PID/VID collisions are not illegal is not relevant but the user facing this is an FT232R is a breach of copyright. The chip should report as an IX232S or something but that isn't possible unless they have their own driver.
HDCP has no EULA and I think FTDI's bad system does the exact same function of revoking devices access to official software/hardware.
-
Again the device is in no way "destroyed" FTDI's drivers do not have to legally interoperable or even allow them to keep the same PID they report. Altering the PID is not a damaging action and only prevents it from working with FTDI's drivers, third party programs and tools can still use the chip normally.
I think you're a fairly reasonable person a210, but can you admit that this is not true? The device is prevented from working with any old build of Linux, or BSD, which does not have a fix for the PID being cleared to 0000s. There are many many embedded devices our there which use Linux, within which it is not simple to update the Linux build.
-
Again the device is in no way "destroyed" FTDI's drivers do not have to legally interoperable or even allow them to keep the same PID they report. Altering the PID is not a damaging action and only prevents it from working with FTDI's drivers, third party programs and tools can still use the chip normally.
Action that deliberately renders something into a state that requires any effort, time, or money to revert to its original state constitutes criminal damage. A "real-world' example would be letting someone's tyres down.
-
I have been sitting here and trying to think of someone not using a clone on this forum.
My very old Viewsonic monitor is a clone! It is a clone of IBM's VGA monitor and is very much better.
My USB and PS2 keyboards are clones. In fact they are clones of clones. One is a DELL clone of a Microsoft Clone which was a clone.
I can't think of a chip in the computer that is not based directly or indirectly on a clone.
FTDI just trying to identify a clone could be a criminal act.
C
-
I design hardware and write firmware for that hardware. There are times when this involves the use of USB as a transport mechanism, and so I have had many occasions where I has to deal with that. So, as yo might imagine, I am well versed in how the USB "plug-n-play" paradigm works, and am familiar with the various ways that the various O/S's deal with these devices, including the way they get enumerated and assigned to various drivers.
Many times the *only* way an O/S assigns a driver is to *only* look at the VID/PID pair. BUT, there *are* instances where the VID/PID pair is *not* unique, and so the O/S must then look at the descriptors to determine what driver to attach to the device. There are other device characteristics that can be used to develop a unique signature that positively identifies the correct driver to use. Note that this same scheme is used on the PCI bus, and there are instances where the VID/PID are not unique also.
So, while the VID/PID pair is important, one cannot assume that they are unique [because not everyone plays by the rules-- even legitimate devices]. Since it is impossible for the O/S to predict every possible device that might be plugged in, and to then know what to do with them, there is a heavy burden placed on the driver to make the final determination as to whether it is attached to a compatible device [or not], and to do the appropriate thing.
It seems that FTDI has a driver that can determine if the device attached to it is a genuine FTDI device. The proper thing to do if the device is *NOT* a genuine FTDI device is to simply not respond to it [i.e. through any data coming from the device into the "bit bucket", and not register the device with the O/S as a VCP]. I'm pretty sure this is the mandated behavior proposed by the USB-IF group, and since FTDI belongs to this group, they must have signed an agreement that states how they will deal with a non-compliant device [and that does not include modifying the device in any way].
FTDI [decided] that they would go further than just ignoring a non-FTDI device, and they would *modify* the device so that it would never be recognized by any driver [on *any* O/S] as a genuine FTDI device. They did not have to do this for interchangeability-- they did it to intentionally "brick" the device-- even for legitimate uses on another O/S where they don't own the driver IP. This, in law, is called a "tort", and it *is* actionable. The US federal government might also decide to classify this as "cyber terrorism", which not so surprisingly is a major crime. I don't know what they are going to do. We will see. Things might get real interesting.
The device is the one that reports the VID/PID the OS merely matches it assuming the device is telling the truth. Matching extended data on a collision is not ideal.
FTDI is doing the "correct" thing in that the driver detects a non official protocol PID matching device and gives it another assuming it is similar enough to allow re-assignment. (Which it is)(This very certainly is an anti-counterfeiting system) FTDI's protocol is proprietary and if the device listens to commands to goto the time out zone (0000) then it is at least compatible with the driver the driver just doesn't want to talk to it or any older versions to talk to it either. (The devices PID is revoked using a normal mechanism which the device supports)
Mandated USB behavior as you said isn't law so FTDI is free to do as HDCP does which is bad but not illegal. (I believe many devices don't enumerate to negotiate power and this was well before cellphones and the such because people were lazy and many usb powered devices (Tec chillers, lamps, fans, ...) didn't even have the data lines connected to anything)
FTDI is basically doing a device revocation as HDCP does and its not nice but it isn't illegal in any sense. And no other third party tools and drivers exist to skip around or even trick the FTDI driver into playing nice. (Technically under US law those especially in the HDCP case are illegal, or at least very gray zone things)
Oh my "cyber terrorism" I've never seen as HDCP that bad.
-
.... probably a fitting end for a fascist company like FTDI.
Godwin's law proven at last.
Fascism is a philosophy and a behavior-- and you don't have to belong to anything like the NAZI party to be a fascist. We have fascists right here in the USA that are congressmen and senators. We also have communists [collectivists] and other undesirable types. Hitler and/or Mussolini had no monopoly on fascism.
http://en.wikipedia.org/wiki/Fascism (http://en.wikipedia.org/wiki/Fascism)
Yes you are right. I just couldn't stop myself from posting this comment because I deemed it to be close enough. And that makes me subject to Godwin's second law.
;)
-
Again the device is in no way "destroyed" FTDI's drivers do not have to legally interoperable or even allow them to keep the same PID they report. Altering the PID is not a damaging action and only prevents it from working with FTDI's drivers, third party programs and tools can still use the chip normally.
Action that deliberately renders something into a state that requires any effort, time, or money to revert to its original state constitutes criminal damage. A "real-world' example would be letting someone's tyres down.
Well then we should go after HDCP first because they have disabled devices in the past and probably will in the future as well. There are no legal cases against HDCP to my knowledge that have succeeded in this respect. FTDI just revoked the devices PID it still electrically is fine and works normally otherwise.
Linux just needs a fake clone driver update and windows will have a third party one too I'm sure given the level of interest. The fake chips are fake and bypassing the DRM is a joke. HDCP has caused me to spend time, money, effort, and even prevented perfectly working hardware to not function and I doubt I can get a criminal case going off that.
Letting someone's tyres down is still physically damaging as leaving the tires flat for any length of time can cause permanent physical damage to the tyre and or wheel and is not even reversible by simple re-inflation. Using linux auto-update and it magically working again isn't remotely the same. On windows Microsoft isn't likely to bypass FTDI for us so simple tools can bypass FTDI's DRM.
-
I have been sitting here and trying to think of someone not using a clone on this forum.
My very old Viewsonic monitor is a clone! It is a clone of IBM's VGA monitor and is very much better.
My USB and PS2 keyboards are clones. In fact they are clones of clones. One is a DELL clone of a Microsoft Clone which was a clone.
I can't think of a chip in the computer that is not based directly or indirectly on a clone.
FTDI just trying to identify a clone could be a criminal act.
C
The difference is that the clones were developed with their own work and they used cleanroom design principles. Google did the same for android (mostly).
-
Well then we should go after HDCP first because they have disabled devices in the past and probably will in the future as well. There are no legal cases against HDCP to my knowledge that have succeeded in this respect. FTDI just revoked the devices PID it still electrically is fine and works normally otherwise.
Linux just needs a fake clone driver update and windows will have a third party one too I'm sure given the level of interest. The fake chips are fake and bypassing the DRM is a joke. HDCP has caused me to spend time, money, effort, and even prevented perfectly working hardware to not function and I doubt I can get a criminal case going off that.
Letting someone's tyres down is still physically damaging as leaving the tires flat for any length of time can cause permanent physical damage to the tyre and or wheel and is not even reversible by simple re-inflation. Using linux auto-update and it magically working again isn't remotely the same. On windows Microsoft isn't likely to bypass FTDI for us so simple tools can bypass FTDI's DRM.
You're still avoiding my very basic question:
Can you agree that changing the PID stopped the Linux driver from working until about 2 days ago when a patch was released to specifically address the issue caused by FTDI changing the PID? Yes, No? Feel free to elaborate.
Can you agree that for nearly a month (from the release date of FTDI driver until the release of the Linux patch) the clones were modified to the point where they would not work with Linux? Yes, No? Feel free to elaborate.
Can you agree that any unpatched Linux system, especially embedded systems, will no longer function with a clone which has been exposed to the FTDI windows driver? Yes, No? Feel free to elaborate.
-
Oh and one more:
Can you agree that FTDI did this deliberately? Yes, No? Feel free to elaborate.
P.S. Even FTDI isn't ready to admit that they did this deliberately, likely because they feel there are legal repercussions. (Ref: http://www.eetimes.com/author.asp?section_id=36&doc_id=1324420 (http://www.eetimes.com/author.asp?section_id=36&doc_id=1324420) )
-
I've been bitten by this debacle even though I'm close to 100% confident there will be no FTDI fakes in my products.
We are about to release a new product (was supposed to be today) that contains a FT230X, and as part of my software install I include the installer for the FTDI driver. As a result, I would be responsible for putting this dangerous driver on other people's computers. That is an unacceptable legal risk for my company.
We now have no choice but to hold off release until FTDI fixes this. And I also have to do all my installer testing again. This will cost my company at least half a day of my time, not to mention possible lost sales because of a late release.
I'm very disappointed and annoyed, and will be looking more closely at the FTDI alternatives in the future.
Unfortunately, our volume is so low that FTDI can safely ignore us.
-
Also they didn't change the VID, only the PID, can you justify only modifying the one?
I try to make an educated guess, so I stand to be corrected.
- The VID (Vendor ID) has a 1 on 1 relationship to the vendor and the PID (Product ID) has a 1 on 1 relation with a product of that vendor.
- Both VID and PID are registered at some registrar to keep track on what ID's are in use.
- It would make sense that only the registrant for VID xxx can register a PID which he did not register earlier in combination with VID xxx.
- Microsoft does not allow for any PID to contain the value 0. This could be because the USB standard does not allow for ANY PID to have the value 0.
If the above is correct:
#1: FTDI cannot change the VID to a VID registered by another company. (that other company would probably sue them)
#2: FTDI cannot change the VID to an unregistered VID. (that would probably get them in trouble with the registrar)
#3: FTDI could have chosen to register a new PID and change the fakes/clones to that PID. (but that would probably be like claiming the fakes/clones were theirs)
#4 FTDI could change the PID to a value that they did not register yet. (but this could lead to everyone to believe the fakes/clones are theirs but were leaked before official release)
#5: FTDI changed the only the PID to 0 which makes the fake/clone a device that is not compliant to the USB standards. (this makes a USB compliant device non-compliant device with the sole purpose to heat the room)
-
And now your company has "standing" to sue them in court. Have fun!
We are only a small company and can't afford the court time to sue an overseas company, even if winning was guaranteed. It's cheaper for us to take it on the chin.
-
Is the device completely disintegrated? No.
Is the device usable (as you're inferring) by the end user? Also no.
Is there a difference as far as the end user is concerned? Still no.
This is all that matters. This:
You just answered yes to the device is physically damaged (also false it in no way is even remotely physically damaged)
You also just said it is unusable (false linux has an update already) and countless end user programs work with it)
You also said is there a different to the end user, well I'm an end user and I can tell the difference so you statement is false based on the mere existence of me an end user that doesn't agree with you, I detect fakes and report them as a responsible end user should.
etc
Is all irrelevant nonsense.
And you were given the technical basis of the "damage," so try to keep up. What you say "is" has no bearing on truth without a logical follow through. As to your attempt of "FALLACY" which you've reduced yourself to, if that's all it takes for you to "win" now, then:
Argumentum Ad Fallacy - Fallacy. You lose. :)
-
The driver is copyrighted and trademarked and abusing the not illegal to abuse PID/VID system to trick a driver
Yeah, the compatible and clone counterfeit chip maker are bad boys for letting you, the windows user in a gray area when using the official FTDI driver.
It's not nice, but not illegal. It's the point of a compatible to be compatible.
The EULA is not agreed by most people using recent windows, there is no EULA on th FOSS driver, so most people did not agree to respect anything in the EULA.
Yes, it keeps coming back to the licence/agreement of the windows driver. If companies can't distribute software with licences or agreements for use (in this case possibly hidden by microsofts update process) then they'll stop producing software.
There being no alternative driver with any ID is a clear admission that the device was always dead.
Is there any chance I can convince you to say "the device was always unsupported"?
To say "it was always dead", even though users had clearly been using them for many years, is absurd (if a bit Michelangeloic). That's like suggesting that, upon its confiscation due to it having been stolen, a car that you've been driving around in for 15 years never actually moved a millimeter.
If you could convince other people not to keep saying the FTDI drivers killed, bricked, damaged, rendered inoperable, etc the device?
The devices were on life support provided by the illegal use of FTDI drivers, FTDI figured out how to and turned off the switch. I believe it was within their rights to do so. No one is stopping you resurrecting the corpses by writing some other drivers or using the legal ones on Linux.
The use wasn't illegal. Most people had the drivers installed automatically without being shown the EULA (in fact it was buried in an INF file somewhere) or knowing about the terms attached to the drivers. Clearly you can't break a contract that you haven't agreed to and haven't seen. Even if it is shown, whether the EULA is legally binding is questionable.
Whether FTDI could be prosecuted for what they did depends on whether evidence could be found showing they did it intentionally.
Now we're getting to the interesting bits, the hidden and obscure terms of the licence/agreement are on one hand needed to protect the value of software (driver) development but on the other hand people don't get a full opportunity to read the licence/agreement. An Australian comedy/consumer rights TV show called "The Checkout" had a good segment on how long you would have to spend to actually read the user agreements for common websites/software and pulled out some extremely broad terms for comedy value. There are various legal precedents for both sides of the argument and it would be a fun court case to watch if it ever makes it, but the expected damages are so low that we're unlikely to have this FTDI example make it to a judge.
I am not a lawyer. I find it hard to see how an EULA makes any difference. The drivers (like all software) are copyright. The copyright holder FTDI allow the use of their drivers under certain conditions. No agreement is required it is just a fact and using their drivers outside of those conditions is an illegal violation of their copyright. Not agreeing that you are aware of those conditions would at best only support a defence of ignorance for that violation.
Technically, it would be a violation of their LICENSE, not a violation of their copyright. Redistributing the drivers would be a violation of their copyright.
Now I can't violate their license, because I have NEVER BEEN ASKED TO AGREE TO THEIR LICENSE. They choose to include their software with Windows and they choose to never require the end user to even read, much less to agree to their license. It is idiotic to call someone in violation of something they don't even know exists. They plug in a device they purchased and for all the end user knows, Microsoft made the driver in Windows to make it work.
Now the user has a device with a legal clone in it, and by violating nothing they have agreed to, FTDI willfully destroys their property. It really is quite simple.
Summed up very nicely, this is all about if the licence distributed with the driver is sufficient. Are we going to see companies stop distributing drivers with windows because the licences can't be enforced? I'm guessing a way will be found to keep the licences enforceable, if that needs a change to the way windows delivers its drivers it will be interesting.
Microsoft has terms that people agreed to before buying or during install (wait a second, please refer the EU case that install/run time EULAs are void that makes no sense what happens if you don't buy something and they display a must read prompt that makes zero sense) which covers Microsoft services and if you don't like automatic updates and automatic terms then you should disable it. (Which is easy to do and it gives you the choice right directly as well)
What a load of bullshit. Microsoft and FTDI are two entirely separate entities. Agreeing to terms from Microsoft can in no way mean to automatically agree to any terms that a third party may come up with in the future, let alone with any third party terms that the customer has never been shown.
Like, i have a contract with my landloard to rent the place i am in. That does not mean that i have to blindly agree to any terms that, for example, the electricity company makes to supply me with electricity in said place. It doesn't matter at all what terms and conditions have been agreed to between the user and Microsoft, as far as third party stuff is concerned. Those terms only apply between MS and the customer, and no one else.
Of course, MS could say "well, yes, we adopt FTDI's terms now, and thus they are ours as well". But in that case the user has to be notified of that fact, and still shown those terms.
Greetings,
Chris
Interestingly in Australia some rental contracts will provide the landlord with the ability to enter you into further contracts of supply for services, and they don't even have to tell you they have done it for you. Law is very complicated and varies on a country by country (or even state by state) basis.
The Dutch criminal law says 2 years in jail or a 20k euro fine if you render something which isn't yours useless:
http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350 (http://wetten.overheid.nl/BWBR0001854/volledig/geldigheidsdatum_29-10-2014#TweedeBoek_TitelXXVII_Artikel350)
Well if you want to press on with bullshit legal arguments I'll raise you with the DMCA. The VID and PID of a USB device could reasonably be considered to be an access control method for drivers which may be copyrighted.
Anyone using a non-genuine FTDI USB device with VID and PID causing access to copyrighted FTDI drivers without licence would be guilty of circumventing access controls and people selling such USB devices guilty of trafficking circumvention tools.
Which is why I brought up the DCMA usage by Tektronix in their suppressing of the serial keys for the older scopes, one possible action but hard to use against embedded software/hardware and not useful in many countries.
-
Well then we should go after HDCP first because they have disabled devices in the past and probably will in the future as well. There are no legal cases against HDCP to my knowledge that have succeeded in this respect. FTDI just revoked the devices PID it still electrically is fine and works normally otherwise.
Linux just needs a fake clone driver update and windows will have a third party one too I'm sure given the level of interest. The fake chips are fake and bypassing the DRM is a joke. HDCP has caused me to spend time, money, effort, and even prevented perfectly working hardware to not function and I doubt I can get a criminal case going off that.
Letting someone's tyres down is still physically damaging as leaving the tires flat for any length of time can cause permanent physical damage to the tyre and or wheel and is not even reversible by simple re-inflation. Using linux auto-update and it magically working again isn't remotely the same. On windows Microsoft isn't likely to bypass FTDI for us so simple tools can bypass FTDI's DRM.
You're still avoiding my very basic question:
Can you agree that changing the PID stopped the Linux driver from working until about 2 days ago when a patch was released to specifically address the issue caused by FTDI changing the PID? Yes, No? Feel free to elaborate.
Can you agree that for nearly a month (from the release date of FTDI driver until the release of the Linux patch) the clones were modified to the point where they would not work with Linux? Yes, No? Feel free to elaborate.
Can you agree that any unpatched Linux system, especially embedded systems, will no longer function with a clone which has been exposed to the FTDI windows driver? Yes, No? Feel free to elaborate.
Yes, Of course FTDI intentionally revoked the PID of the fake chips.
No, users can still bypass it the device isn't "compatible"
No, changing the PID in linux does not require an updated driver
The updated driver just automatically supports fake FTDI chips that were revoked by FTDI. Its bad drm that is for sure but it isn't broken. Bypassing FTDI dumb DRM patch or not can be done with FTDIs own tools, they even have instructions for that as well.
Just use the FT_PROG tool and run,
sudo ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001
-
Also they didn't change the VID, only the PID, can you justify only modifying the one?
Which other company do you think they should have made the device claim to be manufactured by? Unlike the low life fake manufacturers they have some respect for the VIDs allocated or to be allocated to other companies.
-
Which other company do you think they should have made the device claim to be manufactured by? Unlike the low life fake manufacturers they have some respect for the VIDs allocated or to be allocated to other companies.
Look no one is saying that FTDI doesn't have a right to protect their IP, and that they love to buy clones, and that clones are the best. They're not. FTDI has a right to protect their IP. They could have done so by having the driver refuse to work with the clone, but not modifying the clone. And since they themselves are not even willing to acknowledge the change of the PID was intentional, that leads me to believe they feel there is some liability in what they have done. Unfortunately I doubt anything will come of this legally, since the small guys can not afford to sue, and the large guys will not admit they were using cloned chips. So FTDI just has to weather the PR storm, which they definitely underestimated.
-
I can't believe there is so much argument about this. Damaging an end user's product is unacceptable and illegal, even if the product was made illegally. That is not the user's fault.
It is so simple for FTDI to handle this the proper way. Do not communicate with the clones. Popping up a message to tell the used they have a fake is also fine.
Rendering the chip unusable does not gain anything for FTDI beyond refusing to communicate.
-
I can't believe there is so much argument about this. Damaging an end user's product is unacceptable and illegal, even if the product was made illegally. That is not the user's fault.
It is so simple for FTDI to handle this the proper way. Do not communicate with the clones. Popping up a message to tell the used they have a fake is also fine.
Rendering the chip unusable does not gain anything for FTDI beyond refusing to communicate.
Technically refusing to communicate also going to be making the product unusable. The illegal product may cause the user harm/inconvenience the user did not know of this and the possession of a fake isn't illegal but revoking/blocking/preventing the operation of the fake with official drivers is just what HDCP does to fake/counterfeit/or even real but possibly leaked crypto key products. Firmware for consoles and phones will also brick devices that have "unauthorized" modifications that are not careful. (Bypassing is possible but I don't think there are any successful class actions that say Sony/Microsoft/Nintendo can't brick a console on an automatic update that detects things they don't like.
The chip still works, reprogramming, and bypassing FTDI's DRM is trivial. DRM is everywhere and it doesn't seem like it is being successfully challenged in many cases.
-
Can you agree that changing the PID stopped the Linux driver from working until about 2 days ago when a patch was released to specifically address the issue caused by FTDI changing the PID?
No, users can still bypass it the device isn't "compatible"
No? I really don't understand your logic here. The clone worked on Linux, it was plugged into a windows system with the affected FTDI driver, it was then unplugged and plugged back into the Linux system. At this point, the clone no longer works. YES!? How can you dispute this?
Can you agree that any unpatched Linux system, especially embedded systems, will no longer function with a clone which has been exposed to the FTDI windows driver? Yes, No? Feel free to
Can you agree that for nearly a month (from the release date of FTDI driver until the release of the Linux patch) the clones were modified to the point where they would not work with Linux? Yes, No? Feel free to elaborate.elaborate.
No, changing the PID in linux does not require an updated driver
I'm really unsure which question you're replying NO to? Are you are saying that the thousands of embedded devices out in the field (without network connection) will continue to work with a clone exposed to the FTDI Windows driver?
The updated driver just automatically supports fake FTDI chips that were revoked by FTDI. Its bad drm that is for sure but it isn't broken. Bypassing FTDI dumb DRM patch or not can be done with FTDIs own tools, they even have instructions for that as well.
Just use the FT_PROG tool and run,
sudo ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001
I think you're assuming that because the modification (I will refrain from calling it damage) is reversible it has not been caused.
-
Just a simple question if I might...
It appears to me that the original 2.12.00 FTDI driver will work the first time a clone is used, but not subsequently. Is that true? I've not been able to lay my hands on a clone device to test this myself.
-
Well there's what FTDI *should* have done, and then there is what they did.
So, that ship has sailed-- there is no going back for a "do over", and the PR damage is *done*.
What they *could* do, is offer a free program to fix any damaged hardware, and modify their driver so that it refuses to work with anything non-FTDI. I don't think anyone would argue that their clone device *must* be supported by FTDI.
With the free program, we could at least fix the broken devices so that they would work with Linux again. This may already be done on the Linux side, and as suggested, it might be possible to use FT_PROG to "fix" the broken hardware. I was thinking of something more user-friendly or even transparent [it could be built into the new driver].
If FTDI refuses to do what's Right, we could also write an open-source Windows driver to replace the FTDI driver that does all of these things (and also works with real and cloned FTDI devices).
These things don't happen overnight. Let's wait and see what FTDI's response is going to be.
For me, it's already *over*-- I will use SiLabs' CP2104 devices from now on...
Well said. I'm a bit of an SiLabs fan-boy, they've always provided me with good support and samples. :) And there is no reason to think they would pull something like FTDI just did, but I'd be just as quick to criticize them. Companies need to protect their IP, but FTDI went just a step too far. They should of stopped at preventing the clones from working with their driver, and if they were really nice they would show a popup message explaining that is what they have done, and instruct the end-user to request a full refund.
-
Can you agree that changing the PID stopped the Linux driver from working until about 2 days ago when a patch was released to specifically address the issue caused by FTDI changing the PID?
No, users can still bypass it the device isn't "compatible"
No? I really don't understand your logic here. The clone worked on Linux, it was plugged into a windows system with the affected FTDI driver, it was then unplugged and plugged back into the Linux system. At this point, the clone no longer works. YES!? How can you dispute this?
Can you agree that any unpatched Linux system, especially embedded systems, will no longer function with a clone which has been exposed to the FTDI windows driver? Yes, No? Feel free to
Can you agree that for nearly a month (from the release date of FTDI driver until the release of the Linux patch) the clones were modified to the point where they would not work with Linux? Yes, No? Feel free to elaborate.elaborate.
No, changing the PID in linux does not require an updated driver
I'm really unsure which question you're replying NO to? Are you are saying that the thousands of embedded devices out in the field (without network connection) will continue to work with a clone exposed to the FTDI Windows driver?
The updated driver just automatically supports fake FTDI chips that were revoked by FTDI. Its bad drm that is for sure but it isn't broken. Bypassing FTDI dumb DRM patch or not can be done with FTDIs own tools, they even have instructions for that as well.
Just use the FT_PROG tool and run,
sudo ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001
I think you're assuming that because the modification (I will refrain from calling it damage) is reversible it has not been caused.
It does still work to stop working it would be impossible to talk to it or use it which if you can run the command at the bottom you certainly are using it. If FTDI blocks the use with the VCP part (retroactively) that is their bad choice to make. Their driver just revoked the part (PID) that lets that automatically happen. The device is still detected and enumerates and can be used with custom drivers, the config tool, ... (Its like WGA all over and I had a legit copy but Vista decided to go into lockdown until I called a Microsoft phone robot and had to go through hoops to fix) FTDI put it into "reduced functionality mode" as vista so named the DRM lockdown mode.
WGA is evil, Vista had the worst version of it but I don't think Microsoft got into any trouble for actually depriving users of access.
-
It does still work to stop working it would be impossible to talk to it or use it which if you can run the command at the bottom you certainly are using it. If FTDI blocks the use with the VCP part (retroactively) that is their bad choice to make. Their driver just revoked the part (PID) that lets that automatically happen. The device is still detected and enumerates and can be used with custom drivers, the config tool, ... (Its like WGA all over and I had a legit copy but Vista decided to go into lockdown until I called a Microsoft phone robot and had to go through hoops to fix) FTDI put it into "reduced functionality mode" as vista so named the DRM lockdown mode.
WGA is evil, Vista had the worst version of it but I don't think Microsoft got into any trouble for actually depriving users of access.
I really don't understand your logic, here is my hypothetical scenario:
0. I'm a poorly trained tech that is responsible for running periodic test routines on an accelerometer.
1. The accelerometer uses an FT232 chip, which happens to be a clone.
2. In normal operation it is connected to an embedded Linux platform which I am not allowed to modify.
3. To perform my periodic test routine, I unplug the accelerometer from the Linux host, and plug it into my Windows 7 PC.
4. My PC happens to have the affected driver from FTDI.
5. When I plug in the accelerometer, the FTDI driver changes its PID.
6. I then unplug the accelerometer and plug it into the Linux machine.
The question is: Will the accelerometer still send data into the Linux machine? |O Here is a hint, the drivers are old because this is an embedded system. I also don't know that the PID has been changed, nor do I know how to fix it.
Can you honestly say that the accelerometer still works as intended and sends its data to the Linux system? YES, NO? Don't explain, I'm really starting to believe you're a troll.
I know it can be fixed. I know the device isn't permanently damaged. But in it's state, it does not work until the fixes are performed.
-
I've been bitten by this debacle even though I'm close to 100% confident there will be no FTDI fakes in my products.
We are about to release a new product (was supposed to be today) that contains a FT230X, and as part of my software install I include the installer for the FTDI driver. As a result, I would be responsible for putting this dangerous driver on other people's computers. That is an unacceptable legal risk for my company.
We now have no choice but to hold off release until FTDI fixes this. And I also have to do all my installer testing again. This will cost my company at least half a day of my time, not to mention possible lost sales because of a late release.
I'm very disappointed and annoyed, and will be looking more closely at the FTDI alternatives in the future.
Unfortunately, our volume is so low that FTDI can safely ignore us.
So hassle factor, extra time, risk of losing customers. Not a small thing for a small company.
-
It does still work to stop working it would be impossible to talk to it or use it which if you can run the command at the bottom you certainly are using it. If FTDI blocks the use with the VCP part (retroactively) that is their bad choice to make. Their driver just revoked the part (PID) that lets that automatically happen. The device is still detected and enumerates and can be used with custom drivers, the config tool, ... (Its like WGA all over and I had a legit copy but Vista decided to go into lockdown until I called a Microsoft phone robot and had to go through hoops to fix) FTDI put it into "reduced functionality mode" as vista so named the DRM lockdown mode.
WGA is evil, Vista had the worst version of it but I don't think Microsoft got into any trouble for actually depriving users of access.
I really don't understand your logic, here is my hypothetical scenario:
0. I'm a poorly trained tech that is responsible for running periodic test routines on an accelerometer.
1. The accelerometer uses an FT232 chip, which happens to be a clone.
2. In normal operation it is connected to an embedded Linux platform which I am not allowed to modify.
3. To perform my periodic test routine, I unplug the accelerometer from the Linux host, and plug it into my Windows 7 PC.
4. My PC happens to have the affected driver from FTDI.
5. When I plug in the accelerometer, the FTDI driver changes its PID.
6. I then unplug the accelerometer and plug it into the Linux machine.
The question is: Will the accelerometer still send data into the Linux machine? |O Here is a hint, the drivers are old because this is an embedded system. I also don't know that the PID has been changed, nor do I know how to fix it.
Can you honestly say that the accelerometer still works as intended and sends its data to the Linux system? YES, NO? Don't explain, I'm really starting to believe you're a troll.
I know it can be fixed. I know the device isn't permanently damaged. But in it's state, it does not work until the fixes are performed.
Ah, we have just such a setup. Its a linear motor table meant to test active vibration dampening control uses much more advanced data capture than a simple RS-232 can handle but anyways. I have an even better case which is our student's dev boards that have an on board accelerometer piped through an FT232 chip.
So
-1. Students have in the past bricked FTDI chips and broken MSP430 micros by messing around with the config. So we have prepared for many odd situations. One of which includes an invalid VID/PID (assigned by FTDI, a student, their custom programs, ...) and how to fix it. (Overclocking an MSP430 (you must mess up the fail safe DCO config to do so) can be sometimes half resolved by doing a little reset glitch but in the end most of the time the damage is physical and the chip is basically dead)
0. None of our students are what you would call well trained
1. I guess a student could slap a clone chip on a board if they broke it and didn't want to pay the 200+$ fee for discouraging students from breaking/losing things.
2. We do have embedded linux workstations that run control loop simulations (they cannot be modified)
3. We do have mixed OS windows 7, linux, mac os (for flow simulations)
4. Concivably yes a station could update the driver
5. The FTDI driver could "reduce the functionality" of the clone by altering the PID
6. Plugging it into the linux will not work initially, yes but it doesnt stop there.
7. They remember the big bold it doesn't work do this document, and go oh maybe the ID is wrong as it says right there device not being recongized by the FTDI driver check the PID/VID combination. They hop over to a nearby window xp computers (the lab isn't networked as you said, it really isn't for the lab machines) and update the the invalid PID.
8. Plug back in and they go on their merry way.
9. A good student would tell me about it and if I did not already know about it then I would just say we have that covered.
Obviously FDTI's behavior is very similar to evil WGA, HDCP but that doesn't mean its illegal. And yes obviously the reduced functionality means it doesn't automatically work with VCP drivers.
-
Which other company do you think they should have made the device claim to be manufactured by? Unlike the low life fake manufacturers they have some respect for the VIDs allocated or to be allocated to other companies.
Look no one is saying that FTDI doesn't have a right to protect their IP, and that they love to buy clones, and that clones are the best. They're not. FTDI has a right to protect their IP. They could have done so by having the driver refuse to work with the clone, but not modifying the clone.
You asked why they didn't change the VID and I told you. I will tell you and everyone yet again that they don't want to simply have their driver refuse to work with these non-genuine chips because the faulty implementation of the clone they exploit involves writing to EEPROM and if they kept on doing this every time the device was plugged in or powered the EEPROM would wear out and the chip really would be damaged. The PID change means the device does not cause unlicensed drivers to be loaded in the future including unlicensed previous versions of the drivers which don't perform the check.
The driver performs exactly the same actions on all chips. It doesn't detect or treat differently non-genuine chips. The chip bricks itself because it doesn't accurately mimic a genuine chip. They may have deliberately chosen to let the chip brick itself because of legal implications or perhaps just because it was quick and easy.
-
You asked why they didn't change the VID and I told you. I will tell you and everyone yet again that they don't want to simply have their driver refuse to work with these non-genuine chips because the faulty implementation of the clone they exploit involves writing to EEPROM and if they kept on doing this every time the device was plugged in or powered the EEPROM would wear out and the chip really would be damaged. The PID change means the device does not cause unlicensed drivers to be loaded in the future including unlicensed previous versions of the drivers which don't perform the check.
The driver performs exactly the same actions on all chips. It doesn't detect or treat differently non-genuine chips. The chip bricks itself because it doesn't accurately mimic a genuine chip. They may have deliberately chosen to let the chip brick itself because of legal implications or perhaps just because it was quick and easy.
You're right you could wear out the EEPROM like you suggest, however there are ways to minimize the risk.
1. Write once, check the value, restore the old value. Note the serial number of the device, don't accept it in the future. (Prone to collision if a legitimate FT232 with the same number gets plugged into the same machine, but very unlikely). So 2 EEPROM writes per Windows PC plugged into.
2. Write a mark to EEPROM addresses 61 and 62, and check for the mark each time the driver loads. Marginally better, the EEPROM is still written, the PID isn't changed, but the driver refuses to work.
I'm sure someone with much better knowledge of the EEPROM layout could suggest other options.
-
5. The FTDI driver could "reduce the functionality" of the clone by altering the PID
6. Plugging it into the linux will not work initially, yes but it doesnt stop there.
So the FTDI driver has disabled the clone from working and you need to go through a set of steps (7-9) to fix this. Thank you. Thankfully you have an infrastructure in-place to deal with this specific error, many others do not.
7. They remember the big bold it doesn't work do this document, and go oh maybe the ID is wrong as it says right there device not being recongized by the FTDI driver check the PID/VID combination. They hop over to a nearby window xp computers (the lab isn't networked as you said, it really isn't for the lab machines) and update the the invalid PID.
8. Plug back in and they go on their merry way.
9. A good student would tell me about it and if I did not already know about it then I would just say we have that covered.
Obviously FDTI's behavior is very similar to evil WGA, HDCP but that doesn't mean its illegal. And yes obviously the reduced functionality means it doesn't automatically work with VCP drivers.
You may be okay that, as a direct result of FTDI's actions, you are having to troubleshoot and fix the problem, but many other are not. How you respond to FTDI's actions is your choice, but your response, whether it be acceptance and fixing, or outrage does not make FTDI's actions legal or illegal.
It is my belief that FTDI made the device non-functional and that this could be considered a crime as you own it, and FTDI has no IP claims against a compatible re-implementation of their design. Yes that sucks, but it is the boat FTDI is in. Even if they did have a claim, they would need to go through the court system to get an injunction to allow them to do this. Typically counterfeit goods are seized by the proper authorities (not the manufacturer, although often with their assistance) and destroyed.
FTDI can most certainly disable/prevent their driver from working with the clone, there-by achieving nearly the same effect. There is the issue of the device still working with previous driver versions, however if FTDI was concerned about clones they very well could have designed security into their product from the very beginning, they did not. It sucks and I sympathize with FTDI, god know I would hate having something I designed cloned, however I would have stayed within the legal means availiable to me. FTDI is definately in the gray, since they will not admit this was done on purpose, and have deleted tweets which did (I need a reference for this).
-
I thought Dave mentioned in his video rant that he had captured copies of the tweets...?
I may be wrong.
-
Again the device is in no way "destroyed" FTDI's drivers do not have to legally interoperable or even allow them to keep the same PID they report. Altering the PID is not a damaging action and only prevents it from working with FTDI's drivers, third party programs and tools can still use the chip normally.
I think you're a fairly reasonable person a210, but can you admit that this is not true? The device is prevented from working with any old build of Linux, or BSD, which does not have a fix for the PID being cleared to 0000s. There are many many embedded devices our there which use Linux, within which it is not simple to update the Linux build.
Exactly. I even have embedded firmware in the field which doesn't work with a bricked FT232 device and this firmware is not easy to update.
-
5. The FTDI driver could "reduce the functionality" of the clone by altering the PID
6. Plugging it into the linux will not work initially, yes but it doesnt stop there.
So the FTDI driver has disabled the clone from working and you need to go through a set of steps (7-9) to fix this. Thank you. Thankfully you have an infrastructure in-place to deal with this specific error, many others do not.
7. They remember the big bold it doesn't work do this document, and go oh maybe the ID is wrong as it says right there device not being recongized by the FTDI driver check the PID/VID combination. They hop over to a nearby window xp computers (the lab isn't networked as you said, it really isn't for the lab machines) and update the the invalid PID.
8. Plug back in and they go on their merry way.
9. A good student would tell me about it and if I did not already know about it then I would just say we have that covered.
Obviously FDTI's behavior is very similar to evil WGA, HDCP but that doesn't mean its illegal. And yes obviously the reduced functionality means it doesn't automatically work with VCP drivers.
You may be okay that, as a direct result of FTDI's actions, you are having to troubleshoot and fix the problem, but many other are not. How you respond to FTDI's actions is your choice, but your response, whether it be acceptance and fixing, or outrage does not make FTDI's actions legal or illegal.
It is my belief that FTDI made the device non-functional and that this could be considered a crime as you own it, and FTDI has no IP claims against a compatible re-implementation of their design. Yes that sucks, but it is the boat FTDI is in. Even if they did have a claim, they would need to go through the court system to get an injunction to allow them to do this. Typically counterfeit goods are seized by the proper authorities (not the manufacturer, although often with their assistance) and destroyed.
FTDI can most certainly disable/prevent their driver from working with the clone, there-by achieving nearly the same effect. There is the issue of the device still working with previous driver versions, however if FTDI was concerned about clones they very well could have designed security into their product from the very beginning, they did not. It sucks and I sympathize with FTDI, god know I would hate having something I designed cloned, however I would have stayed within the legal means availiable to me. FTDI is definately in the gray, since they will not admit this was done on purpose, and have deleted tweets which did (I need a reference for this).
We don't even get much money for that part of the course work and I took a few minutes of my time a few years ago to write a help its not working guide. Because its covered and is a joke to fix vs. how I "fixed" HDCP I don't see how they are any different. Both modify hardware and both reduce or add steps that causes issues for a user and I've spend hours troubleshooting various AV setups around work and at home that clearly are a related to HDCP not handshaking properly or not liking certain cheap devices in the device chain. (The moment you get a little more complicated than a standard setup and HDCP is a huge drain on time/resources/money its unpredictable even with professional equipment) To this day I don't have a simple guide on HDCP other than some rare devices really don't listen at all to HDCP and for now haven't been revoked but that can change pretty quickly.
The device certainly is put into a reduced functionality mode but it isn't (rendered non-functional) as it still functions and you can still use it if as you said you know what your doing. FTDI does have an IP claim to the driver and a non-official device talking to the driver might get asked to go jump in a lake and while it definitely is a form of DRM the real FTDI chips say nope not jumping in the lake while the other fake one does and since they were not really evil and didn't use the actually damaging config options you can still get the clone to buddy up with the FTDI driver by locking them in a room with no lake.
FTDI did prevent their drivers from working with it post and present. Just because security didn't exist before doesn't mean FTDI/HDCP can't block a device after the fact by revoking the numbers in hardware. Revocation lists are exactly for that (Every disc, device, ... has the latest version and they automatically update devices nearby even if that means the device should no longer advertise HDCP compliance). HDCP 2.2 is going to be even more "fun" I'm sure of that. (Given how every rev was compromised sometimes massively they are not going to play nice that is for sure)
-
I thought Dave mentioned in his video rant that he had captured copies of the tweets...?
I may be wrong.
Aren't the captured screenshots in the rant video?
http://youtu.be/eU66as4Bbds?t=13m56s (http://youtu.be/eU66as4Bbds?t=13m56s)
-
I wonder if FTDI have pulled the update. http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.00%20WHQL%20Certified.zip) (the latest version on their site) redirects to the v2.10 download - not sure if it always has done this or not?
I downloaded the 2.12.00 driver a few days ago and got the 2.12.00, not the 2.10.00. This sounds like 2.10 is the latest driver that doesn't do the bricking. If I could just prove that we could go ahead with release only a day or 2 late.
I'll try emailing FTDI.
-
The device certainly is put into a reduced functionality mode but it isn't (rendered non-functional) as it still functions and you can still use it if as you said you know what your doing. FTDI does have an IP claim to the driver and a non-official device talking to the driver might get asked to go jump in a lake and while it definitely is a form of DRM the real FTDI chips say nope not jumping in the lake while the other fake one does and since they were not really evil and didn't use the actually damaging config options you can still get the clone to buddy up with the FTDI driver by locking them in a room with no lake.
If the device is put into this reduced functionality mode, and can't be used for its intended purpose until it is fixed, then it is non-functional. Period. It cannot function until fixed, hence non-functional. Yes it can be repaired from this non-functional mode, and made to function again. I'm even willing to say its not damaged, others would take the view that since its not easily fixed by the average user of the end product, then for all intent and purpose it is damaged or destroyed. Yes you are very skilled and can fix or solve this problem in the blink of an eye, but that doesn't mean it didn't exist. If I had to hire you to diagnose and fix this problem you would be looking to get paid right?
FTDI did prevent their drivers from working with it post and present. Just because security didn't exist before doesn't mean FTDI/HDCP can't block a device after the fact by revoking the numbers in hardware. Revocation lists are exactly for that (Every disc, device, ... has the latest version and they automatically update devices nearby even if that means the device should no longer advertise HDCP compliance). HDCP 2.2 is going to be even more "fun" I'm sure of that. (Given how every rev was compromised sometimes massively they are not going to play nice that is for sure)
FTDI could have prevented their drivers from working without changing the PID. It they wanted to have a revocation list, then FTDI's driver could detect a clone (restoring any EEPROM changes they made), and then store the clone's serial number and refuse to load the FTDI driver for it. Something that I believe would be legal (some people may contest this point, I will not, I think its acceptable).
You either change the driver to not function with the clone, or you change the clone to not function with the driver. I believe the former is likely legal, while the latter is likely not.
1. A change to the clone's PID for no other reason than to render clones in-operable (non-functional) for the time being or until they're fixed is likely to be illegal. I think its a fallacy to consider this a revocation, because you modified the clone in a way that in its current state it would not function with 3rd party drivers in other OS's, until either the device or the 3rd party driver is 'fixed'.
2. A change to FTDI's driver to prevent it from functioning with clones is likely legal. Such as having the FTDI driver store the clone's serial number, and refuse to work with it in the future. This would be acceptable in my mind, and I would consider this an implementation of a revocation list.
I don't think this argument is unreasonable, and I suspect many would agree. I am sympathetic to FTDI's plight, and clones do need to combated, but this should be done in the supply chain, not by involving unsuspecting end users. And at the very least, the fact that a clone was disabled (made non-functional) should be reported, not done silently.
-
The device certainly is put into a reduced functionality mode but it isn't (rendered non-functional) as it still functions and you can still use it if as you said you know what your doing. FTDI does have an IP claim to the driver and a non-official device talking to the driver might get asked to go jump in a lake and while it definitely is a form of DRM the real FTDI chips say nope not jumping in the lake while the other fake one does and since they were not really evil and didn't use the actually damaging config options you can still get the clone to buddy up with the FTDI driver by locking them in a room with no lake.
If the device is put into this reduced functionality mode, and can't be used for its intended purpose until it is fixed, then it is non-functional. Period. It cannot function until fixed, hence non-functional. Yes it can be repaired from this non-functional mode, and made to function again. I'm even willing to say its not damaged, others would take the view that since its not easily fixed by the average user of the end product, then for all intent and purpose it is damaged or destroyed. Yes you are very skilled and can fix or solve this problem in the blink of an eye, but that doesn't mean it didn't exist. If I had to hire you to diagnose and fix this problem you would be looking to get paid right?
FTDI did prevent their drivers from working with it post and present. Just because security didn't exist before doesn't mean FTDI/HDCP can't block a device after the fact by revoking the numbers in hardware. Revocation lists are exactly for that (Every disc, device, ... has the latest version and they automatically update devices nearby even if that means the device should no longer advertise HDCP compliance). HDCP 2.2 is going to be even more "fun" I'm sure of that. (Given how every rev was compromised sometimes massively they are not going to play nice that is for sure)
FTDI could have prevented their drivers from working without changing the PID. It they wanted to have a revocation list, then FTDI's driver could detect a clone (restoring any EEPROM changes they made), and then store the clone's serial number and refuse to load the FTDI driver for it. Something that I believe would be legal (some people may contest this point, I will not, I think its acceptable).
You either change the driver to not function with the clone, or you change the clone to not function with the driver. I believe the former is likely legal, while the latter is likely not.
1. A change to the clone's PID for no other reason than to render clones in-operable (non-functional) for the time being or until they're fixed is likely to be illegal. I think its a fallacy to consider this a revocation, because you modified the clone in a way that in its current state it would not function with 3rd party drivers in other OS's, until either the device or the 3rd party driver is 'fixed'.
2. A change to FTDI's driver to prevent it from functioning with clones is likely legal. Such as having the FTDI driver store the clone's serial number, and refuse to work with it in the future. This would be acceptable in my mind, and I would consider this an implementation of a revocation list.
I don't think this argument is unreasonable, and I suspect many would agree. I am sympathetic to FTDI's plight, and clones do need to combated, but this should be done in the supply chain, not by involving unsuspecting end users. And at the very least, the fact that a clone was disabled (made non-functional) should be reported, not done silently.
The device is still functional and reduced functionality just means its not as easy to use, anyone can just force it to work with the driver as a workaround while they sort things out. I used the slmgr -rearm when windows activation went berserk one time on windows for no good reason and that isn't exactly command everyone knows about automatically. WGA false positives where harder to fix and wasted far more time. The FTDI driver issue is a joke to fix, their guides even tell you how to do it. Some uses don't even have the default PID/VID combination so they wouldn't even notice even if they have fake clone devices.
You wouldn't need to pay me those are so easy to fix and I always get emails from family asking for all manner of simple to fix computer problems. I charge money for support that requires me to visit onsite or write new code/... (Free level of support I provide for any previously paid work is also a given if someone uses my code I stand by it and even if an FTDI driver, windows problem, ethernet misconfiguration, and even a dumb user... affected it I can at least help point them in the right direction for free) I work on the principle that I will provide limited free support by email but if you want timely and defined support it costs money. (Any bugs that are clearly my fault I will also correct for free obviously) I don't exactly charge people after the answer is oh the cable was plugged into the wrong device or the dial was in the wrong position. The FTDI issue is remote desktop detectable/fixable so can easily be under my free support level of fixes. (So no I would not charge you as I would first ask to check remotely before spending money on a site visit which I would have to charge because it cost money to go somewhere and I can't tend to other tasks at the same time when I'm on site)
To me, obviously different than others for something to be "broken" or rendered non-functional it has to require physical repair. Software/driver issues are the norm for me and its just part of the day for me, bad drivers, mean companies, stupid users, ... (As long as I can do it remotely I don't really care). Plus I've seen CAD system say oh your license is in use by someone else I'm just going to crash now instead of letting you save your work say goodbye to those hours of work you just put in because you only have a handful of licenses on the network and for some reason I can't just tell the newest user that there is no free licenses. (The software also had no auto-recover/save feature, and after that I saved every half hour, saving too much can corrupt the file... also no undo, it was a wonderfully "fun" software to use, it was really old to be fair)
Just never let those Indian remote support "Microsoft Tech Support" people get to you. They call me every month or so and I lead them on for as long as they don't notice. I reported them a lot but there isn't much to be done short of setting up a honeypot system (which is in progress) to get more info to report to the legitimate software companies getting tarred by fake support tech call scams. (Remote desktop is powerful stuff)
1) Revocation is valid as it is a updated number that is written to flash memory. If HDCP decides a real legit device should no longer work with anything they have the ability and have in the past done so with no legal challenge. The literal system for HDCP updates is any new device or blu-ray disk has updated revoked device keys and any compliant device should commit them and enforce them even if that means the device itself should invalidate itself. (This as FTDI's driver is all automatic) The drivers do still work with non default VID/PID combinations and the fix is simple vs the very complex hoops to fix HDCP problems (Which includes replacing hardware).
2) FTDI's drivers do not work with clones (past/present) is probably what they intended (which is what the PID revoking did) but it would be far nicer to say please do not use old drivers and clones won't work anymore at all. (But allow people to use it unofficially and unsupported)
(FTDI doesn't control the serial number process for the clones how do they ensure that the clone won't cause a conflict with a real device that collides with the SN#)
FTDI also has no distribution method to ship a revoked device SN list with their drivers or update them automatically and that would just add bloat that legitimate users don't need and would be even more like HDCP. The PID change is revoking access without the need for complicated and very abuse prone revocation lists.
Illegal clones should be rooted out and in the end of all this they shouldn't exist.
I wholly agree that FTDI is very stupid for on how they handled this. And think the PID change is dumb/bad but not illegal because it works very similar to HDCPs systems where devices are subject to automatic updating, revocation, disablement.
I would have just given tools to let people check chips months ago, then inform users of their plans to counter use of clone chips with official drivers, and then provide detailed instructions on what is going to happen and what to do if your affected. Then after everyone is ready press go and everyone won't be surprised and they will know how it works, what it means, how to fix it.
-
I think we have differing opinions, I most definitely think that if it requires any repair, its broken, however quickly you may repair it whether it be by flipping bits or tightening bolts. I very much doubt an average end user could perform the repair without contacting you, and since you've graciously said you're willing to help over e-mail, I'll leave it up to them to PM you.
So I'll leave this discussion, because I'm out of stamina, but before I do, I'll add a very practical way for FTDI to use a combined EEPROM check and a SN list to deny clones from loading the FTDI driver, while at the same time protecting the integrity of the clone's EEPROM.
Using a SN (serial number) to revoke clones is not that difficult at all, and requires no distribution of a revocation list. The list is auto-generated by the driver, stored only on the PC on which the driver is installed, and not shared through any means. Here is how I would write the code:
1. The driver installs for the first time with an empty SN revocation list.
2. A user plugs in an FT232 chip.
3. The serial number of the chip is checked against the revocation list.
4. If the SN in the list, the driver refuses to load, and it is done.
5. If the SN is not in the list. Run the current test to see if you can modify the devices EEPROM (ie detect a clone) AND restore the EEPROM to its original form.
6. If you detected a clone, add it to the revocation list and refuse to load the driver. Display error message.
7. It is not on the list, and it safely passed the clone check, you load the driver.
There are no issues with distributing a SN revocation list. On any subsequent insertion, the clone would not have the EEPROM check ran, so the EEPROM wear level of the clone would be not be affected. There is an extremely slight chance (depending on the entropy of FTDI's serial numbers) that a user will have both a clone and a real FTDI device with the same serial number. Since the list is not shared, and is auto-generated, I feel that this would be an acceptable risk. I'm sure someone could crunch numbers for different scenarios, but I'm confident that this collision would effect less than 1 in a million users. The false positive would barely add to the overall failure rate of FTDI devices.
Edit:
You might not even call this a revocation list, but a local cache of devices you've already confirmed to be clones, which do not need to be checked.
-
In the end, in all likelihood, FTDI's product may fade into history, but the name FTDI will not.
All the technicalities and legalities are irrelevant. Bottom line is did they make their product desirable for designers to incorporate it into their product. The answer appears to be an emphatic no.
This move is probably going to be studied by business schools in the future years. Not too many company failures can be attributed to a single act, but this driver release may be one of those few "single act that killed a company."
FTDI probably will succeed in eliminating the counterfeits and the compatibles and thus be the sole manufacturer of that chip. They will maintain the price premium and perhaps even increase their price premium significantly - for the half dozen people left who continued to use them in their design. Small runs are expensive and do command a huge premium.
The death spiral has begun. RIP – FTDI... You will be remembered at least in Business School case studies.
Rick
-
I think we have differing opinions, I most definitely think that if it requires any repair, its broken, however quickly you may repair it whether it be by flipping bits or tightening bolts. I very much doubt an average end user could perform the repair without contacting you, and since you've graciously said you're willing to help over e-mail, I'll leave it up to them to PM you.
So I'll leave this discussion, because I'm out of stamina, but before I do, I'll add a very practical way for FTDI to use a combined EEPROM check and a SN list to deny clones from loading the FTDI driver, while at the same time protecting the integrity of the clone's EEPROM.
Using a SN (serial number) to revoke clones is not that difficult at all, and requires no distribution of a revocation list. The list is auto-generated by the driver, stored only on the PC on which the driver is installed, and not shared through any means. Here is how I would write the code:
1. The driver installs for the first time with an empty SN revocation list.
2. A user plugs in an FT232 chip.
3. The serial number of the chip is checked against the revocation list.
4. If the SN in the list, the driver refuses to load, and it is done.
5. If the SN is not in the list. Run the current test to see if you can modify the devices EEPROM (ie detect a clone) AND restore the EEPROM to its original form.
6. If you detected a clone, add it to the revocation list and refuse to load the driver. Display error message.
7. It is not on the list, and it safely passed the clone check, you load the driver.
There are no issues with distributing a SN revocation list. On any subsequent insertion, the clone would not have the EEPROM check ran, so the EEPROM wear level of the clone would be not be affected. There is an extremely slight chance (depending on the entropy of FTDI's serial numbers) that a user will have both a clone and a real FTDI device with the same serial number. Since the list is not shared, and is auto-generated, I feel that this would be an acceptable risk. I'm sure someone could crunch numbers for different scenarios, but I'm confident that this collision would effect less than 1 in a million users. The false positive would barely add to the overall failure rate of FTDI devices.
Edit:
You might not even call this a revocation list, but a local cache of devices you've already confirmed to be clones, which do not need to be checked.
A local cache isn't really going to do much good if they actually want them to not work with their software (old/new) as HDCP can do. There is no local cache in HDCP once the revocation is updated it sticks and removing it isn't possible (probably is). The PID change effectively does the same thing.
The nicer and cleaner thing to do would be to give a Microsoft driver error code which doesn't reset automatically and Microsoft would automatically handle the this as if the device doesn't work and keep it that way. If you plug a different chip it should get its own auto-driver install from what I've seen and if its real it can connect properly or not get another driver error. There is no need to store extra info or anything and it won't try to check again if the driver is in a failed state to windows even if the device same is connected again.
PID 0000 is a HDCP style (evil) thing to do. (Throwing a driver error is cleaner and has no bloat) Coupled with telling people well before the patch everyone will be prepared.
Something like Error 43, Windows has stopped this device because it has reported problems.
Or not sure if FTDI can call this error but Error 48, The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (That is probably an avenue to block older driver versions)
-
In the end, in all likelihood, FTDI's product may fade into history, but the name FTDI will not.
All the technicalities and legalities are irrelevant. Bottom line is did they make their product desirable for designers to incorporate it into their product. The answer appears to be an emphatic no.
This move is probably going to be studied by business schools in the future years. Not too many company failures can be attributed to a single act, but this driver release may be one of those few "single act that killed a company."
FTDI probably will succeed in eliminating the counterfeits and the compatibles and thus be the sole manufacturer of that chip. They will maintain the price premium and perhaps even increase their price premium significantly - for the half dozen people left who continued to use them in their design. Small runs are expensive and do command a huge premium.
The death spiral has begun. RIP – FTDI... You will be remembered at least in Business School case studies.
Rick
Goodwill and trust takes years to build up and one mistake to tear down in an instant.
But in any case I think higher levels of integration are more a threat to FTDI you can get micro's with built in USB support, Ethernet, RF, ... and the market moves fast and getting the entire thing on one SoC is quite appealing. I'm looking into getting our 1st year boards down to a single chip solution and I'm pretty sure if spent the time it would be easy to build what we need as most of our stuff is old designs passed down from years ago.
Bottom line is FTDI screwed up their response, started a massive burn goodwill bonfire, and I think is still stoking it. (Regardless of if they are allowed to do it or not) I think that is something that is very clear.
Seriously is probably going to be a good example of failed PR I should recommend it to APSC prof that does a course on that kind of stuff (Business case studies)
-
A local cache isn't really going to do much good if they actually want them to not work with their software (old/new) as HDCP can do. There is no local cache in HDCP once the revocation is updated it sticks and removing it isn't possible (probably is). The PID change effectively does the same thing.
A local cache would not help with past drivers, this is true, but I think that is something FTDI has to accept, and move forward. Innovate their chips, improve their IP, and add some sort of SHA based authentication into their chips at a bare minimum.
Changing the PID is not effectively the same, because it also kills legal clone interoperation with 3rd party drivers which would need to be updated on every BSD and Linux system. This is the big liability FTDI sees, and why the driver had to be pulled, and why FTDI is denying the PID change was intentional. Changing the PID also causes the clone to silently fail with old FTDI drivers, so again not a very good solution.
There is no best solution: one is more destructive and opens you to liability, the other is less destructive but will not prevent people from using older drivers. I thought I read in the previous posts that someone has changed the INF file on the older driver to accept PID 0000, which means people will be able to use a modified old driver anyway.
Something like Error 43, Windows has stopped this device because it has reported problems.
Or not sure if FTDI can call this error but Error 48, The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (That is probably an avenue to block older driver versions)
Yes a proper error code, or a notification pop-up, would have to be a part of any solution, there we agree.
-
Goodwill and trust takes years to build up and one mistake to tear down in an instant.
But in any case I think higher levels of integration are more a threat to FTDI you can get micro's with built in USB support, Ethernet, RF, ... and the market moves fast and getting the entire thing on one SoC is quite appealing. I'm looking into getting our 1st year boards down to a single chip solution and I'm pretty sure if spent the time it would be easy to build what we need as most of our stuff is old designs passed down from years ago.
Bottom line is FTDI screwed up their response, started a massive burn goodwill bonfire, and I think is still stoking it. (Regardless of if they are allowed to do it or not) I think that is something that is very clear.
Seriously is probably going to be a good example of failed PR I should recommend it to APSC prof that does a course on that kind of stuff (Business case studies)
I think you hit the nail on the head, or even nailed it into FTDI's coffin. When I started using FTDI the AT90S8515 was still a mainstream part, ATMEGAs were just starting to come out from Atmel, although many were vapourware, and certainly none had integrated USB. That was over a decade ago, and now it's a different ballgame. About a decade ago I had the chance to use the LPC2146 when it first came out, and wrote both the firmware (with heavy help from app notes) and the windows side drivers (with heavy help of libusb). The chip was still fairly expensive back then, now you can get ARM Cortex-M3s with USB for less than an FT232.
Not only did FTDI screw-up their response, they did the wrong thing in the first place.
-
A local cache isn't really going to do much good if they actually want them to not work with their software (old/new) as HDCP can do. There is no local cache in HDCP once the revocation is updated it sticks and removing it isn't possible (probably is). The PID change effectively does the same thing.
A local cache would not help with past drivers, this is true, but I think that is something FTDI has to accept, and move forward. Innovate their chips, improve their IP, and add some sort of SHA based authentication into their chips at a bare minimum.
Changing the PID is not effectively the same, because it also kills legal clone interoperation with 3rd party drivers which would need to be updated on every BSD and Linux system. This is the big liability FTDI sees, and why the driver had to be pulled, and why FTDI is denying the PID change was intentional. Changing the PID also causes the clone to silently fail with old FTDI drivers, so again not a very good solution.
There is no best solution: one is more destructive and opens you to liability, the other is less destructive but will not prevent people from using older drivers. I thought I read in the previous posts that someone has changed the INF file on the older driver to accept PID 0000, which means people will be able to use a modified old driver anyway.
Something like Error 43, Windows has stopped this device because it has reported problems.
Or not sure if FTDI can call this error but Error 48, The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (That is probably an avenue to block older driver versions)
Yes a proper error code, or a notification pop-up, would have to be a part of any solution, there we agree.
Wonder what are the chances they are going to go on a rampage and try to wipe out of existence their older drivers... (That would be futile but given how they have responded it wouldn't be surprising)
Legal clones shouldn't be using FTDI's VCP driver by default so they would have a different VID/CID to be very clean room style developed legal clones with their own VCP driver for proper interoperability. Which may or may not be so close or functionally identical to FTDI's interface that if you did change the VID/CID to match it would have worked with old FTDI drivers but devs have to test that themselves and they would in the new FTDI drivers realize it doesn't work properly and revert to using their proper clone VID/PID and tell users FTDI isn't being nice. FTDI probably sees more a giant backlash of the online community than legal issues including their continued poor handling of the situation. (Bottom line is that the bad PR is more damaging than any legal case would likely ever be if ever)
The bypass is trivial for FTDI PID 0000 mess just like how the master HDCP key is also in the wild making the revocation system pretty ineffective from a technical standpoint. Its just a poor mean method of revoking use that both FTDI and HDCP do.
But yes I think we mostly agree FTDI screwed up big time and the proper nice thing to do is use less invasive methods to inform users that they have been scammed. Microsoft learned that restricting access is not a nice thing to do and logging people out after a timer is also pretty mean, now it just makes your desktop black and has a nag watermark. HDCP did not learn however and HDCP 2.2 is just going to be worse. (Even worse is that it is going to affect basically every media interface out there, key revocation may actually brick things people would never expect)
We will see what their next driver does and it will be super face palm if they just keep on digging. (Their PR is also abysmal and needs a critical human update)
-
Goodwill and trust takes years to build up and one mistake to tear down in an instant.
But in any case I think higher levels of integration are more a threat to FTDI you can get micro's with built in USB support, Ethernet, RF, ... and the market moves fast and getting the entire thing on one SoC is quite appealing. I'm looking into getting our 1st year boards down to a single chip solution and I'm pretty sure if spent the time it would be easy to build what we need as most of our stuff is old designs passed down from years ago.
Bottom line is FTDI screwed up their response, started a massive burn goodwill bonfire, and I think is still stoking it. (Regardless of if they are allowed to do it or not) I think that is something that is very clear.
Seriously is probably going to be a good example of failed PR I should recommend it to APSC prof that does a course on that kind of stuff (Business case studies)
I think you hit the nail on the head, or even nailed it into FTDI's coffin. When I started using FTDI the AT90S8515 was still a mainstream part, ATMEGAs were just starting to come out from Atmel, although many were vapourware, and certainly none had integrated USB. That was over a decade ago, and now it's a different ballgame. About a decade ago I had the chance to use the LPC2146 when it first came out, and wrote both the firmware (with heavy help from app notes) and the windows side drivers (with heavy help of libusb). The chip was still fairly expensive back then, now you can get ARM Cortex-M3s with USB for less than an FT232.
Not only did FTDI screw-up their response, they did the wrong thing in the first place.
I can agree they did a very bad, wrong, mean thing to PID 0000 people's stuff into what I call reduced functionality mode and what others considered killed (I'm very optimistic and know enough that it isn't actually dead). The bottom line is the same. Well within their rights to do random ass stuff as its their driver but it doesn't feel very nice like how I hate HDCP with a passion and it works basically the same way in meddling with your hardware. (So me associating FTDI's actions with HDCP's system is not exactly a glowing endorsement)(HDCP is worse because it messes up everything if you even look at it the wrong way)
And then FTDI followed up with a horrible PR response that is still going.
I can help people if they need assistance in bypassing or customizing the old driver to work with PID 0000. (No time frame is guaranteed though) and its no charge, no response expected time frame type support.
-
It does still work to stop working it would be impossible to talk to it or use it which if you can run the command at the bottom you certainly are using it.
No. A device with a PID of 0 is not respecting USB specification.
The modification to PID 0 is in fact bricking the device. it's sheer luck that linux does not enforce PID !=0
Yeah, you can repair it to the previous state, but this needs effort, time and tools -> this costs to the user.
Anyway, a lot of the HW will be thrown awy, because the user does not know why it suddently fails ! That's bricking.
-
>> It does still work to stop working it would be impossible to talk to it or use it which if you can run the command at the bottom you certainly are using it.
No. A device with a PID of 0 is not respecting USB specification.
The modification to PID 0 is in fact bricking the device. it's sheer luck that linux does not enforce PID !=0
Yeah, you can repair it to the previous state, but this needs effort, time and tools -> this costs to the user.
Anyway, a lot of the HW will be thrown awy, because the user does not know why it suddently fails ! That's bricking.
I don't have a fake device but FT_PROG and the such will reprogram it and detects them. You just have to modify the inf files first. I've tested the install part myself windows does not complain about a bunch of PID 0000 strings and the driver installs with a warning of modification.
Very little stuff is USB compliant.
-
I've tested the install part myself windows does not complain about a bunch of PID 0000 strings
Yep, you kinda can repair it. But not on new versions of windows, which do not accept PID0.
And as i said, the repair of the FTDI damage costs the users and the serious device manufacturers, not the chinese clones and counterfeit chip makers, and not the cheap device manufacturers.
-
Wonder what are the chances they are going to go on a rampage and try to wipe out of existence their older drivers... (That would be futile but given how they have responded it wouldn't be surprising)
Yep, indeed very futile.
Legal clones shouldn't be using FTDI's VCP driver by default so they would have a different VID/CID to be very clean room style developed legal clones with their own VCP driver for proper interoperability. Which may or may not be so close or functionally identical to FTDI's interface that if you did change the VID/CID to match it would have worked with old FTDI drivers but devs have to test that themselves and they would in the new FTDI drivers realize it doesn't work properly and revert to using their proper clone VID/PID and tell users FTDI isn't being nice. FTDI probably sees more a giant backlash of the online community than legal issues including their continued poor handling of the situation.
Really depends on if you consider VID/PID property of FTDI, which I do not. Several posts have discussed VID and PID ownership. Clones were using the VID/PID, however the clones did not contain any FTDI IP themselves, and if used with Linux or BSD are perfectly legal. If used with FTDI's Windows driver, they would be considered in violation of the EULA (if that's really worth the paper its written on) however two wrongs don't make a right, so I don't believe you can just wipe their PID, and in doing so prevent legitimate uses of the clones with 3rd party drivers. (yes new drivers can be written, but any old BSD or Linux drivers need modification)
(Bottom line is that the bad PR is more damaging than any legal case would likely ever be if ever)
Couldn't agree more, sad, but yes that will likely be the case.
I'll need to read up on HDCP, so I can't comment.
-
I've tested the install part myself windows does not complain about a bunch of PID 0000 strings
Yep, you kinda can repair it. But not on new versions of windows, which do not accept PID0.
And as i said, the repair of the FTDI damage costs the users and the serious device manufacturers, not the chinese clones and counterfeit chip makers, and not the cheap device manufacturers.
If your talking about windows 8/8.1 then use a VM or just a live USB key (those live linux tools are a lifesaver) (i'll test that too at some point I'm on win 7 right now). I can help with that as well. (I'm waiting for windows 10, what happened to Windows 9 Microsoft...) The "repair" if you can even call it that is a joke but I guess I'm in the minority on that but it still is a joke trivial fix. (Windows 8/8.1 is a joke too, sorry I guess I'm starting to see why companies are so slow at updating software it always takes a few tries to get it right) To be fair I'm used to having a USB floppy drive handy with discs just in case windows xp needs a disc during install (Slipstreaming neater but sometimes I'm lazy)...
Many updaters need dos, linux to work anyways so that is pretty normal.
-
No. A device with a PID of 0 is not respecting USB specification.
The modification to PID 0 is in fact bricking the device. it's sheer luck that linux does not enforce PID !=0
Yeah, you can repair it to the previous state, but this needs effort, time and tools -> this costs to the user.
Anyway, a lot of the HW will be thrown awy, because the user does not know why it suddently fails ! That's bricking.
I don't have a fake device but FT_PROG and the such will reprogram it and detects them. You just have to modify the inf files first. I've tested the install part myself windows does not complain about a bunch of PID 0000 strings and the driver installs with a warning of modification.
I tried this too on a scrap device with an FTDI chip. I programmed the PID to 0000 but left the VID intact. The device first showed up as unknown in the device manager, but I could make the VCP driver into attaching to it using the update driver guide and selecting the driver manually, without even editing the INF file. This is with an older version of the VCP driver and in Windows 7 though. I'll get the scope out later and check the serial communication still works, but I would assume it does.
Would be interesting to find out if this method of coaxing the driver into attaching to the chip, even the older version, works with a fake chip with its PID set to 0000.
Speaking of which, does anyone know where to reliably get a fake chip, or a product with a fake chip? (I don't want to gamble and risk getting a genuine one for experiments. >:D )
-
Wonder what are the chances they are going to go on a rampage and try to wipe out of existence their older drivers... (That would be futile but given how they have responded it wouldn't be surprising)
Yep, indeed very futile.
Legal clones shouldn't be using FTDI's VCP driver by default so they would have a different VID/CID to be very clean room style developed legal clones with their own VCP driver for proper interoperability. Which may or may not be so close or functionally identical to FTDI's interface that if you did change the VID/CID to match it would have worked with old FTDI drivers but devs have to test that themselves and they would in the new FTDI drivers realize it doesn't work properly and revert to using their proper clone VID/PID and tell users FTDI isn't being nice. FTDI probably sees more a giant backlash of the online community than legal issues including their continued poor handling of the situation.
Really depends on if you consider VID/PID property of FTDI, which I do not. Several posts have discussed VID and PID ownership. Clones were using the VID/PID, however the clones did not contain any FTDI IP themselves, and if used with Linux or BSD are perfectly legal. If used with FTDI's Windows driver, they would be considered in violation of the EULA (if that's really worth the paper its written on) however two wrongs don't make a right, so I don't believe you can just wipe their PID, and in doing so prevent legitimate uses of the clones with 3rd party drivers. (yes new drivers can be written, but any old BSD or Linux drivers need modification)
(Bottom line is that the bad PR is more damaging than any legal case would likely ever be if ever)
Couldn't agree more, sad, but yes that will likely be the case.
I'll need to read up on HDCP, so I can't comment.
On the futile part I've actually seen a handful of pretty successful attempts to remove programs from the internet at least from a quick google search perspective. But getting rid of the old driver would be doomed to fail because so many more copies exist. (The Streisand effect would be in 1000%+ effect as well, the successful ones did it without being noticed or no one really cared)
I think on the PID/VID thing we just have a difference in opinion which doesn't affect the bottom line of its not nice regardless of their right to or not to mess around with it.
HDCP the first time I heard of it was back in 2005, just search Google for "HDCP evil". In the end the good prevailed with the master key being reverse engineered. But the challenge will continue with HDCP 2.2 which is coming to your devices about right now and eventually will block new content from working with older non HDCP 2.2 equipment making real expensive stuff I bought a year ago an is in a reduced functionality mode by default where the latest content/heck even latest resolutions just won't work (and my equipment isn't even fake and there is no good reason why it should be blocked...) I'm into home theater stuff (made my own custom 3d systems for fun) and HDCP is a pain for even perfectly legal/official uses.
HDCP2.0,2.1 were broken very quickly but I haven't heard of anything about HDCP 2.2 (Its going to be retroactive too and will be required on HDMI/DVI/Displayport/... links depending on what they flag as needing it)
-
Speaking of which, does anyone know where to reliably get a fake chip, or a product with a fake chip? (I don't want to gamble and risk getting a genuine one for experiments. >:D )
I believe some people earlier in the thread suggested cheapest ones on Amazon. I would personally go onto eBay and get any of the ones shipped direct from China. Would be fun to get the die out of those chips and inspect them under the SEM, see if there are any markings, just generally learn about the clones. Unfortunately I lost my SEM access when I left UBC. :(
Also anyone feel like writing an FTDI compatible implementation based on a microcontroller with USB? Could be fun ;)
-
Would be fun to get the die out of those chips and inspect them under the SEM, see if there are any markings, just generally learn about the clones. Unfortunately I lost my SEM access when I left UBC. :(
http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal (http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal)
-
No. A device with a PID of 0 is not respecting USB specification.
The modification to PID 0 is in fact bricking the device. it's sheer luck that linux does not enforce PID !=0
Yeah, you can repair it to the previous state, but this needs effort, time and tools -> this costs to the user.
Anyway, a lot of the HW will be thrown awy, because the user does not know why it suddently fails ! That's bricking.
I don't have a fake device but FT_PROG and the such will reprogram it and detects them. You just have to modify the inf files first. I've tested the install part myself windows does not complain about a bunch of PID 0000 strings and the driver installs with a warning of modification.
I tried this too on a scrap device with an FTDI chip. I programmed the PID to 0000 but left the VID intact. The device first showed up as unknown in the device manager, but I could make the VCP driver into attaching to it using the update driver guide and selecting the driver manually, without even editing the INF file. This is with an older version of the VCP driver and in Windows 7 though. I'll get the scope out later and check the serial communication still works, but I would assume it does.
Would be interesting to find out if this method of coaxing the driver into attaching to the chip, even the older version, works with a fake chip with its PID set to 0000.
Speaking of which, does anyone know where to reliably get a fake chip, or a product with a fake chip? (I don't want to gamble and risk getting a genuine one for experiments. >:D )
I just ordered some direct from china from a bunch of as fake looking as possible chips. (other than one that listed FT chip but had a completely different chip in the picture as I don't want a bunch of lamp sockets like I got with one order I made for LEDs, the seller had the gall to say pay for return shipping (3x the value of the goods they shipped wrongly) and wait 30-50 days for a refund, I am still going to return it to them by ultra-snail mail in getting anyone I know who is visiting china in the next whenever to mail it locally)
Fake chips (if you can trust a listing to actually show the fake chip) have a different outer packaging and are not exactly the same as the real one I think and if they make it low resolution enough (or just lie and put a real one in the image) its hard to tell. (A product can have real ones mixed in with fake ones they might not even be aware or care themselves)
Since I can easily deal/ID fake chips and I do actually want try a DIY 10 minute to capture die shot at home with no special equipment or chemicals, like I did a few pages ago to a real FT chip. Only problem is shipping is super slow so and paying to ship quickly is like 100x the value of the products total since I'm ordering from a bunch of different sellers.
If I get enough fake ones I can send you one for purely academic purposes of course. (The ETA to arrive is probably 30-60 days given how things have come in the past, sometimes they don't even ship though so I'll see)
-
No. A device with a PID of 0 is not respecting USB specification.
The modification to PID 0 is in fact bricking the device. it's sheer luck that linux does not enforce PID !=0
I don't have a fake device but FT_PROG and the such will reprogram it and detects them. You just have to modify the inf files first. I've tested the install part myself windows does not complain about a bunch of PID 0000 strings and the driver installs with a warning of modification.
Just wrote sample ftdi_fake.c Linux 2.6.x kernel module to invetsigate this if is it possible to attach USB device with unchanged FTDI_VID= 0x403 (hex) and PID= 0x0 (0) ;)
#include <linux/module.h> // included for all kernel modules
#include <linux/kernel.h> // included for KERN_INFO
#include <linux/init.h> // included for __init and __exit macros
#include <linux/errno.h>
#include <linux/slab.h>
#include <linux/tty.h>
#include <linux/tty_driver.h>
#include <linux/tty_flip.h>
#include <linux/module.h>
#include <linux/spinlock.h>
#include <asm/uaccess.h>
#include <linux/usb.h>
#include <linux/serial.h>
#include <linux/usb/serial.h>
/*
* * Version Information
* */
#define DRIVER_VERSION "v0.0.1"
#define DRIVER_AUTHOR "Eneuro"
#define DRIVER_DESC "A Simple walk around FTDI fake PID "
#define FTDI_VID 0x0403 /* FTDI vendor Id */
///#define FTDI_232RL_PID 0xFBFA /* FTDI 232RL PID 0xFBFA or 0x6001 */
#define FTDI_FAKE_PID 0x0 /* FTDI fake PID */
static int debug;
static __u16 vendor = FTDI_VID;
static __u16 product= FTDI_FAKE_PID;
static struct usb_device_id id_table [] = { { USB_DEVICE(FTDI_VID, FTDI_FAKE_PID) }, { }, };
MODULE_DEVICE_TABLE(usb, id_table);
static int __init ftdi_fake_init(void)
{
dbg("%s", __FUNCTION__);
if(vendor > 0 && product >= 0) {
printk(KERN_INFO "The key is to set to default product ID in Linux FTDI driver to 0x0 and add it to FTDI usb device id's table !!!" );
}
printk(KERN_INFO KBUILD_MODNAME ": " DRIVER_VERSION ": "
DRIVER_DESC "\n");
/* printk(KERN_INFO "\n" ); */
printk(KERN_INFO "vid: 0x%x\n", vendor );
printk(KERN_INFO "pid: 0x%x\n", product );
return 0; // Non-zero return means that the module couldn't be loaded.
}
static void __exit hello_cleanup(void)
{
printk(KERN_INFO "Cleaning up module.\n");
}
module_init(ftdi_fake_init);
module_exit(hello_cleanup);
MODULE_LICENSE("GPL");
MODULE_AUTHOR(DRIVER_AUTHOR);
MODULE_DESCRIPTION(DRIVER_DESC);
module_param(debug, bool, S_IRUGO | S_IWUSR);
MODULE_PARM_DESC(debug, "Debug enabled or not");
module_param(vendor, ushort, 0);
MODULE_PARM_DESC(vendor, "User specified FTDI vendor ID (default="
__MODULE_STRING(FTDI_VID)")");
module_param(product, ushort, 0);
MODULE_PARM_DESC(product, "User specified FTDI product ID (default="
__MODULE_STRING(FTDI_FAKE_PID)")" );
This module does nothing for the moment, only print kernel messages when successfully loaded and outputs detected USB device vid and pid visible in $ dmesg output, added usb aliases for this fake pid,
As you can notice changed also main module init condition to accept this fake PID=0
Than change this code module init code to accept this FTDI fake PID 0 :
static int __init ftdi_fake_init(void)
{
dbg("%s", __FUNCTION__);
if(vendor > 0 && product >= 0) {
The key is to add this fake PID to this table I guess too
static struct usb_device_id id_table [] = { { USB_DEVICE(FTDI_VID, FTDI_FAKE_PID) }, { }, };
so, this will create alias for 0x403, 0x0 usb device to be able to attach it to our driver >:D
"usb:v0403p0000d*dc*dsc*dp*ic*isc*ip*"
Additionaly, we probably want in module init, after detecting we have bricked FTDI with PID==0,
overwrite it to proper product (PID) value, while probably there is another stuff which connects to device so it needs proper PID in variable product later.
But for the moment, one need to ensure that Linux will be able to attach bricked usb chip to this ftdi_fake module I've wrote,
so after recompiling, installing (copying it) in /lib/modules/...../ (where ftdi_sio sits ) we need also recreate those aliases with:
# depmod -a
Than we should be able see in module info this alias for our fake module, by typing:
$ modinfo ftdi_fake
alias: usb:v0403p0000d*dc*dsc*dp*ic*isc*ip*
depends: usbserial
vermagic: 2.6.30.10-105.2.23.fc11.x86_64 SMP mod_unload
parm: debug:Debug enabled or not (bool)
parm: vendor:User specified vendor ID (default=0x0403) (ushort)
parm: product:User specified product ID (ushort)
If this attaching worked, than overriding product variable in module init to PID of 232RL which I'm not sure but based on oryginal header files is 0xFBFA, maybe could allow use this bricked device under Linux without any problems, if it is possible to attach usb device with PID 0 as I wrote earlier :box:
#define FTDI_232RL_PID 0xFBFA
product= FTDI_232RL_PID;
Unfortunate, I have no bricked FTDI stuff, so can not test it, but if you want take this ftdi_fake.c source code and recompile on 2.6.x Linux machine with oryginal FTDI Makefile but change names inside from ftdi_sio to ftdi_fake :)
They changed this PID to 0 while they know from Linux source that they make this devices also useless under Linux without extra work, while in their Linux manuals they suggest using standard Linux ftdi_sio kernel module, and those modules has condition of vendor and product to be >0 before any other initializations in 2.6.x kernels :--
More details there https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg540077/#msg540077, (https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg540077/#msg540077,) while this thread is spammed by a210210200 .
-
Speaking of which, does anyone know where to reliably get a fake chip, or a product with a fake chip? (I don't want to gamble and risk getting a genuine one for experiments. >:D )
I believe some people earlier in the thread suggested cheapest ones on Amazon. I would personally go onto eBay and get any of the ones shipped direct from China. Would be fun to get the die out of those chips and inspect them under the SEM, see if there are any markings, just generally learn about the clones. Unfortunately I lost my SEM access when I left UBC. :(
Also anyone feel like writing an FTDI compatible implementation based on a microcontroller with USB? Could be fun ;)
I have cleanroom access, wetbench training. Not sure if the SEM still works well as everything from the mask aligner to the wet bench shield has problems last time I went in (all expensive second hand ebay stuff). But I don't think at the process scale the fake and real ones are you even need an SEM. An optical microscope should work just fine which I too have access to as well. I actually have a list of things I want to scan on a microscope like an credit card EMV chip of mines (wonder if the confocal can scan through the card plastic)
I don't really like cleanroom work more into the computer side of things since the chemicals are really really nasty stuff. (HF is horrible, antidote is on the benches directly for instant access, other solutions can eat through the bench, and others eat glass, and some eat any plastic (it took four washes to clean up I tiny drop used in training to show how strong the stuff is), and mix the two and you'll cause an explosion even with trace amounts)(And the one story the main lab tech told us is that a year or so ago someone put the wrong cap on the wrong bottle and it instantly blew the bottle apart, fortunately the person was wearing proper PPE and it was on the floor so it didn't kill/mame anyone.)
Direct from China is probably the best bet. I wonder if there is more than one die for the clones floating around. (Clones of clones?, Clone competition?)
-
No. A device with a PID of 0 is not respecting USB specification.
The modification to PID 0 is in fact bricking the device. it's sheer luck that linux does not enforce PID !=0
I don't have a fake device but FT_PROG and the such will reprogram it and detects them. You just have to modify the inf files first. I've tested the install part myself windows does not complain about a bunch of PID 0000 strings and the driver installs with a warning of modification.
Just wrote sample ftdi_fake.c Linux 2.6.x kernel module to invetsigate this if is it possible to attach USB device with unchanged FTDI_VID= 0x403 (hex) and PID= 0x0 (0) ;)
#include <linux/module.h> // included for all kernel modules
#include <linux/kernel.h> // included for KERN_INFO
#include <linux/init.h> // included for __init and __exit macros
#include <linux/errno.h>
#include <linux/slab.h>
#include <linux/tty.h>
#include <linux/tty_driver.h>
#include <linux/tty_flip.h>
#include <linux/module.h>
#include <linux/spinlock.h>
#include <asm/uaccess.h>
#include <linux/usb.h>
#include <linux/serial.h>
#include <linux/usb/serial.h>
/*
* * Version Information
* */
#define DRIVER_VERSION "v0.0.1"
#define DRIVER_AUTHOR "Eneuro"
#define DRIVER_DESC "A Simple walk around FTDI fake PID "
#define FTDI_VID 0x0403 /* FTDI vendor Id */
///#define FTDI_232RL_PID 0xFBFA /* FTDI 232RL PID 0xFBFA or 0x6001 */
#define FTDI_FAKE_PID 0x0 /* FTDI fake PID */
static int debug;
static __u16 vendor = FTDI_VID;
static __u16 product= FTDI_FAKE_PID;
static struct usb_device_id id_table [] = { { USB_DEVICE(FTDI_VID, FTDI_FAKE_PID) }, { }, };
MODULE_DEVICE_TABLE(usb, id_table);
static int __init ftdi_fake_init(void)
{
dbg("%s", __FUNCTION__);
if(vendor > 0 && product >= 0) {
printk(KERN_INFO "The key is to set to default product ID in Linux FTDI driver to 0x0 and add it to FTDI usb device id's table !!!" );
}
printk(KERN_INFO KBUILD_MODNAME ": " DRIVER_VERSION ": "
DRIVER_DESC "\n");
/* printk(KERN_INFO "\n" ); */
printk(KERN_INFO "vid: 0x%x\n", vendor );
printk(KERN_INFO "pid: 0x%x\n", product );
return 0; // Non-zero return means that the module couldn't be loaded.
}
static void __exit hello_cleanup(void)
{
printk(KERN_INFO "Cleaning up module.\n");
}
module_init(ftdi_fake_init);
module_exit(hello_cleanup);
MODULE_LICENSE("GPL");
MODULE_AUTHOR(DRIVER_AUTHOR);
MODULE_DESCRIPTION(DRIVER_DESC);
module_param(debug, bool, S_IRUGO | S_IWUSR);
MODULE_PARM_DESC(debug, "Debug enabled or not");
module_param(vendor, ushort, 0);
MODULE_PARM_DESC(vendor, "User specified FTDI vendor ID (default="
__MODULE_STRING(FTDI_VID)")");
module_param(product, ushort, 0);
MODULE_PARM_DESC(product, "User specified FTDI product ID (default="
__MODULE_STRING(FTDI_FAKE_PID)")" );
This module does nothing for the moment, only print kernel messages when successfully loaded and outputs detected USB device vid and pid visible in $ dmesg output, added usb aliases for this fake pid,
As you can notice changed also main module init condition to accept this fake PID=0
Than change this code module init code to accept this FTDI fake PID 0 :
static int __init ftdi_fake_init(void)
{
dbg("%s", __FUNCTION__);
if(vendor > 0 && product >= 0) {
The key is to add this fake PID to this table I guess too
static struct usb_device_id id_table [] = { { USB_DEVICE(FTDI_VID, FTDI_FAKE_PID) }, { }, };
so, this will create alias for 0x403, 0x0 usb device to be able to attach it to our driver >:D
"usb:v0403p0000d*dc*dsc*dp*ic*isc*ip*"
Additionaly, we probably want in module init, after detecting we have bricked FTDI with PID==0,
overwrite it to proper product (PID) value, while probably there is another stuff which connects to device so it needs proper PID in variable product later.
But for the moment, one need to ensure that Linux will be able to attach bricked usb chip to this ftdi_fake module I've wrote,
so after recompiling, installing (copying it) in /lib/modules/...../ (where ftdi_sio sits ) we need also recreate those aliases with:
# depmod -a
Than we should be able see in module info this alias for our fake module, by typing:
$ modinfo ftdi_fake
alias: usb:v0403p0000d*dc*dsc*dp*ic*isc*ip*
depends: usbserial
vermagic: 2.6.30.10-105.2.23.fc11.x86_64 SMP mod_unload
parm: debug:Debug enabled or not (bool)
parm: vendor:User specified vendor ID (default=0x0403) (ushort)
parm: product:User specified product ID (ushort)
If this attaching worked, than overriding product variable in module init to PID of 232RL which I'm not sure but based on oryginal header files is 0xFBFA, maybe could allow use this bricked device under Linux without any problems, if it is possible to attach usb device with PID 0 as I wrote earlier :box:
#define FTDI_232RL_PID 0xFBFA
product= FTDI_232RL_PID;
Unfortunate, I have no bricked FTDI stuff, so can not test it, but if you want take this ftdi_fake.c source code and recompile on 2.6.x Linux machine with oryginal FTDI Makefile but change names inside from ftdi_sio to ftdi_fake :)
They changed this PID to 0 while they know from Linux source that they make this devices also useless under Linux without extra work, while in their Linux manuals they suggest using standard Linux ftdi_sio kernel module, and those modules has condition of vendor and product to be >0 before any other initializations in 2.6.x kernels :--
More details there https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg540077/#msg540077, (https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg540077/#msg540077,) while this thread is spammed by a210210200 .
Linux is perfectly fine with the tools as well, just use "sudo ./ft232r_prog –old-pid 0x000 –new-pid 0x6001" there is also a .py script to even do it automatically for you someone else made that I posted a while ago in what you call "spam". Or are those tools not working?
-
The devices were on life support provided by the illegal use of FTDI drivers, FTDI figured out how to and turned off the switch. I believe it was within their rights to do so. No one is stopping you resurrecting the corpses by writing some other drivers or using the legal ones on Linux.
Rufus, you should petition FTDI to restore the VID reset. :)
Seriously, even FTDI realized they were wrong and you are the only one insisting that the VID should be reset.
-
http://bit.ly/1rUMwkt (http://bit.ly/1rUMwkt)
New and Good quality !
Looks like a winner to me. Just over two dollars shipped.
-
http://bit.ly/1rUMwkt (http://bit.ly/1rUMwkt)
New and Good quality !
Looks like a winner to me. Just over two dollars shipped.
I wonder how to we review the sellers given we are intentionally looking for fakes. (I'll probably still give them 0 stars for a fake chip out of principle but it would be funny to see a review saying "expected fake chips got real ones, completely different than listing image" 0 stars )
-
At least not as weird as...
(http://imgs.xkcd.com/comics/a-minus-minus.png)
-
http://bit.ly/1rUMwkt (http://bit.ly/1rUMwkt)
New and Good quality !
Looks like a winner to me. Just over two dollars shipped.
I can use them to replace the ones FTDI bricked. Get my devices working again.
-
At least not as weird as...
(http://imgs.xkcd.com/comics/a-minus-minus.png)
I hate people who post XKCD images with no link - often the rollover text is as important as the comic.
("You can do this one in every 30 times and still have 97% positive feedback.")
-
I hate people who post XKCD images with no link (http://xkcd.com/325/).
Fixed that for you.
-
Arguably you could say HDCP isn't legal either since the master key is leaked and it is no longer an "effective technical measure" it isn't really as anyone can make new HDCP keys themselves. But HDCP still is allowed to disable user equipment and is not banned in the EU and I don't think is facing any current legal challenges. Also with HDCP 2.2 it is just going to get even "better...", now it will be not backwards compatible, have distance latency checks, and all sorts of fun stuff.
Could we put this HDCP red herring out to pasture, please?
All that HDCP does is that Bluray discs can update a table of revoked keys and potentially "brick" unauthorized Bluray players. That is most likely illegal as well and the studios could get sued if someone got their player damaged like that.
You seem to imply that because nobody got sued, it is somehow legal, thus what FTDI did is legal too. Nonsense - the big difference with HDCP is that in order to legally (because of patent licenses, not applicable in FTDI case) implement a Bluray player, you must license the HDCP and agree to implement this sort of "feature" (and get the player certified that it does!). The Bluray consortium is extremely vigilant in stopping the unauthorized players from hitting the markets - typically via customs (same method as Fluke used to stop Sparkfun meters, Apple stopping sales of Samsung phones over patents, etc.). That is what FTDI should have done instead.
It is thus extremely rare that someone gets bitten by the player key revocation, thus the likelyhood of a lawsuit is very low - basically only greymarket imports can get affected, where you know that you are buying a product not intended for your market and thus all bets are off, not something you buy at Amazon in good faith (like a generic serial to USB adaptor), for example.
It is a difference between designing-in a killswitch and actually using it. Doesn't make it any more legal to brick the players, but the chance of actually doing harm to legit users (and thus getting sued) is fairly low. Basically HDCP is only "legal" because nobody has bothered to sue over a bricked grey market $200 player yet, that's all. The directive/DMCA protections don't apply here at all - nobody is trying to circumvent the protection mechanism. Also you have ignored the part 48 about not interfering with the normal functioning of the device.
Also you rarely get a critical equipment depend on a Bluray player - unlike something like the FTDI USB bridges, which can be parts of complex machinery and where breakage costs millions in lost production, for ex. I can guarantee you that the lawyers would come out in force should that happen somewhere - it is not end-user's responsibility to verify that all chips in his machine are genuine.
I wonder what other BS analogy will you come up with. |O
-
That's not how HDCP works. All they can do is make new discs not work on players which they have revoked the keys for. Old discs are unaffected, as is the Bluray player itself. Nothing is bricked, it just wont work with new discs.
I have seen this article:
http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/ (http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/)
Which seems to imply the contrary (disk can revoke the key of the player and the device stops working ...). However, why someone would design a player with the revocation list in a writeable flash is beyond me. Maybe the HDCP/Bluray spec/license requires it.
-
I have seen this article:
http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/ (http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/)
Which seems to imply the contrary (disk can revoke the key of the player and the device stops working ...). However, why someone would design a player with the revocation list in a writeable flash is beyond me. Maybe the HDCP/Bluray spec/license requires it.
In any case, it's not the disk that does the bricking. The disk only caries the list of revoked keys. The device itself, if it respects the "standard", reads the list, introspects and compares, then self performs the bricking if "necessary". Quite the difference from FTDI clones that are being directly.... molested.
-
I have seen this article:
http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/ (http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/)
Which seems to imply the contrary (disk can revoke the key of the player and the device stops working ...).
That is AACS, where a disc does not want to reveal its keys to a player it does not trust. a210210200 has been banging on about HDCP, where a player does not want to send restricted video to an untrusted display.
I think he must know his analogy is false. The player just declines to interact with the "revoked" display, it does not brick its EDID to 0×0 pixels like FTDI would have.
Also, the fact that some technical means exists, and licensees have been forced to agree to it, does not mean it is lawful to use. Expect the courts to become involved if the keys to a best-selling display are ever revoked while millions of units are still under warranty.
-
I have seen this article:
http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/ (http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/)
Which seems to imply the contrary (disk can revoke the key of the player and the device stops working ...).
That is AACS, where a disc does not want to reveal its keys to a player it does not trust. a210210200 has been banging on about HDCP, where a player does not want to send restricted video to an untrusted display.
I think he must know his analogy is false. The player just declines to interact with the "revoked" display, it does not brick its EDID to 0×0 pixels like FTDI would have.
Ah, right, you are correct. I have mixed up the two. Then the analogy is even more BS ...
Also, the fact that some technical means exists, and licensees have been forced to agree to it, does not mean it is lawful to use. Expect the courts to become involved if the keys to a best-selling display are ever revoked while millions of units are still under warranty.
Yup. The protection under the DMCA or the European directive is not a blank check to do whatever and whenever the right owners please. That's why this whole thing is just one big red herring.
-
In any case, it's not the disk that does the bricking. The disk only caries the list of revoked keys. The device itself, if it respects the "standard", reads the list, introspects and compares, then self performs the bricking if "necessary". Quite the difference from FTDI clones that are being directly.... molested.
Well, yeah, but that is a technicality that would most likely be completely irrelevant if someone sued over it. The end effect is very much the same for the owner of the device.
Anyhow, see my later post - I was actually talking about AACS and not HDCP, confusing the two. Thanks to ziq8tsi for the correction. HDCP analogy is even less relevant to this whole farce, as no "bricking" is involved - the devices merely refuse to work together.
-
Also anyone feel like writing an FTDI compatible implementation based on a microcontroller with USB? Could be fun ;)
Someone has already done it with a Microchip PIC, link is posted in this thread: https://www.eevblog.com/forum/reviews/alternatives-to-ftdi-usb-to-uart-converter/ (https://www.eevblog.com/forum/reviews/alternatives-to-ftdi-usb-to-uart-converter/)
-
At least not as weird as...
(http://imgs.xkcd.com/comics/a-minus-minus.png)
I hate people who post XKCD images with no link - often the rollover text is as important as the comic.
I hate people who post XKCD images.
-
All that HDCP does is that Bluray discs can update a table of revoked keys and potentially "brick" unauthorized Bluray players. That is most likely illegal as well and the studios could get sued if someone got their player damaged like that.
That's not how HDCP works. All they can do is make new discs not work on players which they have revoked the keys for. Old discs are unaffected, as is the Bluray player itself. Nothing is bricked, it just wont work with new discs.
It's still evil of course, and they have used it in the past with software Bluray players which can be updated easily, but I don't know if they have ever used it with stand alone players or if a firmware update was possible. In any case, you can easily buy HDMI capture cards that let you rip protected content bit-perfect.
www.extron.com/download/files/whitepaper/hdcp_wp.pdf (http://www.extron.com/download/files/whitepaper/hdcp_wp.pdf)
"
HDCP devices are obligated to check for SRMs and to update their own internal memories as new revocation lists are distributed. The revocation list is used during HDCP authentication to check for blacklisted public keys.
"
It also isn't just blu-rays that can update the list, new devices carry them too, and they stick otherwise it would be easy to bypass.
Please google stuff if you never been personally affected by something.
-
I have seen this article:
http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/ (http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/)
Which seems to imply the contrary (disk can revoke the key of the player and the device stops working ...). However, why someone would design a player with the revocation list in a writeable flash is beyond me. Maybe the HDCP/Bluray spec/license requires it.
In any case, it's not the disk that does the bricking. The disk only caries the list of revoked keys. The device itself, if it respects the "standard", reads the list, introspects and compares, then self performs the bricking if "necessary". Quite the difference from FTDI clones that are being directly.... molested.
The revocation updates self propagates and compliant (PID updating, just more complex) devices will happily store the new list. (It can brick an entire system instead of one device) It doesn't even care if the devices are actually real or not. (The threshold for revocation is arbitrary and not anything a user can easily fix once it has been done)
It is also isn't just discs that can do that, updated firmware can also contain updated revocations (new detections just like FTDI's driver) and then the go breaking you other stuff just because they can. (All the equipment is not fake, clones, or anything, it just does it because it can) It is by far worse than what FTDI did with PID 0000 on one device. Even my GPU has key revocation lists that seem to be updated somehow. (probably the drivers...)
-
Linux is perfectly fine with the tools as well, just use "sudo ./ft232r_prog –old-pid 0x000 –new-pid 0x6001" there is also a .py script to even do it automatically for you someone else made that I posted a while ago in what you call "spam". Or are those tools not working?
Those Linux tools are not available on FTDI official website.
They only provide 5 years old ftdi_sio.c drivers, which will not work with this fake FTDI PID for reasons I've shown above.
http://www.ftdichip.com/Drivers/VCP.htm (http://www.ftdichip.com/Drivers/VCP.htm)
In comparision Silicon Laboratories CP210x USB to RS232 serial adaptor driver which I use as fake FTDIs replacement cp210x.c (http://svn.dd-wrt.com/browser/src/linux/laguna/linux-2.6.39/drivers/usb/serial/cp210x.c?rev=17322) do not have all this mess with verifying vendor and product for >0 but as simply as it is in its cp210x_init:
static int __init cp210x_init(void)
793 {
794 int retval;
795
796 retval = usb_serial_register(&cp210x_device);
797 if (retval)
798 return retval; /* Failed to register */
799
800 retval = usb_register(&cp210x_driver);
801 if (retval) {
802 /* Failed to register */
803 usb_serial_deregister(&cp210x_device);
804 return retval;
805 }
806
807 /* Success */
808 printk(KERN_INFO KBUILD_MODNAME ": " DRIVER_VERSION ":"
809 DRIVER_DESC "\n");
810 return 0;
811 }
I've made this investigation only because of I was interested in why those chips faked by FTDI stopped working under Linux.
Prosecutors and lawyers also may want to know and have black&white without messing with Linux modules details how they [FTDI] made those faked devices useless under Linux too by this stupid override of product ID (PID) in someones hardware attached to USB -PID needed to attach device to module by its aliased USB vid:pid numbers :rant:
.
-
Arguably you could say HDCP isn't legal either since the master key is leaked and it is no longer an "effective technical measure" it isn't really as anyone can make new HDCP keys themselves. But HDCP still is allowed to disable user equipment and is not banned in the EU and I don't think is facing any current legal challenges. Also with HDCP 2.2 it is just going to get even "better...", now it will be not backwards compatible, have distance latency checks, and all sorts of fun stuff.
Could we put this HDCP red herring out to pasture, please?
All that HDCP does is that Bluray discs can update a table of revoked keys and potentially "brick" unauthorized Bluray players. That is most likely illegal as well and the studios could get sued if someone got their player damaged like that.
You seem to imply that because nobody got sued, it is somehow legal, thus what FTDI did is legal too. Nonsense - the big difference with HDCP is that in order to legally (because of patent licenses, not applicable in FTDI case) implement a Bluray player, you must license the HDCP and agree to implement this sort of "feature" (and get the player certified that it does!). The Bluray consortium is extremely vigilant in stopping the unauthorized players from hitting the markets - typically via customs (same method as Fluke used to stop Sparkfun meters, Apple stopping sales of Samsung phones over patents, etc.). That is what FTDI should have done instead.
It is thus extremely rare that someone gets bitten by the player key revocation, thus the likelyhood of a lawsuit is very low - basically only greymarket imports can get affected, where you know that you are buying a product not intended for your market and thus all bets are off, not something you buy at Amazon in good faith (like a generic serial to USB adaptor), for example.
It is a difference between designing-in a killswitch and actually using it. Doesn't make it any more legal to brick the players, but the chance of actually doing harm to legit users (and thus getting sued) is fairly low. Basically HDCP is only "legal" because nobody has bothered to sue over a bricked grey market $200 player yet, that's all. The directive/DMCA protections don't apply here at all - nobody is trying to circumvent the protection mechanism. Also you have ignored the part 48 about not interfering with the normal functioning of the device.
Also you rarely get a critical equipment depend on a Bluray player - unlike something like the FTDI USB bridges, which can be parts of complex machinery and where breakage costs millions in lost production, for ex. I can guarantee you that the lawyers would come out in force should that happen somewhere - it is not end-user's responsibility to verify that all chips in his machine are genuine.
I wonder what other BS analogy will you come up with. |O
AV equipment costs a lot of money and some of my stuff is far more expensive than a serial cable USB adapter. At the university we have HDCP problems too with equipment an order of magnitude more expensive and complex. If a key gets revoked in some professional installation setup the damage can be extreme and it only takes one invalid key to break an entire device chain (Nice of them to not tell you anything other than the HDCP handshake failure behavior that I dread to see). Maybe you thought a splitter looked great for the application but it turns out that device works perfectly and is fully complaint but someone stole the key from the mfg and now your installation doesn't work at all. Say it was an information display system now its all blank. (My nvidia GPU in my desktop clearly doesn't like some switches I have and they probably have revoked keys)
It isn't just Blu-ray players that have key revocations. HDMI, Displayport, DVI, wireless links all have HDCP x.x support and important systems need displays and GPUs, switches, matrix switches, video processors, ... all are products that can be affected. Arguably complex systems are bound to have lots of displays (control rooms, media systems, info displays, ...) and if one day your AV setup dies because someone updated a firmware/driver and the blacklisted keys were updated it isn't going to be easy to fix especially with HDCP 2.2.
Now see were getting into the "harm" level just as you claim FTDI causes total destruction because your USB converter needs 1 minutes work to bypass a DRM. I raise that by the hours/days and hundreds to thousands of dollars spent fixing HDCP "compatibility" issues in various systems. Arguably HDCP is much more common than RS-232 and HDCP is a true pain to deal with if you actually have complex setups that are not just a bluray player to a TV (HDCP is very widely in use).
And then we are getting to the you must be using fakes or shady equipment which is very similar to FTDI just in HDCP it is worse because it doesn't care if you have real and professional sourced equipment. Again the comparison of HDCP to FTDI is apt and HDCP is far far worse.
Don't give me the BS thing when I've personally dealt with both situations (the FTDI PID 0000 case for me was caused by students having fun but that was a joke compared to HDCP doing "fun" things) And of course suing them is no chance situation like FTDI and with HDCP it is very hard to debug by design of course.
Again it isn't blurays that are the only things that contain revocation lists they are just the most common ones there are many other sources (TV's with audio return for example will count as an HDMI source in that mode and must by the standard push out revocation lists as well)(AV recievers, GPUs, ...)
So just like FTDI can disable a 5$ chip with a joke bypass, HDCP can literally brick 1000's of dollars worth of legit equipment and make entire systems break down without any messages, warnings, tools to help you find the offending component(s) while FTDI does the same to one chip and all it takes is pressing force driver install to bypass. Once an HDCP device stores its own blacklisted key it will not work with HDCP and removing the blacklist is not simple.
-
I wonder what the next thing will be:
https://www.youtube.com/watch?v=9gSQg1i_q2g (https://www.youtube.com/watch?v=9gSQg1i_q2g#)
Only half kidding, I think what they did is important but they aren't going to do it anymore.
People that need to run their clones on windows will find a suitable driver and everyone is happy again.
-
Linux is perfectly fine with the tools as well, just use "sudo ./ft232r_prog –old-pid 0x000 –new-pid 0x6001" there is also a .py script to even do it automatically for you someone else made that I posted a while ago in what you call "spam". Or are those tools not working?
Those Linux tools are not available on FTDI official website.
They only provide 5 years old ftdi_sio.c drivers, which will not work with this fake FTDI PID for reasons I've shown above.
http://www.ftdichip.com/Drivers/VCP.htm (http://www.ftdichip.com/Drivers/VCP.htm)
In comparision Silicon Laboratories CP210x USB to RS232 serial adaptor driver which I use as fake FTDIs replacement cp210x.c (http://svn.dd-wrt.com/browser/src/linux/laguna/linux-2.6.39/drivers/usb/serial/cp210x.c?rev=17322) do not have all this mess with verifying vendor and product for >0 but as simply as it is in its cp210x_init:
static int __init cp210x_init(void)
793 {
794 int retval;
795
796 retval = usb_serial_register(&cp210x_device);
797 if (retval)
798 return retval; /* Failed to register */
799
800 retval = usb_register(&cp210x_driver);
801 if (retval) {
802 /* Failed to register */
803 usb_serial_deregister(&cp210x_device);
804 return retval;
805 }
806
807 /* Success */
808 printk(KERN_INFO KBUILD_MODNAME ": " DRIVER_VERSION ":"
809 DRIVER_DESC "\n");
810 return 0;
811 }
I've made this investigation only because of I was interested in why those chips faked by FTDI stopped working under Linux.
Prosecutors and lawyers also may want to know and have black&white without messing with Linux modules details how they [FTDI] made those faked devices useless under Linux too by this stupid override of product ID (PID) in someones hardware attached to USB -PID needed to attach device to module by its aliased USB vid:pid numbers :rant:
.
Sorry forgot they are all third party FOSS tools that work with it regardless of the PID change and are not exactly new.
I believe I posted the link before but here it is again, http://www.minipwner.com/index.php/unbrickftdi000 (http://www.minipwner.com/index.php/unbrickftdi000)
Also I think the library it uses and obviously works is obtained by using, sudo apt-get install make gcc libftdi-dev
Its a joke to bypass FTDI's DRM, literal peanuts compared to dealing with real monsters of a DRM hardware system.
-
I have seen this article:
http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/ (http://hackaday.com/2014/09/08/unbricking-a-bluray-drive/)
Which seems to imply the contrary (disk can revoke the key of the player and the device stops working ...).
That is AACS, where a disc does not want to reveal its keys to a player it does not trust. a210210200 has been banging on about HDCP, where a player does not want to send restricted video to an untrusted display.
I think he must know his analogy is false. The player just declines to interact with the "revoked" display, it does not brick its EDID to 0×0 pixels like FTDI would have.
Also, the fact that some technical means exists, and licensees have been forced to agree to it, does not mean it is lawful to use. Expect the courts to become involved if the keys to a best-selling display are ever revoked while millions of units are still under warranty.
AACS and the bluray encryption is different than HDMI HDCP revocation and source path protection but are used in conjunction (layers of DRM yay!). The software (drivers) in the firmware do in fact carry the ability to brick other devices. A bluray, software update, new hardware can all contain updated revocation lists. As others have posted a device like the FTDI chip has the functionality to accept commands to brick itself or change its IDs. Once the update is applied a device can and by HDCP standards no longer work properly.
Lets put it this way your cable box can have certain channels with ICT like and more flags on them and I don't think that is a bluray disc going into the back of the cable box. Blurays also have software on them which is part of BD+ (Yay even more DRM) so it also is not just a static entity (The Disc runs special security software in an hardware provided isolated VM space that can do all manner of checks, updates, blacklists, detection steps, ...)
EDID is not modified but the HDCP data channel is. (And unlike the EDID channel you cannot override the HDCP one without breaking everything in terms of the encryption ready status, so you do get "reduced function mode") So I'm not sure how that is better that they are using an designed to be very hard to bypass HDCP data channel instead of a easy to modify data channel.
The player is just one of the ways HDCP can revoke device keys and AACS is another form of DRM and is more related to the disc/player itself. HDCP is the cable/hardware DRM which has functions very similar to FTDI's PID change with revocation and a degraded functionality state when it activates.
They could argue probably successfully that those evil displays could be used and modified by consumers to pirate content and then the courts would be yup ban away. (Plus how long is a best selling TV warranty?) Also that doesn't even matter even if you TV could accept content that will be HDCP 2.2 the older ones will not display it without downsampling and restricting quality to the (arbitrarily, for example have a 4K display without HDCP2.2 support then no 4K for you). HDCP 2.2 has provisions for the "broken" HDCP 1.x devices as in reduced functionality for everyone (YAY!) half bricking for everyone (Spent money on a display get the value of a cheap display because your DRM hardware isn't good enough). Not only did they just make the top selling TV less useful they made every HDMI 1.x device less useful and makes my life even harder because just one non-HDCP2.2 device will "contaminate" the device chain. Even computer monitors at the 4K resolution are probably going to require HDCP2.2 support as soon as the GPUs get HDCP2.2 support or at least if you want to display flagged content at native res it will. (Displayport 1.3 is also going to have HDCP2.2)
HDCP is like what FTDI did just everything is doing it and its a monster so large people have been lulled into not thinking about it anymore because its so horrible and simple setups are typically not affected.
-
Again, all of this is irrelevant to the fact that FTDI may have committed a cyber-crime by making unauthorized changes to end-user's equipment. It is also at least possible that there have been other [indirect] damages caused by their actions. For example, if a control system in a plant suddenly stopped working because of the FTDI driver with trojan malware in it, and that plant malfunctioned and killed some people, well, if I were on the jury in that trial I think I would have to go with the plaintiff. Same thing if there was a medical device that suddenly malfunctioned due to FTDI's driver with trojan malware in it-- and somebody died [or were seriously harmed] because of that. It's too early right now to know if any of these things have happened [or may be in the process of happening].
We will have to wait and see how all of this unfolds, but one thing is very clear-- I can no longer design in FTDI chips into my products, because of all of the FUD [Fear, Uncertainty, and Doubt] surrounding these parts-- I don't want my clients, and customers of my client's products worrying over this issue. So far the FTDI devices have worked well for me, and I really hate to change to another product that I have no experience with [the SiLabs CP2104], but unfortunately, FTDI actions on this matter have forced my hand-- I *must* change to a different part, and just make it work. It's going to be interesting to watch all of this unfold over the next few years-- kind of like a slow motion train wreck...
I guess HDCP is a cyber-war crime against humanity because it can make unauthorized automatic changes to end-user equipment and has no appeals process to what is basically an arbitrary system of device blacklisting. FTDI's DRM is a bad thing but it is a joke to bypass vs HDCP (2.2 more so).
You know control systems, hospitals have displays right and I don't think it is easy to disable HDCP for Nvidia graphics cards at least and that combination which could easily happen (nvidia is pretty big GPU player and for multi-displays they have that too)(intel integrated GPU also has HDCP support) I think it would be far worse for the display system showing the FTDI connection failed to fail than the FTDI connection to fail because one is a joke to fix and the other requires techs to come in and look behind the wall, into the AV distribution system to trace down what is misbehaving or what is not allowed anymore.
No factory is going to use USB as its critical communication system. Nor would a good best practices factory have critical windows machines connected directly to windows update so that at 2AM the plant can explode when the computer restarts for updates. A proper windows setup is air-gapped and tightly controlled with software white-listing and behavioral monitoring which would stop even an attempt to update a driver or anything really.
Medical devices at best would use the USB connection for debugging, dev use only, and downloading all of which are non-critical activities and would not interfere with the operation of the device. Like seriously do you think an implantable defibrillator is going to kill the person because the FTDI chip on the external RF reader stopped working at the clinic. (No its not and any even slightly competent IT person would be able to fix it easily in minutes and everything keeps on going) Now in the HDCP case if a HDTV used in a surgery theater for a digital camera on the end of a minimally invasive probe stopped working because of magic HDCP problems then it could take hardware replacement and hours to debug and trace the problem down. (HDCP problems can even occur without revocation and are different than EDID problems which can occur) HDCP is worse but similar to FTDI and could actually cause problems. HDCP is also much harder to fix, debug, detect and can cause hardware replacements. (Unlike FTDI's 0000)
A factory would be highly negligent to use a windows machine in a small business type config for something that has life safety implications. Displays on the other hand could cause life safety issues and HDCP problems could cripple a critical display or even be giving the engineer problems at his workstation in the office at the wrong time just because he was trying to watch a movie on lunch break and the display+GPU got upset and he missed a warning popup saying the world in the factory is coming to an end all hell is breaking loose (while he fiddled with the cables and was looking for another splitter).
-
Below is a post that I put up on the FTDI blog site, which is still waiting "moderation" [and I seriously doubt that they will let it post, so I am posting here]:
Probably the best summation of this whole thing, except for the prison bit. FTDI will not post this comment as they haven't approved any others though. Still a bit of unneeded hubris.
-
Below is a post that I put up on the FTDI blog site, which is still waiting "moderation" [and I seriously doubt that they will let it post, so I am posting here]:
Probably the best summation of this whole thing, except for the prison bit. FTDI will not post this comment as they haven't approved any others though. Still a bit of unneeded hubris.
I don't get it why not just say its a bad, mean, evil thing to do instead of saying your all going to jail or your cyber-terrorists... (The probability someone at FTDI is going to accept that post is probably 0%)
-
IMHO, What you *should* have done, is write your driver so that it refuses to “talk” to non-FTDI chips...
I think you should re-write your driver to just “not work” with non-FTDI devices...
Sometimes these cables are used for linking critical systems. I hope that your driver does not end up killing someone [medical device or plant operations, etc.-- which can be dangerous if they suddenly stop working].
How is the driver going to detect whether it is a critical system?
As far as I can tell you are arguing that the driver should stop working (by refusing to talk) and then you are arguing that it should not stop working (because it could be connected to a critical system).
If it detects a non-FTDI chip and refuses to talk won't that have the same effect to the critical system?
If the detection is to write the PID, then check it is 0000 and then rewrite it to what it was, is that not also unauthorized modification of a users product without permission, this time twice, or many more times each time it is plugged in?
Are you promoting them to modify something that is not theirs?
-
Again, all of this is irrelevant to the fact that FTDI may have committed a cyber-crime by making unauthorized changes to end-user's equipment.
Or actually the end-user's equipment changed itself because it didn't correctly emulate the equipment it was claiming to be. So you may as well accuse the supplier of your faulty fakes/clones of cyber-crime which of course is a bit harder because you don't even know who they are.
-
If the detection is to write the PID, then check it is 0000 and then rewrite it to what it was, is that not also unauthorized modification of a users product without permission, this time twice, or many more times each time it is plugged in?
Don't forget that EEPROM wears out...
-
If it detects a non-FTDI chip and refuses to talk won't that have the same effect to the critical system?
No. The reasons seem obvious. But there seem to be people here arguing just for the sake of arguing without considering the facts.
There also seem to be many people arguing about how simple it is to ensure genuine parts who have never dealt with the supply-chain, acquisition, or 3-rd party manufacturing, particularly from Asia.
The reason it is NOT the same is because the equipment has been CHANGED so that it no longer performs as designed.
So you can't simply connect the gadget to a different computer with the legacy driver and restore functionality.
You can't revert the driver back to the version that worked before.
You may not even be able to connect to a different OS because it doesn't work the same as before the sabotage.
It is hard to tell whether FTDI just didn't think through the results of this debacle, or whether they intended the results, or whether they just let it slip through.
Either way it makes FTDI look like a poor candidate for future designs after demonstrating either terrible corporate judgement or lousy engineering.
Especially when they could have chosen the high-road of customer education and assistance to do the right thing rather than bomb-throwing.
-
If the detection is to write the PID, then check it is 0000 and then rewrite it to what it was, is that not also unauthorized modification of a users product without permission, this time twice, or many more times each time it is plugged in?
Don't forget that EEPROM wears out...
You will exceed the insertion spec of your USB connector before you wear out the EEPROM (provided the clone uses a real eeprom, some have suggested it could be some sort of OTP ROM by looking at the die shots? I'm no expert)
Either way, to quote my solution from page 88 (that's only like 4 pages back):
1. The driver installs for the first time with an empty SN revocation list.
2. A user plugs in an FT232 chip.
3. The serial number of the chip is checked against the revocation list.
4. If the SN in the list, the driver refuses to load, and it is done.
5. If the SN is not in the list. Run the current test to see if you can modify the devices EEPROM (ie detect a clone) AND restore the EEPROM to its original form.
6. If you detected a clone, add it to the revocation list and refuse to load the driver. Display error message.
7. It is not on the list, and it safely passed the clone check, you load the driver.
On any subsequent insertion, the clone would not have the EEPROM check ran, so the EEPROM wear level of the clone would be not be affected.
Wearing out the EEPROM is a herring.
-
If it detects a non-FTDI chip and refuses to talk won't that have the same effect to the critical system?
The reason it is NOT the same is because the equipment has been CHANGED so that it no longer performs as designed.
So you can't simply connect the gadget to a different computer with the legacy driver and restore functionality.
You can't revert the driver back to the version that worked before.
You may not even be able to connect to a different OS because it doesn't work the same as before the sabotage.
You can connect it to a different or the same computer with an legacy driver with PID 0000 instead of PID xxxx this I believe is proven to work. You can either edit the .inf file, or force the driver to install in device manager, or use a GUI tool to do it, or use regedit, or use CLI tools, or use a linux tool, or... (So many things still work notice that the list is a massive list of options you have all of which are in my opinion a joke, my printer doesn't automatically install drivers and I have to use the force driver method in normal install anyways)
You can roll back the driver, you can force it to work with it even if the IDs don't match. You can as shown before connected to a different os and use completely FOSS tools to not only correct but even prevent it from being modified again afterwards.
FTDI did a bad/mean/evil DRM ala HDCP style detection and modification but the workaround/bypass is a joke.
If you need help fixing this particular issue I can help for free via remote desktop. (After I finish some work stuff of course)
-
Wearing out the EEPROM is a herring.
:-DD
-
If the detection is to write the PID, then check it is 0000 and then rewrite it to what it was, is that not also unauthorized modification of a users product without permission, this time twice, or many more times each time it is plugged in?
Are you promoting them to modify something that is not theirs?
Actually they are already doing 2 writes, first to address 2 to change the PID, and a second to address 62 to make the checksum correct.
I would suggest doing a write to 62, check if it succeeded by reading it back, and then do a 2nd write to address 62 to restore the original value. Hence two writes, and the EEPROM retains its original values. Objections?
-
You can connect it to a different or the same computer with an legacy driver with PID 0000 instead of PID xxxx this I believe is proven to work. You can either edit the .inf file, or force the driver to install in device manager, or use a GUI tool to do it, or use regedit, or use CLI tools, or use a linux tool, or... (So many things still work notice that the list is a massive list of options you have all of which are in my opinion a joke, my printer doesn't automatically install drivers and I have to use the force driver method in normal install anyways)
You can roll back the driver, you can force it to work with it even if the IDs don't match. You can as shown before connected to a different os and use completely FOSS tools to not only correct but even prevent it from being modified again afterwards.
FTDI did a bad/mean/evil DRM ala HDCP style detection and modification but the workaround/bypass is a joke.
If you need help fixing this particular issue I can help for free via remote desktop. (After I finish some work stuff of course)
In all the above cases, what a210210200 means by "you" is the experimenter, hacker, hobbyist, programmer, developer, engineer, etc.
Alas, virtually no END USER of a commercial product who has the misfortune of using an appliance assembled with counterfeit chip will be in a position to mitigate the damage caused by FTDI.
It appears that FTDI has rather "queered the pitch" for USB to serial in general and "fouled their own nest" in particular.
-
If its real eeprom it can be written a few million times.
If it is flash it can be written 100000 times.
If it is something else, who knows
-
Hence two writes, and the EEPROM retains its original values. Objections?
Yes,objections : interrupting the sequence leaves the device with an incorrect checksum (probably bricked)
-
Hence two writes, and the EEPROM retains its original values. Objections?
Yes,objections : interrupting the sequence leaves the device with an incorrect checksum (probably bricked)
Ditto for FTDI's solution, not any worse. Is it?
Edit:
The best would be to find a test for a clone which doesn't require an EEPROM write. I don't have a clone, and don't really want to dedicate any time to this as I don't see any benefit in it for me personally.
-
You can connect it to a different or the same computer with an legacy driver with PID 0000 instead of PID xxxx this I believe is proven to work. You can either edit the .inf file, or force the driver to install in device manager, or use a GUI tool to do it, or use regedit, or use CLI tools, or use a linux tool, or... (So many things still work notice that the list is a massive list of options you have all of which are in my opinion a joke, my printer doesn't automatically install drivers and I have to use the force driver method in normal install anyways)
You can roll back the driver, you can force it to work with it even if the IDs don't match. You can as shown before connected to a different os and use completely FOSS tools to not only correct but even prevent it from being modified again afterwards.
FTDI did a bad/mean/evil DRM ala HDCP style detection and modification but the workaround/bypass is a joke.
If you need help fixing this particular issue I can help for free via remote desktop. (After I finish some work stuff of course)
In all the above cases, what a210210200 means by "you" is the experimenter, hacker, hobbyist, programmer, developer, engineer, etc.
Alas, virtually no END USER of a commercial product who has the misfortune of using an appliance assembled with counterfeit chip will be in a position to mitigate the damage caused by FTDI.
It appears that FTDI has rather "queered the pitch" for USB to serial in general and "fouled their own nest" in particular.
1) GUI tools are easy to use and are meant for non-expert users
2) Device manager and its prompts are something a user can see with many devices that they have to install.
3) Command line tools that work like this (Your device has been PID 0000'd by FTDI do you want to correct? [yes], press enter, done) easy. Some command line stuff works so easily you literally just press enter constantly till it says done. (Some level of reading comprehension is required, high school English should be sufficient)
Yes FTDI is mean/bad/evil for breaking plug-in play compatibility but it literally is a joke to fix (You know before 2000 automatic plug and play detection was crap and regular computer users had trouble with cards, drivers, devices not working out of the box or even conflicting or getting the wrong settings coded). Compared to HDCP which does require some level expertise to "fix" it is a trivial problem that even 1st year students have figured out without reading my guide which is only given to the other project based course.
I don't understand if you use windows or linux you have to have at least some level of skill in you know pressing the buttons to do things and using google when your at a loss. It is like I'm walking into APSC160 all over again and people are like "how do I open Excel..." when they should be configuring a USB DAQ to dump data into an excel file... (Then there are students who go nothing shows up and when you look at their station the setup isn't turned on and isn't even connected to the computer... when the guide has picture by picture steps telling them to do just that)
I had probably 1000's of students all of them are certainly end users of an FTDI products (a box of USB>RS-232 adapter cables counts as a commercial product no?) know how to do something as simple as that, students that get development boards know even more about them and I don't see how this is so hard. (The com port numbers get screwy sometimes or some student made software had a dumb limitation of only allowing users to select 10 com port numbers when they could have auto-detected. but anyways people figured out how to fix that easily its just point click interface)
No user who doesn't know how to use google would be unaware of how to fix it. Also need help ask someone it works a lot of the time and for this problem most people should know how to figure it out.
Again if your having problem's with an FTDI device being bricked I can help you via remote desktop. (For free, work permitting)
Edit: For #2 here is a pictorial guide easy stuff if only it was that easy to "fix" HDCP problems, https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg541025/#msg541025 (https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg541025/#msg541025)
-
If the detection is to write the PID, then check it is 0000 and then rewrite it to what it was, is that not also unauthorized modification of a users product without permission, this time twice, or many more times each time it is plugged in?
Don't forget that EEPROM wears out...
You will exceed the insertion spec of your USB connector before you wear out the EEPROM (provided the clone uses a real eeprom, some have suggested it could be some sort of OTP ROM by looking at the die shots? I'm no expert)
Not necessarily. Rebooting your PC with the device always attached will make the driver write the EEPROM every time.
If its real eeprom it can be written a few million times.
If it is flash it can be written 100000 times.
If it is something else, who knows
Normal EEPROM would be around one to ten millions.
If it's Flash, i know some uC that only guaranteed one hundred times (a couple of PIC18FXJXX? can't remember the exact model). Others go up to ten to hundred thousands.
-
If the detection is to write the PID, then check it is 0000 and then rewrite it to what it was, is that not also unauthorized modification of a users product without permission, this time twice, or many more times each time it is plugged in?
Don't forget that EEPROM wears out...
You will exceed the insertion spec of your USB connector before you wear out the EEPROM (provided the clone uses a real eeprom, some have suggested it could be some sort of OTP ROM by looking at the die shots? I'm no expert)
Not necessarily. Rebooting your PC with the device always attached will make the driver write the EEPROM every time.
If its real eeprom it can be written a few million times.
If it is flash it can be written 100000 times.
If it is something else, who knows
Normal EEPROM would be around one to ten millions.
If it's Flash, i know some uC that only guaranteed one hundred times (a couple of PIC18FXJXX? can't remember the exact model). Others go up to ten to hundred thousands.
Which is why FTDI should just make the driver report itself as failed/error to windows so it doesn't attempt to do anything for that device. Only if the user forces it to re-install or tries again would it happen again (plugging it into another USB port would also cause it as well due to the way windows keeps track of things).
-
Hence two writes, and the EEPROM retains its original values. Objections?
Yes,objections : interrupting the sequence leaves the device with an incorrect checksum (probably bricked)
I wonder if the chips respond differently to read requests on odd and even addresses. I know that a similar means of detecting a clone is used in another product. In this case you don't need to do writes at all, resulting in identification without bricking.
-
I wonder if the chips respond differently to read requests on odd and even addresses. I know that a similar means of detecting a clone is used in another product. In this case you don't need to do writes at all, resulting in identification without bricking.
I think you're thinking something like an EEPROM write status register, which I don't believe the driver API would have access to unless there is a specific command for that?
-
If the detection is to write the PID, then check it is 0000 and then rewrite it to what it was, is that not also unauthorized modification of a users product without permission, this time twice, or many more times each time it is plugged in?
Don't forget that EEPROM wears out...
You will exceed the insertion spec of your USB connector before you wear out the EEPROM (provided the clone uses a real eeprom, some have suggested it could be some sort of OTP ROM by looking at the die shots? I'm no expert)
Not necessarily. Rebooting your PC with the device always attached will make the driver write the EEPROM every time.
Not if you keep a list of serial numbers you've determined to be clones inside the driver (windows registry?), then you need to run the check once and store the result. (as on page 88 of this thread)
-
I had probably 1000's of students all of them are certainly end users of an FTDI products (a box of USB>RS-232 adapter cables counts as a commercial product no?) know how to do something as simple as that, students that get development boards know even more about them and I don't see how this is so hard. (The com port numbers get screwy sometimes or some student made software had a dumb limitation of only allowing users to select 10 com port numbers when they could have auto-detected. but anyways people figured out how to fix that easily its just point click interface)
No user who doesn't know how to use google would be unaware of how to fix it. Also need help ask someone it works a lot of the time and for this problem most people should know how to figure it out.
Wow, you don't have much (any?) experience with Dumb End Users of appliances. They make your "1000's of students" look like geniuses. It might take you 30 minutes just to get the USB cable plugged back into the right place after the janitor accidentally pulled it out last night. (And that is after 10 minutes to identify which is the USB cable.)
-
No user who doesn't know how to use google would be unaware of how to fix it. Also need help ask someone it works a lot of the time and for this problem most people should know how to figure it out.
Really? Are you serious? Look around you and open your eyes. There are lots of everyday users who are very competent using their devices, but don't need to know (or wish to know) the insides and how it operates.
Let's not forget our customers/users/family members who didn't ask for their devices to be bricked. How much time has been wasted by the end user because the device doesn't work today, but used to work a few weeks ago.
How many devices have ended up on the trash heap because they just stopped working?
Just because members of this forum have an interest (and ability) in electronics/computing, we should never forget our customers/users/family members may not have that same ability/talent.
FTDI has the right to protect their IP, no argument there. However, a good corporate citizen that respects the final customer (the end user), would have merely notified of the suspect device - "Not an FTDI device - please contact your supplier/manufacturer for the correct driver."
FTDI does NOT have the right to vandalise my device.
Ozwolf
-
I had probably 1000's of students all of them are certainly end users of an FTDI products (a box of USB>RS-232 adapter cables counts as a commercial product no?) know how to do something as simple as that, students that get development boards know even more about them and I don't see how this is so hard. (The com port numbers get screwy sometimes or some student made software had a dumb limitation of only allowing users to select 10 com port numbers when they could have auto-detected. but anyways people figured out how to fix that easily its just point click interface)
No user who doesn't know how to use google would be unaware of how to fix it. Also need help ask someone it works a lot of the time and for this problem most people should know how to figure it out.
Wow, you don't have much (any?) experience with Dumb End Users of appliances. They make your "1000's of students" look like geniuses. It might take you 30 minutes just to get the USB cable plugged back into the right place after the janitor accidentally pulled it out last night. (And that is after 10 minutes to identify which is the USB cable.)
Students labs are designed to be as dumb end user ready as physically possible. Everything that can go wrong will and then more so since some really know what they are doing and do bad things that they knew would cause the worst possible result. (Students unlike dumb users can be both dumb and hostile actors) If you don't think universities are a difficult operating environment consider that a student lab has to work for years (decades even) and labs get handed down from others and thousands of students using the same setups. The chances of something going wrong is far worse than a typical consumer application. (It is really obvious in the lab reports when something went "wrong", results are sometimes hilarious, and sometimes very strange)
If it takes 30 minutes to plug a USB cable back in and 10 minutes to find it how long is that USB cable, I find that absurd. You shouldn't have removable cables if that is your situation and recovery time. Just epoxy the cable in and fill in all the other ports and if it gets ripped out just replace the entire system. Why is the cable in the way of a janitor if your used to dumb proofing that is very poor placement. (Finger safe rated enclosure I think is what you need to keep your janitor out of the area)
-
No user who doesn't know how to use google would be unaware of how to fix it. Also need help ask someone it works a lot of the time and for this problem most people should know how to figure it out.
Really? Are you serious? Look around you and open your eyes. There are lots of everyday users who are very competent using their devices, but don't need to know (or wish to know) the insides and how it operates.
Let's not forget our customers/users/family members who didn't ask for their devices to be bricked. How much time has been wasted by the end user because the device doesn't work today, but used to work a few weeks ago.
How many devices have ended up on the trash heap because they just stopped working?
Just because members of this forum have an interest (and ability) in electronics/computing, we should never forget our customers/users/family members may not have that same ability/talent.
FTDI has the right to protect their IP, no argument there. However, a good corporate citizen that respects the final customer (the end user), would have merely notified of the suspect device - "Not an FTDI device - please contact your supplier/manufacturer for the correct driver."
FTDI does NOT have the right to vandalise my device.
Ozwolf
Open you eyes type "FTDI" into google and read the answers are there...
A user cannot be "very competent" if they are not capable of learning or using something called Google. At best they can be graded as having an "minimally acceptable level of basic knowledge with no further interest in the subject, C 61%". Any competent person should be able to use Google (or any other not as good search engine), otherwise people around them should assist them in carrying out said tasks and teach them who is able to assist them.
HDCP does the (it was working just last week and now it isn't) that much more frequently and there is no effective uproar (You so much as turn on the system in the wrong order and it will quit working for a while). FTDI did the same and the uproar is extreme and correct, although the consequences are in my view trivial, a joke, so far from having a killed device its miles apart, ....
Let me be clear I think FTDI is really mean/evil DRM type actions with that driver but the bypass is a joke sorry it is, ever install a printer that windows refused to install, same process. (There is a pictorial guide on that in the other thread)
I do family tech support and people do ask me to help, it isn't that hard and it isn't a technical skill to ask for help. (interpersonal skills its not a tech thing) Plus how many consumer devices that use the default VID/PID VCP driver are there.
Isn't the most common use a USB to RS-232 adapter cable what kind of non-technically inclined user is going to know today what an RS-232 serial port is or what a null modem cable does or what a huge difference is for TTL Serial signal levels.
FTDI put your device into a non-plug and play reduced functionality state by altering the PID to 0000, it is in no way physically damaged / vandalized (Now students and vandalism that is a real problem). I can help via remote desktop if someone is for some reason unable to follow the picture instructions for this issue. Also plug and play is not something that always existed and not all devices even today are plug-in-play.
A person who is unwilling to learn or ask for help is not going to get much done in at all. (This is broadly applicable and is not something that only certain people have to have)
But yes FTDI should not have left people in a HDCP your device half works just not in the way you really want it to state. They should have just caused a Microsoft driver error (generating custom error messages may add bloat but I'm not sure) and let the device driver fail for that combination.
End result is the same someone who is capable is going to have to look into it (There is no difference really, other than that one warning message you can still bypass it with the same instructions).
-
99% of the end users are not technical people.
They don't know what FTDI is or means.
They would not know to use that as a search term.
Most of them don't know jargon such as 'bricked' and so would not know where to start.
I 100% agree with ozwolf and Richard.
-
99% of the end users are not technical people.
They don't know what FTDI is or means.
They would not know to use that as a search term.
Most of them don't know jargon such as 'bricked' and so would not know where to start.
I 100% agree with ozwolf and Richard.
Seriously no one is going to try typing that this device doesn't work?
(http://i57.tinypic.com/1z3qn9h.jpg)
Have you even attempted to see what a non-default PID says it isn't like windows doesn't give you nothing to go on. (Or is everyone just guessing that it vanishes from windows and says nothing, it gives you a bubble tells you the name of the hardware which you then google)
Type FT232R into google, FTDI. Microsoft asks you select mfg. google answers FTDI. (Doesn't require you to even know what it means windows tells you directly)
Googling are not reserved for the tech elite last time I checked its been many years since the search engine has gone mainstream.
I also highly doubt 99% of FTDI's chips are being used by completely tech illiterate people (prove it, reference(s) please).
-
99% of the end users are not technical people.
They don't know what FTDI is or means.
They would not know to use that as a search term.
Most of them don't know jargon such as 'bricked' and so would not know where to start.
I 100% agree with ozwolf and Richard.
Also this entire point is moot, I think we all agree FTDI can have the driver refuse to work with a fake as long as it doesn't mess around with the PID. In the end a technically inclined user is still going to be required.
What we are talking about here is bypassing FTDI DRM which obviously should require a modicum of skill. (Like enough to install a printer with garbage drivers, very common)
-
99% is a totally inaccurate statement on my part and of course I can not prove it.
The point I am trying to make is that there will be a fairly large percentage of people who really only know how to use facebook and ebay, have purchased a widget from ebay that worked a couple of weeks ago and then suddenly does not.
They may choose to junk it.
They may choose to 'phone a friend'.
A lot of them don't have the skills to open and view the driver details, nor understand what it means.
-
99% of the end users are not technical people.
They don't know what FTDI is or means.
They would not know to use that as a search term.
Most of them don't know jargon such as 'bricked' and so would not know where to start.
I 100% agree with ozwolf and Richard.
Also this entire point is moot, I think we all agree FTDI can have the driver refuse to work with a fake as long as it doesn't mess around with the PID. In the end a technically inclined user is still going to be required.
What we are talking about here is bypassing FTDI DRM which obviously should require a modicum of skill. (Like enough to install a printer with garbage drivers, very common)
Agreed.
Oh, and printers are evil... Don't get me started on that subject... :)
-
99% is a totally inaccurate statement on my part and of course I can not prove it.
The point I am trying to make is that there will be a fairly large percentage of people who really only know how to use facebook and ebay, have purchased a widget from ebay that worked a couple of weeks ago and then suddenly does not.
They may choose to junk it.
They may choose to 'phone a friend'.
A lot of them don't have the skills to open and view the driver details, nor understand what it means.
If they can buy stuff off ebay they probably know how to use enough google fu to figure out that FTDI did something mean/stupid (social media, on twitter wasn't it, was where it exploded) also if they can use ebay and facebook they probably can use forums in general and google to figure it out. The listings typically like advertising their "brand real genuine good FTDI FT232" probably too so it would be plastered all over one of those highly likely to be fake listings.
I'd junk something that I find out is fake (other than the fakes I'm intentionally ordering for purely academic purposes of course). (AC power adapters that are fake/substandard are burn it with fire level of throw out, after tear down of course)(Very badly designed integrated lithum battery devices are also relegated to the this device may spontaneously explode sections disposal or re-work, wouldn't advise tearing down batteries without a proper setup)
Windows has a info bubble popup that says device not installed successfully and basically invites you to click on it and if you click on it says "Device driver software not successfully installed" "FT232R USB UART No driver found". Then even without knowing about the device manager right now they have enough knowledge use google to find help. Windows doesn't say the device is non-functional it says it has no driver for it and asks you to seek assistance from the mfg (which is going to get you an angry you should buy real parts as the response)(but the user probably will go elsewhere slightly or more agitated than before after getting told off in such a manner and find a real solution bypass the change).
Also this entire point is moot, I think we all agree FTDI can have the driver refuse to work with a fake as long as it doesn't mess around with the PID. In the end a technically inclined user is still going to be required.
What we are talking about here is bypassing FTDI DRM which obviously should require a modicum of skill. (Like enough to install a printer with garbage drivers, very common)
Agreed.
Oh, and printers are evil... Don't get me started on that subject... :)
Yes lets not rag on those printers so much lost time.
But if it is possible the driver install error should just say "It's a faaaaaake" and then the google results would be more entertaining to take the edge off finding out that they were scammed.
i just saw this ... is it that easy to unbrick?
https://www.youtube.com/watch?v=RZH_qGautqM (https://www.youtube.com/watch?v=RZH_qGautqM)
You don't need to do that to use the fake chips you just need to force the driver to install it requires no third party programs. Arguably for unskilled users it is easier to just tell them that is the only way and they will learn quickly to just keep doing it on other computers. Just look a bit earlier and it is just like installing a bad printer driver. Also why use MProg when FT_PROG works fine... (Mprog is not needed and FT_PROG is simpler). And if a user has a mac/linux/windows machine then they clearly should know at least a little bit about computers...
You literally just go into FT_PROG and go select default VID/PID, program, done.
-
99% is a totally inaccurate statement on my part and of course I can not prove it.
The point I am trying to make is that there will be a fairly large percentage of people who really only know how to use facebook and ebay, have purchased a widget from ebay that worked a couple of weeks ago and then suddenly does not.
They may choose to junk it.
They may choose to 'phone a friend'.
A lot of them don't have the skills to open and view the driver details, nor understand what it means.
I agree 99% is probably a little low, should be 99.99943%. ;D
-
99% is a totally inaccurate statement on my part and of course I can not prove it.
The point I am trying to make is that there will be a fairly large percentage of people who really only know how to use facebook and ebay, have purchased a widget from ebay that worked a couple of weeks ago and then suddenly does not.
They may choose to junk it.
They may choose to 'phone a friend'.
A lot of them don't have the skills to open and view the driver details, nor understand what it means.
I agree 99% is probably a little low, should be 99.99943%. ;D
Still moot, 0-100% tech/non-tech use of FTDI parts doesn't change the pretty clear conclusion that FTDI can make the new driver block fake devices from working but not mess up the PID of fakes because that is just mean/evil stuff.
Also an unskilled user who cannot even use google is not going to notice the difference between the acceptable driver level block and a non-acceptable PID alteration which does the same thing just is mean/evil because it breaks plug-in play functionality on other OSes. If a person has windows, linux and a mac in the same room then they probably know enough to figure it out.
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
+1
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
A proper product customer support person should be "We will RMA that part right away not sure why that didn't work" (internally panic that fake parts are in their products). But I'm not into product support I'm more into computer IT tech support. (Big differences in operation and objectives, its quite astonishing you simplify every support type into one blob)
And a proper computer tech support organization will start with have you:
1) restarted your computer?,
2) did you search the internal site for guides?
3) did you search for it on google?
and so on before continuing. Most problems would be fixed if you follow that order. Time is limited and IT computer technical support is supposed to solve actual problems not hand hold people through every little task they have to do with a computer. If a user is able to do something themselves then that is much more efficient and if they can be directed to ready made guides even better. Treating them like VIPs is not going to work out in a large scale support situation with limited staff/time/money.
IT support and product support are different (there is no such thing as a one size fits all "customer" or "support organization").
What would you say as a proper customer support oriented organization if someone called you up and said your product contains fake parts google told me, explain right now my IT people said that I should report you and I want a refund right now.
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
Please elaborate on how you think the entire all industries all fields of work end user support world should work. Does everyone get a personal IT support person standing by their side to guide them through the terribly complex process of pointing, clicking, and typing into this strange box the strange person calls a computer?
Which by the way if you want I can do it for you personally for free online to fix the FTDI PID issues if you have any. In IT support if the person is at an ends of their ability then yes people take over but you shouldn't hand hold 100% of the time and must adapt to the situation and person your talking to. For an IT group fixing things like this is peanuts compared to a bad windows update that wasn't caught in deployment testing which can cause many more problems.
-
You are talking to and about the kind of people who read these forums.
I am talking about the customers who buy the gadgets/appliances/whatever that have the FTDI chips in them. They have no clue what FTDI is, they just follow the instructions about plugging in the USB cable. And if it doesn't work then they are on the phone for customer support. They don't know what a driver is or what it does, they just follow the installation instructions and execute the batch file.
You seem to have an extremely narrow view of the world and who the real FTDI users are. This debacle will likely put at least a few small companies out of business because FTDI bricked all their products and now they are trying to fight a forest fire. You appear to have a real blind spot for the broader view of where and how FTDI chips are used out in the Real World.
I am currently working on a product that will use a USB interface for one version. I feel fortunate that this happened before I committed to which solution to select. It will certainly not be FTDI.
-
My wife is not technical at all and even she can install cyanogenmod on her phone.
People are more resourceful than you give them credit for. It's really not rocket science to launch a program, scan for the device and change the pid to 6001.
People replace their own screens and other parts on their cellphones and more complicated things than that by following instructables.
The bad economy has made people be more proactive and don't spend frivolously and fix things on their own instead of throwing something that doesn't work away..
But I guess we wait and see how many people are really affected by this that can't solve it on their own.
Edit: so far I have not heard of any consumer grade device affected by it, but I really haven't tried too hard to find out.
-
My wife is not technical at all and even she can install cyanogenmod on her phone.
People are more resourceful than you give them credit for. It's really not rocket science to launch a program, scan for the device and change the pid to 6001.
People replace their own screens and other parts on their cellphones and more complicated things than that by following instructables.
The bad economy has made people be more proactive and don't spend frivolously and fix things on their own instead of throwing something that doesn't work away..
But I guess we wait and see how many people are really affected by this that can't solve it on their own.
Edit: so far I have not heard of any consumer grade device affected by it, but I really haven't tried too hard to find out.
Also don't people jailbreak, root their phones now regularly so much so it's a public issue. Those mods are not exactly super ultra-simple yet tons of people do it.
-
Well she couldn't have installed it without rooting the phone first, that goes without saying :)
-
You are talking to and about the kind of people who read these forums.
I am talking about the customers who buy the gadgets/appliances/whatever that have the FTDI chips in them. They have no clue what FTDI is, they just follow the instructions about plugging in the USB cable. And if it doesn't work then they are on the phone for customer support. They don't know what a driver is or what it does, they just follow the installation instructions and execute the batch file.
You seem to have an extremely narrow view of the world and who the real FTDI users are. This debacle will likely put at least a few small companies out of business because FTDI bricked all their products and now they are trying to fight a forest fire. You appear to have a real blind spot for the broader view of where and how FTDI chips are used out in the Real World.
I am currently working on a product that will use a USB interface for one version. I feel fortunate that this happened before I committed to which solution to select. It will certainly not be FTDI.
People read forums in general, people read twitter, people use facebook, people talk to people, and tons and tons of people use google search. (It isn't just tech people that do this anymore it is far more mainstream than you seem to be implying)
People are not like a robots where in a robot it is actually dumb if you don't tell it exactly what to do it will do absolutely nothing (at best) forever.
Your going to get into a circular loop your view is also extremely narrow in that people are helpless and totally clueless and can't type into google or read text that clearly says what to do. Plus how many people use the "phone" any more most modern phones don't do phone very well, my nexus 4 had the happy the program crashed message in the middle of a call and I was like this is the world of apps. In any case the end result is explained in a nice example below. And if they did phone FTDI as microsoft suggested they would then probably go onto twitter getting angry at FTDI which would probably be a valid response because FTDI probably wouldn't help them at all and would probably suggest that the caller is at fault for having a fake part.
Also if you assume people are very clueless then they will be so clueless that they would have long lost the manual and contact info (Who reads that anyways) and just stare and listen to exactly what windows and since it says contact FT232R they say ok google what FT232R and contact FTDI instead of mfg because they forgot and just act like robots listening to whatever is right in front of them is telling them.
A good company like sparkfun will literally post our 1st party boards contain real parts and we are checking 3rd party ones now. A bad company is like FTDI sucks (They do but that isn't going to help a end user).
A small company that dies because all their products contains fakes is not the subject of this thread which his about FTDI being mean/evil to end users. They should have sourced real parts and done proper quality control checks and verified that parts sent from reputable sources physically match the ones they are shipping (the fakes are not even identical on the outer case). Some level of technical competence is required to be a successful small business and if they lack the ability to do so then yes they may die but others won't. You seem to have a very odd view of corporate failure to detect fakes being the same level as end users being able to detect fakes, I do not expect everyone to be able to detect fakes but companies (academic/tiny/small/med/large) in the business of making electronics should be able to detect fakes on a basic level at least. (In our system we could even detect if a student substituted a fake on a loaned board it would be very visibly obvious when you have a couple hundred good ones around it)
You are free to use whatever company you want in your designs I am planning on single chip for one project with integrated USB because it needs to be very compact and robust for both dumb and hostile users scopes. Our older designs use FTDI chips and we have a large stock of them sitting around so they will keep using it as well for the foreseeable future because I'm 100% sure the chips are real.
Here is an easy example for a end user that doesn't know FTDI exists or what an FT232R is,
User plugs in device which they did not know had a fake FTDI device to their windows machine and they get a pop-up saying it doesn't work. They are like oh what is going on here (No they probably do not sit there in shock and stare at the screen with a dull blank gaze as if their entire world was upturned by a little innocuous text bubble until the medical professionals come in and preform an emergency brain restart) they think hey this was working just last week. They click on the big inviting bubble that says click for more information and the see. No driver found for FT232R contact the manufacturer for support. Since they are lazy go onto google and ask "What is FT232R". (They get a nice big description and go oh what the hell is that supposed to do, and see FTDI is the maker.) Then since they are also posting on twitter they look FTDI up there they get all the juicy details and or are the start of the social media viral storm and they enjoy it, they savor it, it drives them, etc... . Later people make youtube videos, countless forum posts, picture guides, point to official guides that do the same thing, rants, facebook it, spread the word around. And FTDI backtracks and the user is now hey wait I still have a fake here hmmm I want a refund no I demand a refund.
And it bears repeating that I do think FTDI is being mean/evil with PID altering and it looks to me very much like HDCP magic which I hate with a passion but FTDI does have the rights to stop the device from working with the driver so long as they do not alter the PID to make it non-plug and play. To an end user this is the same end result the device will no longer work. (A small business that failed to detect fakes may suffer as a result but this is why counterfeiting is bad and some level of detecting fake/scams is required more so for SMB as they can't weather any failures like all our devices are fake vs. a large company that can say only a tiny fraction of our devices are affected and so on)
-
Well she couldn't have installed it without rooting the phone first, that goes without saying :)
True, I believe the public issue is the addition, http://www.forbes.com/sites/andygreenberg/2013/03/04/as-white-house-backs-phone-unlocking-close-to-4-6-million-ipad-jailbreakers-left-in-legal-limbo/ (http://www.forbes.com/sites/andygreenberg/2013/03/04/as-white-house-backs-phone-unlocking-close-to-4-6-million-ipad-jailbreakers-left-in-legal-limbo/)
Something few people could do wouldn't get the white houses attention.
-
I am currently working on a product that will use a USB interface for one version. I feel fortunate that this happened before I committed to which solution to select. It will certainly not be FTDI.
Yep, NO MORE FTDI :-+
My wife is not technical at all and even she can install cyanogenmod on her phone.
I'm former IBM iSeries/AS400 developer and administrator and... have no idea what cyanogenmod :wtf: it is and I do not have to since phone I'm using works fine more than 5 years without any software updates :-DMM
-
From http://www.cyanogenmod.org/ (http://www.cyanogenmod.org/)
CyanogenMod is an aftermarket firmware for a number of cell phones based on the open-source Android operating system. It offers features not found in the official Android based firmwares of vendors.
And as for FTDi I should get my wife some flowers ;)
So I will keep on using them, (the florist at least).
I would like if someone will point out what consumer product (not even a vital one) has been affected that is not related to hobbyists.
Hmm, should I plug my USB/RS232 Serial converter cable? It's over a year old and I haven't used it in a while, and never in this Windows 7 system, and it's MADE IN CHINA! :scared:
Hmm, it's taking a while...
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115646;image)
Well, It did install
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115648;image)
Lets check the ids...
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115650;image)
Prolific as the manufacturer? Never heard of them, well at least it doesn't seem like a FTDI clone as in it looks they have their own drivers
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=115652;image)
wow I dodged a bullet :phew: I wouldn't have been able to talk to my RS-232 ... Wait what do I have that uses that cable?
Oh my 2 or 3 year old tegra-2 dev kit, that had a terminal console but that has not been powered up for quite a while now (years) Maybe I have some old network equipment that still use that, can't be my VT-52 I junked it long ago.
But you never know when you need an RS-232 Port (wait... actually my PC has a physical one, not common now a days).
kidding aside I rather use the Cypress chips. But not because of what FTDI did, just because I like how easy is to program the Cypress serial chips.
Edit: I'm still looking for a real consumer product affected, not a hobbyist one but a regular consumer one.
-
This thread is like a record that wont stop, the same arguments are brought up every 5 pages. :box:
-
like " Groundhog Day" ?
It is already said everything. But not by everyone.
FTDI made a big mistake. That's all. And they have not apologized.
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
A proper product customer support person should be "We will RMA that part right away not sure why that didn't work" (internally panic that fake parts are in their products).
You forgot a step:
3) Tell engineering to start switching away from FTDI chips. Even if fake parts have slipped into the supply lines that doesn't give FTDI the right to break your customer's devices and cost you money.
PS: I managed to get that python script running on my Rasperry Pi (it doesn't work on Windows). It declared my cheapo eBay-bought serial adapters as: "GENUINE or a more accurate clone".
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
Yep, a210210200 should do some first level support in the IT department of a large company or for a vendor. If the software can't read the data from the blood sugar tester anymore, it's simply broken for the end user. If you sold 10000 of the testers for US$200 each and get 100 calls with 'broken by FTDI' testers you got a serious problem. Some of the affected users might be able to fix the issue themselfes by following a how-to-fix-it manual, but most will need an hour or two telephone support, I'd suppose. The next product won't have a FT232.
-
And a proper computer tech support organization will start with have you:
1) restarted your computer?,
2) did you search the internal site for guides?
3) did you search for it on google?
The end user calls the support because he has no clue or didn't find anything via a web search. You can ask the questions above but shouldn't insist on 2) and 3), because you're the support. Otherwise your customers would start complaining about poor support. I've done first, second and third level support for business ISPs and carriers. Customers, even engineers (and even network/telco engineers), can be so totally clueless you wouldn't believe it until you've experienced it yourself.
-
I am talking about the customers who buy the gadgets/appliances/whatever that have the FTDI chips in them. They have no clue what FTDI is, they just follow the instructions about plugging in the USB cable.
And those people will continue to not need a clue what FTDI is.
The people who buy stuff that doesn't have FTDI chips in them are the ones that may need to find out what FTDI is and that is rather the point.
For me, it's just not worth the risk to buy either a Prolific-based or an FTDI-based serial cable anymore. I will also not design either of those devices into any of my products.
Because you want to reduce the risk of being found out when you ship product built with fake crap.....
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
A proper product customer support person should be "We will RMA that part right away not sure why that didn't work" (internally panic that fake parts are in their products).
You forgot a step:
3) Tell engineering to start switching away from FTDI chips. Even if fake parts have slipped into the supply lines that doesn't give FTDI the right to break your customer's devices and cost you money.
PS: I managed to get that python script running on my Rasperry Pi (it doesn't work on Windows). It declared my cheapo eBay-bought serial adapters as: "GENUINE or a more accurate clone".
FTDI's driver is their own thing as long as they don't mess up the PID they can refuse to work with a fake non-FTDI part. The PID thing is mean and evil but counterfeits are arguable far worse in their own way.
If you do not do supply chain control your screwed in the medical device area (Like lawsuits will come not from customers but the regulators and government, you'll get your device recalled just for bad QA/QC manuals even if nothing turns up using fake parts) there are best practices and quality control measures that I do at a university lab and I can say with 100% certainty that we have no fakes in our stock of FTDI parts or boards that students have (even if a student swaps in a fake we can detect that).
Engineering can switch away if FTDI leaves a bad taste but saying the supply chain cannot possibly be protected is not a good argument the fakes are observable from the outside casing and there is information online to assist in detecting them (And a mfg of electronics with an FT232R cannot possibly claim they do not know what FTDI is and if they do then something is horribly wrong).
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
Yep, a210210200 should do some first level support in the IT department of a large company or for a vendor. If the software can't read the data from the blood sugar tester anymore, it's simply broken for the end user. If you sold 10000 of the testers for US$200 each and get 100 calls with 'broken by FTDI' testers you got a serious problem. Some of the affected users might be able to fix the issue themselfes by following a how-to-fix-it manual, but most will need an hour or two telephone support, I'd suppose. The next product won't have a FT232.
Hey now blood sugar testers can you refer me to a mfg that is affected by that because I worked at a medical device mfg and I can tell you that they do in fact test everything (destructively) it is mandated everywhere. It would indicate a total failure of supply chain control if fake parts got into a medical device. Quality control in medical devices is so high they do mass spec on the rubbing alcohol to make sure its rubbing alcohol and matches previous batches. Matching chips in stock with previous stock and samples direct from the mfg would be standard operating procedure with per shipment send to another lab to inspect that the chips still meet the physical, electrical, visual (internally too) appearance as the standard established in the operating procedures.
If a medical device mfg had even claims of using fakes it isn't a end user problem the regulators are going to come crashing through the doors saying let me see your SOPs right now. If they don't find them acceptable they will not even care if you have fakes or not and they will ask you recall everything that your not 1000% sure of and can provide proof that nothing is fake with 100% traceability right back to the place it was made.
Anything in the medical area has government regulatory standards and it is best to go overboard than to try and meet some minimum because it can be a moving target and being able to say you did the best of the best is a good defense against getting a bad audit result.
Also I highly doubt any medical device mfg would allow a device which can be modified by computer or rely on an external vendor's software which they do not control unless it was for something non-critical that isn't directly involved (say a mfg programming interface or debug system). In any case they would ship with their own VID/PID and customized drivers at minimum to maintain version control over the software.
A proper medical device mfg would not even have that problem at all and if they did they would immediately ask them to return the product for inspection not provide them any methods to fix it themselves or provide any more support than your product must be returned immediately and to not use it anymore. Your serious problem is the wrong way around. They would post to government bodies that there is a problem with the product and that they may require a voluntary recall should it turn up (since they would know about the FTDI fakes already) that they have allowed fake parts into their supply chain and it somehow got past QA/QC.
Out of the abundance of caution they would start analyzing if the fake parts may have caused corrupted data or worse bad results to be reported, immediately after obtaining fakes and creating specially serialized and marked test units and would create an extensive internal report. The panic from a little blip on a mass spec result sparked a similar response and in the end it turned up to be nothing but a report was still written and corrective actions where taken just to make sure even when nothing was wrong in the first place.
-
And a proper computer tech support organization will start with have you:
1) restarted your computer?,
2) did you search the internal site for guides?
3) did you search for it on google?
The end user calls the support because he has no clue or didn't find anything via a web search. You can ask the questions above but shouldn't insist on 2) and 3), because you're the support. Otherwise your customers would start complaining about poor support. I've done first, second and third level support for business ISPs and carriers. Customers, even engineers (and even network/telco engineers), can be so totally clueless you wouldn't believe it until you've experienced it yourself.
It seems like you have it mixed up if they are so clueless they will forget to try steps 1-3 and reminding them to do it can solve a lot of problems. Assuming they did a web search or looked at the internal information is a big assumption for "clueless users" which I don't think is a good one to make. Most of the time a person forgot in the moment how to do things they normally do and if they did do an unsuccessful Google search then if you ask them what they found it can actually explain things better to the support person than asking them directly because clueless users can also be bad at explaining what they are even calling for and using their searches as an alternate means of digging up what they are actually asking is useful.
If the user goes oh I'll do that and then later comes back saying I found nothing on 2,3 then obviously you go onto #4 and so on.
I've experienced it first hand with students, engineers, even IT staff, doctors, and various other professionals being what you would call "totally clueless" and yes asking the basics like is it plugged in all the way fixed a very (random hard to diagnose error in a complex robotic system) you have to start simple and then go from there otherwise you'll either waste tons of time or never get much done at all.
I've had Cisco support call me back very quickly (15 seconds after I placed an online question) they where very fast and responsive and totally useless. Instead of even saying look at cisco's website or use google they said oh I'll call back with the answer. Their answer it is a feature not a bug, bye. Turns out it was a limitation and there where ways around it and I was just trying to see what my time limited Cisco support was like.
When did I say you do not go on after 1,2,3 those questions are very good starting questions and in this case would work.
-
wow I dodged a bullet :phew: I wouldn't have been able to talk to my RS-232 ... Wait what do I have that uses that cable?
As for FTDI, they:
------------------------------
- arrogantly refuse to admit that they did anything wrong
- have hired PR firms [that hire others] to attempt to hijack this thread
- have not (yet) released any software to fix the damage that they did to innocent end-user's devices
- have not (yet) released a new driver that has the trojan malware removed
- offered no apology for the harm they did to otherwise innocent end-users
- continue to stone-wall cyber-crime investigators
- may have committed an international cyber-crime
- have severely damaged their own brand and their reputation
- have created a scenario where they might be sued in court over multiple issues
I don't know if FTDI is publicly traded, but honestly if I had the money, I would call up a broker and buy some short options on FTDI. This whole thing cannot be good for their company valuation. This is yet another reason to not use any more FTDI chips in my designs-- I am also now worried about the longevity of the company. Also, obviously, someone high up in the company ordered this driver with the trojan malware in it to be created and disseminated. That means that idiots are running the company, and if so then that is yet another reason to not use their products anymore.
Your misusing the terms a trojan virus is a backdoor type virus (you know trojan horse, hidden attack, historical name) that allows an attack to gain entry to a computer for further activities. A more appropriate term would be that it is an evil DRM system similar to HDCP in some respects.
And somehow I doubt I'm hired by FTDI since I think they are stupid and evil for messing up the PID and are very much like HDCP which is pretty horrid as I've described earlier. I'm work at the University of British Columbia and have no relationship with a PR firm or FTDI in any way other than using their chips as you have and watching the youtube video and coming over here to say my TLDR words, if you mean hijack as in discuss and provide pictorial guides/links to fixes/and correcting factually incorrect information then I'd call that a good corrective action hijack.
Also if your running on the presumption that I'm hired by FTDI it makes no logical sense for them to ask someone to say they very much intentionally put the detection code in and it certainly is a form of DRM.
Software does exist to fix the evil PID change use FT_PROG (windows) or FT_PROG (FOSS, linux), and overriding the driver is not hard at all.
There is no cybercrime investigation going on please link it in if you know of one so they technically can't stone wall something that doesn't exist. (ditto for the international cybercrime)
FTDI probably did damage their reputation for me it seems like their support and marketing dept are basically on the other end of an ideal support marketing group for their area of work. Most of FTDI's stuff is used by people like us and if they just searched on google they would have figured out what might happen to them if they pissed of that kind of customer base. Other sites even reported to FTDI and suggested better changes to their driver but they didn't listen (not listening is a very bad thing to do, and if Microsoft refused to listen they would be dead many times over).
-
Actually when they say bad publicity is good publicity they might be right, it might actually help them.
They been on the news stating they are going to ensure their drivers won't talk to clones.
It shows a potential client that, the device is good enough to be cloned and that after FTDI clamps down to use only genuine chips the client will feel confident they are using genuine chips.
Lastly, big news like this makes a small company like FTDI appear to be a giant in the industry.
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
-
For me, it's just not worth the risk to buy either a Prolific-based or an FTDI-based serial cable anymore. I will also not design either of those devices into any of my products.
Because you want to reduce the risk of being found out when you ship product built with fake crap.....
Hi Rufus,
Well, my company only does the electronics design work for our clients. I always spec "genuine" parts in my designs in the BOM. The problem is that when I hand off the documentation to my client, it is my client that obtains bids from various places, and I'm guessing that they go with the lowest bidder. So, who builds my designs and with what parts is completely out of my control.
The reason that I won't use either Prolific or FTDI devices anymore is that there is always at least the possibility for counterfeit parts to end up on the board-- even though I spec'd genuine in the parts list. Both of these companies have shown that they can make some very unwise decisions, and have punished the [otherwise innocent] end-user rather than doing the Right Thing and going after the counterfeiters through legal action. If the product has problems, that can come back to me as something I did wrong [whether deserved or not, I will get the blame]. This will [indirectly] affect my business. So, that reason alone is enough for me to run away from Prolific and FTDI chips. It's too bad really-- I have never had any problems with the FTDI chips and like them very much [technically], but for business reasons FTDI has forced my hand in this matter, and I will no longer be able to use their parts-- no matter how much I like them.
Regards,
Ken
If you do contract design and your customer does the mfg/asmbly and your worried about them not having enough QA/QC to do it then provide them with a guide on detecting fakes and make them sign a contract saying your not liable for use of fake parts in a design that specifies real ones and that information on how to determine the real parts from the fakes is included. And if your going the extra mile provide them with a physical sample of a real part and a fake one glued to board along with a description detailing how to visually see if something is fake at a glance. (A company is responsible for their own supply chain and BoMs usually provide main/secondary/third sources and if you list FTDI/Digikey/Newark (canada perspective) as the official distributors they should use if they use ebay or ali-express then you can go you didn't follow the BoM and those suppliers provide assurances and would definitely respond to accusations that they supplied fakes. My BoMs include pricing analysis from major suppliers including their price breaks and stock levels at the time the BoM was made to provide an indication of pricing and general stock levels amongst major distributors. When I feel like China would be a better source for certain parts that are just too expensive locally I actually do samples myself and verify the supplier and then directly list it, and the samples provided become part of the record for later comparison.
Another useful training tool is to have a challenge board on the flip side that has no indication of fake or real and the person has to pick out the fake which shows they know how to do it.
If they fail to listen or end up with fakes somehow then they will be like we should have listened, instead of being angry for no good reason at you.
If you want to go 150% for good support ask them to send you a pre-production sample so you can non-officially test it out. I'd always want to get a physical sample of something I designed or at least make sure it works if I hand it off to someone else which includes making sure they know how to detect fakes/counterfeits/substandard parts, if your transferring your knowledge/designs imparting some best practices with it doesn't hurt.
-
Actually when they say bad publicity is good publicity they might be right, it might actually help them.
They been on the news stating they are going to ensure their drivers won't talk to clones.
It shows a potential client that, the device is good enough to be cloned and that after FTDI clamps down to use only genuine chips the client will feel confident they are using genuine chips.
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
Probably because consumer goods use their own PID/VID which somehow are not affected. Somehow FTDI managed to shoot both their feet off by hitting the people they need to put their chips into actual designs the hardest :palm:
Then again if it is a consumer/consumeable device people just trash it and buy new. If one of my USB-to-serial cables stops working I'm not going to disect it; I just get a new one.
-
Actually when they say bad publicity is good publicity they might be right, it might actually help them.
They been on the news stating they are going to ensure their drivers won't talk to clones.
It shows a potential client that, the device is good enough to be cloned and that after FTDI clamps down to use only genuine chips the client will feel confident they are using genuine chips.
Lastly, big news like this makes a small company like FTDI appear to be a giant in the industry.
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
Could be true but isn't FTDI already one of the big players in the FT232 market. My predecessor was already a bit leery for me to use a more compact FTDI chip on an old design 2 years ago. (Turns out he was right the chips were recalled the moment I was pressing buy on digikey so the stock went from 1000's to 0 in between me pressing order).
I'd like to see a consumer product as well or even a popular blood glucose meter that even uses FTDI's default drivers it isn't user friendly to see no descriptive name that associates it with your brand. Having a custom driver and PID/VID allow you to make it branded and user friendly as well as provide control over driver updates and certifying things.
Also VID, 1a79 Bayer Health Care LLC is using FTDI chips. (I have one because I'm paranoid)(But it requires its own customized FTDI driver)(The lastest driver they have certified , they do certify software internally, is an modified FTDI driver from 2008)
As I said before a proper medical company would want as much control over everything as possible by using their own custom VID/PID and they wouldn't have been affected even with fake parts. Even then the chances of a fake chip getting into a medical device even a consumer one a next to nothing. (unless they are being malicious like those using industrial silicone for implant companies but that was a shady medical company that was based in Europe I think and was doing very shady things until it quite literally started blowing up as in the implants failed horribly)(I'm sure even though they get extensive travelers (traceability docs) which their part batches they still do independent verification on new lots under the paranoid assumption that there may be an error or the traveller has been faked itself to hid fake parts)
No proper company should say we are not sure if we have fakes and if they are then they are not doing enough QC because there is a reason for it to exist and that is to root out out of spec parts, damaged stock, counterfeits, theft, and so on.
-
Actually when they say bad publicity is good publicity they might be right, it might actually help them.
They been on the news stating they are going to ensure their drivers won't talk to clones.
It shows a potential client that, the device is good enough to be cloned and that after FTDI clamps down to use only genuine chips the client will feel confident they are using genuine chips.
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
Probably because consumer goods use their own PID/VID which somehow are not affected. Somehow FTDI managed to shoot both their feet off by hitting the people they need to put their chips into actual designs the hardest :palm:
Then again if it is a consumer/consumeable device people just trash it and buy new. If one of my USB-to-serial cables stops working I'm not going to disect it; I just get a new one.
Actually I'm pretty sure one if Bayer is using it then lots of medical device mfgs are using it too and they probably have very tight control on the supply chain. With a custom VID/PID the device will only work with the provided customized drivers so these won't update unless the mfg itself updates them. So if that is the case then even if the hobbyists market evaporates medical devices move so slow it will be decades and probably never when they even being to consider other options. (Medical devices move so slow, so much RnD on the simple things, so much double/triple/quad checking, its great but it is slow)
If my USB to serial cable stopped working I wouldn't throw it out because at home I always lose them and even though I probably have 15-20 USB to RS-232 adapters and cables I can always only find one or two when I need them. Not to mention if I get a driver not found message which is exactly what happens when FTDI messes around with your PID I'd be "like what the hell windows eat the driver" and then force it down its mouth. Shipping is more than the cost of the cable I'd just override the driver.
-
Just purchased a USB to RS232 DB9M cable from ebay for £1.11. I have no idea if it is using FTDI, Prolific, or other chips. It was less hassle than me rooting through all my old parts bins to find one of my old Prolific cables. I don't think I've ever had an FTDI, I guess I may find out in the next few weeks when Shenzen to UK post arrives.
-
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
In fact one member on my forum might have his product (Lumibox, a LED driver PWM controller) bricked.
It starts here (in french, sorry) http://aquaohm.xooit.eu/t1986-Rampe-LED-R-cifal-850-litres.htm?start=40#p31713 (http://aquaohm.xooit.eu/t1986-Rampe-LED-R-cifal-850-litres.htm?start=40#p31713) one day the product is OK, the next it's not recognised anymore (tested on 3 differents PC, tested another USB cable, etc.)
-
Actually when they say bad publicity is good publicity they might be right, it might actually help them.
They been on the news stating they are going to ensure their drivers won't talk to clones.
It shows a potential client that, the device is good enough to be cloned and that after FTDI clamps down to use only genuine chips the client will feel confident they are using genuine chips.
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
Probably because consumer goods use their own PID/VID which somehow are not affected. Somehow FTDI managed to shoot both their feet off by hitting the people they need to put their chips into actual designs the hardest :palm:
Then again if it is a consumer/consumeable device people just trash it and buy new. If one of my USB-to-serial cables stops working I'm not going to disect it; I just get a new one.
Actually I'm pretty sure one if Bayer is using it then lots of medical device mfgs are using it too and they probably have very tight control on the supply chain. With a custom VID/PID the device will only work with the provided customized drivers so these won't update unless the mfg itself updates them. So if that is the case then even if the hobbyists market evaporates medical devices move so slow it will be decades and probably never when they even being to consider other options. (Medical devices move so slow, so much RnD on the simple things, so much double/triple/quad checking, its great but it is slow)
There is life support medical and consumer medical. Consumer-medical isn't much beyond consumer grade equipment. Most of the low cost tele-healthcare medical devices like blood sugar and blood presure testers are made in China so the chance there is a FT232 compatible chip in there is very large (if it needs USB to UART and the designers choose for the FT232). The market for tele-healthcare devices is very competitive so every penny counts.
-
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
In fact one member on my forum might have his product (Lumibox, a LED driver PWM controller) bricked.
It starts here (in french, sorry) http://aquaohm.xooit.eu/t1986-Rampe-LED-R-cifal-850-litres.htm?start=40#p31713 (http://aquaohm.xooit.eu/t1986-Rampe-LED-R-cifal-850-litres.htm?start=40#p31713) one day the product is OK, the next it's not recognised anymore (tested on 3 differents PC, tested another USB cable, etc.)
It's ok, I understand french, I'm not saying that it didn't affect people, but not the general consumer.
I don't know what the Arduino Nano 328 based Lumi-Box is, but it seems like it's targeted for people that are experimenting with micro controllers.
Nevermind I did find the Lumi-Box and it seems Arduino based:
http://lumi-box.net/boutique/lumi-box-v2/ (http://lumi-box.net/boutique/lumi-box-v2/)
What I was asking was for a consumer grade product, because those are the ones that probably can take legal action. Easier than someone that hangs on electronic forums that will know quick how to revert what FTDI did.
-
because it is not the *public at large* that designs their chips into products-- it is [in fact] people like me
doubtful
I'm not going to design their chips into my client's products anymore. ... I would still be designing FTDI chips in-- I never would have started to look around for alternatives, and I never would have found the quite wonderful, low cost CP2104 from SiLabs, which does everything I needed the FTDI chip to do, but at 1/4 the price!
if you actually designed usb-serial chips into products you would have known the Silabs parts long ago. of course I'm talking about actual products not the arduino breakout boards people sell in the hundreds and because of that like to call themselves design Engineers.
-
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
In fact one member on my forum might have his product (Lumibox, a LED driver PWM controller) bricked.
It starts here (in french, sorry) http://aquaohm.xooit.eu/t1986-Rampe-LED-R-cifal-850-litres.htm?start=40#p31713 (http://aquaohm.xooit.eu/t1986-Rampe-LED-R-cifal-850-litres.htm?start=40#p31713) one day the product is OK, the next it's not recognised anymore (tested on 3 differents PC, tested another USB cable, etc.)
Does it show up as an FT232R in the device manager on windows with no driver found error? If it doesn't enumerate (as in be detected not fully work) at all on multiple systems then something else is wrong.
-
Actually when they say bad publicity is good publicity they might be right, it might actually help them.
They been on the news stating they are going to ensure their drivers won't talk to clones.
It shows a potential client that, the device is good enough to be cloned and that after FTDI clamps down to use only genuine chips the client will feel confident they are using genuine chips.
And still not a single case of a consumer grade product affected by this, it's been a week, someone should have encounter one by now.
Probably because consumer goods use their own PID/VID which somehow are not affected. Somehow FTDI managed to shoot both their feet off by hitting the people they need to put their chips into actual designs the hardest :palm:
Then again if it is a consumer/consumeable device people just trash it and buy new. If one of my USB-to-serial cables stops working I'm not going to disect it; I just get a new one.
Actually I'm pretty sure one if Bayer is using it then lots of medical device mfgs are using it too and they probably have very tight control on the supply chain. With a custom VID/PID the device will only work with the provided customized drivers so these won't update unless the mfg itself updates them. So if that is the case then even if the hobbyists market evaporates medical devices move so slow it will be decades and probably never when they even being to consider other options. (Medical devices move so slow, so much RnD on the simple things, so much double/triple/quad checking, its great but it is slow)
There is life support medical and consumer medical. Consumer-medical isn't much beyond consumer grade equipment. Most of the low cost tele-healthcare medical devices like blood sugar and blood presure testers are made in China so the chance there is a FT232 compatible chip in there is very large (if it needs USB to UART and the designers choose for the FT232). The market for tele-healthcare devices is very competitive so every penny counts.
Attaching the word medical means a new world of QA/QC that you do not seem to understand. A 5cent disposable part under goes far more testing and QA than the same 5cent part in non-medical use.
Just because something is made in china does not automatically mean it contains fake parts and has no QA/QC. Last time I checked countless top quality firms use china.
A blood glucose meter is a medically critical type device people who do not have the ability to regulate or produce insulin need a blood glucose meter to tell them how their body is responding or for caretakers to know how to care for the patients. Those that can not easily communicate the early symptoms of hypoglycemia a hand held consumer medical meter is a critical tool for caretakers. I've torn down my meter and tested it against a draw 5ml blood test and it is well within spec even without calibrating it. Early detection and response tracking is what a glucose meter is for and it is very important that they work and report accurate results and no chances would be taken on risking it with fake chips.
A simple/free/cheap meter doesn't mean it is crap quality it is so cheap to get because people need it to cope with diabetes. I'm just paranoid so I measure my blood sugar level anyways but for others it is a choice between going blind or dying as not being able to measure your blood sugar can seriously compromise the management of diabetes.
The meters are certified for "In Vitro Diagnostic Use" and given that I worked at a place that was certified for implantable devices (which probably has the highest level of controls) and a much lower level of "not for diagnostic use, RnD only" which oddly followed basically the same standards I think your making some bold assumptions about consumer medical devices. (Standards exist in europe, us, ... that regulate these devices that provide critical diagnostic information)(Doctors use these meters too to evaluate patients in clinics/hospitals for quick measurements so a dependable device is not a light matter when your talking about prescribing drugs or providing medical advice based on the information the meter provides)
Sure a off label, china direct product with no certifications, no regulatory label, nothing at all, is certain to just be a toy. But real medical devices even consumer level ones have the proper controls even for instruments meant only for RnD that are not used to (strictly speaking) to diagnose or provide clinical information on patients.
You seem to misunderstand QA/QC is basically invisible to the end user and if it is working everything would be the same if by chance they got away with it. But QA/QC is meant to detect fakes, damaged/out of spec shipments, compliance with local and international standards, best practices, auditing, record keeping, .... (All things no one ever sees normally)
The moment you attach medical and I'm talking about real medical devices that have the appropriate labels and government approvals (which includes blood glucose meters) then they would not be affected.
And as a single point of reference I intentionally mangled my blood glucose meter's VID/PID to test against the evil driver and it is fine (Nor would it have been affected even if it was because its called defense in depth and they only use an old driver that they obviously qualified long ago with a custom signed driver with their own VID/PID combination). The package appears to be the real thing as well. To change something simple like a USB port on a device like this which technically isn't critical in my meter requires a lot of paperwork, approvals, testing. (And to the end user they won't notice a thing)
Plus they offer meters so cheap because they get you on the supplies (Like a printer). Test strips and lancets (also highly regulated) are constant ongoing costs.
-
@a210210200:
You know, not once have I ever mentioned your online "handle" when accusing the FTDI "fixer" of hiring "shills" to inundate this forum with false propaganda and diversions from the real truth about FTDI's driver that contains a trojan malware. Yet, every time I did broach this subject, for some reason you felt the need to chime in, and proudly declare that you were not such person. So, since I didn't ever name names, why did you feel the need to defend yourself every time I did this?
Ok you didn't mention my handle but do you know what a pronoun means. Read below its a good example of how to follow pronouns in referencing nouns (in this case a user's handle)
[My TLDR response to you goes here] Followed by you saying the pronoun shown below.
You are obviously a "shill" for FTDI. AND, you are *WRONG*. Your use of the phrase "faking the VID/PID" shows a lack of understanding in how USB works. There are many other signatures that an O/S can use to determine what the device is-- not just the VID/PID, and your [FTDI's] MALWARE driver proves this-- as it has no problem identifying a chip that was not made by FTDI.
It is pretty unambiguous who you were replying to because you replied to me directly.
I don't think I need to even respond to anything else other than pointing out that you just demonstrably lied outright under the assumption no one reading your post (including me) would bother to verify your claim.
-
Aww Rufus? You're still here trolling? SMH...
My story is, I don't know if my chips are genuine or not.
I bought them from a legit source, and paid the $8-9 they normally cost. But I still can't tell if they're genuine or not, because I don't have access to their supplier's supply chain data. All it takes is for one person to screw up. I've had some trouble getting them to work, and when I looked into it, there's at least one device with a PID of 0x000. PID 0x0000 also happens to occur when there's a comm error, so how's a brother to know?
I installed Ubuntu on my main machine JUST TO CHECK IT OUT. At this point I've already lost a dozen hours or more. Ubuntu reports that the chip is ok, and I'm likely having some other problem. I asked FTDI how I can tell if they're fakes, and they told me that they're working on a detection tool, supposed to be released any day now. So I wait..
They're probably genuine, and I STILL lost all this time/money. I did my due diligence and still I'm stuck waiting for FTDI to release it's detection tool. If I were a big company, this would literally have cost me tens of thousands of dollars through no fault of my own.
Rufus, bite me. FTDI did the wrong thing. Even if I have the real deal, it still sucks ass. You call is bluster, but it's not: I don't trust FTDI anymore and will go FAR out of my way not to design them into future products. That's not bluster, that's pragmatism.
-
Aww Rufus? You're still here trolling? SMH...
My story is, I don't know if my chips are genuine or not.
I bought them from a legit source, and paid the $8-9 they normally cost. But I still can't tell if they're genuine or not, because I don't have access to their supplier's supply chain data. All it takes is for one person to screw up. I've had some trouble getting them to work, and when I looked into it, there's at least one device with a PID of 0x000. PID 0x0000 also happens to occur when there's a comm error, so how's a brother to know?
I installed Ubuntu on my main machine JUST TO CHECK IT OUT. At this point I've already lost a dozen hours or more. Ubuntu reports that the chip is ok, and I'm likely having some other problem. I asked FTDI how I can tell if they're fakes, and they told me that they're working on a detection tool, supposed to be released any day now. So I wait..
They're probably genuine, and I STILL lost all this time/money. I did my due diligence and still I'm stuck waiting for FTDI to release it's detection tool. If I were a big company, this would literally have cost me tens of thousands of dollars through no fault of my own.
Rufus, bite me. FTDI did the wrong thing. Even if I have the real deal, it still sucks ass. You call is bluster, but it's not: I don't trust FTDI anymore and will go FAR out of my way not to design them into future products. That's not bluster, that's pragmatism.
For fake detection visually, (Outer package can be used as it looks different than the real thing)
https://thecounterfeitreport.com/product/562/FTDI--Chip-FT232RL-Chips.html
VID 0000 and PID 0000 is an indication of a communication error (edit: which is unrelated to the PID modification the driver can do). And many parameters will also be blank.
FTDI did screw up big time, why not release a tool to let at least authorized distributors check and better yet anyone. My SSD has a check genuine button and I highly doubt someone is going to be able to fake a SSD easily that can trick a very vertically integrated SSD like samsungs.
-
Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm (http://www.ftdichip.com/FTDrivers.htm)". A slightly more expensive device uses a driver specifically written for the module concerned.
I have purchased the more expensive product, the FTDI brand is now poisoned.
-
Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm (http://www.ftdichip.com/FTDrivers.htm)". A slightly more expensive device uses a driver specifically written for the module concerned.
I have purchased the more expensive product, the FTDI brand is now poisoned.
The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.
I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.
-
Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm (http://www.ftdichip.com/FTDrivers.htm)". A slightly more expensive device uses a driver specifically written for the module concerned.
I have purchased the more expensive product, the FTDI brand is now poisoned.
The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.
I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.
Good luck with that... That has to be the more twisted thinking i've seen so far in this Topic.
You're not understanding that as long as margins allow counterfeiters to emulate a chip and win some money, they will just get better at emulating the original chip behaviour, even the glitches of it (like the one used in the current attack). At the end it will be almost impossible to detect a counterfeit from an original, even for FTDI itself. FTDI could launch a new model with security added, but they must mantain support for all the current models, which lack of it and will be always target of counterfeiters.
As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.
-
Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm (http://www.ftdichip.com/FTDrivers.htm)". A slightly more expensive device uses a driver specifically written for the module concerned.
I have purchased the more expensive product, the FTDI brand is now poisoned.
The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.
I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.
In an ideal world maybe. The functional equivalent chips which are rolling of the production line as we type are already resillient against FTDI's bricking algorithme so now FTDI has to devise another way to make their driver not wanting to talk to functional equivalents. This cycle will repeat until the FTDI drivers will produce false positives for devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.
-
Just gotta love the logic here... A==B, B==C, therefore Z==42.... :palm:
It is the apparent inability of various posters here to identify causes and effects and make reasoned logical argument that has kept me picking away at this thread. I haven't been affected by the issue. I don't particularly care about FTDI. I just argue with people talking shit.
As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.
So when you ship product built with fake crap of unknown quality and origin you would rather there was less risk of the customer finding out. Thanks for confirming that and that I should continue to consider use of FTDI chips as an indication of quality.
This cycle will repeat until the FTDI drivers will produce false positives for devices with genuine FTDI chips inside. Do you want to take that risk?
Another grapsing at straws FTDI are going to brick their own product claim and yes I would prefer to buy product from a supplier with enough confidence in their quality control to take that risk.
-
As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.
So when you ship product built with fake crap of unknown quality and origin you would rather there was less risk of the customer finding out. Thanks for confirming that and that I should continue to consider use of FTDI chips as an indication of quality.
If there are FTDI counterfeit chips in the world (and there are), and we should blame someone, that would be FTDI:
* Their products have been always more expensive that others similar. This allowed counterfeiters the luxury of designing a counterfeit part based in a microcontroller;
* Zero security. Even the counterfeit parts look sharper and with better laser printing.
I'm not in favour of conterfeiting. I create IP too and would hate to see it stolen. But i know in what world were're living, so i make just the opossite as FTDI: my profit margin is moderate to discourage conterfeits, and my designs are heavily loaded with security measures. If they get counterfeited, i would hate it, as i said, but I WOULD NEVER TAKE IT AGAINST MY CUSTOMERS. NEVER. I could never do that. I know doing it would be the perfect recipe for company suicide (as Dave said in his video).
-
It's ok, I understand french, I'm not saying that it didn't affect people, but not the general consumer.
I don't know what the Arduino Nano 328 based Lumi-Box is, but it seems like it's targeted for people that are experimenting with micro controllers.
Nevermind I did find the Lumi-Box and it seems Arduino based:
http://lumi-box.net/boutique/lumi-box-v2/ (http://lumi-box.net/boutique/lumi-box-v2/)
What I was asking was for a consumer grade product, because those are the ones that probably can take legal action. Easier than someone that hangs on electronic forums that will know quick how to revert what FTDI did.
That is the (new) version 2. The standard lumibox is a standalone general consumer product. IMHO the majority of the consumers doesn't know why their products doesn't work anymore and just buy another, I think it's why we don't see more complain from the general public.
Does it show up as an FT232R in the device manager on windows with no driver found error? If it doesn't enumerate (as in be detected not fully work) at all on multiple systems then something else is wrong.
It does enumerate but it's not recognised by the lumibox software anymore.
-
It's ok, I understand french, I'm not saying that it didn't affect people, but not the general consumer.
I don't know what the Arduino Nano 328 based Lumi-Box is, but it seems like it's targeted for people that are experimenting with micro controllers.
Nevermind I did find the Lumi-Box and it seems Arduino based:
http://lumi-box.net/boutique/lumi-box-v2/ (http://lumi-box.net/boutique/lumi-box-v2/)
What I was asking was for a consumer grade product, because those are the ones that probably can take legal action. Easier than someone that hangs on electronic forums that will know quick how to revert what FTDI did.
sorry for the quite off-topic post, but are those really metal can transistors and a socket-ed through-hole DIP8 in that lumibox thingy which is supposed to be a recent design ?
-
Yeah :) so what? you don't have to use SMD everywhere just because the majority of the constructors do that...
-
Yeah :) so what? you don't have to use SMD everywhere just because the majority of the constructors do that...
of course you can use THT, but costs are going rocket high with THT in mass production....and not talking about the metal can transistors - anything metal can is at least 5-10x more expensive than the equivalent part in a plastic case.
but back to the FTDI topic - that lumibox thing is not a correct example of an affected product - that thingy is using a arduino nano board and apparently a cheap clone of a nano with fake FTDI ;) if they would have used genuine nano boards (i know... it would be a financial suicide) then it would have not been affected.
-
Yeah, but in this case it's not mass producted. It's only produced at the customers demand -> "Fabrication à la demande. Délai de fabrication : 72h."
I don't know if they use the fake part knowingly or not. I just replied to the "not a single case of a consumer grade product affected" statement.
-
Hiya folks - first post on forum ever so try to be gentle!!
I would like to give a perspective as an end user.
I have an interest in electronics - hobbyist level and some experience in computers but don't have an operational linux system at the moment - changing distros and hardware and lost my USB sticks again....!!
I don't understand the comments that if something is broken then the user is less than useless if they don't do a google search to see what the problem may be.
My interest is usb-serial devices and an arduino board.
The usb-serial are used for installing/debugging linux and solaris on my sunfire v490 and DL485 servers that I'm playing with.
I also have started to use an arduino mega board. I have absolutely no idea if my items contain clones and would never have suspected this until I followed the Hackaday link to this forum.
I have now read up to 80 pages here regarding this with considerable interest.
If I developed a problem - I would have suspected a configuration problem with the computers and terminal software used and would have spent many hours trying to sort this out - I did initially to get the damn things talking with numerous problems getting the drivers to actually work and software configs.
SO - if a device silently stops working because it has been bricked - the user will naturally concentrate on problems with the items being connected - NOT the connection hardware that has been working previously.
A bricked device completely buggers up a normal end user.
Now - what is important to me as an end user - I don't want to risk my paid for hardware being tampered with, I certainly don't want to waste time correcting such a change. I want to enjoy my hobby.
So since becoming aware of this problem I have not connected the devices to any of my computers until I know that it will be safe. When will we know that an updated driver is available that will not potentially brick devices - that is my personal concern.
Cheers to everyone. :)
-
@medical-nerd. Welcome to the forum!
I'm pleased to read your comments as you speak from the end-user point of view. This is the view that FTDI ignored, and their business will suffer.
Stick with the forum, there is heaps to learn here!!
Ozwolf
-
I would like to give a perspective as an end user.
I have an interest in electronics - hobbyist level and some experience in computers...
I don't understand the comments that if something is broken then the user is less than useless if they don't do a google search to see what the problem may be.
That is NOT the "perspective as an end user". You are looking at it from the perspective of a hobbyist experimenter. Granted most people in these forums are hobbyist experimenters, but there are also people out there making commercial products with FTDI chips in them.
If you developed some specialist niche product for sale and had hundreds or thousands of them out there for some vertical market (stamp collectors, or people who make quilts, or whatever) your customers quite possibly have little or no experience with computers beyond using them as a magical appliance.
Now, if their computer got automatically updated (because automatic updates are recommended to protect them against malware) and the new FTDI driver turns out to be malware and bricks their device (because you were unlucky enough to unknowningly use a counterfeit chip), all they know is that their gadget stopped working. They don't have a clue that there is something in there called FTDI (real or counterfeit) and they wouldn't even know that there was anything to Google for or that they could possibly fix it. And even if they DID do all that, the "fix" is very fiddly and not end-user friendly.
People here seem to live in a world of their own little workbench and never consider that some people develop products for sale to end-users who are NOT computer experts, and never will be. And we have seen accounts of people ending up with counterfeit chips even when acquired through "official" channels. Nothing is certain in life but death and taxes. Getting a genuine chip (of any brand or model) 100% of the time is a foolish pipe-dream.
-
...have hired PR firms [that hire others] to attempt to hijack this thread
Is this a known fact or at in foil conspiracy?
-
...have hired PR firms [that hire others] to attempt to hijack this thread
Is this a known fact or a tin foil conspiracy? (edit: fixed it for you, took me a while to make sense of it)
I don't know about others but I'm expecting my FTDI check any day now :-DD
-
Hiya
I'm not saying that I'm a computer expert, and a hobbyist experimenter is an end-user albeit with a little more knowledge.
By design an arduino board is supposed to be used by people with little electronic/computer knowledge - if FTDI bricks these boards bought by 'clueless' individuals not realising that an arduino clone may contain susceptibilities to this (including myself) then they are doing a disservice to a wide range of people.
My aim in posting was to demonstrate that if my devices were bricked then I wouldn't normally have a clue as to why my equipment wasn't working. It is only because I regularly look at hackaday that I became aware of this issue and through them discovered this very interesting forum.
I agree with all you say Richard except that I buy a device and use it - how then am I not an end user? I was only demonstrating that a fortuitous coincidence made me aware of this issue before it may have affected me. I can't think of anyone I know that would have a clue.
I only wish I had time to live in a world of my own little workbench!! :)
Cheers to everyone. :)
-
It makes you(me) afraid to plug in things to my computer... Like my Golf GPS that I update regularly. It would suck if i couldn't update it anymore.... Silicon Labs USB chips for my designs going forward! :)
-
Just wondering, is anyone going to name the manufacturers or distributors that they have recently found to have supplied fake (not clone) FTDI components instead of what was specified?
Has it happened?
It might be worth working out what else is wrong in the supply chain.
-
Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm (http://www.ftdichip.com/FTDrivers.htm)". A slightly more expensive device uses a driver specifically written for the module concerned.
I have purchased the more expensive product, the FTDI brand is now poisoned.
The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.
I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.
Good luck with that... That has to be the more twisted thinking i've seen so far in this Topic.
You're not understanding that as long as margins allow counterfeiters to emulate a chip and win some money, they will just get better at emulating the original chip behaviour, even the glitches of it (like the one used in the current attack). At the end it will be almost impossible to detect a counterfeit from an original, even for FTDI itself. FTDI could launch a new model with security added, but they must mantain support for all the current models, which lack of it and will be always target of counterfeiters.
As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.
Technically that is going to be true for any chip like and FT232RL counterfeiters will just move on if you move on or better yet they will have fakes for everything (probably already do have it for most relatively simple common parts). The only sure fire way to detect the fakes is to look at the die itself. But making the mechanical outer physical package identical is actually harder than it sounds given that counterfeiters typically don't bother with too much quality control or tolerance controls.
No bug based driver based detection is going to last because now that the secret is very openly revealed it will be easy for them to close that detection route. Just like no amount of DRM works. But there is an out that works on physical products things like counterfeit drugs exist yet there are many very difficult to defeat even if they know the detection system exists. Just using something like a high end laser engraver or doing something a bit odd with the package that makes it difficult to physically copy without the same equipment is basically how money is made counterfeit resistant. If the go along the route of adding very large serial number storage then they could provide strong cryptographically signed and static serials that could be verified like an intel CPU or SSD in addition to just looking at the chip's physical marking/package.
Once you start looking at the difference in laser/printed, injection mold marks, plastic types, surface finishes, lead texture, and so on are very difficult to hide a counterfeit copy unless they are being taking off the official production line. A 10x jewelers loupe is what I use to inspect parts in this manner and they are cheap, batteryless, and tiny. And work well in both part and board inspections for on the spot quality grading/detection of abnormalities. (You just need to practice a bit before you can do it quickly and well) This is all about QC/QA on the mfg side of course.
I still have and sparkfun reported that they have a whole pile of designs with FTDI parts in them and it isn't worth the effort to remove FTDI chips out of the fear of getting fakes with proper QA are not in the product stream (I verified my stocks when I got them, and Sparkfun reports they do the same as well), I've even checked the die of a sample real FTDI chip at home with nothing more than fire and a scanner in 5 minutes flat and it matches the known real die shots (my die image quality is crappy but its clear enough).
FTDI is just doing the whole not listening to customers or people who are willing to help thing and it is really biting them back hard. (People provided info to FTDI directly on counterfeits detected in market and FTDI never really listened at all, they recommended a more verbose warning driver and tools to help others detect but then the PID altering driver came and it basically blew up in FTDI's face) Had they engaged the community which is perfectly willing to help root out illegal counterfeiting it would have been a different story.
-
Here is a real live example of the problem that FTDI now faces. I wish to purchase a GPS module for a project and I have two choices, the cheapest unit includes in the manual the instruction "download the latest USB driver from www.ftdichip.com/FTDrivers.htm (http://www.ftdichip.com/FTDrivers.htm)". A slightly more expensive device uses a driver specifically written for the module concerned.
I have purchased the more expensive product, the FTDI brand is now poisoned.
The opposite is true. How long do you think a GPS module which immediately bricks itself and gets returned for refund is going to remain on the market? Probably already and certainly in the future something which claims to use an FTDI chip will very likely have a genuine FTDI chip while things that don't are more likely to have a fake or clone chip of unknown quality and origin.
I am now even more likely to choose a device using an FTDI chip because I will take it as an indication of quality - as it ever was.
In an ideal world maybe. The functional equivalent chips which are rolling of the production line as we type are already resillient against FTDI's bricking algorithme so now FTDI has to devise another way to make their driver not wanting to talk to functional equivalents. This cycle will repeat until the FTDI drivers will produce false positives for devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.
This logic is applicable to all types of items counterfeiting will exist and will always try to evade measures against it. That doesn't mean there should not be any barrier for it. I'd go for more physical counterfeiting protections because those are actually much harder to duplicate well enough to pass off as a real thing and is requires no computer to check/verify.
Even if the new chips don't get detected by the driver they probably still use the exact same markings and physical package. Which is readily identifiable as a fake. FTDI is barking up the wrong tree by trying to use a easily bypassed driver. (Which people have completely reverse engineered to show exactly what it does)(With physical changes even if you know what the ideal is it may either be too expensive or just not attainable by a counterfeiter.)
Economically speaking computer chips by weight are extremely high value products and arguably do require extensive control throughout the supply chain (from end to end to prevent tampering).
-
As simple as i see it is, i think, as simple as (almost all) people see it: you just can't buy or design nothing with a FTDI device on it. As simple as that.
So when you ship product built with fake crap of unknown quality and origin you would rather there was less risk of the customer finding out. Thanks for confirming that and that I should continue to consider use of FTDI chips as an indication of quality.
If there are FTDI counterfeit chips in the world (and there are), and we should blame someone, that would be FTDI:
* Their products have been always more expensive that others similar. This allowed counterfeiters the luxury of designing a counterfeit part based in a microcontroller;
* Zero security. Even the counterfeit parts look sharper and with better laser printing.
I'm not in favour of conterfeiting. I create IP too and would hate to see it stolen. But i know in what world were're living, so i make just the opossite as FTDI: my profit margin is moderate to discourage conterfeits, and my designs are heavily loaded with security measures. If they get counterfeited, i would hate it, as i said, but I WOULD NEVER TAKE IT AGAINST MY CUSTOMERS. NEVER. I could never do that. I know doing it would be the perfect recipe for company suicide (as Dave said in his video).
Not that simple, the fakes do not have "better" markings than FTDI because that is not possible (FTDI's own markings by definition would be the "perfect" markings to have). A chip that has anything different than the original would not be original. Say if the chips came with top quality thick dipped gold plated leads which never exists in an official product line it would be a dead giveaway. (Also the FTDI FT232 fakes do not appear to have laser engraving look at the reports and die shots the fakes look visibly different on the package level and the die shots confirm that they are fakes)
Fakes can be blamed on counterfeiters trying to contaminate supply chains and catching unaware mfg's that do no QA on their materials and people who actually do seek out the mfg products with fake parts to pass them off as superior products with fake branded parts. So not 100% of the blame can be placed on pricing your product too high. (It probably is one of many factors)
FTDI should have listened and worked with mfg/suppliers/developers instead of surprising everyone with look were going to "fix it" by not fixing anything at all and making just making people angry/incensed. Counterfeiting is a complex problem which no simple/single solution exists.
-
How many WRONGS make something RIGHT?
Some countries have Laws saying that they can take a kids money because it's counterfeit.
Is that a Right or a Wrong.
I hear some countries actually care. The kid would be told to take it to a bank and be asked were the kid got the bill when the bank replaced it.
A lot of harm here.
The bank was harmed even it the country replaced the counterfeit, Time and Reports.
The Kid also was harmed due to the time and hassle of getting to the bank.
At least you can say that the country that replaces the bill is trying to do the right thing. The country is paying for it's bill that were to easy to copy and pass.
Way back Compaq and others made a IBM compatible computer. Some of the others lost in court but Compaq won in court. Some users ran IBM software on their Compaq. I have not ever heard of a case of IBM intending to cause harm to a Compaq computer. I have heard of IBM going way out of the way Not to harm a computable. While I am no fan of IBM, they did not do more wrongs, IBM actually tried to prevent any possible harm.
note also that IBM tried to regain the control with the PS2
(http://en.wikipedia.org/wiki/IBM_Personal_System/2)
Which resulted in more copied to the PC Computable
In my pile of Old keyboards I probably still have one that has a config switch that changes it from being XT compatible to PS2 Compatible. Some do not have all the different modes that a real IBM keyboard has but the other modes were not used with a PC compatible. So here you have something IBM did not do( the config switch ) and a known poor copy ( missing other modes ).
Some are saying VID/PID is proof that it's a clone. Sorry not buying that C***. It's a very big world out there and anyone can program those. FTDI's own chips show that they can be reprogrammed many times to different VID/PID's. And it may not be using any of FTDI's software when done if not on windows.
What really makes it worse is that FTDI did not go after everyone using their driver in their lie. They targeted the little guy, the ones most likely to say it broke and buy a replacement. They even hid the fact that they thought that they zapped a clone or fake.
So far I see the following
1. Chips with FTDI LOGO on them. Yes if not made by FTDI nail them with a Copyright law, but you do not know this just by looking and if it's in something you can's see it!
2. Internal scans of what could be a legal clean room clone. May or not be legal. I see no right for FTDI to damage or change it. Where did this chip maker grant this right to FTDI. If this chip works like FTDI's then it is most likely that the outfit that programmed it later put in the VID/PID not the chip MFR. If there is no chip test when FTDI's software chip programmer ran then, they just zapped an end user that FTDI's software put on the VID/PID in question!!!
What is so hard about dumping out a copyright message out on both the USB side and the Serial side. The chip already has flash memory, One time programmable flash memory is common. Yes the clone makers may copy this also, but they could also add a crypt code number that only FTDI could decode.
C
-
This cycle will repeat until the FTDI drivers will produce false positives for devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.
This logic is applicable to all types of items counterfeiting will exist and will always try to evade measures against it. That doesn't mean there should not be any barrier for it. I'd go for more physical counterfeiting protections because those are actually much harder to duplicate well enough to pass off as a real thing and is requires no computer to check/verify.
Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump through hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.
@C: Adding a crypt code isn't going to work for a Linux driver or forces FTDI to provide a pre-compiled module for every kernel version and platform. And even then it will take only a few days to reverse engineer.
-
This cycle will repeat until the FTDI drivers will produce false positives for devices with genuine FTDI chips inside. Do you want to take that risk? FTDI has proven to willingly move into grey areas so their algorithms to detect functional equivalents will probably be geared towards 'fake when in doubt' instead of the other way around.
As long as there is money to be made there will be functional equivalents.
This logic is applicable to all types of items counterfeiting will exist and will always try to evade measures against it. That doesn't mean there should not be any barrier for it. I'd go for more physical counterfeiting protections because those are actually much harder to duplicate well enough to pass off as a real thing and is requires no computer to check/verify.
Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.
I don't think you understand certain physical measure can be implemented at little cost and be simultaneously very hard to duplicate perfectly. For example sealing a letter with a wax seal sounds like a cheap archaic solution but with careful visual inspection it can be almost impossible to tamper with the seal. Similar with physical modifications like slightly modified injection mold dies with intentional micro-defects in the chip packaging machines or using a unique (not revealed) plastic mix that results in a unique texture that is almost impossible to duplicate without industrial espionage and long extended amounts of materials science efforts just to duplicate a part identically.
You seem to be missing my point of not using software DRM but just good old physical see/touch measures which can be extremely hard to perfect (and most counterfeiters won't go through the effort and will just get to close enough match which allows for simple visual inspection)
-
There are different use-cases and different business models that have different levels of risk for each type of part that you buy.
I suppose for a hobbyist, or for a small shop that builds their own devices, it is simple enough to make sure that only genuine FTDI devices are installed in the end product.
For a larger concern where devices are built in very large quantity, it is highly probable that the assembly will occur in China, as [for the moment] they are the undisputed kings of doing things for less money. In this case, you are putting your trust in a large off-shore company that is [in turn] putting their trust in large off-shore distributors and brokers. In this use-case, there are multiple opportunities for counterfeit parts to end up in the final product.
China is not just for rock bottom quality mfg. They certainly do offer rock bottom fake mfg's. But they also do work for countless top tier firms and almost everything comes with something from China. Trust with a third party must be established and there are quality standards which many reputable China based firms follow and arguably since many genuine devices are made directly in China it has a shorter supply chain which done correctly is easier to protect than transporting products from China through countless distributors and so on. Since China is such a major mfg hub every major chip maker is going to be sending direct shipments for large production runs and with the right controls you can do something called quality assurance to make sure that your rejecting anything that might even be remotely suspect as either damaged/tampered with/stored in the very wrong conditions/replaced with counterfeits/...
Large scale quality manufacturers do not just fire and forget with outsourcing not even quality small/med volume people will do proper QA/QC pre-production/batch samples/... to verify that everything is working properly. Once you go to the rock bottom sells direct to ebay then most bets are off as there is reason why the prices are so good. (no QA/QC, fakes abound, random specs, no support, ...)(Which also has its purposes when your doing a do not care project that is basically disposable)
(Some companies even open plants themselves to have total control over the entire process and just attempt to take advantage of the local job market)
Very large companies would have engineers all over china and their own local RnD offices to build better ties in China which both reduces the time lag for development and quality control it also give the company a local presence so that they can send people regularly to check on mfg and processes continously.
Counterfeit parts are the "dark side" of the electronics business, and they have always been "out there". I get the impression that the number of incidences are increasing. There are different types of counterfeit parts-- some of them are just a package, with no die inside-- and you discover the problem rather quickly during final testing. These boards can be re-worked at the factory, and this is expensive. The next level of counterfeit parts do have some silicon in them, but it is not genuine, and they only seek to pass incoming QA long enough to get their paycheck. This type of part is dangerous, because it can actually end up in the hands of the final end-user before it fails in some way [and that can be a spectacular failure]. This is really quite evil, because the end-user places the blame on the manufacturer, and it damages their reputation and brand. [This is the level of the current FTDI situation]. The third type of counterfeit part is one that duplicates the original part so well that no one can tell them from the real-deal. This is still a problem, because some of these parts are used in semi-critical electronics, where a failure can damage something or harm someone-- and the real parts were supposed to be properly [and expensively] qualified for this service-- but since this qualification work was not done on the counterfeit, it is at least possible that something bad could happen. [This has already happened on multiple occasions in medical and military electronics, and continues to be a problem today].
Hold on there, catching a totally non-functional chip at final inspection? If you receive a batch of parts you should test at least one in the entire shipment or better yet test randomly during production to make sure the stock being used is both the correct chip, stored correctly, works, not a fake, ... (It would save a ton of time/money to do random incoming testing instead of relying solely on final inspection which if something like totally off spec parts somehow get used your going to be in a world of hurt)
Detecting fake ICs and in larger runs doing careful visual inspections or if your paranoid die inspections of samples is pretty critical as well. (All it takes is one sample to find a whole lot of fakes and it isn't exactly hard to do)
The US military is having problems with fake chips/parts because they even admit not doing the basics things like buying form a their own qualified vendors? (What are they buying stuff of ebay or something equivalent, it is no wonder they are getting fakes) Or doing things like inspecting for signs of previous use or wear and tear that makes modules/components obviously not new as sold. (They seem to only find this out at final inspection after the parts are put in) That is a clear sign the US military has completely garbage QA/QC processes that are so slow by the time they find out something went wrong its already flying around (hopefully).
China operates on a buyer beware market and if you actually think about it detecting suspect parts is a joke and starts with who you buy something from and what it physically looks like in front of you. You buy a "new" frequency synthesizer for your missile system do you A) install the part ignoring the massive signs of previous use and age, B) say hey this thing looks beat up and old, I'm filing a dispute on Ali-express..........
The counterfeiters appear to be motivated by money. The more money there is to be made, then the more likely that the part will be a target. The FTDI parts have a rather high margin when compared to other similar parts from other companies, and at the same time they [at least up until now] enjoyed a good reputation and had a lot of design-ins despite the higher price. These two things combined made it almost a guarantee that counterfeiters [and otherwise legitimate clone makers] would copy this product.
I think it is pretty obvious companies (counterfeiting or not) are motivated by money. China is probably more capitalistic free market do anything you want as long as you can pay for it than most countries. High margins are only one aspect of being targeted by counterfeiters. They are happy to enter even low margin or no margin markets because their costs can be so low that they can still get massive margins or trick banks into making them money for themselves. Basic commodities have been subject to counterfeiting and adulteration as well. (things like sugar, milk powder, meats, plastics, metals, wire, paint, toys, concrete, steel, ..., ...) But as I said earlier if you know what your doing you can get both cheaper/high volume/high quality stuff from china.
-
Does it show up as an FT232R in the device manager on windows with no driver found error? If it doesn't enumerate (as in be detected not fully work) at all on multiple systems then something else is wrong.
It does enumerate but it's not recognised by the lumibox software anymore.
If windows is giving it a driver then something else is wrong as the PID change will break plug-in play driver detection making windows think its a non PnP device.
And does it show up as an FT232R instead of USB Serial Port? If it does show up as FT232R try following these steps to see if that might help, https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg541025/#msg541025 (https://www.eevblog.com/forum/reviews/what-should-ftdi%27s-next-driver-update-look-like/msg541025/#msg541025)
-
Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.
I don't think you understand certain physical measure can be implemented at little cost and be simultaneously very hard to duplicate perfectly. For example sealing a letter with a wax seal sounds like a cheap archaic solution
Think about counterfeit money. The end user can't tell real from fake so basically is screwed and the counterfeiter still goes free.
Actually the markings on the FTDI chips and the functionally equivalents are not the same and that doesn't stop the non-geniune chips from ending up on circuits. IOW: the method you propose has already failed. Your logic about the supply lines is also flawd as pointed out by others. All what is needed are some forged documents to make counterfeit components enter the supply chain without people noticing.
-
Putting more effort into copy protection will raise the prices of the chips even more and make it more lucrative to make functional equivalents. Worse it may have the legitimate users jump throughs hoops (just like with media and software). If you want to lock the market into your standard you have to allow for a certain amount of copying. Just look at how every major software package got popular.
I don't think you understand certain physical measure can be implemented at little cost and be simultaneously very hard to duplicate perfectly. For example sealing a letter with a wax seal sounds like a cheap archaic solution
Think about counterfeit money. The end user can't tell real from fake so basically is screwed and the counterfeiter still goes free.
Actually the markings on the FTDI chips and the functionally equivalents are not the same and that doesn't stop the non-geniune chips from ending up on circuits. IOW: the method you propose has already failed. Your logic about the supply lines is also flawd as pointed out by others. All what is needed are some forged documents to make counterfeit components enter the supply chain without people noticing.
Counterfeit money in Canada is pretty hard to do with our multicolor plastic money which has a unique texture, transparency, shiny stuff, ...
Yes counterfeiters have and do still make fake money, even with the new plastic notes, but it isn't undetectable to the naked eye. The entire point is not making it impossible to make a good copy but to make it very very hard to make a perfect copy so that the costs doesn't make sense to the counterfeiter.
In Canada it is not paying attention to the currency which is causing problems because people blindly think it is impossible to copy which is dumb because the whole point is not to make it impossible to copy but easy enough for a user to see it. And if the user isn't looking for anything they can't see anything. If they believe everything is real then even if it is fake then nothing is going to help them.
Someone handling something like a stack of 100$ bills should at least give it a quick check close up check to see if it is real or not. And that is the objective with chips making it possible to have someone quickly check and detect the difference.
And with large manufacturers you can be talking about many many times 100$ and if it takes just a little close up visual inspection to tell the difference than that is a success. And if you add an online verification (banks probably check the serial numbers on notes) people could ask FTDI if a chip is real.
Computer components even have problems with massive thefts and companies have entire databases for the serial number status of every last processor, hard driver, memory, ... and adding verification services that the chip is not stolen, discarded, fake would add confidence to customers without affecting end users.
It is about creating a barrier to mitigate and minimize the effects of a fakes. Consider a currency which was printed on plain paper and with a standard windows font, no serialization, nothing and just said the value in big numbers. (No security features, or anything) what would happen in that case.
-
Hiya folks - first post on forum ever so try to be gentle!!
I would like to give a perspective as an end user.
I have an interest in electronics - hobbyist level and some experience in computers but don't have an operational linux system at the moment - changing distros and hardware and lost my USB sticks again....!!
I don't understand the comments that if something is broken then the user is less than useless if they don't do a google search to see what the problem may be.
My interest is usb-serial devices and an arduino board.
The usb-serial are used for installing/debugging linux and solaris on my sunfire v490 and DL485 servers that I'm playing with.
I also have started to use an arduino mega board. I have absolutely no idea if my items contain clones and would never have suspected this until I followed the Hackaday link to this forum.
As an real end user you have just successfully completed all the necessary steps to be fully equipped to both be aware of the issue and have the resources to deal with it should FTDI's crappy DRM affect you. You do not need linux to resolve this issue, windows works as well.
My comments are about people creating hypothetical end users which make no logical sense as in when prompted by the operating system to do something they instead lock up and enter a human BSOD. You are a perfect example of that not being the case because even without being affected nor having extensive knowledge you have already familiarized yourself extensively with the issue out of self-interest and curiosity.
Some posts here refer to end users as what amounts to completely clueless robots which act in inhuman ways which isn't very nice since everyone is an end user.
If I developed a problem - I would have suspected a configuration problem with the computers and terminal software used and would have spent many hours trying to sort this out - I did initially to get the damn things talking with numerous problems getting the drivers to actually work and software configs.
SO - if a device silently stops working because it has been bricked - the user will naturally concentrate on problems with the items being connected - NOT the connection hardware that has been working previously.
A bricked device completely buggers up a normal end user.
It does not silently stop working, windows asks you to contact the mfg. Which some people seem to think is not possible for an end user but obviously if you don't know what an FT232R would probably search for contact info using that string which would work. Now if you did contact FTDI they would probably tell you off saying your a bad person for having a fake which is horrible customer service but the natural end result (which you already came to even without being affected) is that you both have the solution, knowledge, detection, and workarounds all around you.
On windows you can detect a PID alteration by the loss of plug and play driver installation. Windows will make a USB error tone that sounds like two shortened usb connect sounds in quick succession as well as a task bar info bubble saying driver not found. If you click on the bubble it will tell you that an FT232R has no driver available and you should contact the part manufacturer for a driver.
The fake device still functions just without automatic PnP (plug and play) support due to FTDI being mean and altering the PID to 0000. Follow the windows prompts shown in the guides and you should be fine. (It would be one thing if the device failed silently but this is not the case)
I've tested a mangled PID device my self and it is readily apparent due to window's built in measures even without any searching so you can be assured that on windows if you developed a problem windows will let you know.
And the windows information I'm describing is not a hypothetical, I did real world tests to see how a windows only user experiences this issue. (If you happen to be affected by it the solution is linked a couple times in this thread and resides in the "what should FTDI's next driver look like" thread because people where claiming it was impossible to fix on windows without resorting to linux which is a not correct)
So since becoming aware of this problem I have not connected the devices to any of my computers until I know that it will be safe. When will we know that an updated driver is available that will not potentially brick devices - that is my personal concern.
The FTDI driver version 2.12.0.0 is the driver you do not want to use with a fake device. The driver has been pulled from windows automatic update and FTDI's own site so if your devices are still working fine it should be safe to connect right now. (Safest bet is to not use an updated driver, we don't actually know what FTDI is planning on doing or if it might be buggy or do something insane)(It is actually a safe bet to not update anything for a while as even windows kernel updates for the past month or two have been bricking entire computers)
You can also disable automatic driver downloads if you want total control, http://technet.microsoft.com/en-us/library/cc730606(v=ws.10).aspx (http://technet.microsoft.com/en-us/library/cc730606(v=ws.10).aspx)
(A bonus of disabling automatic online driver updates is that upon connection drivers will install much faster if windows already has a local copy, with the downside to update drivers you have to download them yourself)(This will protect you against future FTDI windows automatic driver updates as well)
-
I would like to give a perspective as an end user.
I have an interest in electronics - hobbyist level and some experience in computers...
I don't understand the comments that if something is broken then the user is less than useless if they don't do a google search to see what the problem may be.
That is NOT the "perspective as an end user". You are looking at it from the perspective of a hobbyist experimenter. Granted most people in these forums are hobbyist experimenters, but there are also people out there making commercial products with FTDI chips in them.
If you developed some specialist niche product for sale and had hundreds or thousands of them out there for some vertical market (stamp collectors, or people who make quilts, or whatever) your customers quite possibly have little or no experience with computers beyond using them as a magical appliance.
Now, if their computer got automatically updated (because automatic updates are recommended to protect them against malware) and the new FTDI driver turns out to be malware and bricks their device (because you were unlucky enough to unknowningly use a counterfeit chip), all they know is that their gadget stopped working. They don't have a clue that there is something in there called FTDI (real or counterfeit) and they wouldn't even know that there was anything to Google for or that they could possibly fix it. And even if they DID do all that, the "fix" is very fiddly and not end-user friendly.
People here seem to live in a world of their own little workbench and never consider that some people develop products for sale to end-users who are NOT computer experts, and never will be. And we have seen accounts of people ending up with counterfeit chips even when acquired through "official" channels. Nothing is certain in life but death and taxes. Getting a genuine chip (of any brand or model) 100% of the time is a foolish pipe-dream.
Everyone is an end user. You have it all mixed up. Hobbyist experimenter or not he uses an FTDI product and is an end user. Anyone using an FTDI product counts as an end user not just hypothetical non-existent users. You know people are people, an end user is an end user being a pro/newbie doesn't change that.
Windows tells them exactly what needs to be done and it is about as user friendly as windows gets since it is all part of the default interface.
People here are people and non-experts are not dumb robots.
Getting a real chip 100% of the time is not a foolish pipe dream it is a easily achievable target. (Some chips don't have any fakes for instance because they are one offs or very low runs that no one even knows about outside the mfg)
-
Hiya
I'm not saying that I'm a computer expert, and a hobbyist experimenter is an end-user albeit with a little more knowledge.
By design an arduino board is supposed to be used by people with little electronic/computer knowledge - if FTDI bricks these boards bought by 'clueless' individuals not realising that an arduino clone may contain susceptibilities to this (including myself) then they are doing a disservice to a wide range of people.
My aim in posting was to demonstrate that if my devices were bricked then I wouldn't normally have a clue as to why my equipment wasn't working. It is only because I regularly look at hackaday that I became aware of this issue and through them discovered this very interesting forum.
I agree with all you say Richard except that I buy a device and use it - how then am I not an end user? I was only demonstrating that a fortuitous coincidence made me aware of this issue before it may have affected me. I can't think of anyone I know that would have a clue.
I only wish I had time to live in a world of my own little workbench!! :)
Cheers to everyone. :)
I don't understand why everyone isn't an end user if they use something as a finished product. That by definition is an end user and many people here seem to equate end user's with what amounts to a doorknob which is wrong.
FTDI is doing a huge disservice to their own name and reputation because they never worked with the community of end users to root out fakes but instead went it alone and ended up pissing off the entire community and created a PR firestorm. They do have the right to not work with fakes but they are approaching it in all the wrong ways and ended up with a system which looks like a garbage DRM system.
Window's is not silent in telling you what is wrong and it is sensationalistic wording that calls the devices "dead/killed" when they do in fact still work and you just have to install the the device like a printer with bad drivers. This is why FTDI shouldn't have done the PID change because it just hassles end-users instead of telling them directly that they have been scammed and what to do. Even more so FTDI appears to have failed to listen to groups that were technically skilled enough to figure out the fake devices and FTDI never released tools to help trusted mfg/suppliers to check for fakes themselves. To date the only tools to detect a fake chip are non-FTDI official ones and that is all backwards.
-
Just wondering, is anyone going to name the manufacturers or distributors that they have recently found to have supplied fake (not clone) FTDI components instead of what was specified?
Has it happened?
It might be worth working out what else is wrong in the supply chain.
This is what everyone should have been working on but FTDI screwed that all up. If everyone was working towards a positive goal of figuring out where the fakes where instead of the PR storm that FTDI brought upon themselves I'd bet we'd be able to help at least figure some useful information on the counterfeit chips.
Counterfeiting is illegal but FTDI decided to make everyone linch them instead, horrible planning/foresight.
-
@C: Adding a crypt code isn't going to work for a Linux driver or forces FTDI to provide a pre-compiled module for every kernel version and platform. And even then it will take only a few days to reverse engineer.
I may have not said that Correct
Print something on the package and you have something legal to fight with. The problem is that you can't see the copyright when inside something.
The crypt code is just something the chip does. for example a Rolling code like KeeLoq,
On the serial port side only two pins were connected to the arduino the TX & RX. Would be nice to check real or fake. The problem is how do you ask from arduino/AVR. side? I can't see any Async Serial idea working, Just to many unknown's. But you might be able to send a large number of clock cycles and then the chip uses the clock to output the copyright message. You could probably get the fake side working in a few minutes so far.
Add the output from a KeeLoq transmitter and you have a changing number.
The text of the dumped copyright message anyone can get right, but followed by a KeeLog output?
May have to dump the digital copyright message a few times to get a KeeLog sequence that can be tested. And only the chip MFR can say good or bad.
So Linux or AVR can say yes the two numbers changed, could be ok, Want to know more you have to ask the MFR. and tell them __________.
One problem with crypto is the more you use it the more likely it is to be broken. So limit the number of times you can ask a chip.
C
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
Please elaborate on how you think the entire all industries all fields of work end user support world should work. Does everyone get a personal IT support person standing by their side to guide them through the terribly complex process of pointing, clicking, and typing into this strange box the strange person calls a computer?
Which by the way if you want I can do it for you personally for free online to fix the FTDI PID issues if you have any. In IT support if the person is at an ends of their ability then yes people take over but you shouldn't hand hold 100% of the time and must adapt to the situation and person your talking to. For an IT group fixing things like this is peanuts compared to a bad windows update that wasn't caught in deployment testing which can cause many more problems.
I LOVE this thread!!! I have to 'disappear' from the net for a weekend due to a 'far more important' hobby of mine (drag racing)... Not only do I come back to find another whole BATCH of politically induced BULLSHIT from 'the paid troll', I also had to waste several HOURS 'fixing' the data-logger connectivity of several VERY high end drag racers (who now consider me to be an absolute 'I.T. deity'... Go figure!!!). Naturally, after having remedied their issues, I explained (impartially? Yeah right, they KNOW me better than that!!!) the reasons why their time proven systems had suddenly turned into custard. The 'news' spread through the venue like an Santa Ana bushfire and they all want me to build them a new USB-RS232C cable that will take the big FTDI question totally out of the equation! Even the Top Fuellers who already had GENUINE FTDI chips in their systems..... (Racepak and RPM seem to supply a 'custom' VID / PID on their FTDI equipped cables as do many others). It's simply not worth them 'risking' a $200k motor on some NASTY $20 cable!
I probably SHOULD be thanking FTDI for the extra business, but in reality, I am NOT an EE... I just 'hit keys' and electronics is merely a hobby.
Perhaps FTDI needs to mix a bit more Ammonium Nitrate into their Nitromethane next time so they can 'go out in style'.... OKLAHOMA style...
Anyway, I have a bunch more in this thread (from the 'paid trolls').... Might be more posts from me real soon
-
CP21xx can offer the same functionality with reduced cost
Where's my bitbang mode? EEPROM? RS485 or GPIO capability on the only part with EEPROM instead of OTP ROM? ESD rating?
Sorry, not seeing this 'same functionality'.
-
I would like if someone will point out what consumer product (not even a vital one) has been affected that is not related to hobbyists.
Hi MigeulVP,
I have one (of potentially MANY) examples to share with you...
I'm into the sport of drag racing in a BIG way. I'm one of a bunch of 'volunteers' at the many tracks in my homeland.
Almost ANY 'serious' drag racer has a data logger on his / her chosen race vehicle. It helps him / her to 'tune' their setup and / or give them more info on 'what went wrong' in those unfortunate moments.
The vast majority of the common dataloggers have a DB9 serial output. (Yeah, drag racing is somewhat of an 'old school' sport. Comparatively few 'innovators' and the rules at the pointy end tend to frown on those using 'current' technology).
Any 'modern' PC no longer has an RS232C port, so the manufacterers tend to supply a USB-RS232 converter with their box. A LOT of them happen to have an FTDI chip (albeit with a unique VID / PID in many I saw this weekend). The issue is that ANY motorsport is 'rough on gear' and such cables tend to 'die' rather often. Therefore, many teams have 'spares' that they've purchased from their local store (Jaycar / Radio Shack et al). These have all worked 'just fine' until now... (I'm in the Sthrn hemispehere so our 'drag season' is only just starting). Imagine the total fracas when this hits the start of the NORTHERN hemisphere drag season!!!!
I'm wiling to bet that FTDI have suddenly 'lost' any hope of 'traction' (excuse the pun) in this sport...
NASCAR? Indy? Formula 1? They're all equally at risk... (And it's probably a sizable chunk of the FTDI USB-RS232 chip business!!!)
-
Purely my _OPINION_ here which MIGHT 'go beyond' the forum rules??? (Simon / Dave etc, if so, PLEASE delete this post and 'rap my knuckles')
Rufus, A21blah blah blah....
Are you paid by the post count, or by the word count within each post?
How much can your boss offer ME to become 'yet another FTDI troll' (YAFT???)?
This is an EE forum for christs sake...
Your rhetoric MIGHT work on 'Joe Public', but generally speaking, the participants of THIS forum actually have triple digit IQs
Give it a break already!!!
(Sorry if I have offended any 'non-troll' here!!)
-
I strongly suggest the forum moderators to simply lock this thread. Everything that was to be said seems to have been said already and no new information is forthcoming.
If someone has something new, they would better start a new thread because nobody would ever find it buried here. This thread is only a troll fest for a few folks now.
-
I'm just curious, why not using silabs chips? CP21xx can offer the same functionality with reduced cost, and spi/i2c options. Why stick to FTDI craps? Personally I prefer silabs chips because:
e. they offer open source drivers and detailed device specifications, so you can either use their free oss drivers, or write your own ones.
I second that. I downloaded the tools package from Silabs and was pleasantly surprised they seem to fully support Linux and OSX with their GUI based tools. The same tools and APIs they provide for Windows are also available for Linux and OSX. It seems FTDI only has Windows GUI programs for setting device parameters.
-
Are you paid by the post count, or by the word count within each post?
I think you will find it much better for you if you refrain from conjecturing your opponents' motives in a discussion.
All it does is to project the image of a small-hearted person, not your opponents, however.
-
I LOVE this thread!!! I have to 'disappear' from the net for a weekend due to a 'far more important' hobby of mine (drag racing)... Not only do I come back to find another whole BATCH of politically induced BULLSHIT from 'the paid troll', I also had to waste several HOURS 'fixing' the data-logger connectivity of several VERY high end drag racers (who now consider me to be an absolute 'I.T. deity'... Go figure!!!). Naturally, after having remedied their issues, I explained (impartially? Yeah right, they KNOW me better than that!!!) the reasons why their time proven systems had suddenly turned into custard. The 'news' spread through the venue like an Santa Ana bushfire and they all want me to build them a new USB-RS232C cable that will take the big FTDI question totally out of the equation! Even the Top Fuellers who already had GENUINE FTDI chips in their systems..... (Racepak and RPM seem to supply a 'custom' VID / PID on their FTDI equipped cables as do many others). It's simply not worth them 'risking' a $200k motor on some NASTY $20 cable!
I probably SHOULD be thanking FTDI for the extra business, but in reality, I am NOT an EE... I just 'hit keys' and electronics is merely a hobby.
Perhaps FTDI needs to mix a bit more Ammonium Nitrate into their Nitromethane next time so they can 'go out in style'.... OKLAHOMA style...
Anyway, I have a bunch more in this thread (from the 'paid trolls').... Might be more posts from me real soon
Small world, I used to do Drag racing games for PCs that actually will output RacePak data and we worked with them to actually distribute it with the games :)
Great group of people, and I miss those times (late 90s early 2000) We even hooked the simulator to a Christmas tree for a head to head on the Skoal museum.
We also sponsored the NHRA moto1.net Nationals in Va.
If you know Capps and see him, say hi from me, awesome guy that helped us a lot and was very passionate for our game.
Edit: saw your other reply. I guess the crewchiefs shouldn't buy cheap equipment, kidding. :)
I concede.
Edit: found a picture on the internet of the simulator, not a good one (the picture that is), but there was some video about video games and racers and they did show it in there on ESPN a long time ago.
Btw the tree was hooked via RS232 but we always used physical ports.
(https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/?action=dlattach;attach=116024;image)
Source:
http://www.tmgeventmarketing.com/port10.htm (http://www.tmgeventmarketing.com/port10.htm)
Since TMG remodeled the Skoal Racing mobile marketing unit in 2004, over a half-million consumers have enjoyed visiting the display.
-
I'm just curious, why not using silabs chips? CP21xx can offer the same functionality with reduced cost, and spi/i2c options. Why stick to FTDI craps? Personally I prefer silabs chips because:
a. counterfeits are less common;
How do you know that?
The 'news' spread through the venue like an Santa Ana bushfire and they all want me to build them a new USB-RS232C cable that will take the big FTDI question totally out of the equation! Even the Top Fuellers who already had GENUINE FTDI chips in their systems..... (Racepak and RPM seem to supply a 'custom' VID / PID on their FTDI equipped cables as do many others). It's simply not worth them 'risking' a $200k motor on some NASTY $20 cable!
The ones that had a problem already were risking their motors with NASTY $20 cables built with fake parts. If the FTID drivers brick your cable you know you had a piece of shit built with fake parts of unknown quality and origin which ought to to be replaced.
Your answer is to replace all the cables with something using another part because the other part makes it harder to know when you have a piece of shit built with fake parts.
-
I've been playing with electronic gadgets from 8 yrs old, practice over a decade trained me how to tell whether a part is genuine or not.
Perhaps you will share your insight. So many here are claiming it is virtually impossible to build product without fake parts.
-
The ones that had a problem already were risking their motors with NASTY $20 cables built with fake parts. If the FTID drivers brick your cable you know you had a piece of shit built with fake parts of unknown quality and origin which ought to to be replaced.
Your answer is to replace all the cables with something using another part because the other part makes it harder to know when you have a piece of shit built with fake parts.
The main risk is future FTDI actions. Staying away from anything related to FTDI reduces the risk. FTDI became its own enemy. This is the brand suicide Dave mentioned in his video. It's that simple.
-
The ones that had a problem already were risking their motors with NASTY $20 cables built with fake parts. If the FTID drivers brick your cable you know you had a piece of shit built with fake parts of unknown quality and origin which ought to to be replaced.
Your answer is to replace all the cables with something using another part because the other part makes it harder to know when you have a piece of shit built with fake parts.
Back under your bridge, troll. We're not playing...
-
The main risk is future FTDI actions. Staying away from anything related to FTDI reduces the risk.
There is no risk if you are not using fake parts - so as I keep saying if you want to get away with using fake crap of unknown quality and origin then avoiding FTDI parts is a good idea.
If you don't want to be using fake crap of unknown quality and origin then you have more reason to use FTDI parts now than you did before the recent driver release.
-
Re: Rufus:
There's no point in addressing Rufus, he is read-only.
To tell if a chip is faked/refurbished, simply look at its marking. Reputable ic vendors will use laser beam to print their markings, while other vendors may use old school silk printer. Also, even if some small companies do have laser markers, they won't have the best ones. Their markings may not be as "crispy" as genuine ones. You can always buy one sample from digikey, or download a high resolution picture of a genuine chip, and compare it with your samples.
If you read the earlier posts, you will see that the genuine FTDI parts have printed markings, while at least some of the fake ones are laser marked :-//
-
[There is no risk if you are not using fake parts - so as I keep saying if you want to get away with using fake crap of unknown quality and origin then avoiding FTDI parts is a good idea.
If you don't want to be using fake crap of unknown quality and origin then you have more reason to use FTDI parts now than you did before the recent driver release.
With ideal supply chain you are right. With real world supply chain FTDI is risky because units will pass QC and will later fail in the field when FTDI will escalate their counter measures.
For designers, the practical thing to do is keeping FTDI out. It's that simple.
-
There is not a single engineer wants to use fake chips, but shamely, their bosses may.
Sure and when FTDI come out with an effective if somewhat brutal method of detecting fakes a proportion of 'engineers' here scream "Oh shit I didn't want to know" and I should take measures so I won't know in the future.
-
Rufus is not a *troll*, if you look at his postings, he is actually a very intelligent person and a competent engineer.
Now I will have to go back through my old posts to find something I can use to dispute that assertion :)
-
there *ARE* some FTDI paid trolls on this thread.
You think they are and they are are two different things.
-
But when an otherwise intelligent person is making illogical arguments to support a position, then you know that there is a hidden agenda.
What's logical or not is highly subjective. What's illogical to you may be perfectly logical to somebody else, and vice versa.
Either way, it is best not to impart bad intentions on people who disagree with you.
-
there *ARE* some FTDI paid trolls on this thread.
You think they are and they are are two different things.
Perhaps. But when an otherwise intelligent person is making illogical arguments to support a position, then you know that there is a hidden agenda. As an example, just listen to some USA politicians sometime with your ears open, when they are trying to convince you that something that *is* is not, or that something that *isn't* is....
re: "intelligent person is making illogical arguments to support a position, then you know that there is a hidden agenda."
May be there is a hidden agenda, but may be not. We all on occasion dig our heels in. At times, our heels got dug in so far it became a "reflex instinct" to fight to the finish...
Many of us here are in occupation with moments of high pressure and/or long hours with excessive stress. Such condition often cause some to be irritable, or short tempered, or stubbornly unreasonable at times.
We all have our stubborn moments...
-
May be there is a hidden agenda, but may be not. We all on occasion dig our heels in. At times, our heels got dug in so far it became a "reflex instinct" to fight to the finish...
Many of us here are in occupation with moments of high pressure and/or long hours with excessive stress. Such condition often cause some to be irritable, or short tempered, or stubbornly unreasonable at times.
We all have our stubborn moments...
I strongly disagree!
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
Please elaborate on how you think the entire all industries all fields of work end user support world should work. Does everyone get a personal IT support person standing by their side to guide them through the terribly complex process of pointing, clicking, and typing into this strange box the strange person calls a computer?
Which by the way if you want I can do it for you personally for free online to fix the FTDI PID issues if you have any. In IT support if the person is at an ends of their ability then yes people take over but you shouldn't hand hold 100% of the time and must adapt to the situation and person your talking to. For an IT group fixing things like this is peanuts compared to a bad windows update that wasn't caught in deployment testing which can cause many more problems.
I LOVE this thread!!! I have to 'disappear' from the net for a weekend due to a 'far more important' hobby of mine (drag racing)... Not only do I come back to find another whole BATCH of politically induced BULLSHIT from 'the paid troll', I also had to waste several HOURS 'fixing' the data-logger connectivity of several VERY high end drag racers (who now consider me to be an absolute 'I.T. deity'... Go figure!!!). Naturally, after having remedied their issues, I explained (impartially? Yeah right, they KNOW me better than that!!!) the reasons why their time proven systems had suddenly turned into custard. The 'news' spread through the venue like an Santa Ana bushfire and they all want me to build them a new USB-RS232C cable that will take the big FTDI question totally out of the equation! Even the Top Fuellers who already had GENUINE FTDI chips in their systems..... (Racepak and RPM seem to supply a 'custom' VID / PID on their FTDI equipped cables as do many others). It's simply not worth them 'risking' a $200k motor on some NASTY $20 cable!
I probably SHOULD be thanking FTDI for the extra business, but in reality, I am NOT an EE... I just 'hit keys' and electronics is merely a hobby.
Perhaps FTDI needs to mix a bit more Ammonium Nitrate into their Nitromethane next time so they can 'go out in style'.... OKLAHOMA style...
Anyway, I have a bunch more in this thread (from the 'paid trolls').... Might be more posts from me real soon
Wait wouldn't the fact that your tricking people into paying you money by taking advantage of the news be the very definition of a paid troll? You have a clear conflict of interest in that your directly benefiting by your own admission.
A custom VID/PID part would not be affected by this PID change issue so your in fact lying to your customers to induce them to give you work they don't need done. This is beyond unethical.
-
Rufus is not a *troll*, if you look at his postings, he is actually a very intelligent person and a competent engineer. To me at least, he seems to like a good fight, and in general seems to engage in contrary thinking to the rest of the forum on many occasions. There is nothing wrong with that, and it keeps all of our minds sharp as a bonus. BUT-- there *ARE* some FTDI paid trolls on this thread. I will leave it up to you to ferret them out... Look for things like: supporting FTDI's actions [of releasing a driver containing trojan malware] no matter how flawed the logic; and: not having any other postings on any other thread except for this one... Good hunting!
I think it has been shown that you're an outright liar so I wouldn't put much stock in your claims,
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg541760/#msg541760 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg541760/#msg541760)
Edit: grammar corrected (your > you're), minor error (a > an)
-
Rufus is not a *troll*, if you look at his postings, he is actually a very intelligent person and a competent engineer. To me at least, he seems to like a good fight, and in general seems to engage in contrary thinking to the rest of the forum on many occasions. There is nothing wrong with that, and it keeps all of our minds sharp as a bonus. BUT-- there *ARE* some FTDI paid trolls on this thread. I will leave it up to you to ferret them out... Look for things like: supporting FTDI's actions [of releasing a driver containing trojan malware] no matter how flawed the logic; and: not having any other postings on any other thread except for this one... Good hunting!
I think it has been shown that your a outright liar so I wouldn't put much stock in your claims,
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg541760/#msg541760 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg541760/#msg541760)
Come now, digging your heels in is one thing, lets avoid getting too close to personal attack.
If there was indeed an inconsistent statement made, one could point it out and ask for an explanation.
Rick
-
... x 158
I'm curious, but not so much that I want to read through every one of your posts in this thread (curiously this thread alone). Have you, or can you categorically deny any affiliation with FTDI?
-
Come now, digging your heels in is one thing, lets avoid getting too close to personal attack.
If there was indeed an inconsistent statement made, one could point it out and ask for an explanation.
Rick
It is just a completely factual statement or if you don't think that just tit-for-tat.
A personal attack would be like in direct response to my reply,
"You are obviously a "shill" for FTDI." which both implies that I'm somehow being paid to write my opinion which I find ethically abhorrent and highly offensive that someone would claim that and then have the gall to say he did not later saying that it was proof again that I was (assuming no one read far enough back to top that off).
-
I think it has been shown that your a outright liar so I wouldn't put much stock in your claims,
And I think you are an FTDI paid operative that was sent here to distract us from the real trolls. Show us your bank statement if it's not true.
Seriously, people have the right to have different opinions. Otherwise it would be boring here. No need to go personal. Even if FTDI has trolls here, so what, if you don't agree with the opinion they express don't adopt them.
-
Rufus is not a *troll*, if you look at his postings, he is actually a very intelligent person and a competent engineer. To me at least, he seems to like a good fight, and in general seems to engage in contrary thinking to the rest of the forum on many occasions. There is nothing wrong with that, and it keeps all of our minds sharp as a bonus. BUT-- there *ARE* some FTDI paid trolls on this thread. I will leave it up to you to ferret them out... Look for things like: supporting FTDI's actions [of releasing a driver containing trojan malware] no matter how flawed the logic; and: not having any other postings on any other thread except for this one... Good hunting!
I think it has been shown that your a outright liar so I wouldn't put much stock in your claims,
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg541760/#msg541760 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg541760/#msg541760)
It is very ironic the link you refer to shows you critisizing another for poor grammar when you say here:
I think it has been shown that your a outright liar so I wouldn't put much stock in your claims,
Please stop your personal attacks as it is against the forum rules and reduces your reputation here. I also must say that I believe you are trolling but I could be wrong. It is just that it seems you joined just to defend FTDI.
-
... x 158
I'm curious, but not so much that I want to read through every one of your posts in this thread (curiously this thread alone). Have you, or can you categorically deny any affiliation with FTDI?
Yes I do categorically deny any affiliation with FTDI, I'm an employee at the University Of British Columbia and I designed a few boards with FTDI chips and that is it just as many others have here and saw the fuss after finishing another project and decided to jump over to the board after catching up on youtube subscription uploads.
If you are at UBC pm me and we can arrange a meeting and I can give you a tour of where I work. I don't think it is good for internet security reasons to go posting a mountain of information.
Also this is just the main thread I'm sitting on and it is not in fact true that this is the only thread I comment on, I'm a new user and the first thread I jump into is usually going to start with a bang. I deliver quality service which in comments means a whole wall of words it is just how I write in general.
-
I think it has been shown that your a outright liar so I wouldn't put much stock in your claims,
And I think you are an FTDI paid operative that was sent here to distract us from the real trolls. Show us your bank statement if it's not true.
Seriously, people have the right to have different opinions. Otherwise it would be boring here. No need to go personal. Even if FTDI has trolls here, so what, if you don't agree with the opinion they express don't adopt them.
Seriously your going to ask me to post my bank statement that is pretty odd request to ask. No one should post that kind of information to a public forum PM me and I can meet in person if you want at my place of work. People do have the right to have an opinion but when they start claiming things like you are it isn't opinion when they contradict themselves.
-
Rufus is not a *troll*, if you look at his postings, he is actually a very intelligent person and a competent engineer. To me at least, he seems to like a good fight, and in general seems to engage in contrary thinking to the rest of the forum on many occasions. There is nothing wrong with that, and it keeps all of our minds sharp as a bonus. BUT-- there *ARE* some FTDI paid trolls on this thread. I will leave it up to you to ferret them out... Look for things like: supporting FTDI's actions [of releasing a driver containing trojan malware] no matter how flawed the logic; and: not having any other postings on any other thread except for this one... Good hunting!
I think it has been shown that your a outright liar so I wouldn't put much stock in your claims,
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg541760/#msg541760 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg541760/#msg541760)
It is very ironic the link you refer to shows you critisizing another for poor grammar when you say here:
I think it has been shown that your a outright liar so I wouldn't put much stock in your claims,
Please stop your personal attacks as it is against the forum rules and reduces your reputation here. I also must say that I believe you are trolling but I could be wrong. It is just that it seems you joined just to defend FTDI.
I don't think your reading it correctly I'm not criticizing the grammar I'm showing that he is making a highly contradictory statement by saying he never directly mentioned me when he did in fact have an entire post equating me to FTDI.
Edit: Grammar wars is just the flavor of the post the meat of it is his own quotes contradicting himself. Also there is a huge difference between defending a point of view and being paid sponsor to write a script. It is a highly personal attack to claim that someone is just a paid puppet.
-
This post is a bit different because it is from another IP address which is a UBC workstation that I have remote access rights to for support and processing data remotely. So if any admin/mod wants to check it should resolve to UBC.
-
wow. what a bunch of fanboi's here.
here is my view :
- I agree FTDI needs a slap on the wrist for delivering a driver that bricks stuff, that isn't theirs, deliberately.
- On the other hand: FTDI is perfectly allowed to refuse to let someone steal the fruit of their labour. USB has always been a pain in the butt to implement. They were the pioneers in making it simple. They just could have done it a bit differently (a popup saying the driver is incompatible with the attached device and refusing to connect. done . this would have people go to the device manufacturer requesting working drivers. so they can clean up their mess)
- i will happily continue using FTDI devices. they work. if all i need is a simple uart mode i may stuff in a silabs or cypres but most oftenly i use the MPSSE and bitbang functionality. NONE of the others have that.
- counterfeited parts are real. get your stuff from reputable source. if it tanks, go knock on their door : they will set it right.
just my 2 cents. you may disagree/ agree: i don't care. i just voiced my view.
-
Seriously your going to ask me to post my bank statement that is pretty odd request to ask. No one should post that kind of information to a public forum PM me and I can meet in person if you want at my place of work.
I wouldn't even respond to that kind of crazy demand. Tell them to go pound sand.
-
Seriously your going to ask me to post my bank statement that is pretty odd request to ask. No one should post that kind of information to a public forum PM me and I can meet in person if you want at my place of work.
I wouldn't even respond to that kind of crazy demand. Tell them to go pound sand.
It's a sure way to detect forum trolls, just like the witches drowning test.
-
Seriously your going to ask me to post my bank statement that is pretty odd request to ask. No one should post that kind of information to a public forum PM me and I can meet in person if you want at my place of work.
I wouldn't even respond to that kind of crazy demand. Tell them to go pound sand.
I read the original post (which seems to have disappeared now) and I read it as something other than a demand. I went back to check but couldn't find it. I was sure the next words were "just kidding". It's not a direct quote above, but I wonder if the original post was misunderstood?
-
It's a sure way to detect forum trolls, just like the witches drowning test.
And who amongst us does not weigh more than a duck?
-
I wouldn't even respond to that kind of crazy demand. Tell them to go pound sand.
The only way to stop crazy conspiracies is to show with their own words an indelible contradiction which they will likely ignore and continue going as if it was opinion. The major difference is others can see it for what it is.
-
I read the original post (which seems to have disappeared now) and I read it as something other than a demand.
The original post may have disappeared but the quoted text is still available - a good thing, :).
Either way, who would be crazy enough to insist on seeing a perfect stranger's bank statements as a pre-requisite to authenticate that stranger's intentions? And if they don't comply, they must be motivated by questionable goals.
That's like telling someone that they must be a murderer because they refuse to chop off their arms to prove their innocence.
It is just nuts.
-
Don't you all got school to go, and homework to do?
This isn't a kid forum, or is it? ????
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
Please elaborate on how you think the entire all industries all fields of work end user support world should work. Does everyone get a personal IT support person standing by their side to guide them through the terribly complex process of pointing, clicking, and typing into this strange box the strange person calls a computer?
Which by the way if you want I can do it for you personally for free online to fix the FTDI PID issues if you have any. In IT support if the person is at an ends of their ability then yes people take over but you shouldn't hand hold 100% of the time and must adapt to the situation and person your talking to. For an IT group fixing things like this is peanuts compared to a bad windows update that wasn't caught in deployment testing which can cause many more problems.
I LOVE this thread!!! I have to 'disappear' from the net for a weekend due to a 'far more important' hobby of mine (drag racing)... Not only do I come back to find another whole BATCH of politically induced BULLSHIT from 'the paid troll', I also had to waste several HOURS 'fixing' the data-logger connectivity of several VERY high end drag racers (who now consider me to be an absolute 'I.T. deity'... Go figure!!!). Naturally, after having remedied their issues, I explained (impartially? Yeah right, they KNOW me better than that!!!) the reasons why their time proven systems had suddenly turned into custard. The 'news' spread through the venue like an Santa Ana bushfire and they all want me to build them a new USB-RS232C cable that will take the big FTDI question totally out of the equation! Even the Top Fuellers who already had GENUINE FTDI chips in their systems..... (Racepak and RPM seem to supply a 'custom' VID / PID on their FTDI equipped cables as do many others). It's simply not worth them 'risking' a $200k motor on some NASTY $20 cable!
I probably SHOULD be thanking FTDI for the extra business, but in reality, I am NOT an EE... I just 'hit keys' and electronics is merely a hobby.
Perhaps FTDI needs to mix a bit more Ammonium Nitrate into their Nitromethane next time so they can 'go out in style'.... OKLAHOMA style...
Anyway, I have a bunch more in this thread (from the 'paid trolls').... Might be more posts from me real soon
Wait wouldn't the fact that your tricking people into paying you money by taking advantage of the news be the very definition of a paid troll? You have a clear conflict of interest in that your directly benefiting by your own admission.
A custom VID/PID part would not be affected by this PID change issue so your in fact lying to your customers to induce them to give you work they don't need done. This is beyond unethical.
It's apparent that you have tragically misread what I have written. Perhaps english isn't your primary language, so I'll happily forgive you... (Or perhaps you're just a 'political spin doctor'?)
What I actually typed is quite self evident.
1: "they all want me to build them a new USB-RS232C cable"
Perhaps you misread that by thinking I was actually going to build them the cables they all WANT me to construct?
2: "I probably SHOULD be thanking FTDI for the extra business, but in reality, I am NOT an EE... I just 'hit keys' and electronics is merely a hobby."
Let me make it crystal clear for you. "but in reality, I am NOT an EE" means exactly what it says (as does the phrase "electronics is merely a hobby").
It seems likely to me that you have chosen to 'conjure' some image that is totally contrary to what was actually typed?
For all I know, this might be the result of overindulgence in a few extra drams of the finest single malt but I truly don't care.
My 'mission' is solely to warn people of the DANGERS of using ANY FTDI part whether a full blown counterfeit (aka 'illegal' due to the logo or even die copying), a functional if not imperfect clone (which were the majority from the weekend given that the chip was in the 'epoxy blob'), or even a part sourced direct from FTDI)
I've taken the time to plainly demonstrate to a bunch of end users how a malicious piece of software can really 'ruin their day'.
The drag racers I deal with and hugely respect are true 'end users'. When their cables suddenly stop working they're totally unable to resurrect them. We're talking about grease monkeys here, not EEs, not I.T. professionals... These are the type of guys who search the keyboard looking for the 'any' key and cannot decide whether to try 'TAB' or 'ESC' since they both have the right number of letters on the keycap!
The fact that the current debacle was begun by the OEM chip designer releasing what most seem to consider malware into the wild only helps to make those end users even more skeptical. I demonstrated to many of them (with their full permission) how easy it was to 'brick' a GENUINE chip by changing the VID / PID to make it appear as a Mickey$oft Mouse. I didn't switch to the external oscillator option on any of them as I still wanted them to be able to use their 'brain dead' hardware until they've changed chip provider. (i.e. I changed the VID / PID back to 'normal' after performing the 'demonstration').
The reality is that I'm pretty certain that ALL of the available USB-UARTs can be targeted by malicious software. However, I took the time to explain that the PROBABILITY of their FTDI based devices being targeted is several orders of magnitude larger than for any of the other, more 'sane' chip makers.
It's my expectation that I'll be going through all the SAME crap again next weekend when there's going to be a bunch of EFI ECU equipped vehicles racing. (Unsurprisingly, these too tend to use a simple RS-232C comms port).
Anyway, you just keep on posting sunshine. I could do with a few more laughs.
-
@TheRevva,
Tell them they are better off getting real RS232 PCIe boards, they are only about $30 for 2 ports.
Also some motherboards have RS232 headers, you just need the external connector on one of the external slots on the back side external slots.
-
@TheRevva,
Tell them they are better off getting real RS232 PCIe boards, they are only about $30 for 2 ports.
Also some motherboards have RS232 headers, you just need the external connector on one of the external slots on the back side external slots.
I completely concur on a PCIe board, but more often than not in this circumstance, we're talking about a laptop rather than a desktop MoBo with available PCIe slots.
Sure there ARE some cardbus and PCI express serial devices available for the laptop market, but you really need to see the state of some of these laptops. I'm sure that a few have been 'attacked with a grease gun'. The likelihood of the PCI Express connector pins remaining intact (and not 'oxidised into submission') by the various petrochemical solvents around them isn't very high. (I guess that's why some of the teams tend to have half a dozen 'spare' laptops floating about in the transporter?).
My 'gut instinct' is to think that a PCI express card is a LOT more 'fragile' than a USB dongle and would therefore probably 'expire' a lot sooner. (All of the PCI express outboard connectors I've seen wouldn't last a single drag meeting given the rough handling they'd be subjected to)
(Down here in NZ our teams tend to be far less 'polished' than what you'd expect from a 'John Force' team. Perhaps that's why I love them so much? LOL)
Nevertheless, thanx HEAPS for the suggestion.
Edit: Sorry to the forum readers... I got my terminology a bit wrong in the above text. I SHOULD have used the term "ExpressCard" where I typed "PCI Express". Also, I've found a number of ExpressCard offerings that have a proper DB9 connector as the outboard connector. I've ordered a couple for testing this weekend so we'll see how well they go. (And before some 'troll' starts accusing me of making money from this FTDI debacle by 'selling' these ExpressCards, the teams that get them will ONLY pay me the price I got them for and then ONLY if they return them 'broken' at the end of the day. I have _other_ uses intended for them!)
-
I agree on the garage environment and the rough handling. I remember seeing the inside of an original IBM PC after it had been inside a tire depot for a few years and there was a layer over a cm deep of tire dust over the motherboard. Fortunately this was before the days of CPU fans but they told me that the power supplies lasted three or four months before failure.
-
Don't you all got school to go, and homework to do?
This isn't a kid forum, or is it? ????
If you work for the University Of British Columbia then you have lots of time to hang around on this forum >:D Sadly we still don't know how much that pays ;)
-
I used to work at a University as a staff programmer, pay was 1/4 to 1/8 of what you can make in the private market depending how good and how specialized you are, but that was many moons ago.
-
I'm getting their new driver marked as a "critical" update in Windows Update now. Microsoft must be pretty pissed off that FTDI made them distribute a malicious, hardware-bricking driver.
The hardware bricked itself because it didn't correctly emulate the hardware it was claiming to be. The FTDI driver treats all hardware the same and could easily claim the operations which fakes brick themselves on may be required by future revisions of their silicon.
I can't say I have seen any ambulance chasers in this or any other thread about the issue. I estimate the chances of FTDI being sued over it are about zero.
-
BTW, FTDI have just announced a new USB 3.0 Superspeed FIFO chip.... details to come
If it's less convoluted and cheaper than the FX3, I'm in
-
This isn't a kid forum, or is it? ????
Probably piece of cake for Dave to run sql statement like this on its own database, so let creative people learn fast keyboard typing :-DD
DELETE FROM eevblog_forum
WHERE user='Rufus ' OR user='a210210200' OR .... etc
-
It's call censorship and it's not desired.
-
I don't see why you are calling a210210200 and rufus trolls. I think they have argued their case a lot better than the many people on the other side. And most of the abuse has been against them.
Though I can see why you may think a210210200 is a shill. ie. He is new, he argues so comprehensively and doggedly on one issue.
He has denied that this is the case, so what can you do but argue against him.
Back to topic:
Sometimes you have to accept that people have a different opinion.
As to FTDI being sued, haven't heard anything apart from some drag racers saying they hate FTDI.
As to somebody at FTDI having broken some criminal law, it was just a dream, it never was going to happen.
As to whether FTDI did the wrong thing, it seems clear that the opinion of the forum is yes, I disagree but the weight of opinion is against me.
I think the hardware deliberately and falsely identified itself to be FTDI hardware, it was not chance. So the FTDI driver just changed it's PID to so it would not be loaded by it next time. I think this is the correct course.
A further thing, I don't see why people seem to think getting fake chips (not clones) from distributors/manufacturers is acceptable, why not name and shame them if you have been given fake chips.
Has anyone actually found fakes loaded onto their boards or bought fake chips from a major distributor?
-
A further thing, I don't see why people seem to think getting fake chips (not clones) from distributors/manufacturers is acceptable, why not name and shame them if you have been given fake chips.
Has anyone actually found fakes loaded onto their boards or bought fake chips from a major distributor?
I get the impression a lot of people here have never bothered to read a delivery note from the likes of Digikey or Element 14. They are certificates of conformity the most basic of which state "I certify that goods are to manufacturers specification." with a signature. They get certificates of conformity from their suppliers and so on till it gets back to the original manufacturer who should also have certificates of conformity from their material suppliers etc. That is how traceability of parts and a blame trail is established.
Because I don't have ISO 9001 approval I am not sufficiently trusted and some of my customers require me to supply copies of CofCs for all parts I use to make what I supply to them. For such jobs I simply can't buy parts from sources that don't provide CofCs. A lot of quality assurance is bullshit but maintaining traceability and a blame trail isn't. If crap does get into the supply chain it establishes where and as importantly where that crap went to.
I recently had some parts from Farnell which were out of specification - not far but definitely out. After some hassle getting past customer service droids they quarantined their remaining stock, tested some parts themselves and launched an investigation. I doubt I will get to hear the result of that investigation but I am pretty confident they will identify and sort out the problem. They ought to inform other customers who bought from that stock of the issue, but, I have no way of knowing if they did.
-
For the most part, I actually agree with ya HFM...
It's all a very contentious set of circumstances.
The remainder of this post is merely me 'taking the piss' in a quasi light-hearted fashion... It's intent is PURELY to provoke a smirk.
I'd like to take this opportunity to lay claim to the numbers 7 and 823543 (being 7^7).
From this point forward, anyone making use of those numbers shall be considered to have STOLEN them from me and I'd suggest that any use of them (whether for identification purposes or otherwise), is technically in breach of the EULA that I privately posted onto my bathroom wall. (ANYONE can request to come and view this EULA, but I'm not expecting a queue of people).
Anyone wishing to arrange an 'EULA viewing opportunity' may have some difficulty. All my phone numbers contain references to MY digit (7) and I'm actively seeking that all Telco equipment manufacturers around the world strike off this number from their devices. Furthermore, both my street address _AND_ postcode (that's ZIPcode for you yanks) also contain numerous instances of MY '7' so I am afraid 'snail mail' is out. My HAM radio license? Equally affected! I guess you could try 'smoke signals'? (I'd prefer people used GENUINE FTDI smoke, but I will grudgingly accept FAKE smoke too on a 'calm day').
P.S.
I would strongly expect that A210210200 will shortly lay claim to the decimal number 696,055,300,608 (since that's what A210210200 equates to after converting back from hex to decimal). Thank GOODNESS is doesn't include a '7'!!! I'd have been FORCED to sue!
-
i categorize 'reading a delivery note' into a similar arena to 'reading an EULA'. The reality is that the VAST majority of people blindly ignore them. By way of example, I make certain that ALL of my client machines have a suitable AntiVirus software suite installed on them. It's positively scary to state how many of them click on the 'ignore' button as soon as it pops up with some form of malware warning.
As for ISO-9001 certification, I consider it to be somewhat of a joke. It's quite plausible that ISO-9001 certification has been dramatically improved since I last looked into it over a decade ago. Back then, it was completely plausible to attain ISO-9001 certification and have a plant that was consistently producing RUBBISH. ISO9001 did not CARE whether the end result was good, bad or indifferent. It simply concerned itself with documenting processes (to the nth degree) and made sure that ALL production was equally good, or equally bad. I truly hope it's moved forward since then!
At the time, Six Sigma was 'light years' better than ISO-9001, and yet it too was akin to racing a top fuel dragster with 15 spark plugs removed. (i.e. Let's take some process that's HIGHLY efficient, and do whatever we can to slow it down to a crawl).
A good dose of 'Common Sense' in conjunction with the usual 'market forces' still works wonders for me. Perhaps FTDI are rapidly learning both of these facets?
-
This has been silly from the get go, now is just even sillier :)
You can't patent mathematical formulas including just numbers.
However you can trademark a number, like 312 is a Beer brand and the number comes from the phone area code. That doesn't prevent people to have phone numbers with the 312 exchange, but it does prevent others from using the number to name their beer that way.
If you don't want to ever use FTDI so be it, Me I don't care, but other chips might fall into cloners, at least if FTDI prevents clones to use their drivers then that's it for them and other chips will be cloned or the clones be more like the original chip, or just take the time to put your own ID and deploy your own driver.
So spend $5,000 for a VID for 2 years use, or $8,500 if you want to also make use of the USB logo in your product and be done with it.
-
Yep, the thread has (quite rightly IMNSHO), become somewhat of a joke... (In fact, for some of us, it was somewhat of a joke right from the outset)
That 'joke' status is exactly the reason why I've elected to 'claim ownership' of the numbers '7' and '823543'. (I hope it put a smile on at least SOME faces?)
BTW, if anyone is willing to pay me US$5000.00, they can 'claim ownership' of any other numbers. (I'm tempted to put dibs on numbers like PI and 'e' since they're bound to be worth a 'premium price'. Perhaps I should also claim 22/7 for those 'rationalists' amongst us?).
Each of us will make our own decisions based upon what we have seen and read (in combination with our own unique 'personalities') and life will go on irrespectively.
If nothing else, I'd suggest that FTDI management will think VERY hard of the ramifications of any such future 'releases'.
-
Wow, that philosophy wouldn't last two minutes in a proper customer-support organization. How astonishingly clueless about the end-user support world.
Please elaborate on how you think the entire all industries all fields of work end user support world should work. Does everyone get a personal IT support person standing by their side to guide them through the terribly complex process of pointing, clicking, and typing into this strange box the strange person calls a computer?
Which by the way if you want I can do it for you personally for free online to fix the FTDI PID issues if you have any. In IT support if the person is at an ends of their ability then yes people take over but you shouldn't hand hold 100% of the time and must adapt to the situation and person your talking to. For an IT group fixing things like this is peanuts compared to a bad windows update that wasn't caught in deployment testing which can cause many more problems.
I LOVE this thread!!! I have to 'disappear' from the net for a weekend due to a 'far more important' hobby of mine (drag racing)... Not only do I come back to find another whole BATCH of politically induced BULLSHIT from 'the paid troll', I also had to waste several HOURS 'fixing' the data-logger connectivity of several VERY high end drag racers (who now consider me to be an absolute 'I.T. deity'... Go figure!!!). Naturally, after having remedied their issues, I explained (impartially? Yeah right, they KNOW me better than that!!!) the reasons why their time proven systems had suddenly turned into custard. The 'news' spread through the venue like an Santa Ana bushfire and they all want me to build them a new USB-RS232C cable that will take the big FTDI question totally out of the equation! Even the Top Fuellers who already had GENUINE FTDI chips in their systems..... (Racepak and RPM seem to supply a 'custom' VID / PID on their FTDI equipped cables as do many others). It's simply not worth them 'risking' a $200k motor on some NASTY $20 cable!
I probably SHOULD be thanking FTDI for the extra business, but in reality, I am NOT an EE... I just 'hit keys' and electronics is merely a hobby.
Perhaps FTDI needs to mix a bit more Ammonium Nitrate into their Nitromethane next time so they can 'go out in style'.... OKLAHOMA style...
Anyway, I have a bunch more in this thread (from the 'paid trolls').... Might be more posts from me real soon
Wait wouldn't the fact that your tricking people into paying you money by taking advantage of the news be the very definition of a paid troll? You have a clear conflict of interest in that your directly benefiting by your own admission.
A custom VID/PID part would not be affected by this PID change issue so your in fact lying to your customers to induce them to give you work they don't need done. This is beyond unethical.
It's apparent that you have tragically misread what I have written. Perhaps english isn't your primary language, so I'll happily forgive you... (Or perhaps you're just a 'political spin doctor'?)
What I actually typed is quite self evident.
1: "they all want me to build them a new USB-RS232C cable"
Perhaps you misread that by thinking I was actually going to build them the cables they all WANT me to construct?
2: "I probably SHOULD be thanking FTDI for the extra business, but in reality, I am NOT an EE... I just 'hit keys' and electronics is merely a hobby."
Let me make it crystal clear for you. "but in reality, I am NOT an EE" means exactly what it says (as does the phrase "electronics is merely a hobby").
It seems likely to me that you have chosen to 'conjure' some image that is totally contrary to what was actually typed?
For all I know, this might be the result of overindulgence in a few extra drams of the finest single malt but I truly don't care.
My 'mission' is solely to warn people of the DANGERS of using ANY FTDI part whether a full blown counterfeit (aka 'illegal' due to the logo or even die copying), a functional if not imperfect clone (which were the majority from the weekend given that the chip was in the 'epoxy blob'), or even a part sourced direct from FTDI)
I've taken the time to plainly demonstrate to a bunch of end users how a malicious piece of software can really 'ruin their day'.
The drag racers I deal with and hugely respect are true 'end users'. When their cables suddenly stop working they're totally unable to resurrect them. We're talking about grease monkeys here, not EEs, not I.T. professionals... These are the type of guys who search the keyboard looking for the 'any' key and cannot decide whether to try 'TAB' or 'ESC' since they both have the right number of letters on the keycap!
The fact that the current debacle was begun by the OEM chip designer releasing what most seem to consider malware into the wild only helps to make those end users even more skeptical. I demonstrated to many of them (with their full permission) how easy it was to 'brick' a GENUINE chip by changing the VID / PID to make it appear as a Mickey$oft Mouse. I didn't switch to the external oscillator option on any of them as I still wanted them to be able to use their 'brain dead' hardware until they've changed chip provider. (i.e. I changed the VID / PID back to 'normal' after performing the 'demonstration').
The reality is that I'm pretty certain that ALL of the available USB-UARTs can be targeted by malicious software. However, I took the time to explain that the PROBABILITY of their FTDI based devices being targeted is several orders of magnitude larger than for any of the other, more 'sane' chip makers.
It's my expectation that I'll be going through all the SAME crap again next weekend when there's going to be a bunch of EFI ECU equipped vehicles racing. (Unsurprisingly, these too tend to use a simple RS-232C comms port).
Anyway, you just keep on posting sunshine. I could do with a few more laughs.
As you said earlier,
Even the Top Fuellers who already had GENUINE FTDI chips in their systems..... (Racepak and RPM seem to supply a 'custom' VID / PID on their FTDI equipped cables as do many others). It's simply not worth them 'risking' a $200k motor on some NASTY $20 cable!
This statement is completely false by your own words in bold, a company that uses their own "custom" VID/PID would not be affected by FTDI driver updates and could even use fake chips without being affected because they control which driver it uses. And is why I said your tricking people by telling them a story which doesn't effect them. If an FDA approved blood glucose meter which also uses custom VID/PID they too would not be affected.
And the rest of your post keeps ignoring that fact a reputable company like Racepak is doing all the right things and your just spreading fear uncertainty and doubt. Also you should not manually collide VID/PID with other device drivers you could have corrupted their operating system by accident or caused a BSOD if you want to show it being bricked you should pick a combination which is not being used. (You can look online for tables of VID/PID numbers)
-
I'm getting their new driver marked as a "critical" update in Windows Update now. Microsoft must be pretty pissed off that FTDI made them distribute a malicious, hardware-bricking driver.
In some ways it's good that FTDI was the first to do it and can easily be sued for any resulting damage. The possibility of a black hat getting a malicious driver signed and on to Windows Update has existed for a long time, and this just shows that whatever checks they do are inadequate.
Stuxnet used multiple stolen certs. and I believed used signed drivers and multiple real valid certificates from various companies to worm its way towards its target. Certificate based systems and even just drivers are based on trust. You should always check your root certificate trust because that being compromised can lead to all manner of bad things. (HTTPS decrypt with no warning, MITM, ...) It is probable that there are other valid signed "drivers" out there right now and long ago we just won't hear about them because it takes a lot of resources to crack the certificate trust model without being detected.
-
For the most part, I actually agree with ya HFM...
It's all a very contentious set of circumstances.
The remainder of this post is merely me 'taking the piss' in a quasi light-hearted fashion... It's intent is PURELY to provoke a smirk.
I'd like to take this opportunity to lay claim to the numbers 7 and 823543 (being 7^7).
From this point forward, anyone making use of those numbers shall be considered to have STOLEN them from me and I'd suggest that any use of them (whether for identification purposes or otherwise), is technically in breach of the EULA that I privately posted onto my bathroom wall. (ANYONE can request to come and view this EULA, but I'm not expecting a queue of people).
Anyone wishing to arrange an 'EULA viewing opportunity' may have some difficulty. All my phone numbers contain references to MY digit (7) and I'm actively seeking that all Telco equipment manufacturers around the world strike off this number from their devices. Furthermore, both my street address _AND_ postcode (that's ZIPcode for you yanks) also contain numerous instances of MY '7' so I am afraid 'snail mail' is out. My HAM radio license? Equally affected! I guess you could try 'smoke signals'? (I'd prefer people used GENUINE FTDI smoke, but I will grudgingly accept FAKE smoke too on a 'calm day').
P.S.
I would strongly expect that A210210200 will shortly lay claim to the decimal number 696,055,300,608 (since that's what A210210200 equates to after converting back from hex to decimal). Thank GOODNESS is doesn't include a '7'!!! I'd have been FORCED to sue!
There are countless "illegal" numbers anything in reality can be represented by a number. Everything from your DNA to the Disney's latest movie can be represent by a number of numbers depending on the encoding and base you choose. (Also are you sure you converted my user name properly?, also you failing horribly at copyright law)
And as a good example try making the exact same user name here the exact collision of handles wouldn't be allowed. So locally I do retain limited rights to the handle as do you to yours within the framework of this forum.
Technically speaking cryptographic secrets are also special numbers the only problem is that since they are secret you don't know if someone is using them.
People and governments can successfully prosecute in certain cases of just pure numbers being released and while the number itself isn't property the meaning and use of the number is what is usually being protected.
People own domain names these are also numbers if you could not then everyone could take over any website.
Numbers are merely a medium to represent things you cannot own a number just for the purposes of a number but you can own the meaning/use of a number. Say your DNA can be protected information, a your literary work can be protected, medical data can converted into a number and has countless laws protecting such numbers, and so on.
Math is really neat like that it basically can encode the universe and more. (Nothing in reality owns math because math is probably the closest we will get to the very basics of reality itself)
-
About the paid FTDI shills [and unpaid trolls]:
If it looks like a duck, and it walks like a duck, and it quacks like a duck...well...it's probably a duck.
This thread is 103 pages long, and I think everything that needs to be said has been said, and that people have formed their opinions. So, I am leaving this thread, and I'm not coming back. Enjoy!
Certainly looks like confirmation bias here, I'll just quote this in,
@a210210200:
You know, not once have I ever mentioned your online "handle" when accusing the FTDI "fixer" of hiring "shills" to inundate this forum with false propaganda and diversions from the real truth about FTDI's driver that contains a trojan malware. Yet, every time I did broach this subject, for some reason you felt the need to chime in, and proudly declare that you were not such person. So, since I didn't ever name names, why did you feel the need to defend yourself every time I did this?
Ok you didn't mention my handle but do you know what a pronoun means. Read below its a good example of how to follow pronouns in referencing nouns (in this case a user's handle)
[My TLDR response to you goes here] Followed by you saying the pronoun shown below.
You are obviously a "shill" for FTDI. AND, you are *WRONG*. Your use of the phrase "faking the VID/PID" shows a lack of understanding in how USB works. There are many other signatures that an O/S can use to determine what the device is-- not just the VID/PID, and your [FTDI's] MALWARE driver proves this-- as it has no problem identifying a chip that was not made by FTDI.
It is pretty unambiguous who you were replying to because you replied to me directly.
I don't think I need to even respond to anything else other than pointing out that you just demonstrably lied outright under the assumption no one reading your post (including me) would bother to verify your claim.
Also ( http://xkcd.com/1357/ (http://xkcd.com/1357/) ), bye.
-
Also are you sure you converted my user name properly?
Yep, I'm sure... I'm normally pretty good at numbers and my C&P skills aren't too shabby either... <Grins>
also you failing horribly at copyright law
I have to freely admit... IANAL... However, I'm beginning to wonder. Whom is it that's being ANAL???
I'm also normally quite good at performing at least a rough 'proof reading' of what I've typed before bashing on that "Post" button.
Some users don't bother and that's THEIR choice.
P.S. This 'response' post is NOT intended to be interpreted as anything more than just 'poking more fun' at the continuing pointlessness of this thread.
If '696,055,300,608' (Copyright 1914) or any other reader chooses to interpret it differently, that's THEIR issue to contend with.
-
@TheRevva,
Tell them they are better off getting real RS232 PCIe boards, they are only about $30 for 2 ports.
Also some motherboards have RS232 headers, you just need the external connector on one of the external slots on the back side external slots.
You can even get mini-PCI express serial cards if you have a very compact case or even want to use a laptop in a very odd way.
http://ca.startech.com/Cards-Adapters/Serial-Cards-Adapters/4-Port-RS232-Mini-PCI-Express-Serial-Card-16650-UART~MPEX4S552 (http://ca.startech.com/Cards-Adapters/Serial-Cards-Adapters/4-Port-RS232-Mini-PCI-Express-Serial-Card-16650-UART~MPEX4S552)
-
This isn't a kid forum, or is it? ????
Probably piece of cake for Dave to run sql statement like this on its own database, so let creative people learn fast keyboard typing :-DD
DELETE FROM eevblog_forum
WHERE user='Rufus ' OR user='a210210200' OR .... etc
It would more kid like to just delete people's accounts you don't agree with instead of actually saying words that mean things.
-
My (totally worthless) $0.02...
I would have surmised from the slightly sketchy SQL code that the intent was to delete from the table containing all your postings and not to delete you altogether as a forum user. (The question revolves around the schema of this 'hypothetical' eevblog_forum table - is it a table of users or is it a table of posts made by the users?)
Having said that...
While it's pretty darned plain to almost everyone here that I strongly disagree with much of what you've posted, I will equally strongly DEFEND your right to have posted it in the first place. (No matter HOW 'wrong' you may have been... <Grins>)
-
I am completely against a210210200's position on this matter. However, s/he has been very consistent in presenting facts and logic (however I disagree with it).
About the paid FTDI shills [and unpaid trolls]:
Other than smearing your opponents, you have made no rational arguments backed up by verifiable facts and added nothing positive to this discussion.
I'm not coming back.
Thank you.
-
The hardware bricked itself because it didn't correctly emulate the hardware it was claiming to be. The FTDI driver treats all hardware the same and could easily claim the operations which fakes brick themselves on may be required by future revisions of their silicon.
I guess you were not paying attention. The code they used is designed specifically to do an EEPROM write that will fail on their hardware
It does not fail on their hardware it is ignored - the design authority for FTDI silicon isn't you it is someone who works for FTDI.
-
I guess you were not paying attention. The code they used is designed specifically to do an EEPROM write that will fail on their hardware
It does not fail on their hardware it is ignored - the design authority for FTDI silicon isn't you it is someone who works for FTDI.
[/quote]
Rofus you are dodging his argument. He says that they did it specifically to reconfigure non FTDI chips.
-
I don't know if it has already been suggested (104 pages, yikes) but you could use the EEPROM tool from FTDI to reprogram the VID = 0403 and PID = 6001
Cheers
-
on the 'ownership of numbers'
the VID / PID pair is handed out by the USB consortium. it is assigned to one 'entity'. you cannot willy-nilly use someone else's number.
the numbers are used to match the device to the driver.
anyone stepping on someone else's number creates a problem.
there was a case w hile ago with some DAB driver that used the default cypress VID/PId for their USB-FX2 chips. the problem was , once that driver got on your system all your devices using an FX2 were recognised as a dab player. since the FX2 , on power up , enumerates using the cypress vid/pid to get it's firmware : nothing worked. this cause a big stink and microsoft already had to pull a driver from their whcl base.
let's all play by the rules for once ok . they ain't that hard.
Wanna make usb product? then either :
- use standard chip with manufacturer provided driver and be done with it. no need to buy a vid/pid
- get your own VID from USB.org and write your own driver.
don't mix and match. and certainly don't use anyone else's vid/pid pair.
-
RE: on the 'ownership of numbers'
The PID/VID numbers I posted belong to FDTI
http://www.ftdichip.com/Support/Utilities.htm (http://www.ftdichip.com/Support/Utilities.htm)
Cheers.
-
Just my comments, Looking back...
A few years I had a problem with IOGear RS232/USB converters causing BSODs in Windows in one of my projects. The following is the URL to my trouble ticket: http://gridtrak.codeplex.com/workitem/9604 (http://gridtrak.codeplex.com/workitem/9604)
At the time, the only RS232/USB converter I could get to work reliably was FTDI based. From then on, I was a loyal FTDI customer!
It took me several months of testing and learning the hard way to trust FTDI. However, if at the time I was testing the RS232/USB converters, had I discovered any completely failed devices After testing FTDI devices - and I suspected FTDI drivers as the cause for the failures in the other devices, I would have abandoned FTDI products as being fatally unreliable.
My point is: I agree with the majority that bricking devices on PCs is a bad idea. And, if it ever happened to me, I would never use products from that company again.
I'm only a little concerned that all of the GearMo FTDI based RS232/USB devices I deployed to the field might start failing - because they did not come with any certificate of conformity and I bought them on Amazon.com; which may not be a FTDI distributor.
//AJ
-
It does not fail on their hardware it is ignored - the design authority for FTDI silicon isn't you it is someone who works for FTDI.
Rofus you are dodging his argument. He says that they did it specifically to reconfigure non FTDI chips.
I'm sure they did but what they do they do to all hardware. They make no distinction between genuine and non-genuine chips - the chips themselves make that distinction. They may well have chosen to do it that way because of legal implications despite it not allowing owners of non-genuine chips to be better informed.
-
It is very expensive you need to buy them.
"The annual membership fee is US$4,000" from http://www.usb.org/developers/vendor/ (http://www.usb.org/developers/vendor/)
http://hackaday.com/2013/10/22/usb-implementers-forum-says-no-to-open-source/ (http://hackaday.com/2013/10/22/usb-implementers-forum-says-no-to-open-source/)
There was also a great talk about then big usb problem but i cant find the link.
Quote from: free_electron on Today at 02:59:05 AM (https://www.eevblog.com/forum/index.php?topic=37964.msg543745#msg543745)
- get your own VID from USB.org and write your own driver.
-
on the 'ownership of numbers'
the VID / PID pair is handed out by the USB consortium. it is assigned to one 'entity'. you cannot willy-nilly use someone else's number.
the numbers are used to match the device to the driver.
If you make a device that's compatible with an existing driver, it's much better to use the same VID/PID. It doesn't benefit anyone to have duplicate drivers with different VID/PIDs.
anyone stepping on someone else's number creates a problem.
Using someone else's number doesn't create a problem if the devices are compatible, in fact it's better.
there was a case w hile ago with some DAB driver that used the default cypress VID/PId for their USB-FX2 chips. the problem was , once that driver got on your system all your devices using an FX2 were recognised as a dab player. since the FX2 , on power up , enumerates using the cypress vid/pid to get it's firmware : nothing worked. this cause a big stink and microsoft already had to pull a driver from their whcl base.
Nice story, but not relevant to the FTDI situation.
let's all play by the rules for once ok . they ain't that hard.
Wanna make usb product? then either :
- use standard chip with manufacturer provided driver and be done with it. no need to buy a vid/pid
- get your own VID from USB.org and write your own driver.
don't mix and match. and certainly don't use anyone else's vid/pid pair.
Too bad those rules don't cover the FTDI situation: make a chip that's compatible with a standard chip... then do what? USB doesn't have an answer for that.
-
Yep, the thread has (quite rightly IMNSHO), become somewhat of a joke... (In fact, for some of us, it was somewhat of a joke right from the outset)
That 'joke' status is exactly the reason why I've elected to 'claim ownership' of the numbers '7' and '823543'. (I hope it put a smile on at least SOME faces?)
BTW, if anyone is willing to pay me US$5000.00, they can 'claim ownership' of any other numbers. (I'm tempted to put dibs on numbers like PI and 'e' since they're bound to be worth a 'premium price'. Perhaps I should also claim 22/7 for those 'rationalists' amongst us?).
Each of us will make our own decisions based upon what we have seen and read (in combination with our own unique 'personalities') and life will go on irrespectively.
If nothing else, I'd suggest that FTDI management will think VERY hard of the ramifications of any such future 'releases'.
If you look into pi long enough ( or e for that matter) you will find a section that is every imaginable number. Are they going to ban these 2 numbers? Legislate it is equal to 3? Very hard to patent or copyright a number, which is why we have the Pentium, as I am looking at an IBM 6x86 processor on the shelf next to me. Intel lost that legal battle big time to big Blue and AMD.
-
If you look into pi long enough ( or e for that matter) you will find a section that is every imaginable number.
It is not known if pi and e are normal.
http://en.wikipedia.org/wiki/Normal_number (http://en.wikipedia.org/wiki/Normal_number)
-
Doesn't FTDI provide their customers PIDs while still using their VID?
So you can still do your own driver and get your PID gratis.
http://www.ftdichip.com/Support/Knowledgebase/index.html?caniuseftdisvidformypr.htm (http://www.ftdichip.com/Support/Knowledgebase/index.html?caniuseftdisvidformypr.htm)
-
Too bad those rules don't cover the FTDI situation: make a chip that's compatible with a standard chip... then do what? USB doesn't have an answer for that.
The answer is don't. How do you control unique serial numbers on compatible chips? If you plug in two devices with the same serial number Win XP immediately BSOD's for example.
-
It doesn't (been there, done that). It just enumerates both devices. Remember each USB port has a unique address within the USB device tree as well.
-
It doesn't (been there, done that). It just enumerates both devices. Remember each USB port has a unique address within the USB device tree as well.
http://blogs.msdn.com/b/oldnewthing/archive/2004/11/10/255047.aspx (http://blogs.msdn.com/b/oldnewthing/archive/2004/11/10/255047.aspx)
In my experience "Exciting things happened" = BSOD.
-
It is very expensive you need to buy them.
"The annual membership fee is US$4,000" from http://www.usb.org/developers/vendor/ (http://www.usb.org/developers/vendor/)
You can get PIDs from other companies either for free (if you use their products) for small scale use or get a PID for yourself (without the blessing of the official USB group)
http://www.mcselec.com/index.php?page=shop.product_details&flypage=shop.flypage&product_id=92&option=com_phpshop&Itemid=1 (http://www.mcselec.com/index.php?page=shop.product_details&flypage=shop.flypage&product_id=92&option=com_phpshop&Itemid=1)
But making a device which may be compatible now under the exact same VID/PID is not a good thing to do for the entire ecosystem since conceivably a non-DRM type change could break compatibility and cause system instability (BSODs) creating all sorts of problems which would be difficult to figure out. Finger pointing will result and in theory in a opposite day world a mistake of a "compatible" chip could cause a host computer to BSOD.
If your a company wants to do it properly so users get a plug and play experience you want to have control over both VID/PID and have a WHQL driver and so on your going to have to pony up the fees anyways otherwise Microsoft is just going to take your money. (Testing per os is non-refundable $250, probably adds up quick if you want the entire range and you need your own certificate for Microsoft software verification as well for an additional cost as well)
-
on the 'ownership of numbers'
the VID / PID pair is handed out by the USB consortium. it is assigned to one 'entity'. you cannot willy-nilly use someone else's number.
the numbers are used to match the device to the driver.
If you make a device that's compatible with an existing driver, it's much better to use the same VID/PID. It doesn't benefit anyone to have duplicate drivers with different VID/PIDs.
anyone stepping on someone else's number creates a problem.
Using someone else's number doesn't create a problem if the devices are compatible, in fact it's better.
there was a case w hile ago with some DAB driver that used the default cypress VID/PId for their USB-FX2 chips. the problem was , once that driver got on your system all your devices using an FX2 were recognised as a dab player. since the FX2 , on power up , enumerates using the cypress vid/pid to get it's firmware : nothing worked. this cause a big stink and microsoft already had to pull a driver from their whcl base.
Nice story, but not relevant to the FTDI situation.
let's all play by the rules for once ok . they ain't that hard.
Wanna make usb product? then either :
- use standard chip with manufacturer provided driver and be done with it. no need to buy a vid/pid
- get your own VID from USB.org and write your own driver.
don't mix and match. and certainly don't use anyone else's vid/pid pair.
Too bad those rules don't cover the FTDI situation: make a chip that's compatible with a standard chip... then do what? USB doesn't have an answer for that.
The problem with a compatible chip is who determines if it is certifiably compatible. Using a different VID/PID prevents problems like that even if they are using the same driver just one that is verified to work with the compatible chip. Example, Racepak (Racing Engine Diagnostics) and Bayer (Medical Devices) in two totally different industries distribute FTDI drivers but use their own VID/PID combination to maintain control over what driver users get as well as the device name and vendor information so that no consumer would be confused to think it is an FTDI device since windows reports it as whatever the mfg wants. An added bonus is that even if FTDI screws up or does something intentionally insane they still won't affect your product because windows has it locked in with your own WHQL driver with its own security cert and so on.
Even those this incident is clearly an action from FTDI there is nothing in reality that stops a "compatible" chip from getting a bad revision done that causes instability in windows without a driver update. Even though no one really owns the VID/PID space it technically should be respected to maintain a functional PnP ecosystem for USB devices in general. (There are plenty of numbers to go around)
-
If you look into pi long enough ( or e for that matter) you will find a section that is every imaginable number. Are they going to ban these 2 numbers? Legislate it is equal to 3?
Interesting thing about pi = 3 is that it works fine if your doing rough estimation.
Great example of such order of magnitude estimation, https://what-if.xkcd.com/84/
Very useful in sanity checks, early development calculations.
-
<Snipped out a chunk> (There are plenty of numbers to go around)
Careful dude, those are very similar to 'the famous words' from MANY people / institutions...
Afterall who on earth would want more than 640kB of RAM (Supposedly uttered by 'some fool' from Microsoft)
And then there's the whole IPv4 debacle which has a positively HUGE 32bit address space... Who could EVER have imagined we'd exceed THAT?
You may as well also include the good old bar codes (such as UPC / EAN13). What single manufacturer would ever exceed 99999 unique products? Is 99999 unique manufacturers sufficient to cover the entire GLOBE???
Correct me if I am wrong, but my understanding that both the VID and PID are constrained to 16 bits each. (Thus a range of 0-65535 each at best case)
It's only a matter of time...
(Just like it's only a matter of time before the signed 32bit 'time' counter in original *nix systems 'rolls over'... Jan 19 2038 IIRC Sometime around 03:19)
-
http://www.howstuffworks.com/tech-myths/5-myths-about-bill-gates3.htm (http://www.howstuffworks.com/tech-myths/5-myths-about-bill-gates3.htm)
-
It doesn't (been there, done that). It just enumerates both devices. Remember each USB port has a unique address within the USB device tree as well.
http://blogs.msdn.com/b/oldnewthing/archive/2004/11/10/255047.aspx (http://blogs.msdn.com/b/oldnewthing/archive/2004/11/10/255047.aspx)
In my experience "Exciting things happened" = BSOD.
:palm:
-
It doesn't (been there, done that). It just enumerates both devices. Remember each USB port has a unique address within the USB device tree as well.
http://blogs.msdn.com/b/oldnewthing/archive/2004/11/10/255047.aspx (http://blogs.msdn.com/b/oldnewthing/archive/2004/11/10/255047.aspx)
In my experience "Exciting things happened" = BSOD.
Another tidbit: http://rtshiva.com/2009/05/19/usb-specification-and-windows-limitation-on-serial-numbers/ (http://rtshiva.com/2009/05/19/usb-specification-and-windows-limitation-on-serial-numbers/) which links to the same blog post above at the bottom. I really like udev on my linux systems which is able to fix nearly all issues with USB IDs. In case of the USB serial converters I've written some custom rules to create device specific links. A buspirate gets a /dev/buspirate, an arduino a /dev/arduino and so on. That's much better than finding out which tty the USB device got.
BTW. it should be possible to write a udev rule to automatically fix broken FTDI clones.
-
It is very expensive you need to buy them.
so ? what is 4K for a company that designs chips ? dust under the carpet...
the thing is these silicon squatters try to get rich by piggybacking on the success story of someone else. They sell a part that is similar in form fit and function but not a 100% clone. they sell it at a cheaper price than the real one , cash the cheque and laugh all the way to the bank. Meanwhile the people that did the original hard work and built a success story lose their income.
I Vote to bring back tar, feathers and branding (preferrably on their forehead) for this kind of scum.
-
...I Vote to bring back tar, feathers and branding (preferrably on their forehead) for this kind of scum.
That's not what FTDI did, they chose to retaliate against the users.
-
Nayone knows if there is any way to know if the driver on my PC is the one that will brick devices?
I would like to know that before testing if my devices still work :)
Regards
-
Nayone knows if there is any way to know if the driver on my PC is the one that will brick devices?
I would like to know that before testing if my devices still work :)
Regards
Don't be too afraid, FTDI themselves supply the tools to unbrick your device if it does happen and even if it's a clone.
https://www.youtube.com/watch?v=RZH_qGautqM (https://www.youtube.com/watch?v=RZH_qGautqM)
-
I will be happy to send my usb to serial port adapter that worked just fine on every version of windows up to xp, but won't work on windows 7 or 8, back to ftdi so they can verify if it's a counterfeit.
which by the way I'M CERTAIN IT'S NOT.
they bricked their own junk a long time ago, but it's different when they do it isn't it? Besides what do these things cost? 20 cents? what kind of moron counterfeits something where there's no margin for profit?
The only people that could.....are the one's that make the chips for ftdi.......they should have taken better care of their business partners ;D
I'm out.
-
The ACTUAL manufacturing costs are probably WELL below the $0.20 that you mention, but that's not the point.
(If it was, I'd expect to be purchasing an I7-Haswell Intel CPU for only a couple of dollars!)
The 'production cost' of almost ANY given chip is almost incidental once you've built yourself a suitable fab and also spent all the time and effort in the R&D of the chip design.
Looking on Digikey, the current RETAIL price of a (genuine? who knows these days) FT232RL / SSOP28 in one-off quantities is NZ$6.34 which lowers to NZ$4.29958 in 500 quantity.
That's somewhat MORE than (for example) a Silabs CP2102 /QFN-28 at only $NZ3.88 each
The R&D costs between the two chips would, I assume, be in the same ballpark and I'd expect the production costs to be equally in the same ballpark. Therefore, I would bet it's fairly safe to assume that FTDI (and every other 'middleman' in the supply chain) is making about 100% more profit on a FT232RL than on a CP2102.
It's surmised that at least SOME of the clones are simply a repurposed microcontroller. (One that already had USB and a UART seems obvious). I would think I could knock up the firmware to 'emulate' a FTDI in a day or two (given the FTDI datasheet). (i.e. The R&D costs would be insignificant - near ZERO). The cheapest Atmel with USB and UART I could find on digikey is NZ$4.30 each. For a suitable PIC, it'd be NZ$2.11 each.
I'm pretty sure I could 'approach' either of them with a request to supply a million 'pre-programmed' chips in a non-standard case. (Or just buy a million 'bare die' and have them encapsulated in shenzen etc.)
I'm sure as hell not going to though... That's why they invented Chinese. Much like the japs of yesteryear, they're incapable of inventing anything much of significance (well, not since fireworks anyway). All they can do is COPY stuff very cheaply in the myriad Chinese sweatshops. Heck, just looking at them they're already almost 'copies' of each other??? <Evil Grins @ the 'stereotype'>
IMNShO, companies in the 21st century should NOT be allowed to 'rest on their laurels'. I considers patents and copyrights EVIL devices designed to holdback progress and innovation. I believe it's far better to be out 'inventing a new / novel mouse trap' than to waste time protecting last weeks mouse trap.
The only downside is that the exponential rate of advancement is becoming progressively more difficult for Joe Average to keep up with. (By the time Windows 11 is released, we'll be required to 'reboot it' every 5 seconds. Back in the Win 98 days we were allowed to wait 5 mins before it needed a reboot).
-
<Snipped out a chunk> (There are plenty of numbers to go around)
Careful dude, those are very similar to 'the famous words' from MANY people / institutions...
Afterall who on earth would want more than 640kB of RAM (Supposedly uttered by 'some fool' from Microsoft)
And then there's the whole IPv4 debacle which has a positively HUGE 32bit address space... Who could EVER have imagined we'd exceed THAT?
You may as well also include the good old bar codes (such as UPC / EAN13). What single manufacturer would ever exceed 99999 unique products? Is 99999 unique manufacturers sufficient to cover the entire GLOBE???
Correct me if I am wrong, but my understanding that both the VID and PID are constrained to 16 bits each. (Thus a range of 0-65535 each at best case)
It's only a matter of time...
(Just like it's only a matter of time before the signed 32bit 'time' counter in original *nix systems 'rolls over'... Jan 19 2038 IIRC Sometime around 03:19)
Unlike IPv4, USB VID usage isn't even over the halfway point. According to ( http://www.linux-usb.org/usb.ids (http://www.linux-usb.org/usb.ids) )
A short filter on that list and we have a total of just 2885 VID's being used and very few are even close to using up their PID space. That represents just 4.5% usage for the entire history of USB and since it costs so much to get a VID people can't just get them that easily. If anyone has access to another more detailed dataset we could even plot the usage and allocation dates roughly but I don't think we are going to be running out of VIDs for quite some time.
IP addresses ideally should be assigned to every device connected to a network so that it is unique across the globe. The people who thought a 32bit address made sense did not realize the potential for everyone to have 2+ devices each with their own IP address. But for USB VID/PID you do not ever going to have a situation that every person on the planet is going to make two or more companies and devices requiring their own VID/PID and $4000+.
-
mute point, FTDI offers 8 PIDs using their VID for free, still allows you to deploy your own driver.
but maybe not for hobbyists :)
-
True, FTDI does offer PID values for your own drivers. I was talking earlier about how functional FTDI clones and larger companies could easily have their own VID without issues.
One example is that most free PID use is contingent on the use of the mfgs product but if you use your own VID you can switch mfg or do whatever basically and there is no need currently for companies to "share" a VID.
-
A short filter on that list and we have a total of just 2885 VID's being used and very few are even close to using up their PID space. That represents just 4.5% usage for the entire history of USB and since it costs so much to get a VID people can't just get them that easily.
if USB VID is expensive, then what would you call the PCI-SIG fees to get a PCI vendor ID ? :D
-
Relative speaking of course vs. IPv4 address allocation which at first was like handing out candy land jumbo blocks to whoever wanted them until it was too late and they realized that people where sitting on massive unused blocks. (Some nice companies released their unused allocations they were never going to use I think).
-
This is the first time I post in this forum though i have been lurking for some time.
The company I work for use expensive equipment that is produced in low quantities. The probability that any such equipment manufacturer is able to have absolute control over the entire supply chain at all times for each individual chip is obviously limited.
We have a "air gap firewall" that protect the equipment against a lot of malware, but if a "updated" windows computer transmit an attack, it poses a risk to any equipment it is connected to. Our equipment is interfaced by USB externally, and there is probably a USB to serial interface internally.
To mitigate some of the risks such as FTDI gate:
1) No microsoft equipment or software may connect to any manufacturing equipment. This will probably be a permanent ban.
2) FTDI chips in equipment will be considered a risk. It will be among the factors that will be considered when a supplier wins or looses a tender.
3) All employees have been informed of the risk Microsoft and FTDI forced on us. And that their private equipment also may be at risk.
Hopefully it will be enough. It have been so far. My best wishes for you all and your equipment, may you stay safe.
-
I just got a product change notification email from Mouser, about the FT232, linked PDF: http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf (http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf)
It's very interesting.
-
I just got a product change notification email from Mouser, about the FT232, linked PDF: http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf (http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf)
My oh my, Fred Dart please stop digging that hole further! Climb out of it and own up to a moment of insanity. :-DD
-
I just got a product change notification email from Mouser, about the FT232, linked PDF: http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf (http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf)
Quote from that PCN:
'Although in certain parts of the media it has been implied that there was some form of counterfeit detection algorithm
in FTDI’s latest driver, this is in fact absolutely untrue. There was no mechanism of that description in place and hence
no flagging up of a counterfeit device ever occurred. Exactly the same commands and sequence are sent to a genuine
chip as to a counterfeit chip. Some counterfeit devices simply failed to handle certain commands correctly (again
something that’s shows their lack of suitability for use in serious electronic system design) and they simply end up
quarantining themselves out of harm’s way.'
Does this guy ever ask anyone else for an opinion? What a ridiculous paragraph. 'quarantining themselves out of harm's way'! How can something quarantine itself? I did sympathise with FTDI a little on this issue but releasing a message like this is utterly insulting.
If the sequence of commands in the driver that set PID to 0000 had a legitimate reason other than to affect counterfeit devices (so that the user then detects that they no longer work) then why have FTDI not told us what it is? If that is not a counterfeit detection mechanism then what is? The oddest thing is that after Fred strongly denies there being a counterfeit detection mechanism, the PCN then goes on to say in the very next paragraph that the re-released driver version will contain a detection algorithm!! This man is a lunatic.
Keep digging FTDI. Better still, shut up before you alienate all the engineers that might design in your chips.
-
(again something that’s shows their lack of suitability for use in serious electronic system design)
Someone needs to go back to grammar schools, :)
Although in certain parts of the media it has been implied that there was some form of counterfeit detection algorithm
in FTDI’s latest driver, this is in fact absolutely untrue. There was no mechanism of that description in place and hence
no flagging up of a counterfeit device ever occurred. Exactly the same commands and sequence are sent to a genuine
chip as to a counterfeit chip.
Those two statements are not mutually exclusive.
One can lie by telling 100% truth.
-
Not just that, later on:
This will still uphold our stance against devices that are not genuine.
FTDI has shown itself to be very proactive in combatting the issue of counterfeiting and will continue to be vigilant.
The hope is that the seriousness of the problem is now beginning to be realized and everyone in the electronics
engineering community will do their best to stamp out counterfeiting, as this will benefit the ongoing progression of
technology and encourage future technological advances.
which one is it? no detection? or combat(t)ing and taking a stance against them?
-
Looks like the next generation of drivers will indeed have mechanisms to detect fake chips.
-
Yeah, but saying "still" implies the previous driver also did :)
-
I just got a product change notification email from Mouser, about the FT232, linked PDF: http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf (http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf)
More lies and :blah:(ahem, PR policy) from FTDI officials. They indirectly admit that fakes/clones of all kinds/incompliant devices were damaged on purpose and killer driver was forced silently via automatic windows updates (ups, lawers said we can get sued so we removed it) on equipment not belonging to FTDI. Also, nobody was damaged by this, of course (at least nobody, that had original FTDI chips, that is >:D).
Some distorted world view. Good luck for anyone trusting company and their products with such management :palm:
FTDI (and some forum members) continue to claim that any device that fails with purposely designed killer driver is 100% illegal and breaching their rights, etc. This is very debatable and almost certainly untrue (FTDI IC implementation of the memory management is purposely/accidentally with bugs. There may be fakes(copies) and clones).
Also, FTDI allowed them to assume that they can damage final user equipment if they want to. This is clearly illegal (and no amount of :blah: can justify it).
FTDI, if you are reading this forum, you should understand that final user cannot identify original/fake/clone/copy IC short of de capping IC and checking it. This policy of punishing end user for wholesale issues is short sighted and damaging to FTDI.
-
They indirectly admit that fakes/clones of all kinds/incompliant devices were damaged on purpose
It shows that any sentence can be read to mean anything its reader intends it to mean, :)
-
I just got a product change notification email from Mouser, about the FT232, linked PDF: http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf (http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf)
It's very interesting.
He tries to create the impression that the bricking 'just happened'. What a weasel. They found a minute difference between their and competitors' products and exploited it. At least be honest about it.
-
They indirectly admit that fakes/clones of all kinds/incompliant devices were damaged on purpose
It shows that any sentence can be read to mean anything its reader intends it to mean, :)
True but the part which says that the functional equivalent are not damaged on purpose is an outright lie. The dissassembly of the driver clearly shows that every FT232 is programmed to Pid zero. There is no way to explain such an action otherwise than to disable functional equivalents.
-
I just got a product change notification email from Mouser, about the FT232, linked PDF: http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf (http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf)
It's very interesting.
Thanks for the link 8086
It contains this gem Distributor Update Regarding Perceived Issues with recent FTDI Driver Updates
as its headline. :palm:
When it have been thoroughly documented that peoples equipment have been bricked. Even in the first post, in this thread, on this blog, which he himself answered.
and this Some counterfeit devices simply failed to handle certain commands correctly
This is utterly untrue. As have been proved both by those that have disassembled the driver, and those that have checked what happens with a protocol analyzer. The "certain commands" deliberately harms reverse engineered chips, and does not only not do anything useful with FTDIs chips, it doesn't do anything at all with FTDIs chips.
and this To date, this whole episode has not affected our large or medium customers at all. They haven’t been hindered in any way as they source chips either directly from us or via our global distribution partners like yourselves. Even the vast majority of smaller customers have not been impacted
So FTDI just disables reverse engineered chips on pure spite? If it is true that all large, all medium, and the vast majority of smaller customers bought FTDI chips anyway.
-
This is utterly untrue.
It probably helps with better reading comprehension, :)
The "certain commands" deliberately harms reverse engineered chips,
To prove "harm", let alone "deliberately harm", you need intent. How are you going to get that out of someone's head?
and does not only not do anything useful with FTDIs chips, it doesn't do anything at all with FTDIs chips.
Just how do you know that? It seems to me that unless you have intimate knowledge of the chip's design / functioning, you would have no way of knowing that.
It is understandable that you are trying to substantiate your points but it helps greatly if you do so on solid base.
-
No matter what, it doesn't belong on this thread, since the thread not related to that driver at all.
Someone dig up the other one.
-
To prove "harm", let alone "deliberately harm", you need intent. How are you going to get that out of someone's head?
Use objective common sense. It's that simple.
Your efforts to justify FTDI actions seems very biased to me.
-
This is utterly untrue.
It probably helps with better reading comprehension, :)
Please refrain from slurs dannyf. I welcome if you have actual specific information about something I have misunderstood.
The "certain commands" deliberately harms reverse engineered chips,
To prove "harm", let alone "deliberately harm", you need intent.
To prove harm by someone, you need to prove a link between something someone did (or did not do in the case of neglect) and the harmful consequence for someone (or something). It may even be an accident. Though for deliberate harm we need something that shows intent (down to and including acts done in affect). FTDIs code proves something beyond that, as the preimage-attack shows premeditated intent.
...There are different types of harm like accidental harm-where the injury or damage is not caused by a...
How are you going to get that out of someone's head?
It is already out of their head. It is codified in the code. I follow the trail of evidence.
and does not only not do anything useful with FTDIs chips, it doesn't do anything at all with FTDIs chips.
Just how do you know that? It seems to me that unless you have intimate knowledge of the chip's design / functioning, you would have no way of knowing that.
It is understandable that you are trying to substantiate your points but it helps greatly if you do so on solid base.
I concur. This thread has been thorough but it is not given that any individual have seen the evidence of how we know it were on purpose. I should have referred to some of this evidence in the previous post. I'm sorry you had to request this information.
The FTDI FT232RL EEPROM is written 32 bits at once on the condition that a write to an odd address occurs, while a write to a even address is just buffered while it waits for a write to an odd address. This makes it possible for FTDI to attack the 16bits chips by writing to the even addresses and not follow up with a write to an odd address.
It is trivially easy to check that the writes doesn't update the FTDI produced chips. This means that it doesn't do anything at all with FTDIs chips. Just like I wrote.
It is doubly proved as it writes PID=0 to the chips, that would have bricked the FTDI produced chips as it would not be linked to the driver any more, nor would any windows version newer than XP work with it. Just like the attack against the reverse engineered chips now.
It is triply proved as the protocol analyzer shows that PID=0 is written to the chips, that would brick any FTDI chip, just like it does for the reversed engineered chips. If it were not for the fact that the FTDI driver writes just to the even addresses for the PID=0 sabotage - also proved by the protocol analyzer.
marcan proved that it is intentional and malicious, and disassembled the driver, and commented the code, and posted it for everybody to see and to verify, weeks ago, in this very thread:
In case anyone was still wondering if this is intentional and malicious...
(https://marcan.st/transf/ftdi_evil.png)
Straight out of their driver. Function/variable naming and comments mine.
I recommend that anyone that have any doubt of FTDIs intention read the actual code, and his post in full.
Before the actual attack, the FTDI driver does a preimage-attack on the checksum function as a preparation. This shows that it is a premeditated and willful act, not just a mistake.
-
Straight out of their driver. Function/variable naming and comments mine.
Be aware that that code is not actually FTDI's.
It is something that should compile into the same as the code in FTDI's driver.
I noticed at the top Marcans comment says "there is no explicit detection". Which seems to go along with what Fred says.
To mitigate some of the risks such as FTDI gate:
1) No microsoft equipment or software may connect to any manufacturing equipment. This will probably be a permanent ban.
2) FTDI chips in equipment will be considered a risk. It will be among the factors that will be considered when a supplier wins or looses a tender.
3) All employees have been informed of the risk Microsoft and FTDI forced on us. And that their private equipment also may be at risk.
Surely you just made up this nonsense.
-
It is triply proved as the protocol analyzer shows that PID=0 is written to the chips, that would brick any FTDI chip, just like it does for the reversed engineered chips. If it were not for the fact that the FTDI driver writes just to the even addresses for the PID=0 sabotage - also proved by the protocol analyzer.
What a confusing sentence. So you have logic analyzer showing that PID=0 was written the chips (whose chips?)? Is it a crime that FTDI's drivers writing PID=0 to FTDI's chips?
marcan proved that it is intentional and malicious, and disassembled the driver, and commented the code, and posted it for everybody to see and to verify, weeks ago, in this very thread:
A little bit logic may be required here.
So this marcan person disassembled the driver code below and his comments on the code proved FTDI's malicious intent?
So if I took your write-up above and commented to the effect that you were a malicious killer, the authorities should execute you on the spot?
I am sure you can do better than that. Try harder, please.
-
Let me just help you a little bit more - as I am feeling good today, :)
1) disassemble the code yourself: you cannot trust everything the internet says;
2) if you have any experience disassembling code, you will know that the disassembled code may not always reflect the actual execution of the code.
3) even if the disassembled code follows the actual execution, all you have proven is that their driver does that to their chip. Last time I checked, there is nothing wrong with a company (or anyone) writing a piece of code that interfaces with their chips.
If you used their code on your chips, and suffered losses, none of their problem, legally.
-
All the FTDI trolls, shills and apologists - we don't care - Fred has been caught "doing a Ratner" (http://en.wikipedia.org/wiki/Gerald_Ratner). The market will decide, not your pathetic interpretations of what is or isn't deliberate malicious code that has been reverse engineered.
-
I just got a product change notification email from Mouser, about the FT232, linked PDF: http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf (http://www.mouser.com/PCN/FTDI_122757PM11062014.pdf)
It's very interesting.
Guess he is trying to convince Mouser and alike to carry more stock. I do not think he cannot see that FTDI are being designed OUT, the best option is to dump as much FTDI inventory on the distribution channels as possible. The words used are to confuse and to convince the people that trade and shift FTDI.
He is burning more bridges.
-
It is triply proved as the protocol analyzer shows that PID=0 is written to the chips, that would brick any FTDI chip, just like it does for the reversed engineered chips. If it were not for the fact that the FTDI driver writes just to the even addresses for the PID=0 sabotage - also proved by the protocol analyzer.
What a confusing sentence. So you have logic analyzer showing that PID=0 was written the chips (whose chips?)? Is it a crime that FTDI's drivers writing PID=0 to FTDI's chips?
The key point here is that on a genuine chip, writes to even EEPROM addresses are ignored, and writes to odd addresses go through. On counterfeit chips, writes to both odd and even addresses go through. This can and has been tested independently of the disassembled FTDI code, if you look at the detection script that someone made and linked earlier in the thread.
Edit: Here: https://marcan.st/transf/detect_ftdi_clone.py
Now, you tell me what the purpose is to write to the PID value, and then the checksum value, using write calls that would do nothing on a genuine chip. Of course, you can still claim that we can't deduce aaaaanything about what this code is supposed to do.
-
I had a talk with FTDI representatives in Münich. It is impressive, how much ignorance they can provide. They were well aware the situation, so I went to their empty booth (seriously, no-one was there, and no-one else came there for the ten minutes I've spent there). I've asked them about FTDIGATE. So here is what they basically said:
If you are an individual that makes a product, you should buy directly from them.
Supply chains are inprenetable, there is no chance that a mistake will ever happen.
The products bricked by their stupid actions is the problem of the company selling the product. They are not legally responsible.
Here is the good part: People making the comments here are the "Noisy but small part of the engineering community" and the majority will continue to use their products, because big companies were not affected by this. I had the feeling they did not give a rat's ass about what happens here. For the reference, when they said this, that is were they lost my sympathy. BTW we did not post on their forums, that is why they dont feel like answering the questions.
They stated multiple times, that counterfeit chips are hurting the industry. One of them even mentioned the music industry (wtf moment).
I've explained to them, that actual engineers bricked their dev boards, which has nothing to do with FTDI. Of course that is the dev board's manufacturer's problem.
I think I should have made a recording of the conversation. I dont think I'll ever use FTDI product anymore. Welcome to the maxim bag.
-
Quote from that PCN:
'Although in certain parts of the media it has been implied that there was some form of counterfeit detection algorithm
in FTDI’s latest driver, this is in fact absolutely untrue. There was no mechanism of that description in place and hence
no flagging up of a counterfeit device ever occurred. Exactly the same commands and sequence are sent to a genuine
chip as to a counterfeit chip. Some counterfeit devices simply failed to handle certain commands correctly (again
something that’s shows their lack of suitability for use in serious electronic system design) and they simply end up
quarantining themselves out of harm’s way.'
Now they're running in deny-everything-unless-proven-in-court mode and make it more worse. EEs don't buy that PR nonsense, they'll buy a chip from another vendor.
-
I had a talk with FTDI representatives in Münich. It is impressive, how much ignorance they can provide. They were well aware the situation, so I went to their empty booth (seriously, no-one was there, and no-one else came there for the ten minutes I've spent there). I've asked them about FTDIGATE. So here is what they basically said:
Have you expected an honest answer? I wouldn't be surprised if FTDI's booth is the most deserted one.
-
"Supply chains are impenetrable, there is no chance that a mistake will ever happen." :-DD
-
I had a talk with FTDI representatives in Münich. It is impressive, how much ignorance they can provide. They were well aware the situation, so I went to their empty booth (seriously, no-one was there, and no-one else came there for the ten minutes I've spent there). I've asked them about FTDIGATE. So here is what they basically said:
Have you expected an honest answer? I wouldn't be surprised if FTDI's booth is the most deserted one.
I dont know. Usually CEOs dont give the "be an a$$ehole, like me" command for their sales people. But I must say, I've noticed that companies tend to collect people with the same mentalities in the senior management. If I would have seen any remorse in their eyes, a facepalm or anything human, instead of the "copying is bad for the industry", I wouldn't have written what I wrote.
-
I've explained to them, that actual engineers bricked their dev boards, which has nothing to do with FTDI. Of course that is the dev board's manufacturer's problem.
So which dev boards have been bricked and what did their manufacturer say about it?
Or did you really mean piece of shit bought from ebay manufactured by someone unknown in China?
-
Have you expected an honest answer? I wouldn't be surprised if FTDI's booth is the most deserted one.
I dont know. Usually CEOs dont give the "be an a$$ehole, like me" command for their sales people. But I must say, I've noticed that companies tend to collect people with the same mentalities in the senior management. If I would have seen any remorse in their eyes, a facepalm or anything human, instead of the "copying is bad for the industry", I wouldn't have written what I wrote.
The lack of conscience and empathy seems to be a beneficial soft skill for senior management ;) It makes some tasks more easy to cope with, like firing 1000 employees or shutting down a business division. The sales people at the booth are paid to sell stuff and they want to keep their jobs. Of course they got some instructions on dealing with questions regarding FTDIgate and I'd also assume most of them don't fully understand FTDIgate. It's just some driver issue for them. I've done a lot of pre/post-sales support and have been member of booth teams a few times being the engineer. Only a few sales people really know about the product they're selling, because their job is to sell and not to know how some product/service works. For technical questions there are technical account managers or an engineer in case of a small company. If I would work for FDTI I would say something like "Sorry, but I can't tell you much because I'm not involved in the driver developement. Please ask the sales guy over there." to end the conversation. Since I would know the whole story, I'd would be embarrassed and try to avoid the topic. The sales guy will happily talk to you until you become dizzy ;)
-
Or did you really mean piece of shit bought from ebay manufactured by someone unknown in China?
The chips are fine. It's FTDI that reprogrammed them with the intention to brick them (notice how they are very careful not to deny it).
Your subjective negative labels do no change the facts.
-
Or did you really mean piece of shit bought from ebay manufactured by someone unknown in China?
The chips are fine. It's FTDI that reprogrammed them with the intention to brick them (notice how they are very careful not to deny it).
The chips are as 'fine' as they ever were. They were 'programmed' to no longer load drivers they were not licensed to use.
I'll ask again which dev boards have been bricked and what did their manufacturer say about it? If you can't answer that is it probably because they are shit bought from ebay and you don't even know who the manufacturer is.
-
"Supply chains are impenetrable, there is no chance that a mistake will ever happen." :-DD
Especially with FTDI's plant being located in Indonesia. If there is one country where money talks... :palm:
-
FTDI wrote their drivers to work with their chips - no one has complained that FTDI drivers don't work with FTDI chips.
If you used FTDI drivers with non-FTDI chips, the responsibility for any damage is on you.
Cannot be simpler than that. FTDI never said that it is OK to use their software with fake chips, nor did they ever represent that their software will work with fake chips.
What else do you want from FTDI? After all, they didn't mate your fake chips with their drivers. You did. Why should they be responsible for your doing it?
-
Supply chains are impenetrable
It depends on whose supply chains that conversation was referring to - the original conversation didn't provide a clear context.
If your supply chain involves sourcing from Chinese ebay vendors, it is probably a little bit less than "impenetrable", :)
-
If you used FTDI drivers with non-FTDI chips, the responsibility for any damage is on you.
Eh, I can't make that leap. If I buy a product in good faith and pay a respectable vendor real money for what I believe is a real FTDI chip (genuine components throughout) then how is it my fault if I'm delivered a product with a fake chip? I do all the right things and buy from places with reputations for quality products and I pay the higher price for a real chip, and I get a fake chip... how in the world is that my fault?
If I CHOSE to use an FTDI driver with a KNOWN fake chip, maybe I can join that cause, but given that the VID and PID were the same as genuine, automated kernel drivers and windows update make driver loading/installation invisible, so there's little chance that someone could actually choose to use an FTDI driver or not.
The fault lies with FTDI's driver. What right do FTDI have to modify hardware that I purchased from someone else? Technical retaliation on an end-user for a distribution chain problem is not valid in any circumstances, so long as the end user acted in good faith. Copyright and trademark infringement are legal issues and need to be dealt with legally via the supply chain. Attacking the end user is not a valid approach.
-
Let me try to break it down for you all:
You/FTDI produced a great product. In fact that it is so great that I produced a knock-off and sold it to a 3rd party under a pretense.
Now, the 3rd party found out that this knock-off doesn't work anymore and they ask, no, they demand, that you/FTDI make its drivers work with knock-off parts that stole the business from them.
I may consider FTDI's actions here unwise, but not illegal, not even unethical. They have lost a business opportunity (to the knock-offs) and all they are trying to do is to make sure that they benefit from the fruit of their labor. I have a lot of sympathy for that.
The burden is on you, as a buyer of knock-off goods, to demand that whoever sold you the knock-offs produce a working driver and/or to insist on them using legit parts.
-
If I buy a product in good faith and pay a respectable vendor real money for what I believe is a real FTDI chip (genuine components throughout)
So we are in agreement that those ebay buyers shouldn't apply here? that probably knocked out 99.99% of the anti-FTDI crowd here.
then how is it my fault if I'm delivered a product with a fake chip?
I can give you a few reasons but how did you make it FTDI's fault that you are delivered a knock-off?
I do all the right things
Doing all the right things doesn't assure the right outcome, or absolve you of responsibilities. Many times, bad things happen to good people. and that's called life.
-
Luxury watch manufactures can confiscate fake goods and even destroy them. Not that they are making a dent but, there is legal precedence.
http://www.forbes.com/sites/arieladams/2013/05/30/the-truth-about-replica-watches/ (http://www.forbes.com/sites/arieladams/2013/05/30/the-truth-about-replica-watches/)
Let's put it this way (and only playing devils advocate because I also don't agree on what FTDI did, because they didn't inform the user, but that's all they needed to do)
I detect a fake watch, I could confiscate it and inform the local trading authorities and keep it as evidence of a law being broken.
Officials will investigate and a judge can order the destruction of the fake goods, the victims that purchased the fake goods will have to take it with the vendor. And the authorities will prosecute that vendor if they have the jurisdiction to do so.
Try to take a fake high end watch to the jeweler that is authorized to work on the real brand watch just for maintenance or even for repair, and then tell us what happens.
FTDI could have been more proactive and announce the user of the fake goods and to please send them the information needed, as for confiscating the chips they probably can do that too and let the users alert the trading authorities so they can investigate fake goods.
If you want to take it to an extreme, try to send anything that is not authentic to Italy, there is a reason ebay sellers don't deal with Italy, but the reason is not lazy customs, on the contrary they are the hardests working custom officials that will destroy fake goods on the spot. Even if they pull you over for speeding and they notice you have fake goods. (not sure what they will do with a dress someone is wearing at the moment).
I think that legally someone defending a fake chip (and we are not talking about just clones, but actual fakes with the branding on the chip) are going to be disappointed in the long run because the law is going to side with the trading laws.
FTDI should just find them and even render them useless but also notify the user to contact the appropriate authorities so they can gather the evidence and investigate it further. If it was my company I might do that, after consulting with the authorities and lawyers first to make sure I'm within legal bounds of course.
-
What else do you want from FTDI?
Repeating (for probably the 10th time!) If FTDI really wants to play that game, then simply refuse to talk to a counterfeit chip. It would be to everyone's benefit to also pop up a message saying that "A counterfeit chip has been detected......"
What we DO NOT expect from a company who values their customers is DELIBERATELY bricking the counterfeit chip. Again, as has been stated many times here before, that is likely even ILLEGAL in some jurisdictions. And otherwise shows FTDI as having extraordinarily bad judgement, significantly lowering their brand reputation.
There has been a long-standing conceept of hardware, software, etc. being "User Friendly". But there are other things for which I have devised the term "User Vicious". FTDIgate is definitely one of them.
-
this reminds me of nikon. I used to love nikon cameras and lenses. then, I found out that the greymarket gear (still 100% legit gear made by nikon on the same production lines as the non-grey gear) is unfixable in US nikon centers. they force you to buy lenses and such with a US marked on the serial number (for us yanks). they won't even fix the gear FOR A FEE; I would not expect free fixes, but I would expect them to fix things if I pay the standard repair fee.
so, I sold my nikon gear and never looked back. they still make excellent gear, but their stance on their 'white balance' encryption bullshit and the greymarket scandal issue from them put a total stop on all purchases I would consider making from them.
when a vendor acts hostile toward its users, its bye-bye vendor, forever, for me.
ftdi, join the nikon and sony club. you don't even exist to me, anymore.
-
how is it my fault if I'm delivered a product with a fake chip?
As a society, we have forgotten personal accountability and responsibilities.
It's the fast foot companies' fault that I am too fat;
It's MaDonald's fault that my coffee is hotter than I expected;
It's the rich's fault that I am poor;
It's employers' fault that I am jobless;
It's banks' fault that I have to pay my debts;
It's taxpayers' fault that I am driving a beat-up car;
It's policy's fault that I am in jail.
...
At some point, you ARE going to be responsible for who you are and where you are.
-
this reminds me of nikon. ...
ftdi, join the nikon and sony club. you don't even exist to me, anymore.
Let's say that Nikon has the best optics all around and you are a professional photographer. Would you still pass on Nikon and end up with lower quality prints that put you behind your competition?
I guess you are free to do that.
Edit: and should Nikon allow lenses that didn't pass their strict quality control and end up in the grey market, to be treated as their gear? Lowering the overall quality of the products they provide?
Edit: On that as well, try to take an authentic grey market luxury watch to a jeweler and report what happens.
-
What else do you want from FTDI? After all, they didn't mate your fake chips with their drivers. You did. Why should they be responsible for your doing it?
I want them not to intentionally brick chips that are not theirs. The fact that the OS selected their driver to run doesn't give them the permission to intentionally create damage. That's why Microsoft wisely reverted that malicious driver change.
-
So here is a search I normally do when researching a chip early on. I'm sure this is a common routine, why not let other do work for you at no cost?. I simply include the word "problems" with the part number in a google search. Many times I go no deeper than the search return (if I see issues) and pick another part. Issues are of course anything from availability, customer service as well as the technical ones.
https://www.google.ca/search?q=FTDI+FT232%3F%3F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=WjtmVIaPDMqV8QfmqYGoCg&gws_rd=ssl#rls=org.mozilla:en-US:official&q=FT232+problems (https://www.google.ca/search?q=FTDI+FT232%3F%3F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&gfe_rd=cr&ei=WjtmVIaPDMqV8QfmqYGoCg&gws_rd=ssl#rls=org.mozilla:en-US:official&q=FT232+problems)
To me this is what FTDI did not consider correctly (a simple google search). Skipping problem components is a simple way to cut your workload and help your customer / employer make a better product.
No, I don't search for counterfeit issues in particular. If I find some chances are I will search for a different component (manufacturer) to fit the bill. Does that make me socially irresponsible or just want to make a less problematic build? You pick.
-
Luxury watch manufactures can confiscate fake goods and even destroy them. Not that they are making a dent but, there is legal precedence.
No, they absolutely cannot do this in the US. Only the Customs Service can do that, and they can't seize them from end users, only at the point of importation.
-
this reminds me of nikon. ...
ftdi, join the nikon and sony club. you don't even exist to me, anymore.
Let's say that Nikon has the best optics all around and you are a professional photographer. Would you still pass on Nikon and end up with lower quality prints that put you behind your competition?
I guess you are free to do that.
Edit: and should Nikon allow lenses that didn't pass their strict quality control and end up in the grey market, to be treated as their gear? Lowering the overall quality of the products they provide?
Edit: On that as well, try to take an authentic grey market luxury watch to a jeweler and report what happens.
you are VERY wrong about greymarket. its never been about poor quality or rejects. its ENTIRELY about bypassing guys who line their pockets as simple middle-man. its about distribution, not quality - never was and likely never will be. in fact, you can buy a lens overseas in a store overseas and nikon will still give you hassles in getting it fixed locally, from last I heard. they are just a PITA to deal with.
they are not the only or even the best vendor out there in this space, so I'll go with someone else if I have to. I picked olympus many years ago (due to having top-notch weather sealed lenses that nikon or canon could not even do well) but I lost out when oly gave up the market and went with a new format, still using noiseboxes as sensors ;( but, the company service center had none of the issues with greymarket stuff and they'd always fix your gear, bought here or elsewhere. not a bad company to deal with and I've had to get some repairs done in the past and it was painless.
if I was a pro, I would not even have a choice; I'd take what was given to me by my paper or org. that's how it goes. you use what the rest of the staff does, so that you can have one pool of gear as usables and shelf-spares. it would not be me paying for them or fixing them. but if its my money, none of it goes to nikon or sony (or a bunch of other bad companies).
and again, the nikon-gate issue of their raw image processing stuff locking out free open source apps due to white-balance encryption stuff put a bad taste in my mouth, too. I should not have to pay nikon to process the raw files. I don't for canon and I don't for oly and likely, not for any other company, either. nikon stood alone in that front and got a black eye from many photogs, once they learned this. the ones who get the raw software for free don't care but those of us who are hobbiests or on a tight budget can't afford to buy a raw processor just because nikon wants to make it a profit center instead of a leverage.
-
Edit: and should Nikon allow lenses that didn't pass their strict quality control and end up in the grey market, to be treated as their gear? Lowering the overall quality of the products they provide?
This is silly, gray market Nikon lenses are not QC rejects, they just were not imported by Nikon USA. They are all made in the same place to the same standards. They even have a Nikon warranty, if you take the trouble to send them back to the country where they were originally sold.
Edit: On that as well, try to take an authentic grey market luxury watch to a jeweler and report what happens.
An independent jeweler would not care, just as an independent camera repairperson would be happy to work on a gray market Nikon lens.
I have no idea what this has to do with FTDI though.
-
Supply chains are impenetrable
It depends on whose supply chains that conversation was referring to - the original conversation didn't provide a clear context.
If your supply chain involves sourcing from Chinese ebay vendors, it is probably a little bit less than "impenetrable", :)
Please notice that I've only used the quote mark once in my post, otherwise I just wrote how the general conversation went.
-
what it has to do with ftdi is a company acting like its products are made directly by god, him/herself. ;)
and they feel they have a right to sabotage things that don't pass thru their blessed channels.
they are both hostile toward users unless the users play by THEIR rules.
I see lots of similarities in mind-think between the companies. maybe you don't, but the 'counterfit' argument is being used by both ftdi and nikon and it affects end-users unfairly. if I buy a used lens that does not have the US marking on it, why should I be denied ability to have it fixed, for a standard repair fee? nikon is going out of their way to make lives more difficult than they should be. they feel they are entitled to this and that. just like ftdi feels entitled to ruin hardware that claims the ftdi driver but is not ftdi hardware.
-
I have no idea what this has to do with FTDI though.
This is why:
(https://mrcn.st/t/ftdi_real_fake_800.jpg)
It's more a trademark issue than anything else.
-
Normaly I think its ok to protect ones patents. Whats not okay is to destroy others property. So if I made a chip which depended on drivers I also made then i simply would see to that my drivers wouldnt work with counterfit hardware....
Well someone learned a Lesson I think this time :) In the Ink Jet Printer world the printers look for a chip and if it isnt there the printer just wont work.....that ok in my world...nothing is destroyed :)
-
Well someone learned a Lesson I think this time :)
If you mean that the customers learned the lesson to avoid FTDI, then yes, I believe you are correct.
If you mean that FTDI learned the lesson to not behave in a hostile manner to their customers, then clearly they have NOT.
-
Let me try to break it down for you all:
You/FTDI produced a great product. In fact that it is so great that I produced a knock-off and sold it to a 3rd party under a pretense.
Now, the 3rd party found out that this knock-off doesn't work anymore and they ask, no, they demand, that you/FTDI make its drivers work with knock-off parts that stole the business from them.
I may consider FTDI's actions here unwise, but not illegal, not even unethical. They have lost a business opportunity (to the knock-offs) and all they are trying to do is to make sure that they benefit from the fruit of their labor. I have a lot of sympathy for that.
The burden is on you, as a buyer of knock-off goods, to demand that whoever sold you the knock-offs produce a working driver and/or to insist on them using legit parts.
Let me put it into perspective for you as always a valuable point was missed in order to make your earth shattering argument. How old is the FT232 ? how long do the fakes date back to ? the people beig punished could be people who own products that were bought quite some time ago and who may not even rememdber where the goods came from in order to complain, so totally missed target as the wrong people get punished. what FTDI did was stupid, short sightted and selfish but then I've never seen much else come out of their part of the world lately.
-
what it has to do with ftdi is a company acting like its products are made directly by god, him/herself. ;)
and they feel they have a right to sabotage things that don't pass thru their blessed channels.
they are both hostile toward users unless the users play by THEIR rules.
I see lots of similarities in mind-think between the companies. maybe you don't, but the 'counterfit' argument is being used by both ftdi and nikon and it affects end-users unfairly. if I buy a used lens that does not have the US marking on it, why should I be denied ability to have it fixed, for a standard repair fee? nikon is going out of their way to make lives more difficult than they should be. they feel they are entitled to this and that. just like ftdi feels entitled to ruin hardware that claims the ftdi driver but is not ftdi hardware.
FTDI and many other companies are trying to create monopoly for them in many legal and barely legal ways. Such companies do extensive PR to spread FUD about dangers of "unofficial" products for end user, claims extensive monopoly rights (granted or not), do other "warfare" against competitors, limits support for products, etc. Granted, some information about "dangers" may be true or partially true, but still.
Among this "warfare", end user is negatively affected - user is left with ambiguous information about the market, gets less innovation and pays higher prices. I am not sure why some forum members tries to defend this "monopolistic" behaviour negatively affecting end users.
I have no idea what this has to do with FTDI though.
This is why:
<image of ICs with FTDI logos>
It's more a trademark issue than anything else.
Simple question - if you see an IC with FTDI logo, how do you decide that it is original? There is simply no 100% sure way short of de capping IC.
The issue that is clearly misunderstood by FTDI and some forum users - there are always some probability that chip is not original even all available evidnece show that it is original. There is no certainty that chip is original or not. Even if you intent to use original chips, use strict policies, etc. Deal with it. And stop assuming that everyone who is using fake (or non genuine FTDI chips from FTDI) is scammer of some sort - that is wrong assumption.
FTDI simply assumes that everyone who use non original FTDI chips (these may or may not have FTDI logo, be clones/fakes/etc. - mostly legal, some probably not, FTDI does not know, you neither) are bad guys using illegal counterfeit chips and decides to punish them with killer driver (again, this is almost certainly illegal - FTDI cannot both themselves determine legality of other people's property and damage other people's property. There is legal systems for this.)
In short, FTDI pushes a risk of genuine chips to end users (which have nothing to do with it) and tries to establish monopoly barricades in this market via actions with unclear legal status. With recent actions FTDI increased this risk massively for FTDI branded chips so rational user/designer/manufacturer would less likely choose FTDI over competing products.
-
I think it doesnt matter what anybody feel and think....what is the legal essence of the case ? Is there a basis for lawsuits.....thats what matter :)
-
I think it doesnt matter what anybody feel and think....what is the legal essence of the case ? Is there a basis for lawsuits.....thats what matter :)
Destruction of property for sure. The problem is that in most cases the damage is small for individuals. Perhaps if a large number of people would file a group lawsuit it could be substantial criminal and civil claim.
-
I think it doesnt matter what anybody feel and think....
au contraire. It matters A GREAT DEAL what customers FEEL and THINK. FTDI's future as a customer-friendly vendor are at stake here, and they have shot themselves in the foot, or maybe even a more critical part of their corporate anatomy.
-
I've explained to them, that actual engineers bricked their dev boards, which has nothing to do with FTDI. Of course that is the dev board's manufacturer's problem.
So which dev boards have been bricked and what did their manufacturer say about it?
29 more posts and I'm still waiting to hear of one example dev board that got bricked and what the manufacturer said about it......
-
Well quite right seen from a marketing and sales perspective...no engineer with more than two braincells will ever again use their stuff :P
-
29 more posts and I'm still waiting to hear of one example dev board that got bricked and what the manufacturer said about it......
I suspect that people with products out there that have been bricked by FTDI have much better things to do than participate in this forum.
Like recovering whatever they can of their corporate reputations. Not to mention that they may have been cautioned by their legal counsel not to say anything in public.
Clearly FTDI has no concept of corporate reputation, but that is the typical arrogance of monopoly.
Time will tell whether they really have as big a monopoly as they think they have.
-
I've explained to them, that actual engineers bricked their dev boards, which has nothing to do with FTDI. Of course that is the dev board's manufacturer's problem.
So which dev boards have been bricked and what did their manufacturer say about it?
29 more posts and I'm still waiting to hear of one example dev board that got bricked and what the manufacturer said about it......
29 seconds of google search:
http://letsmakerobots.com/content/dead-arduino-clones-and-ftdi-chips (http://letsmakerobots.com/content/dead-arduino-clones-and-ftdi-chips)
-
The Ebay seller I got my boards from has promised to send me new boards with genuine FTDI chips. I should receive those in the next 2 weeks. If they don't arrive I'll definitely open an Ebay/Paypal claim. In other words: it may take time before suppliers can respond.
-
29 more posts and I'm still waiting to hear of one example dev board that got bricked and what the manufacturer said about it......
FTDI surely have "bricked" FTDI parts out of my designs.
I will gladly sell any gear with bricked FTDI chips that I find for Rufus at nominal price of $1.
-
FTDI surely have "bricked" FTDI parts out of my designs.
I am pretty sure lots of people at FTDI are losing sleep over not having your business anymore, :)
I will gladly sell any gear with bricked FTDI chips that I find for Rufus at nominal price of $1.
That can be a great deal or a terrible deal, depending entirely on what you can find.
-
I've explained to them, that actual engineers bricked their dev boards, which has nothing to do with FTDI. Of course that is the dev board's manufacturer's problem.
So which dev boards have been bricked and what did their manufacturer say about it?
29 more posts and I'm still waiting to hear of one example dev board that got bricked and what the manufacturer said about it......
29 seconds of google search:
http://letsmakerobots.com/content/dead-arduino-clones-and-ftdi-chips (http://letsmakerobots.com/content/dead-arduino-clones-and-ftdi-chips)
So which actual engineers were using these cheap crap made in china toy robots? The guy there that said
I refuse to spend shiteloads of time checking the supply chain of everything I buy. I also refuse to buy from the few overpriced dealers that may be "safe". And even if I should end up with a fake chip I doubt that I would even bother to send it back to the seller. It's just too much of a hassle.
So I'll continue to go for the best offers I can find, only now I'll do my very best to avoid anything that has an FTDI chip on it.
?
-
I've just received my cheap eBay FTDI board and I am extremely disappointed that it evaluates as a genuine chip. :-//
http://www.ebay.com.au/itm/231324418604 (http://www.ebay.com.au/itm/231324418604)
It was a bit cheaper when I bought it ($AUD5.79).
The markings on the chip are very indistinct when viewed under diffuse light. I can make out FTDI / 1402-C / CN480661 / FT232RL
Any idea if this *looks* like a real one?
-
Steve: You have a narrow focus depth, that is perfectly focused on the chip's pins! Could you please adjust the focus? Or if the camera only has automatic focus, set the focus area to center and try again.
-
So which actual engineers were using these cheap crap made in china toy robots? The guy there that said ...
Well, you asked for an example, it was provided to you, and you keep dissing people and products. Not cool.
-
Steve: You have a narrow focus depth, that is perfectly focused on the chip's pins! Could you please adjust the focus? Or if the camera only has automatic focus, set the focus area to center and try again.
You're right, it was a pretty embarrassing effort.
-
AFAIK the laser marked ones are not made by FTDI; they do look much better and more modern than the chips from FTDI. I have not tested it yet but the newer FTDI drivers probably don't brick devices.
-
I've just received my cheap eBay FTDI board and I am extremely disappointed that it evaluates as a genuine chip. :-//
You bought via ebay, ergo it is fake by default.
I've just received my cheap eBay FTDI board and Any idea if this *looks* like a real one?
Doesn't matter. You didn't buy the chip via an authorized reseller and solder it onto the board yourself / bought the widget from a genuine chip customer (the ones they won't name), ergo it is fake by default.
Even if you were to dissolve the top, put it under a microscope, and deduce that it is an exact duplicate of a genuine FTDI chip: that just means the counterfeiter in question must have been doing a better job; fake by default applies.
-
The real question is...could one expect to receive counterfit FTDI from Mouser, DigiKey and so on ? Cause then we are in deep shit :P
-
The real question is...could one expect to receive counterfit FTDI from Mouser, DigiKey and so on ? Cause then we are in deep shit :P
Not really, just design without FTDI.
-
The real question is...could one expect to receive counterfit FTDI from Mouser, DigiKey and so on ? Cause then we are in deep shit :P
Not really, just design without FTDI.
True that...quite easy with ATmega32u4 :)
-
The real question is...could one expect to receive counterfit FTDI from Mouser, DigiKey and so on ?
Anything is possible - there is always a non-zero probability that you could receive counterfit FTDI from FTDI itself.
The name of the game is how probable is it? If you are buying cheap boards / chips from ebay, you would be a fool if you don't suspect it being fake; If you are buying from FTDI direct or reputable distributors like Mouser / Digikey / etc., you would be a fool if you spend lots of efforts asserting its authenticity.
That doesn't mean a fake from FTDI/Mouser/Digikey and the likes wouldn't happen - it is just it is far less likely to happen.
-
Well I cant think of anybody who would buy their coponents on ebay if it is for production and sales. Cause then he or she could face some serious legal problems or economical issues when the circuits fails :)
But for personal use....sure why not :)
But if one receives counterfit components from Mouser, Digikey etc. then it ought to be possible to make theese providers responsible ?
-
Well I cant think of anybody who would buy their coponents on ebay if it is for production and sales. Cause then he or she could face some serious legal problems or economical issues when the circuits fails :)
I don't think people in a procurement department will buy from Ebay but they would buy from any parts broker if there are no other suppliers able to deliver a part.
-
Well I cant think of anybody who would buy their coponents on ebay if it is for production and sales. Cause then he or she could face some serious legal problems or economical issues when the circuits fails :)
I don't think people in a procurement department will buy from Ebay but they would buy from any parts broker if there are no other suppliers able to deliver a part.
So what you are saying is...production comes before security ? Ok this sounds like gambling
-
then it ought to be possible to make theese providers responsible ?
Anything is possible.
According to quantum theory, it is also possible that you will totally disintegrate in the next second and re-emerge on a planet two galaxies away.
And I am not kidding there.
You have trouble understanding the difference between what's probable and what's possible.
-
Well I cant think of anybody who would buy their coponents on ebay if it is for production and sales. Cause then he or she could face some serious legal problems or economical issues when the circuits fails :)
I don't think people in a procurement department will buy from Ebay but they would buy from any parts broker if there are no other suppliers able to deliver a part.
So what you are saying is...production comes before security ? Ok this sounds like gambling
One of the most challenging parts of producing electronics is purchasing the parts. Every now and then companies or distributors are forced to buy from brokers if there is a shortage. And I'm not talking tens of thousands of pieces. Getting 50 pieces can be just as problematic. To avoid that problem it is a good design practise to only use parts which are widely available and preferably parts for which there is a functional equivalent. From that perspective FTDI also hurt their own business by taking away the possibility to use a second source.
-
But if one receives counterfit components from Mouser, Digikey etc. then it ought to be possible to make theese providers responsible ?
Yes, they would be the ones to be held responsible, as many have pointed out - just like the manufacturer of the widget is responsible to the store, and the store is responsible to the end user. The actual question is how much of that responsibility are they going to bear?
For most people hit by this particular 'bricking', they can go complain go the stores, and either they'll replace it, or they'll laugh in your face and wish you good luck navigating the asian legal terrain for a sub-$100 product; if you're lucky you used ebay/paypal/credit card/something and you can open a dispute and at least get that money back while sending the seller a message.
But say you're not just an end-user and you make the actual products and you do get a bad batch of counterfeits - won't speculate on how, or the odds, just say it did happen - they're in products, they've been sent all over the world, a driver update comes along and says it won't work.
You get a tweet from one of your customers, asking why the device won't work (presuming the driver isn't going to scream bloody murder about counterfeits) or why the driver is screaming bloody murder about your product being counterfeit (no, they wouldn't really get the distinction about it complaining about the chip).
1. Wonder what on Earth your customer is on about, ask them for details, because you haven't a clue what's going on with that.
2. Check with legal and marketing&communications about how to best handle this counterfeit allegation before the press runs with it.
3. Get details from the user several hours later - maybe it's just a screenshot, there's not a whole lot they're likely to be going to be able to provide unless they know how to get driver versions and such; Windows tries to hide that, after all, as the user needn't be burdened by it.
4. Start an internal investigation into this matter, checking your various products that use the chip in question, from various batches, hunt down old stock just in case it's limited to just a specific batch, maybe even get the customer to send it in - on your expense - and fedex overnight them a replacement so that they can be on their way again while you figure out what's goig on.
5. In the mean time realize that your support people are dealing with several other tweets, facebook messages, e-mails and phonecalls, so put pressure on marcom for a statement, and then have that run by legal to make sure you're not shooting yourself in the foot with any of the words you're using.
6. Finally figure out that this is definitely related to a driver update that the users were not aware of and you certainly weren't aware of and, after making a call to your supplier, realize they weren't aware of it either. Still not sure why the driver's doing what it's doing.
7. Figure out that the issue is limited to just a specific batch of a specific product - now figure out what tape reels were used for that run, and see if the chips off of it were used anywhere else after all.
8. In the mean time, contact your supplier saying there's something wrong with a particular batch of chips you got. The supplier vaguely recalls your phone call from a few days ago, and tells you to mail the thing in for analysis.
9. Some time passes, because you told them that it seems to be just this particular set of reels, so it's not like there's a very high priority to deal with it as far as they're concerned, and - after they do a back-and-forth with the chip maker - tells you that the chip is counterfeit.
10. Because it's counterfeit, you figure you should do the right thing and issue a recall / trade-in program. Yes, that means that your company name is going to be mentioned here and there in connection with counterfeiting, despite marketing & communication's best effort to make the earlier statement deflect as much of the blame as possible. And yes, you will be blamed - just see the reactions here who suggest that end-users should take it up with their device manufacturers.
There's more steps if you really want to dot your i's and cross your t's, or there could be far fewer if you're just small fry and far less informal.
But which steps do you, realistically, believe a supplier is going to indemnify you for? Make sure you read those contracts you agree to when sourcing from them.
Mouser: http://www2.mouser.com/saleterms/ (http://www2.mouser.com/saleterms/)
Digikey: http://www.digikey.com/en/terms-and-conditions (http://www.digikey.com/en/terms-and-conditions)
Farnell: http://webcache.googleusercontent.com/search?q=cache:oI-D6AK95PUJ:uk.farnell.com/terms-and-conditions&hl=en&strip=1 (http://webcache.googleusercontent.com/search?q=cache:oI-D6AK95PUJ:uk.farnell.com/terms-and-conditions&hl=en&strip=1) - (cached version - 'scheduled maintenance' at live site)
Conrad: http://www.conrad.com/ce/en/content/extra_service_pick_up/Warranty-Return-Repair (http://www.conrad.com/ce/en/content/extra_service_pick_up/Warranty-Return-Repair)
Note that none mention counterfeit explicitly* - you would have to put that somewhere under infringement (generally disclaimed) or failure to deliver the product ordered (mouser gives you 90 days - did that driver update occur after 90 days of you receiving those reels?) or some other thing that you can find either in their contracts, or in the applicable laws for where you run your business/they run theirs.
(* Except for the purposes of returns - they don't want you slipping counterfeit product into returns. )
In short: Sure, you can hold the supplier responsible. Good luck with that.
-
this reminds me of nikon. ...
ftdi, join the nikon and sony club. you don't even exist to me, anymore.
Let's say that Nikon has the best optics all around and you are a professional photographer. Would you still pass on Nikon and end up with lower quality prints that put you behind your competition?
I guess you are free to do that.
Edit: and should Nikon allow lenses that didn't pass their strict quality control and end up in the grey market, to be treated as their gear? Lowering the overall quality of the products they provide?
Edit: On that as well, try to take an authentic grey market luxury watch to a jeweler and report what happens.
re: "...should Nikon allow lenses that didn't pass their strict quality control and end up in the grey market..."
Nikon used to (and likely continues to) brand the stuff slightly different for different markets.
Nikon is the main brand, Nikkormat is a slightly lower cost line. I have a mix of Nikon gear. I use Nikormat for jobs in harsher environment (such as shoots near water).
Nikkormat (double K) for the export market. Nikormat (single K) for the domestic (Japan). With some Nikon gear, you would see Nikkor branded lens vs Nikon branded lens (same lens).
The Nikormat (single K) sold outside of Japan are "grey" with exactly the same manufacturing and QA.
-
Have you expected an honest answer? I wouldn't be surprised if FTDI's booth is the most deserted one.
I dont know. Usually CEOs dont give the "be an a$$ehole, like me" command for their sales people. But I must say, I've noticed that companies tend to collect people with the same mentalities in the senior management. If I would have seen any remorse in their eyes, a facepalm or anything human, instead of the "copying is bad for the industry", I wouldn't have written what I wrote.
The lack of conscience and empathy seems to be a beneficial soft skill for senior management ;) It makes some tasks more easy to cope with, like firing 1000 employees or shutting down a business division. The sales people at the booth are paid to sell stuff and they want to keep their jobs. Of course they got some instructions on dealing with questions regarding FTDIgate and I'd also assume most of them don't fully understand FTDIgate. It's just some driver issue for them. I've done a lot of pre/post-sales support and have been member of booth teams a few times being the engineer. Only a few sales people really know about the product they're selling, because their job is to sell and not to know how some product/service works. For technical questions there are technical account managers or an engineer in case of a small company. If I would work for FDTI I would say something like "Sorry, but I can't tell you much because I'm not involved in the driver developement. Please ask the sales guy over there." to end the conversation. Since I would know the whole story, I'd would be embarrassed and try to avoid the topic. The sales guy will happily talk to you until you become dizzy ;)
re: "...I dont know. Usually CEOs dont give the "be an a$$ehole, like me" command for their sales people..."
I'm not sure about that.
If memory serves... from business books, I recall reading about one CEO who said to his staff: "when you have the customer's balls by the hand, their heart and mind will follow." I forgot what book it was from, so I wont cite names as I cannot support it. But the CEO the author was citing was a famous one with a business school named after him (well, he donated a lot to that school I suppose.)
re: "The lack of conscience and empathy seems to be a beneficial soft skill for senior management ;) It makes some tasks more easy to cope with, like firing 1000 employees or shutting down a business division..."
In some sense, you are right. Some no doubt don't think much of firing 1000, some will go through heart wrenching decisions picking who to save. However, "lacking conscience and empathy" would be too big a draw-back with many other decision making process. Lacking empathy alone will greatly reduce the quality of his/her decisions lack alone lacking conscience.
-
some will go through heart wrenching decisions picking who to save.
I have been in turn-arounds for a few times and it is some of the hardest decisions I had to make. You have to balance the well-beings of the rest of the organization and its employees and those that you let go.
Letting go someone you know well personally is the hardest. You know how it will impact not just the employees but also their families.
-
In some sense, you are right. Some no doubt don't think much of firing 1000, some will go through heart wrenching decisions picking who to save. However, "lacking conscience and empathy" would be too big a draw-back with many other decision making process. Lacking empathy alone will greatly reduce the quality of his/her decisions lack alone lacking conscience.
I doubt that. Look on Youtube for the shockumentary called 'The yes men fix the world'. See how real businessmen and CEOs react to moral dillemmas.
-
In some sense, you are right. Some no doubt don't think much of firing 1000, some will go through heart wrenching decisions picking who to save. However, "lacking conscience and empathy" would be too big a draw-back with many other decision making process. Lacking empathy alone will greatly reduce the quality of his/her decisions lack alone lacking conscience.
I doubt that. Look on Youtube for the shockumentary called 'The yes men fix the world'. See how real businessmen and CEOs react to moral dillemmas.
In fact....the representation of sociopaths is higher among CEOs (and lawyers) than in the rest of the population...So empathy must be rare among CEOs in big corporations....
http://mic.com/articles/44423/10-professions-that-attract-the-most-sociopaths (http://mic.com/articles/44423/10-professions-that-attract-the-most-sociopaths)
http://www.thestar.com/business/2012/07/05/psychopathy_and_the_ceo_top_executives_have_four_times_the_incidence_of_psychopathy_as_the_rest_of_us.html (http://www.thestar.com/business/2012/07/05/psychopathy_and_the_ceo_top_executives_have_four_times_the_incidence_of_psychopathy_as_the_rest_of_us.html)
-
In some sense, you are right. Some no doubt don't think much of firing 1000, some will go through heart wrenching decisions picking who to save. However, "lacking conscience and empathy" would be too big a draw-back with many other decision making process. Lacking empathy alone will greatly reduce the quality of his/her decisions lack alone lacking conscience.
I doubt that. Look on Youtube for the shockumentary called 'The yes men fix the world'. See how real businessmen and CEOs react to moral dillemmas.
What is it that you doubt?
-
In some sense, you are right. Some no doubt don't think much of firing 1000, some will go through heart wrenching decisions picking who to save. However, "lacking conscience and empathy" would be too big a draw-back with many other decision making process. Lacking empathy alone will greatly reduce the quality of his/her decisions lack alone lacking conscience.
I doubt that. Look on Youtube for the shockumentary called 'The yes men fix the world'. See how real businessmen and CEOs react to moral dillemmas.
What is it that you doubt?
That corporate managers have a conscience >:D
-
some will go through heart wrenching decisions picking who to save.
I have been in turn-arounds for a few times and it is some of the hardest decisions I had to make. You have to balance the well-beings of the rest of the organization and its employees and those that you let go.
Letting go someone you know well personally is the hardest. You know how it will impact not just the employees but also their families.
re: "...Letting go someone you know well personally is the hardest..."
Yeah... Been there, done that. Even if it is someone you don't know, it is hard. For someone you know, it is heart breaking. For those occasions, lack of the "ability to feel empathy" would certainly be an advantage. I was reflecting on exactly that as I wrote the prior response.
-
In some sense, you are right. Some no doubt don't think much of firing 1000, some will go through heart wrenching decisions picking who to save. However, "lacking conscience and empathy" would be too big a draw-back with many other decision making process. Lacking empathy alone will greatly reduce the quality of his/her decisions lack alone lacking conscience.
I doubt that. Look on Youtube for the shockumentary called 'The yes men fix the world'. See how real businessmen and CEOs react to moral dillemmas.
What is it that you doubt?
That corporate managers have a conscience >:D
Ah... No doubt some don't have a conscience. My personal experience with CEO (of >$1bn revenue) is small, but I do know BOTH kinds.
The reply was about "senior managers". I interpret "senior managers" as officers of the corporation or officers of a company or division. Accepting that as definition, I have worked with enough "senior managers" to fill more than a few bus loads. At the senior manager level, I know both kinds too. I know at that level "empathy and conscience" is an asset. That they still have one or two level above them yet is a good check against their potentially unbounded egos.
-
the representation of sociopaths is higher among CEOs (and lawyers) than in the rest of the population..
The probablity of finding a genius among the mentally retarded is far higher than that among normal people....
sociopaths / CEOs are all not average joe. Obviously, you will have an easier time find non-average-joe amongst non-average-joes, just as you would more likely find tall people among NBA players, fast runners among sprinters, strong people among weight lifers....
Or sociopaths among socially inept people, like scientists or engineers, or geniuses, :)
-
The probablity of finding a genius among the mentally retarded is far higher than that among normal people....
sociopaths / CEOs are all not average joe. Obviously, you will have an easier time find non-average-joe amongst non-average-joes, just as you would more likely find tall people among NBA players, fast runners among sprinters, strong people among weight lifers....
Or sociopaths among socially inept people, like scientists or engineers, or geniuses, :)
The first and last paragraphs don't make much sense, by the definitions of the words. Someone who is mentally retarded is almost never a genius, even if you will find some statistical anomalies (savants, classically called idiot savants). A sociopath is good at being socially manipulative, and is unlikely to be socially inept, again by definition.
Sociopaths are not more common among CEOs because those groups are both outliers, but because a sociopath would have the necessary skills to become an CEO. As a sociopath, you are more likely to be able to disregard others for your own, and your company's profit. But the discussion that then follows is whether this is good or bad for society at large. By the common libertarian/anarchocapitalist logic, all is as it should. But you might also argue that having sociopaths in power can be destructive for society. You might also argue that a debt collector will be more successful at his profession if he's willing to bust the kneecaps of people who won't pay up. That doesn't mean it's a good idea for it to be socially acceptable for debt collectors to apply bodily harm to the people who are in debt.
-
The probablity of finding a genius among the mentally retarded is far higher than that among normal people....
sociopaths / CEOs are all not average joe. Obviously, you will have an easier time find non-average-joe amongst non-average-joes, just as you would more likely find tall people among NBA players, fast runners among sprinters, strong people among weight lifers....
Or sociopaths among socially inept people, like scientists or engineers, or geniuses, :)
The first and last paragraphs don't make much sense, by the definitions of the words. Someone who is mentally retarded is almost never a genius, even if you will find some statistical anomalies (savants, classically called idiot savants). A sociopath is good at being socially manipulative, and is unlikely to be socially inept, again by definition.
Sociopaths are not more common among CEOs because those groups are both outliers, but because a sociopath would have the necessary skills to become an CEO. As a sociopath, you are more likely to be able to disregard others for your own, and your company's profit. But the discussion that then follows is whether this is good or bad for society at large. By the common libertarian/anarchocapitalist logic, all is as it should. But you might also argue that having sociopaths in power can be destructive for society. You might also argue that a debt collector will be more successful at his profession if he's willing to bust the kneecaps of people who won't pay up. That doesn't mean it's a good idea for it to be socially acceptable for debt collectors to apply bodily harm to the people who are in debt.
All the above is a simple fact :) Im not so sure problems always are at CEO level though :) My experience is that a lot of times CEO hasnt a clue about whats going on ;)
-
What the 'yes men' are showing is that CEOs and managers operate from a distance and seem to get disconnected from the real world. That doesn't mean that they are sociopaths perse but they do believe that they serve the greater good by their mallicious acts (can I make a comparison with nazis for a clear example?).
-
What the 'yes men' are showing is that CEOs and managers operate from a distance and seem to get disconnected from the real world. That doesn't mean that they are sociopaths perse but they do believe that they serve the greater good by their mallicious acts (can I make a comparison with nazis for a clear example?).
Yes you may. Godwin's law confirmed, thank you!
-
Yes you may. Godwin's law confirmed, thank you!
Only Nazis care about Godwin law.
-
What the 'yes men' are showing is that CEOs and managers operate from a distance and seem to get disconnected from the real world. That doesn't mean that they are sociopaths perse but they do believe that they serve the greater good by their mallicious acts (can I make a comparison with nazis for a clear example?).
But that is no different than "average Joe". On average, we will find a good percentage of "average Joe's" who would prefer not to hear bad news. And, on average, you will good a good percentage of "average Joe's" with no idea of is going on around him/her.
I'll cite 3 examples:
- Ask any parent with kids in school. What percentage of them know the subjects their kids MUST learn for the core courses this school year. I bet less than 20% would know with 80% accuracy.
- You walk into an average facility of any major corporation, and the average employee there what is their corporation's mission statement. See what kind of response you got. Let's even forgo "average facility" and do that at corporate HQ - ask an average employee there right at corporate HQ their mission statement and see what you got. I would be very surprise if a majority of them knows their corporate's mission statement.
- Walk into any department and ask what is their corporation's revenue target for the project/product they spend the most time on. Ask them for that same project what is the corporation's P&L expectation for that project or product this quarter (or at introduction if new product). I would be surprise if a majority knows.
Yet even the average Joe is part of this corporation that paid his rent, his car... and he doesn't even know the department's revenue goal, how it compares with last quarter, what is the growth compare to last year this month... yet this is what makes his financial well being...
We all see the world through our own frame of reference and our own little view port. The CEO needs to know only what he needs to know to fulfill his responsibility - which is to serve the stock holders whom entrusted this CEO to manage their money. Unless a project/product is important to the immediate health of the corporation, or the long term financial health of the corporation, or in some manner affects the corporation significantly, his knowing and worry about the details would be a waste of his time and attention span.
Aggressive and ambitious employees would want to make sure he/she works on the projects that the CEO thinks he/she needs to know as CEO. Otherwise, the CEO likely shouldn't know what you are doing. He paid someone else to worry about those things.
-
You go completely past the point of having a moral compass.
-
You go completely past the point of having a moral compass.
Talk of morals here? lol - all the moaning has been about FTDI not letting you rip off their drivers any more and how to reprogram the fakes to let you keep on ripping off FTDI drivers.
And consider the morals of the CEO of whoever the hell it was that made your fakes.
-
You go completely past the point of having a moral compass.
Since this reply is immediately after my reply, I have to ask - are you referring to me?
If it is indeed referring to me, please enlighten me on which part of my reply is so immoral.
Rick
-
You go completely past the point of having a moral compass.
Since this reply is immediately after my reply, I have to ask - are you referring to me?
If it is indeed referring to me, please enlighten me on which part of my reply is so immoral.
Rick
Your reply is not immoral but it just misses the point. You just state that people don't know everything what is going on around them. That if fine because you can't know everything BUT people can know the difference between right and wrong. For that they don't need know what their department's revenue target is or what their kids learn in school. It's as simple as: if I hit my finger with a hammer it hurts so if I hit someone else's finger with a hammer it will hurt that person. Some people however get detached from that and don't care whether their actions hurt other people.
-
MODERATOR NOTE: I have removed the tangent into WMD's, it is not needed in this thread, please stay on-topic.
-
I've just received my cheap eBay FTDI board and I am extremely disappointed that it evaluates as a genuine chip. :-//
You bought via ebay, ergo it is fake by default.
I agree, that's quite likely and was the intent of the exercise.
I've just received my cheap eBay FTDI board and Any idea if this *looks* like a real one?
Doesn't matter. You didn't buy the chip via an authorized reseller and solder it onto the board yourself / bought the widget from a genuine chip customer (the ones they won't name), ergo it is fake by default.
Even if you were to dissolve the top, put it under a microscope, and deduce that it is an exact duplicate of a genuine FTDI chip: that just means the counterfeiter in question must have been doing a better job; fake by default applies.
Yeah, but it's somewhat beside the point. I was looking for a fake.
The question is, is it possible to make a determination by looking at it (since in this case it passes FTDI's test)?
And the answer is that I think it is. The index mark looks like the mark of the fake as per the oft posted image of the real vs the fake.
I'm no chip spotter, and I have no idea if FTDI have multiple sites producing their chips, or if any of them produce different index marks. Let's assume they don't (produce different index marks).
If that is true then this fake was available pretty much at the time FTDI's driver issue was noticed, and it passes it.
What that means is the bricking FTDI driver was essentially obsolete (to the fakers) when it was released. And that's not real good news for FTDI. The driver was perhaps too much (for end users) and too late (for the fakers).
I rather hope that FTDI have methods for detecting their chip in many ways and will start alerting users to new fakes on a regular basis to discourage those who must reverse engineer a fix for each new driver. If that is true, they are still a bit behind the game as is illustrated by chips passing the current test which are (to a reasonable person) likely not to be original.
-
Uhhh, are you saying that genuine chips cannot be available on eBay at all? As in not possible?
-
Uhhh, are you saying that genuine chips cannot be available on eBay at all? As in not possible?
I'm suggesting that I chose a price point where I considered it unlikely.
-
Uhhh, are you saying that genuine chips cannot be available on eBay at all? As in not possible?
It's gotten to a point on ebay whereby you almost have to assume that all parts are fake. And not just FTDI chips, but probably most parts.
-
Uhhh, are you saying that genuine chips cannot be available on eBay at all? As in not possible?
It's gotten to a point on ebay whereby you almost have to assume that all parts are fake. And not just FTDI chips, but probably most parts.
Or savaged
-
Uhhh, are you saying that genuine chips cannot be available on eBay at all? As in not possible?
It's gotten to a point on ebay whereby you almost have to assume that all parts are fake. And not just FTDI chips, but probably most parts.
:-[
You generally get what you pay for and buying from some countries directly increases the risk, my supplier won't supply me atmega chips simply because they are not made in china and I can get them cheaper than he can, so yes assume that most arduino chips that are cheap and from china are fake.
-
It's gotten to a point on ebay whereby you almost have to assume that all parts are fake. And not just FTDI chips, but probably most parts.
Or savaged
You may have meant 'salvaged', but savaged sounds quite good too :)
-
I saw some yank selling 7805 regs as new when the photo clearly showed mangled short cut legs like I'd expect from salvaged parts. ebay did not see the problem. Don't just point the finger at china, people think that ebay is like facebook - anonymous........ so they don't care. If you buy from a reputable buyer you will find they have a reputation for a reason.
I got a boxed load of smashed up atmega chips from farnell because they were too stupid to package them properly in the right tubes with the right bungs in the ends, it was only a shipment worth £1300, that all........
-
Saying that all eBay parts are necessarily fake is just as naïve as saying that all other sources of parts sell necessarily genuine parts.
If I buy an FTDI chip from China for $0.20, then yeah, probably fake. If I buy one from Canada for $6.50, that's not as clear, to me. Equally likely that it is a genuine part as non-genuine.
I'm not saying the Canadian vendor is necessarily selling genuine stuff, just that assumptions can go either way.
Do you all just inherently trust that the HP power supplies as genuine? Every single part inside? Those would be easier to counterfeit than a chip, to me, and much better profit potential.
-
You may have meant 'salvaged', but savaged sounds quite good too :)
I actually think "savaged" here is the right word, :)
-
You generally get what you pay for and buying from some countries directly increases the risk, my supplier won't supply me atmega chips simply because they are not made in china and I can get them cheaper than he can, so yes assume that most arduino chips that are cheap and from china are fake.
Has anyone ever seen a fake AVR? (Not a "slug", a functional part.)
-
The trouble is how is the end user going to know. You can assume that a $100 new Rolex is probably going to be a fake, but you cannot assume that a $10,000 Rolex is going to be real unless you get it appraised.
Whether it was sourced from eBay is hardly an indicator. Even if 100% of eBay is fake, avoiding eBay still would not assure you got something real. Paying a high cost merely assures it is expensive, but it does not assures it is 100% genuine.
This is timely (from yesterday, Nov 17): Consumers Report, a magazine trusted by millions for objective reviews of products. They reviewed a Chinese brand tire(tyre) and the results were poor. The USA rep of the manufacturer (API) called about the surprising result that doesn't even come close to their internal tests. Upon investigation - it is a counterfeit.
Consumers Report, being the kind of magazine they are, dug deep to investigate as well. In their article following the supply path of the product, readers can discern a hole which may suggest how it got into the supply chain. But it is not a proof nor did Consumer Report suggested that was how the fake got in to the supply chain. Granted, this is a low cost brand - but the same way this got into the supply chain is no different than had it been a high-cost brand.
http://www.consumerreports.org/cro/news/2014/11/counterfeit-car-tires-pose-consumer-risk/index.htm (http://www.consumerreports.org/cro/news/2014/11/counterfeit-car-tires-pose-consumer-risk/index.htm)
Whenever there is a profit, there will always be someone willing to do bad things to gain from it. Punishing the consumer is not the way to stop it.
Rick
-
You generally get what you pay for and buying from some countries directly increases the risk, my supplier won't supply me atmega chips simply because they are not made in china and I can get them cheaper than he can, so yes assume that most arduino chips that are cheap and from china are fake.
Has anyone ever seen a fake AVR? (Not a "slug", a functional part.)
I've never been able to source parts for less than I can get from Farnell in the same volume, when I have been offered parts that seem quite cheap and ask if they are genuine i get no reply, so I don't buy. When i asked my chinese supplier for AVRs he refused saying that he could not compete so no point in him trying to supply.
-
I'm confused again. On Friday, two Arduino Nanos I was working with were bricked. Near as I can tell, the FTDI drivers don't talk to them AND their stop bits got set to zero. Is there a new update thats doing this again? I got update 2.11 and it bricked the Arduinos. Going back to 2.08 lets me program Arduinos without a problem, but the Arduinos that got bricked on Friday are still bricks. How did my PID get set to zero when supposedly that stopped a month ago? If anyone has any new information on the situation, I would sure appreciate hearing whats up now.
-
I got the update from Windows Update a week ago... I don't think it was ever pulled?
-
Driver packages 2.11 and 2.12 (mentioned, but not seen by me) are the "spiked" drivers.
I guess everyone will have to wait and see what happens with 2.13, or maybe a 2.11.X release.
There are workarounds to get them back up and running again, I got a USB lead a week or so ago which got hit, but I decided to send it back instead of the workaround as who knows what the next driver could do.
I'm fairly sure FTDI won't just walk away from this, there will probably be something up their sleeve, 5 or 10 minute resets or something similarly annoying in a sort of "demo" mode.
-
I'm fairly sure FTDI won't just walk away from this, there will probably be something up their sleeve, 5 or 10 minute resets or something similarly annoying in a sort of "demo" mode.
Or, it may simply refuse to work with clones, without bricking them.
-
I don't think it was ever pulled?
Based on my experience, the driver was definitely pulled?
-
Based on my experience, the driver was definitely pulled?
Are you sure you ever got the driver in the first place? If you didn't install the driver through the online service, or if you disabled non-essential updates, I don't think the driver would have been pushed to you in the first place. Both of those are true for me, and I still have the driver version I originally installed.
-
Well I cant think of anybody who would buy their coponents on ebay if it is for production and sales. Cause then he or she could face some serious legal problems or economical issues when the circuits fails :)
I don't think people in a procurement department will buy from Ebay but they would buy from any parts broker if there are no other suppliers able to deliver a part.
So what you are saying is...production comes before security ? Ok this sounds like gambling
Yep. Production comes before security, because production means profit, and security does not mean direct profit. Most of the actual world is centered on profit.
Heck, even most Nuclear reactors are running with critical security parts coming from ebay. why ? because the spare parts are not available otherwise. Between closing the nuke plant and purchasing the spare part on ebay, they choose the most profitable option over security :
http://enenews.com/report-every-nuclear-plant-staff-workers-looking-ebay-buy-buy-parts-audio (http://enenews.com/report-every-nuclear-plant-staff-workers-looking-ebay-buy-buy-parts-audio)
-
Heck, even most Nuclear reactors are running with critical security parts coming from ebay.
Bullshit detector just went off. I'm gonna need to see a legitimate source for that information.
-
I don't think it's bullshit.
When you have a safety certified system, any change, as small as it is is a big risk, and therefore is associated with a lot of reviews, paperwork, partial or complete recertification.
It is much more cost effective to get old hardware somewhere and just check it's integrity and autenticity. If properly checked, it is probably even less risk than to redesign the system with modern but unproven hardware.
Mr Gundersen is an industry insider, yes he is oriented anti-nuke, but he knows the practices of the industry.
-
The trouble is how is the end user going to know. You can assume that a $100 new Rolex is probably going to be a fake, but you cannot assume that a $10,000 Rolex is going to be real unless you get it appraised.
Whether it was sourced from eBay is hardly an indicator. Even if 100% of eBay is fake, avoiding eBay still would not assure you got something real. Paying a high cost merely assures it is expensive, but it does not assures it is 100% genuine.
This is timely (from yesterday, Nov 17): Consumers Report, a magazine trusted by millions for objective reviews of products. They reviewed a Chinese brand tire(tyre) and the results were poor. The USA rep of the manufacturer (API) called about the surprising result that doesn't even come close to their internal tests. Upon investigation - it is a counterfeit.
Consumers Report, being the kind of magazine they are, dug deep to investigate as well. In their article following the supply path of the product, readers can discern a hole which may suggest how it got into the supply chain. But it is not a proof nor did Consumer Report suggested that was how the fake got in to the supply chain. Granted, this is a low cost brand - but the same way this got into the supply chain is no different than had it been a high-cost brand.
http://www.consumerreports.org/cro/news/2014/11/counterfeit-car-tires-pose-consumer-risk/index.htm (http://www.consumerreports.org/cro/news/2014/11/counterfeit-car-tires-pose-consumer-risk/index.htm)
Whenever there is a profit, there will always be someone willing to do bad things to gain from it. Punishing the consumer is not the way to stop it.
Rick
Everyone complaining that designers should "just buy authentic parts" needs to read that CR article, as it directly reflects what's going on here.
You have the manufacturer (FTDI), importers, resellers, buyers/designers and end user of the product the part is designed into.
How can I verify the chip is legitimate as an end user or, hell, as the designer even?
I can't. So does FTDI have the right to brick my device? No. This is common sense stuff guys.
Sent from my Smartphone
-
hi,
there is simple solution, as FTDI let you change PID , they also provide a program which is able to config their driver to work custom PIDs,
thus you can go http://www.ftdichip.com/Support/Utilities/FT_INF_v2.0.61.242_Installer.exe (http://www.ftdichip.com/Support/Utilities/FT_INF_v2.0.61.242_Installer.exe) , and download that, then you need an old ftdi driver
like this:
32bit: http://www.ftdichip.com/Drivers/CDM/CDM%202.08.30%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%202.08.30%20WHQL%20Certified.zip)
64bit: http://www.ftdichip.com/Drivers/CDM/CDM%202.08.30%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%202.08.30%20WHQL%20Certified.zip)
then run the FT_INF,set chip type to FT232/245R and PID to 0000, then extract above zip,
in Time Stamp/Filename, select ftdibus and ftdiport, then using this >> to add your prefer config to right menu.
now click Generate files.
2 new inf will be generated. copy them to the folder where you extracted zip files, and overwrite the.
then manually point windows to your new driver.
I did this on win7 64bit, win7 two time asked for driver, and then win recognized my device.
you can download modified driver from here, win7 64bit: http://www.4shared.com/rar/GK7OOeS7ce/FTDI_unlocked.html (http://www.4shared.com/rar/GK7OOeS7ce/FTDI_unlocked.html)
-
After updating the drivers through Windows Update I now have version 2.12.0.0 (dated 26-8-2014) on the "USB Serial Port" on my Windows 7 64bit box. However the "USB Serial Converter" below "Universal Serial Bus controllers" still shows version 2.10.0.0 (dated 27-1-2014). I used to have version 2.10.0.0 since
earlier this year early 2014.
I'm wondering if these drivers are indeed the same drivers as before, as they were supposed to have been pulled or has something changed?
Can people who had their devices bricked tell what versions of the drivers they had? Did it show 2.12.0.0 in both places in Device Manager or only at the "USB Serial Port" device as with me?
My devices still work with this version (at least they are recognized and unplugging and plugging them back in doesn't change anything), can I be sure now that they are indeed genuine? One of these was bought from Mini-in-the-box (China), but it was about 7 or 8 bucks, so not a 2$ piece.
-
Nobody who knows the answer to my question above?
-
There was a perl script posted in October and I used it to check my devices under Win7 back then:
https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg539237/#msg539237 (https://www.eevblog.com/forum/reviews/ftdi-driver-kills-fake-ftdi-ft232/msg539237/#msg539237)
-
I run in this trap recently while building a Elektor LCR meter.
I reflowed the chip and it worked.
The I reflowed the micro controller and the ft232 did not enumerate correctly anymore.
It cost me hours to find out what was wrong, this is so emberassing.
Howe could thery do that without warning ?
On the other hand I learned a lot about how to figure out usb troubles and how to use an usb event viewer.
In my onw designs I will only use the cp210x. I liked to use them since they have an integrated 3V3 regulator and are easier to reflow since they have no pins.
Cheers
Michael
-
Rubi: Before we suspect that the chip is fake, are you sure that the test pin is grounded on the board? A trap for young players, as a certain crazy Aussie would put it.
-
Hi
Yes the test pin is grounded.
I checked the enumeration process and it is perfectly ok, except the pid is 0.
I then found a workaround for the problem and could assign the driver directly accepting a pid of 0.
Since then the chip works great, programmed the uc and works with the assigned programm.
So it was definitley a fake chip and thanks to the internet I could find a description how to get around it.
Cheers
Michael
-
Super freaky brick problem. This is NOT a fake FTDI chip (well, at least I assume it's not). The manufacturer of the equipment remotely bricks the chip any time you open their software while connected to the internet (just to be bastards and make more money).
This is what it looked like before the brick:
(http://ecuflashking.com/ftdi_ft_prog_unbricked.png)
When the software bricks it, it resets BOTH the PID and VID to 0000 :(
(http://ecuflashking.com/ftdi_device_manager.png)
This renders the device completely unusable as you would imagine. I tried using the FTDI Inf generator program to see if I could set the inf's up to use VID 0000 and PID 0000 but no luck getting them working. Using the custom INF files it recognized it as USB Serial Converter instead of "Unknown Device" but it still says "The device cannot start. (Code 10)"
(http://ecuflashking.com/ftdi_inf_generate.png)
In reading online it appears that windows will refuse to load a driver if the PID and VID are set to the same value, so not sure we can hack the FTDI driver to override that.
I read a few posts (http://www.minipwner.com/index.php/unbrickftdi000) about using Linux to reset the PID (but unfortunately not the VID) but when I boot up Ubuntu and do "lsusb" the FTDI converter isn't even listed at all! Does anyone know of a way to get Linux to recognize the VID of 0000 so I can overwrite it? :(
Any help you can provide would be greatly appreciated. There are a LOT of these devices out there that have this problem.
Thanks!
-Jamie M.
-
Jamie, what does dmesg output after you plug in the device in Linux?
-
Jamie, what does dmesg output after you plug in the device in Linux?
[ 69.144050] usb 8-1: new full-speed USB device number 2 using uhci_hcd
[ 69.268064] usb 8-1: device descriptor read/64, error -71
[ 69.492047] usb 8-1: device descriptor read/64, error -71
[ 69.708069] usb 8-1: new full-speed USB device number 3 using uhci_hcd
[ 70.036064] usb 8-1: device descriptor read/64, error -71
[ 70.260069] usb 8-1: device descriptor read/64, error -71
[ 70.476060] usb 8-1: new full-speed USB device number 4 using uhci_hcd
[ 70.888039] usb 8-1: device not accepting address 4, error -71
[ 71.204082] usb 8-1: new full-speed USB device number 5 using uhci_hcd
[ 71.616047] usb 8-1: device not accepting address 5, error -71
[ 71.616096] usb usb8-port1: unable to enumerate USB device
-Jamie M.
-
you should be able to use the ftdi fixer (not by ftdi, but by some linux guys) to set the pid and vid.
the key is to have only one dongle plugged in and refer to it by /dev/ttyUSB0. it will then set the vid and pid for you if you give it both arguments to the CLI.
-
you should be able to use the ftdi fixer (not by ftdi, but by some linux guys) to set the pid and vid.
the key is to have only one dongle plugged in and refer to it by /dev/ttyUSB0. it will then set the vid and pid for you if you give it both arguments to the CLI.
Do you have a link to the software "by some linux guys"? I've been trying to use ft232r_prog version 1.24 by Mark Lord, but I don't see anywhere I can tell it to write to /dev/ttyUSB0 :(
(http://ecuflashking.com/ft232r_settings.png)
-Jamie M.
-
sudo ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001
-
you don't refer to it by ttyUSB0 in mark's program (that's the one I was thinking of).
that's why I said, make sure only ONE ftdi dongle is on your system. his app will find it and set its pid and vid. that's why you don't give /dev/ttyUSB0 on the command line. it would have been sensible to do that, but he makes you have only 1 connected and if he finds it, he writes to it.
-
sudo ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001
Tried that the first time, just said it couldn't find the ftdi chip on usb. I had lots of other USB stuff plugged in at the time though.
you don't refer to it by ttyUSB0 in mark's program (that's the one I was thinking of).
that's why I said, make sure only ONE ftdi dongle is on your system. his app will find it and set its pid and vid. that's why you don't give /dev/ttyUSB0 on the command line. it would have been sensible to do that, but he makes you have only 1 connected and if he finds it, he writes to it.
Sweet, I'll give it a go. Before I was booted off USB plus had a USB mouse. I've now got it burnt to DVD and no other USB devices so we'll see if it works! Thanks!
-Jamie M.
-
Nope, no go :(
ubuntu@ubuntu:~/ft232r_prog-1.24$ sudo ./ft232r_prog --old-pid 0x0000 --new-pid 0x6001 --old-vid 0x0000 --new-vid 0x0403
ft232r_prog: version 1.24, by Mark Lord.
ftdi_usb_open() failed for 0000:0000: device not found
ubuntu@ubuntu:~/ft232r_prog-1.24$
I think in the source code it's trying to look at it by vid/pid. I wonder if we can edit the source to make it do a blind write of the vid/pid to /dev/ttyUSB0?
-Jamie M.
-
can you omit the 'old' stuff and just feed it the new vid and pid?
maybe even try setting just one at a time?
-
can you omit the 'old' stuff and just feed it the new vid and pid?
maybe even try setting just one at a time?
Nope, when you omit either the old vid or pid it uses the default vid and pid to try and read it (0403/6001):
ubuntu@ubuntu:~/ft232r_prog-1.24$ sudo ./ft232r_prog --new-pid 0x6001 --new-vid 0x0403
ft232r_prog: version 1.24, by Mark Lord.
ftdi_usb_open() failed for 0403:6001: device not found
ubuntu@ubuntu:~/ft232r_prog-1.24$ sudo ./ft232r_prog --new-pid 0x6001
ft232r_prog: version 1.24, by Mark Lord.
ftdi_usb_open() failed for 0403:6001: device not found
ubuntu@ubuntu:~/ft232r_prog-1.24$ sudo ./ft232r_prog --new-vid 0x0403
ft232r_prog: version 1.24, by Mark Lord.
ftdi_usb_open() failed for 0403:6001: device not found
ubuntu@ubuntu:~/ft232r_prog-1.24$
I found out that Mark Lord lives not far from me, lol! I sent him an e-mail to see if he can help :)
-Jamie M.
(p.s. here's the relevant source code from Mark's program where it's erroring out on me:
ftdi_init(&ftdi);
atexit(&do_deinit);
memset(&ee, 0, sizeof(ee));
ee.old_vid = 0x0403;; /* default; override with --old_vid arg */
ee.old_pid = 0x6001; /* default; override with --old_pid arg */
process_args(argc, argv, &ee); /* handle --help and --old-* args */
if (ftdi_usb_open_desc(&ftdi, ee.old_vid, ee.old_pid, NULL, ee.old_serno)) {
fprintf(stderr, "ftdi_usb_open() failed for %04x:%04x:%s %s\n",
ee.old_vid, ee.old_pid, ee.old_serno ? ee.old_serno : "", ftdi_get_error_string(&ftdi));
exit(ENODEV);
}
atexit(&do_close);
-
maybe your device is just plain BAD (?)
-
maybe your device is just plain BAD (?)
It wasn't bad before the equipment manufacturer bricked it, but they bricked it really good :(
I think I'll smash open the epoxy fill tonight and see if I can find the FTDI chip. If I can I'll order a new one and swap it out.
-Jamie M.
-
I heard back from Mark Lord, doesn't sound good :(
-----Original Message-----
From: Mark Lord
Sent: Thursday, April 23, 2015 6:43 PM
To: Jamie M.
Subject: Re: FTDI chip unbricking, with vid 0000 AND pid 0000 :( plz help!
The device has to show up in "lsusb" for anything on Linux to work with it.
So, do "lsusb" without it plugged in, then plug it in (wait a few secs)
and do "lsusb" again, and compare. Anything new show up?
--
Mark Lord
Real-Time Remedies Inc.
On that news I've decided to break it open and see if I can find the FTDI chip to replace it. Yikes.
(http://ecuflashking.com/flash-tune_bricked_ftdi_gold_box_01_sm.jpg)
-Jamie M.
-
https://www.youtube.com/watch?v=ckP0GSTZJJA (https://www.youtube.com/watch?v=ckP0GSTZJJA)
Comment by Nuno Gonçalves: "The driver (2.12) is back on windows update. Clones are getting bricked again."
Any confirmations?
-
https://www.youtube.com/watch?v=ckP0GSTZJJA (https://www.youtube.com/watch?v=ckP0GSTZJJA)
Comment by Nuno Gonçalves: "The driver (2.12) is back on windows update. Clones are getting bricked again."
Any confirmations?
It's not back. Unless it was only there for a short time and they've pulled it yet again, which seems unlikely.
http://catalog.update.microsoft.com/v7/site/Search.aspx?q=USB%5cVID_0403%26PID_6001 (http://catalog.update.microsoft.com/v7/site/Search.aspx?q=USB%5cVID_0403%26PID_6001) (IE only, thank you Microsoft :palm:) Latest FTDI driver update was 2014-08-26.
Edit:
Ignore the above. I'm being stupid. :palm:
I was just told by a coworker that the date listed is when the driver was made, not when it was published to windows update as I had assumed. A quick look at the version number, which I should have done, confirms that 2.12 is indeed on windows update.
-
NEW LabVIEW Driver for DE-6000 is available for collecting data from the DE-6000. The driver is written in LabVIEW 2013 and requires the optional DE-6000-DTK IR-USB interface adapter.
Everything about the "DE-6000" is dodgy to me. When a seller only lets you know price by "Request a quote" that usually means megabucks and slimy salesmen in the middle. It's just a DE-5000 relabelled and sold for a fortune. No thanks, I got mine from Japan with the tweezers and 4 wire croc clips for $99 delivered.
However, to be fair to IET, the LabVIEW driver is nothing whatsoever to do with the FTDI driver. Think of it more like the front end graphical interface. Does the DE-6000 include this driver, hence the huge markup, or is it another "request a quote" add on?
-
Everything about the "DE-6000" is dodgy to me.
No kidding! Image from their page: :palm:
-
However, to be fair to IET, the LabVIEW driver is nothing whatsoever to do with the FTDI driver. Think of it more like the front end graphical interface. Does the DE-6000 include this driver, hence the huge markup, or is it another "request a quote" add on?
Thanks to a member here and the group he belongs to (https://www.eevblog.com/forum/testgear/decoding-der-ee-lcr-meter-de-5000-serial-bitstream/) I managed to get the protocol details for the DE5000 with the express mission of creating my own de5000 labview drivers. Whenever I get around to finishing it I wonder what would happen if I tired release them into labviews online driver repository
-
However, to be fair to IET, the LabVIEW driver is nothing whatsoever to do with the FTDI driver. Think of it more like the front end graphical interface. Does the DE-6000 include this driver, hence the huge markup, or is it another "request a quote" add on?
Thanks to a member here and the group he belongs to (https://www.eevblog.com/forum/testgear/decoding-der-ee-lcr-meter-de-5000-serial-bitstream/) I managed to get the protocol details for the DE5000 with the express mission of creating my own de5000 labview drivers. Whenever I get around to finishing it I wonder what would happen if I tired release them into labviews online driver repository
Don't worry. IET will have put some code in their LabVIEW driver to ensure it only works with their DE6000. I've seen this before with my Siglent SDG1025. This is also sold rebranded as a LeCroy Wavestation and the LeCroy LabVIEW driver does not work with the Siglent (it checks model number using a *IDN? SCPI request. Yeah, piss easy to work around ;) ).
Now I commend you for not wanting to step on IETs toes by ensuring your driver only works with the Japanese DER DE5000. I suggest you collaborate with IETs developers. They are clearly open to this as they must have collaborated with Cyrusteks developers in Taiwan to develop the custom DE6000 firmware, and it is obviously in their interests to let you know how you can perform a check for DE5000 or DE6000 in your LabVIEW driver. I can't see any reason for them to with-hold this information from you ;), so pop them an email. :-DD
-
maybe your device is just plain BAD (?)
or maybe linux is not everything in this world... here windows version...
http://www.reddit.com/r/arduino/comments/2k0i7x/watch_that_windows_update_ftdi_drivers_are/clgviyl (http://www.reddit.com/r/arduino/comments/2k0i7x/watch_that_windows_update_ftdi_drivers_are/clgviyl)
(sorry if its been overridden somewhere i didnt read all 100+ pages...
otoh and here some pointer on spotting real vs fake chip (maybe again i didnt read all 100+ pages)...
(http://s.zeptobars.ru/ftdi-FT232RL-real-vs-fake.jpg)
(http://yourduino.com/docs/FTDI-GOOD-FAKE-TerryKing1014.jpg)
the most prominent difference is the detent (whats that called), the fake one got sharp detent... i checked all my china purchase arduino, usb-serial, and chip stocks they are all seem similar to the real chip, smoother detent... no?
-
btw i'm on WinXP old driver. so this auto-update-brick crap (which i'm sure can be disabled in ctl panel) is invisible to me hence i'm invinsible, for now. i dont blame ftdi i'll continue to support them, they paid subscription to ftdi-fi, paid real engineers and all. its just their action brick without warning is too noob for a professional person. the engineer responsible for this or the GM who made the decision must be too young to know what life is.
-
I wrote a utility for Windows to determine and recovery of counterfeit FT232RL chips. Recovery is possible using a modified driver (inf files attached).
-
Nice! Thank you for that!
-
That is a very nice utility, Liv! I can attest it reliably detected a Genuine FT232 part from this kit (http://www.microcenter.com/product/432350/FTDI_Adapter_USB_Controller).
-
Note that it gives false positives on "programmed" devices.
-
Note that it gives false positives on "programmed" devices.
What does it mean? For the authentication of the chip I attempt to write to the EEPROM at an even address (0x3e). If the attempt is successful, it is a fake. VID and PID values are not affected.
Older FT232BM with an external EEPROM is also determined as a fake. Probably the driver from FTDI they will be brick it.
-
I tried to test some of my FDTI devices where one is definitely a fake (infamous Gamebuino) others are most likely genuine and one or two are suspicious (pin 1 marking, font) but not detected by the EEPROM approach.
Anyway your program always detected a fake - which puzzled me until I noticed that it obviously always investigated my ScanaPlus logic analyzer. (https://sigrok.org/wiki/IKALOGIC_ScanaPLUS).
It contains an FT232H which is most certainly genuine, but MProg reports it as "programmed", so the EEPROM is write protected.
So for some reason your tool mistakes the write protection for "programmed" devices as indication for being fake - which it isn't.
Side note: it would make a lot of sense to be able to select the device if there is more than one.
-
Side note: it would make a lot of sense to be able to select the device if there is more than one.
This is true, but I still did not complicate the utility. With its use it is necessary to disconnect all FT devices except one. If it is connected to multiple FT devices, the utility will report an error 'More than one FT device found, error.".
MProg reports it as "programmed", so the EEPROM is write protected.
It is possible to protect the EEPROM? I do not know of such a possibility. If the EEPROM is really write-protected, the utility would report that the device is GENUINE. About behavior of FT232H I do not know, such devices must be disconnected when using of the utility.
-
FTDI should write such a program you can test if the chips you bought are genuine or not without destroying them, if not genuine you can return them at once with the printout report.
-
Even when the driver was released, it couldn't detect all the clones and I think the Chinese cloners quickly worked around it.
I guess if they had a better way of detecting clones than the EEPROM trick, they would have used it.
They could add some better detection to new revisions but than they still couldn't tell if an IC without this new detection mechanism is a clone or a older genuine one.
-
Detecting counterfeit should be exactly the same algorithm, how does the driver. If the driver does not detect a fake, then the chip will work fine. In this situation, the user does not matter, it is an original or a fake chip.
-
I guess you're still using the same algorithm that was discussed here in October 2014 and that was known to be used by the driver back then.
I just wanted to clarify that even 15 months ago it detected only a part of the clones that behaved differently regarding EEPROM access.
Admittedly most people who just use the FTDI chip as UART converter won't notice that they use clones. Then again, in more advanced use cases (JTAG / logic analyzers and the like) a clone might give different results than the original. Anyway I think that most people wouldn't willingly buy clones and would be interested to have a bullet-proof way of testing - and this is obviously something that can't be done by SW at the moment. Well letting aside the old school clones that still are detectable by the EEPROM trick.
-
Hello everybody,
I recently made a design with an FT232H USB to UART bridge. In my configuration, the FT232 chip is powered by the USB and there is no EEPROM attached to it, which should be ok as stated in the datasheet.
After receiving and testing the two boards, I tried to plug the USB to my PC under Windows 7 (64 bits) and got an "Unknown USB peripheral" message. I then checked the voltages and clock of the FTDI and everything was fine. I was vaguely aware of the fact that some FTDI chips were bricked by the new driver (thanks to Dave's video), so I emailed FTDI and asked them what to do. They tell me to remove every FTDI drivers (CDC Uninstaller) and to update the drivers with the archive in their website. I tried that procedure and, at the end of the install process, my device shows up with a nice VID/PID identical to the one given in the datasheet. I was so happy that I soon unplugged my board to test the other one. I was unable to make the same miracle a second time. I tried to remove and reinstall the software but nothing worked. Re-plugging the "good" board was not successful either. Windows stupidly set the VID/PID of the two boards to 0000. The first batch of components where bought on Mouser, so I ordered two new components and resolder one board to tackle the "genuine" issue. The hardware was valid (voltages and clock) but no device shows up under Windows.
A few hours later and a lot of messing around with Windows, I try it on a Linux machine (Ubuntu 14.04 64 bits). I was unable to see the device enumeration in dmesg but had a bunch of lines saying that the device doesn't accept the address (device not accepting address xx, error -71). During the enumeration process, the kernel have used the xhci driver. The same issue was visible for both boards.
Finally, I plugged the boards to another Linux machine (Debian 8, 32 bits). Dmesg showed some errors with the "device not accepting address" thing with the ehci_pci driver and then, out of the blue, some lines saying: "using the uhci driver" and a nice "FT232H device detected" with the good values for the VID and PID. I made the same test with the second board and get a success for this one also. I made a small script in Python + MPSSE and was able to blink an LED. Hurrayyy !
I then unplugged and re-plugged the boards several times and everything still works in the Debian 8 machine. Nothing new concerning the Windows or the Ubuntu machines. I then test the boards on two other machines, one with a Debian 6 and one with a Debian 8. The Debian 8 machine showed the same dmesg and enumeration was successful. The Debian 6 didn't recognize the FTDI chip.
I tried a lot of things such as loading the "usb_old_sheme" thing, disabling the "usb_suspend" and loading the uhci and ohci drivers but still get the same enumeration issue !
Do you have some fresh insight for me, I'm really disappointed at the moment !
Thanks in advance,
Best regards,
Christophe
PS: I have ordered an EEPROM and will solder a nice little buggy board over the FTDI to see if this bloody chip will be more sympathetic.
-
Such significant enumeration issues suggest a hardware problem.
-
After receiving and testing the two boards, I tried to plug the USB to my PC under Windows 7 (64 bits) and got an "Unknown USB peripheral" message. I then checked the voltages and clock of the FTDI and everything was fine. I was vaguely aware of the fact that some FTDI chips were bricked by the new driver (thanks to Dave's video), so I emailed FTDI and asked them what to do.
...
This have nothing to do with drivers and bricked chips. FT232H never got bricked BTW. As your ICs are from reputable source and you got "Unknown USB peripheral" message, IMO there is 99% chance that your design have an error in it or your USB cable really crappy or faulty USB ports.
-
Hello everybody,
I re-checked the design today and found the issue. I had two USB connectors and a switch to connect one of them to the FTDI.
I finally suspected this chip to be the culprit and was right. I shunted it and the enumeration was successful on all my machines !
Best regards,
-
I have no problem with :bullshit: FTDI, too - I use CP21xx instead in my projects :popcorn:
Fake FTDI? No, THANKS !!!
-
I have a Update "pending" for FTDI in my Windows update (Win 8.1) here, its from 03. Feb. 2016.
Any issues there?
-
Just my two cents...
A lot of noise from nothing.
If you bought fake chip you should solve your problems with seller first of all, not with FTDI. FTDI just try to protect their intellectual property and their production. How do you think, if they will continue developing drivers, doing RnD, provide support and etc, and some smart guys will make counterfeit chips and nothing more with hope that their bullshit should work with FTDI drivers who will be happy at the end? End users who spent only 50 cents instead $ 4,50? Of course and those "smart guys", but only not FTDI.
Most people understand prices well but nevertheless continue buying cheap devices and component from aliexpress, alibaba and other world stock of fucking Chinese counterfeit.
If you doing something based on FTDI ICs you should be responsible for your goods in front of your buyers. You should solve problem with your supplier if he has delivered to you counterfeit chips.
Probably most people should understand that they need boycott not FTDI, they need boycott fake components suppliers IMHO. :-//
-
Wasnt that exactly the huge problem? Nobody could get a hold of legit chips. Even the big sellers didnt know if the Chips were original or not.
End users who spent only 50 cents instead $ 4,50?
This doesnt apply as the end user has one price and no way of checking the authenticity.
BTW: I dont think you read any portion of this thread befor posting. Otherwise this would have been clear. I think Dave even said those things in his Video.
-
I read a lot pages in this thread but not all, of course.
Let me ask... When end user buying something related with this thread, what he doing? He going to FTDI web site, download and install driver from them. After that, well know, authenticity checking process starting))
What you will do, contact seller, will go to forum to drop some portion of negative to FTDI side, or what?
BTW: I told about price for situation when people understand their risk when pay for very cheap similar product, and try to use it in their devices.
Before some time FTDI did not nothing and fake components was under working condition. After they decided to change this situation. But this is not FTDI problem, supplier should be responsible in front of end user! That I try to say you
Sent from my phone using Tapatalk
-
Read the entire thread again. The biggest problem is that you can even buy fake FT232 chips from Farnell (this happened for real a couple of weeks months ago!). Ofcourse everybody wants to use real FTDI chips but with clones so widespread and FTDI's production volumes so low you just can't be 100% sure you'll never get clones. However if FTDI is killing your product behind your back even though you have zero blame (bought from a reputable source, paid the regular price, etc) then you are the victim of FTDI being unable to deal with the cloners properly.
Bottom line: As a designer of electronic circuits/products I really don't want to deal with what is FTDI's problem so I don't use FTDI chips in my designs. That is how the real world works.
-
The biggest problem is that you can even buy fake FT232 chips from Farnell (this happened for real a couple of weeks months ago!). Ofcourse everybody wants to use real FTDI chips but with clones so widespread and FTDI's production volumes so low you just can't be 100% sure you'll never get clones.
Actually I'm not convinced about that at all. OP was completely reluctant to verify if they are actually counterfeits or he has some driver problem or some other issue. He didn't even try to install new driver, with which fake chips per se couldn't cause the issue he had.
-
Read the entire thread again. The biggest problem is that you can even buy fake FT232 chips from Farnell (this happened for real a couple of weeks months ago!).
Dear nctnico. I don't know what is Farnell and believe me, I even don't want to know ;)
If you not understand how contribution business work, let me explain to you.
Manufacturer work only with distributors network. Each distributor have some sort of agreements with manufacturer. They buy original product that this manufacturer produced. After that distributor offer this products to dealers network. In distributors and dealers network special procurement department exist within each company. Their managers monitoring offers, make a deal, and believe me, if some greedy manager in greedy companies decided bought fake goods (they well know what he buying and where) from infringement manufacture for 1/5 at normal price and sell it at full price like original goods, that FTDI should not be responsible for that!
However if FTDI is killing your product behind your back even though you have zero blame (bought from a reputable source, paid the regular price, etc) then you are the victim of FTDI being unable to deal with the cloners properly.
What property you talking about? You bought (you has been defrauded by seller) fake and want to use it like original one. You try to apply to it original software and be foiled, and what? Go to your supplier and tell him: take you bullshit back, give me my money, I will order original one from fro honest seller! That all that you need to do.
Bottom line: As a designer of electronic circuits/products I really don't want to deal with what is FTDI's problem so I don't use FTDI chips in my designs. That is how the real world works.
:-DD Up to you! FTDI try to do their business, they not give you fake chips and responsible for that some f@cking asshole stolen their design, microcode, sold his fake to next greedy asshole that sold it to you like original one. That is how the real world works. ;)
Now, I would like to ask you, if somebody will stolen your design, print your name on their fake bullshit, will transfer responsibility to your name in front of end users, what you will do, hmm??
Send them message, Oh sorry, somebody f@ck me, but I will spent another 1000 hours to new drivers for support your fake goods?
-
Read the entire thread again. The biggest problem is that you can even buy fake FT232 chips from Farnell (this happened for real a couple of weeks months ago!).
Dear nctnico. I don't know what is Farnell and believe me, I even don't want to know ;)
You don't know of and don't want to know of one of the largest electronics equipment and component distributors in the western world?
Your arrogance and willful ignorance is terrifying.
-
You don't know of and don't want to know of one of the largest electronics equipment and component distributors in the western world?
Your arrogance and willful ignorance is terrifying.
May be this seems like that to you, but I do not have any business with them and their name tell nothing for me. If they selling infringing goods, may be it's time to stop work with them?
Probably they thick and arrogant enough, that their reputation does not matter for them, if they still selling counterfeit?
They need stop to do this, or, if FTDI really have problem with their production, stop to work with FTDI instead?
-
:scared: It lives :scared:
-
:scared: It lives :scared:
Indeed!
Before criticize manufacturer, may be better think about, what you will do at their place?
If you will make good design, spent a tons of money for realizing your ideas, build a business, and make extremely popular product and then somebody will make 1:1 fakes with your name responsibilities, what you will do then? :-//
-
I think you have 70 pages of reading to do before you can even suspect that you might have anything new to add! :palm:
-
From past read pages I extremely like this one message
how is it my fault if I'm delivered a product with a fake chip?
As a society, we have forgotten personal accountability and responsibilities.
It's the fast foot companies' fault that I am too fat;
It's MaDonald's fault that my coffee is hotter than I expected;
It's the rich's fault that I am poor;
It's employers' fault that I am jobless;
It's banks' fault that I have to pay my debts;
It's taxpayers' fault that I am driving a beat-up car;
It's policy's fault that I am in jail.
...
At some point, you ARE going to be responsible for who you are and where you are.
-
Quoting our house troll isn't going to help you. Furthermore all his assertions are just short sighted ramblings.
Take many steps back until you see the big picture here. But let me help you: The big picture says that FTDI's actions cause extra hassle for checking suppliers, testing chips, testing drivers, recalling products from customers, dealing with having the boards reworked, delivery delays, later payments, etc, etc. All this is just extra work you don't get paid or compensated for. If you like to work for free be my guest but I rather pass. I just use a component which isn't lucrative to clone so I know I get the real deal and the end-products installed at customers keep working because nobody messes with the drivers. Nobody really cares what or who is right or wrong!
-
To be honestly, I don't want unpack this ball of contradictions. Who was troll, who was not. For me this is only some words that have relationship to the real life.
All that I see above real problem this is eyewater and dissatisfaction. That is really have place at any forums. People going here (at forum) for cry over their problem and this threads become extremely popular with huge amount of pages.
The real admiration for some products/ideas/solutions is very short and unpopular.
p.s. I have real experience to be in front of customer and worked at manufacturer side and at solution delivery side. I know how this business work.
All that I said about this thread - this is only my opinion, and nothing more.
If you do not want use FTDi, it is absolutely up to you. You just find way for you in use unpopular for cloning chips, but still not able to say what you would do on FTDI place.
Don't be huffy! Cheers and good night!
-
but still not able to say what you would do on FTDI place.
First of all: I would not kill my customers' products and thereby drag third parties into a conflict between me and another party. Dragging third parties into a conflict makes the outcome wildly unpredictable as FTDI must have noticed by now since their latest drivers no longer have anti counterfeit measures.
Secondly is it common knowledge you can't milk a cow forever so you either have to lower prices and/or come up with a new product so I would have tried to stay ahead by creating new products at lower cost.
Just look at Dyson: they marketed (hyped!) bag-less vacuum cleaners. The technology was well known but never really marketed before. It didn't take long for other manufacturers to come up with bag-less vacuum cleaners and compete on price. No problem for Dyson because they have a whole range of other products lined up. Nowadays you see Dyson hand dryers in almost every public restroom.
All in all the competition coming up with alternatives for succesful products is the way the free market works and in many cases there is very little you can do about it especially if you are not a multi-billion company with thousands of lawyers.
-
First of all: I would not kill my customers' products and thereby drag third parties into a conflict between me and another party. Dragging third parties into a conflict makes the outcome wildly unpredictable as FTDI must have noticed by now since their latest drivers no longer have anti counterfeit measures.
All it's clear, but what you will do to protect your products? How you will prevent to using your codes on clones?
Secondly is it common knowledge you can't milk a cow forever so you either have to lower prices and/or come up with a new product so I would have tried to stay ahead by creating new products at lower cost.
That is call real competition. FTDI made first and still make good products for USB bus interface with excellent functionality. Even Cypress with their CY7C65213 that copying FT232R pin to pin do not have UART Rx, Tx signal level inversion, that very useful for engineering design. FTDI have huge amount open documentation in form of AN and TN that useful for engineers and enthusiasts, while Cypress and other have one two documents, and that is all.
All in all the competition coming up with alternatives for succesful products is the way the free market works and in many cases there is very little you can do about it especially if you are not a multi-billion company with thousands of lawyers.
Absolutely agree. Competition! Real competition - that is rear alternative solution with full infrastructure, documentation and support. But not stealing alien ideas and cloning their devises under stolen name.
If somebody will try to do same with Apple iPhone, make 1:1 copy with their current iOS version, believe me, next day Apple will do same as FTDI - release new update for turn fake clones to bricks.
-
First of all: I would not kill my customers' products and thereby drag third parties into a conflict between me and another party. Dragging third parties into a conflict makes the outcome wildly unpredictable as FTDI must have noticed by now since their latest drivers no longer have anti counterfeit measures.
All it's clear, but what you will do to protect your products? How you will prevent to using your codes on clones?
Be clever but also accept that no protection method is unbreakable. At some point your are just frustrating your legitimate customers with copy protection measures (like potting a circuit so it cannot be repaired).
-
How nice!
I have installed Altera Quartus 16.0. The included driver (FTDI) for the USB Blaster caused my PC (Windows 10 x64) to reset my PC after some minutes over and over again.
It took me some hours to find out that the connected USB Blaster clone caused this. It uses a ST32F to simulate a FTDI chip.
I switched back to the driver delivered with Quartus 14.0: Et voila, it works again!
May these FTDI guys burn...
-
May they burn indeed for not ensuring compatibility with someone elses hack.
-
May they burn indeed for not ensuring compatibility with someone elses hack.
I wasn't aware that there is no genuine FTDI used in this device until I opened it (most people don't know this).
So it's ok for you if they crash the PC with all data lost?
-
So it's ok for you if they crash the PC with all data lost?
I'm certain they're doing it on purpose, I mean, it couldn't possibly be a bug with a third party's unsupported implementation of an undocumented protocol, that just doesn't happen. It's all FTDI's fault!!!!!
-
May they burn indeed for not ensuring compatibility with someone elses hack.
I wasn't aware that there is no genuine FTDI used in this device until I opened it (most people don't know this).
So it's ok for you if they crash the PC with all data lost?
It's your crappy device what crashes it, not FTDI.
-
It's your crappy device what crashes it, not FTDI.
No, it doesnt. The driver software does. But whatever you say...
-
It's your crappy device what crashes it, not FTDI.
No, it doesnt. The driver software does. But whatever you say...
If the crappy device makes the driver doing something unexpected... That driver wasn't written for or tested with your hack implementation anyway. I guess your USB blaster is a crappy clone too.
-
It's your crappy device what crashes it, not FTDI.
No, it doesnt. The driver software does. But whatever you say...
If the crappy device makes the driver doing something unexpected... That driver wasn't written for or tested with your hack implementation anyway.
A driver which doesn't handle an unexpected situation properly is written by someone who doesn't know the first thing about programming. Since the old driver works and the new one doesn't it is very likely this behaviour is on purpose.
-
It's your crappy device what crashes it, not FTDI.
No, it doesnt. The driver software does. But whatever you say...
If the crappy device makes the driver doing something unexpected... That driver wasn't written for or tested with your hack implementation anyway.
Somehow this doesn't happen even with clones of ft232. Now someone gets fake USB blaster with crappily emulated ft232, uses it with genuine software and then blames manufacturer for it behaving weird. I also sometimes use clone devices, but never blame genuine item manufacturer for software not working properly with a fake crap I have.
A driver which doesn't handle an unexpected situation properly is written by someone who doesn't know the first thing about programming. Since the old driver works and the new one doesn't it is very likely this behaviour is on purpose.
-
In my case there is no counterfeit FTDI chip used. The STM32 just simulates the behaviour of the FTDI chip.
Their first driver with counterfeit protection (2014) erased the EEPROM connected to the chip with the PID/VID information. So the OS couldn't longer detect the device.
But this is not possible with the STM32 because of the different implementation. So they choose another way which causes the complete PC to crash.
This already happens if the device is just connected to the PC without using it.
This practice is not nice! I use several FTDI chips in devices which I have developed on job. But I will try to avoid to use any chips from FTDI in the future.
-
But this is not possible with the STM32 because of the different implementation. So they choose another way which causes the complete PC to crash.
Do they now? Do you have evidence, or are you just jumping to this conclusion because OMG FTDI ARE BAD?
This practice is not nice!
Nor is yours.
-
In my case there is no counterfeit FTDI chip used. The STM32 just simulates the behaviour of the FTDI chip.
Which is not a tiny bit different than knowingly using fake chips, even worse. Actually, if fake chip was used, manufacturer could claim they didn't know those were fake. In your case, manufacturer of knowingly made illegal clone of USB blaster and knowingly cloned/emulated FT232 which is illegal too. You are not legally allowed to use FTDI driver with anything else than FTDI ICs in the first place. And you knowingly bought this illegal clone. So how in the end it comes that FTDI is to be blamed for your knowingly bought crap not working properly?
-
In my case there is no counterfeit FTDI chip used. The STM32 just simulates the behaviour of the FTDI chip.
Which is not a tiny bit different than knowingly using fake chips, even worse. Actually, if fake chip was used, manufacturer could claim they didn't know those were fake. In your case, manufacturer of knowingly made illegal clone of USB blaster and knowingly cloned/emulated FT232 which is illegal too. You are not legally allowed to use FTDI driver with anything else than FTDI ICs in the first place. And you knowingly bought this illegal clone. So how in the end it comes that FTDI is to be blamed for your knowingly bought crap not working properly?
In what way is knowingly emulating a part illegal? The right to most aspects of reverse engineering and emulation for the purposes of compatibility are protected by law. Some aspects of the DMC in the US have tried to prevent such engineering when there is an element of copy protection involved, but that's about the limit of legal protection. Direct copying of someone else's software can get you into copyright trouble. Exactly copying a chip can get you into trouble with the specific copyright protection that exists for masks. Schematics aren't well protected, unless they incorporate patented techniques. Working out how something works, and emulating it without recourse to the internals of the original design, is how much of the electronics industry has always worked.
-
In what way is knowingly emulating a part illegal? The right to most aspects of reverse engineering and emulation for the purposes of compatibility are protected by law.
Not talking about legality of the hardware side of this this, it already starts to be illegal once you need to use FTDI driver with it. This is exactly the same as for example cloning SEGGER JTAG adapters or Saleae logic analyzers. Yes, software comes for free, as long as you use genuine device...
Direct copying of someone else's software
In this case inevitably illegally using someone else's software.
1.2 In this Licence a "Genuine FTDI Component" means an item of hardware that was manufactured for, and sold by, the Licensor or a member of the Licensor's group of companies. It does not include any counterfeit or fake products.
1.3 If you are a manufacturer of a device that includes a Genuine FTDI Component (each a "Device") then you may install the Software onto that device. If you are a seller or distributor of a Device then You may distribute the Software with the Device. If you are a user of a Device then you may install the Software on the Device, or onto a computer system in order to use the Device.
1.4 In each of those cases you may:
1.4.1 install and use the Software for your purposes only; and
1.4.2 only use the Software in conjunction with products based on and/or incorporating a Genuine FTDI Component.
1.5 The Software will not function properly on or with a component that is not a Genuine FTDI Component. Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT. It is the Licensee's responsibility to make sure that all chips it installs the Software on, or uses the Software as a driver for, are Genuine FTDI Components. If in doubt then contact the Licensor.
-
A driver which doesn't handle an unexpected situation properly is written by someone who doesn't know the first thing about programming. Since the old driver works and the new one doesn't it is very likely this behaviour is on purpose.
So MS has to retract the driver or replace it with a newer one soon again. Either because of its poor quality or because it's crashing the PC on purpose. Has FTDI any credibility left?
-
My couple of USB Blaster clones:
(http://i.imgur.com/Nk0Q00A.jpg)
STM32 and PIC18. The STM32 doesn't work in Windows 10 and newer Quartus. It causes BSODs. Works ok in Linux. It is not bricked. The PIC18 works fine in Windows 10 and Linux.
It is really stretching it to say this one is FTDI's fault.
-
It is really stretching it to say this one is FTDI's fault.
No it is not. It is their driver causing the crash.
Because a driver is such an integral part of a kernel it really should not crash under any circumstance because it usually takes the whole OS with it if something goes wrong. Therefore a driver is typically something you go through with a fine comb and catch whatever problem may be lurking. A driver is not the place to skimp on boundary and NULL pointer checks. Best case scenario: FTDI introduced a bug in their newer drivers in order to detect functional equivalent devices and more recently to remove that functionality again.
-
It is really stretching it to say this one is FTDI's fault.
No it is not. It is their driver causing the crash.
Because a driver is such an integral part of a kernel it really should not crash because it usually takes the whole OS with it if something goes wrong. Therefore a driver is typically something you go through with a fine comb and catch whatever problem may be lurking. A driver is not the place to skimp on boundary and NULL pointer checks. Best case scenario: FTDI introduced a bug in their newer drivers in order to detect functional equivalent devices and more recently remove that functionality again.
How should they catch a problem/bug which most likely is not even possible to occur with genuine ICs? Also I really doubt they care any tiny bit about emulated stuff like this one. This is not a competition for them, nor floods the market with fake ICs. Also, those are outright counterfeit devices anyway, so I doubt they really care about those shady manufacturers as potential customers. What I think is possible, because of authenticity checks in newer drivers, this poorly emulated crap does something weird and crashes not necessarily FTDI driver itself, it can as well crash USB host controller driver.
-
It is really stretching it to say this one is FTDI's fault.
No it is not. It is their driver causing the crash.
Because a driver is such an integral part of a kernel it really should not crash under any circumstance because it usually takes the whole OS with it if something goes wrong. Therefore a driver is typically something you go through with a fine comb and catch whatever problem may be lurking. A driver is not the place to skimp on boundary and NULL pointer checks. Best case scenario: FTDI introduced a bug in their newer drivers in order to detect functional equivalent devices and more recently to remove that functionality again.
Yes, if FTDI deliberately caused their driver to BSOD by detecting fakes (and these are not even fakes - they don't purport to be FTDI chips at all, merely emulating a protocol) then its back to "fuck FTDI". I maybe shouldn't give them the benefit of the doubt after their past shenanigans, but it could easily be just an incompatibility between the newer FTDI drivers and these particular emulations.
-
The driver is made for a special identifier that belongs to an ftdi chip.
No other manufacturer should be allowed to use that identifier, hence if you use a device that tries to emulate or pretend to be such a chip all results are your own problem, you should have used an official device. You can impossibly ask ftdi to test their driver with all illegal or cloned chips, that is ludicrous.
-
The driver is made for a special identifier that belongs to an ftdi chip.
You can impossibly ask ftdi to test their driver with all illegal or cloned chips, that is ludicrous.
Now imagine the scenario where the driver receives malformed data due to an USB issue. When writing a driver you are not done developing software when the driver appears to work. There is a lot more to it!
edit: typo
-
@Kjelt - bollocks the 4 bytes "belong" to FTDI. Or anyone else has to be "allowed" to use those bytes.
-
I think you have 70 pages of reading to do before you can even suspect that you might have anything new to add! :palm:
Amen. Dude doesn't even know who Farnell (element14) are, yet thinks he has something to add.
It's not just Farnell, either. Digi-Key, Mouser, etc. have all had counterfeit chips slip into their distribution stream at one point or another. It happens.
-
About Farnell and FTDI, the bloke who claimed receiving counterfeits from them never came back to infirm or confirm it.
-
@Kjelt - bollocks the 4 bytes "belong" to FTDI. Or anyone else has to be "allowed" to use those bytes.
They belong to FTDI, because they pay for them annually to USB-IF. http://www.usb.org/developers/vendor/ (http://www.usb.org/developers/vendor/)
-
In what way is knowingly emulating a part illegal? The right to most aspects of reverse engineering and emulation for the purposes of compatibility are protected by law.
Not talking about legality of the hardware side of this this, it already starts to be illegal once you need to use FTDI driver with it. This is exactly the same as for example cloning SEGGER JTAG adapters or Saleae logic analyzers. Yes, software comes for free, as long as you use genuine device...
Direct copying of someone else's software
In this case inevitably illegally using someone else's software.
1.2 In this Licence a "Genuine FTDI Component" means an item of hardware that was manufactured for, and sold by, the Licensor or a member of the Licensor's group of companies. It does not include any counterfeit or fake products.
1.3 If you are a manufacturer of a device that includes a Genuine FTDI Component (each a "Device") then you may install the Software onto that device. If you are a seller or distributor of a Device then You may distribute the Software with the Device. If you are a user of a Device then you may install the Software on the Device, or onto a computer system in order to use the Device.
1.4 In each of those cases you may:
1.4.1 install and use the Software for your purposes only; and
1.4.2 only use the Software in conjunction with products based on and/or incorporating a Genuine FTDI Component.
1.5 The Software will not function properly on or with a component that is not a Genuine FTDI Component. Use of the Software as a driver for, or installation of the Software onto, a component that is not a Genuine FTDI Component, including without limitation counterfeit components, MAY IRRETRIEVABLY DAMAGE THAT COMPONENT. It is the Licensee's responsibility to make sure that all chips it installs the Software on, or uses the Software as a driver for, are Genuine FTDI Components. If in doubt then contact the Licensor.
Have you really read and thought about how ridiculous those conditions are? Consider a typical test setup with a mix of hardware. There may be some genuine FTDI and some FTDI emulating devices plugged in. The FTDI drivers are pulled in automatically, no questions asked. You don't really have a choice about which drivers are handling any particular piece of hardware. Unless you are seriously interested in finding out, you wouldn't even notice.
Just because someone writes stuff into an "agreement" doesn't mean courts won't have a good laugh about it. I wonder if there has ever been a court case to test this type of ludicrous attempt to restrict the use of drivers? Especially the part where FTDI cause malicious damage if they feel like it.
-
@Kjelt - bollocks the 4 bytes "belong" to FTDI. Or anyone else has to be "allowed" to use those bytes.
They belong to FTDI, because they pay for them annually to USB-IF. http://www.usb.org/developers/vendor/ (http://www.usb.org/developers/vendor/)
Exactly, if you use a standard, you need to play by the rules of the standard. If you use another vendors cheap device that offends the rules, don,t complain about the original vendors drivers, complain by the vendor that sold you cheap illegal crap. Complain by customs that allowed that illegal device to be imported at the first place, anywhere but those who do try to earn an honest living.
-
@Kjelt - bollocks the 4 bytes "belong" to FTDI. Or anyone else has to be "allowed" to use those bytes.
They belong to FTDI, because they pay for them annually to USB-IF. http://www.usb.org/developers/vendor/ (http://www.usb.org/developers/vendor/)
Yes. Did you know I own 4 bytes too? 0x4D616362
You may not know it, but I drew up a contract and set up a standards org called the Macb Benevolent Fund. I won't go into all the legal small print and required standards of use, but ultimately anyone who quotes those 4 ASCII bytes in any internet posting is required to pay me $10,000 per year. :-DD
-
Yes. Did you know I own 4 bytes too? 0x4D616362
Are you sure you're not ripping off Shakespeare?
-
And here we go into the puerile arguments again.
-
Yes. Did you know I own 4 bytes too? 0x4D616362
Are you sure you're not ripping off Shakespeare?
I was worried about that but thankfully my highly paid legal specialists Screwem, Goode & Hart have advised me the copyright on Shakespeare's works expired centuries ago.
-
@Kjelt - bollocks the 4 bytes "belong" to FTDI. Or anyone else has to be "allowed" to use those bytes.
They belong to FTDI, because they pay for them annually to USB-IF. http://www.usb.org/developers/vendor/ (http://www.usb.org/developers/vendor/)
Yes. Did you know I own 4 bytes too? 0x4D616362
You may not know it, but I drew up a contract and set up a standards org called the Macb Benevolent Fund. I won't go into all the legal small print and required standards of use, but ultimately anyone who quotes those 4 ASCII bytes in any internet posting is required to pay me $10,000 per year. :-DD
Sure, then use them with your own interface, write your own driver and certify it for your own OS.
-
@Kjelt - bollocks the 4 bytes "belong" to FTDI. Or anyone else has to be "allowed" to use those bytes.
They belong to FTDI, because they pay for them annually to USB-IF. http://www.usb.org/developers/vendor/ (http://www.usb.org/developers/vendor/)
Yes. Did you know I own 4 bytes too? 0x4D616362
You may not know it, but I drew up a contract and set up a standards org called the Macb Benevolent Fund. I won't go into all the legal small print and required standards of use, but ultimately anyone who quotes those 4 ASCII bytes in any internet posting is required to pay me $10,000 per year. :-DD
Sure, then use them with your own interface, write your own driver and certify it for your own OS.
No. Those terms are not in my contract. The one you didn't know about or agree to be installed but was anyway when you upgraded to Windows 10.
You still owe me $10,000.
-
Ok you made your point about byte ownership.
It's been a while so what about the older discussion, the one as to whether FTDI acted illegally or criminally in any legal jurisdiction.
I am pretty certain there are no criminal charges pending, but tell me if I am wrong.
I haven't heard of any civil actions against FTDI, anyone heard any word on this?
Can I conclude that if there are no successful actions against FTDI that AFAWK they acted legally then?
-
Ok you made your point about byte ownership.
It's been a while so what about the older discussion, the one as to whether FTDI acted illegally or criminally in any legal jurisdiction.
I am pretty certain there are no criminal charges pending, but tell me if I am wrong.
I haven't heard of any civil actions against FTDI, anyone heard any word on this?
Can I conclude that if there are no successful actions against FTDI that AFAWK they acted legally then?
If you take legal action the benefits need to larger than the expenses. The thing is that nobody cares and just uses different chips.
If you drive/walk through a red traffic light you are doing something illegal yet you'll find you can get away with it without getting a fine every day. Does that make driving/walking through a red traffic light legal?
-
Perhaps it was wrong (ethically) and not the wisest decision publicity wise, but not illegal IMO.
-
IDK about the Netherlands but in AU if you report a crime to the police they have a duty to investigate it. So no direct out of pocket expenses.
I really doubt there was any ever a crime committed but am waiting to be proven wrong.
If you take legal action the benefits need to larger than the expenses. The thing is that nobody cares and just uses different chips.
If you drive/walk through a red traffic light you are doing something illegal yet you'll find you can get away with it without getting a fine every day. Does that make driving/walking through a red traffic light legal?
The law in this case is hardly as clear as for a red light.
This episode hasn't and probably will not be tested in court, and that is probably because FTDI can make a good case, resting on the fact that the driver is only meant to work with FTDI chips. As we all know connecting software with unknown hardware gives unspecified behaviour.
So I think calling FTDIs actions 'illegal' in this case is too strong.
-
I don't care what you think because you are not a judge in a court ;)
Ofcourse I could file a police report but putting the proof together in an unambiguous way is going to take me at least a day if not more. You can't go to the police or a lawyer and only pointing a finger. You need to have credible proof to back your story.
But it is not worth the hassle especially since most other USB-UART converters work out of the box with Windows 10.
-
So I think calling FTDIs actions 'illegal' in this case is too strong.
For Germany FTDI might want to read StGB §303a and $303b about computer sabotage. Bricking chips by modifying the IDs, sending "non genuine ..." instead of the original data or crashing PCs on purpose is an offence. And no, an EULA allowing that doesn't work either.
-
If you can't proof they did it on purpose with the evidence to back it up, you have no case.
Besides that, no judge will convict a company that "accidently" broke illegal cloned devices from a company that breached their IP in the first place,
AND the company that made the clones will not file a lawsuit in the first place because they were wrong to start with and don't care about their "customers" they sold their crap to.
-
If you can't proof they did it on purpose with the evidence to back it up, you have no case.
Besides that, no judge will convict a company that "accidently" broke illegal cloned devices from a company that breached their IP in the first place,
AND the company that made the clones will not file a lawsuit in the first place because they were wrong to start with and don't care about their "customers" they sold their crap to.
Those are your assumptions. When it comes to legal matters you better make sure you have read and understood the application (=study similar cases) of the laws before making bold statements.
-
Those are your assumptions. When it comes to legal matters you better make sure you have read and understood the application (=study similar cases) of the laws before making bold statements.
As you did and you are now going to present your legal expertise findings to this forum..... ?
-
So, a lot of these issues were due to the chance of getting a counterfeit chip... well what if you only purchased genuine chips from Mouser, that to your dismay, respond with the "NON GENUINE DEVICE FOUND!" response?! I was "lucky" enough to get these! (date code 1550-C D5657501 if it matters), FTDI's response to mouser (seems to be a standard one):
"As a consequence of the R chip device success, it has become necessary to extend the chip identifier string by an extra bit to allow for the higher volumes. In completing this update, the driver also required a change to accommodate the revised string length. This driver fix has now been implemented in version 2.12.16.
http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.16%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.16%20WHQL%20Certified.zip)
We acknowledge that driver updates may not be appropriate or possible in some cases and would like to take this opportunity to allow customers to return affected devices under RMA to be replaced."
So yes, fantastic, genuine chips (with certain driver versions) come up as counterfeit. Yes, its confirmed that the latest driver works (but now i need to inform all customers with older drivers to update to the latest), but this is just another nail in the coffin for FTDI. Hopefully the chips work fine in Windows XP (with old v2.08 or whatever drivers)/Android.
-
Oh that is bad. Really bad. I could stomach the other stuff, but making your genuine chips incompatible with existing drivers is not on. They should have been a new revision or stepping and *required* a new driver update rather than just silently not working. That is unforgivable.
-
There were some rumours for a while but if this new one will be also confirmed then...another big nail sealing tight the FTDI coffin.
Have you read the book "How to f.ck a good bussines in 5 easy steps"? Me neither but FTDI Management for sure has done a deep study based on that book. They might be some of the authors :-DD
-
Does any know how the latest version (2.12.18.0 or 2.12.16) of the driver deals with fake chips?
I checked several of my one and two year old Chinese sourced board expecting to brick or see a "non genuine" message or something, but they are all working fine.
Out of curiosity, how many different fakes are there? Are there fakes of fakes?, Are there distinct families of fakes or are they all derived from a common original fake? Are the fakes being actively updated to counter the updates to the driver?
Mike
-
Avoid FTDI, that is the right path
-
So, a lot of these issues were due to the chance of getting a counterfeit chip... well what if you only purchased genuine chips from Mouser, that to your dismay, respond with the "NON GENUINE DEVICE FOUND!" response?! I was "lucky" enough to get these! (date code 1550-C D5657501 if it matters), FTDI's response to mouser (seems to be a standard one):
"As a consequence of the R chip device success, it has become necessary to extend the chip identifier string by an extra bit to allow for the higher volumes. In completing this update, the driver also required a change to accommodate the revised string length. This driver fix has now been implemented in version 2.12.16.
http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.16%20WHQL%20Certified.zip (http://www.ftdichip.com/Drivers/CDM/CDM%20v2.12.16%20WHQL%20Certified.zip)
We acknowledge that driver updates may not be appropriate or possible in some cases and would like to take this opportunity to allow customers to return affected devices under RMA to be replaced."
So yes, fantastic, genuine chips (with certain driver versions) come up as counterfeit. Yes, its confirmed that the latest driver works (but now i need to inform all customers with older drivers to update to the latest), but this is just another nail in the coffin for FTDI. Hopefully the chips work fine in Windows XP (with old v2.08 or whatever drivers)/Android.
FTDI: Drivers so secure, they won't work with our own hardware!
-
Avoid FTDI, that is the right path
Yep, when I was in the market for a USB to serial chip I looked elsewhere after hearing about the FTDIgate and all that. Found the Microchip MCP 2221, it's actually a pretty nice chip, it has other misc features like a few gpio pins and can also do HID and i2c. I have not looked into any of those features yet, I'm still a newbie myself at electronics, but it's nice to know they're there.
-
Silabs CP 2102 another option
-
Glad that I never use FTDI in the first place. Microchip USB MCU is another choice (like PIC18F4550)
-
This could be coincidence or unrelated but we have just had 3 Barth PLCs fail with a comms error, the PLC works fine with the previous program but when trying to update it just says "iThok-RS232: Error write data ti", the virtual COM port that was previously there dissapears. Barth are a low end PLC but are a German company distributed by RS Components. Inside the PLC I can see the FTDI chip. The first unit ran 2 weeks, the 2nd ran 2 days and the 3rd for 1 day.
If its the case that some fakes have gotten into the supply chain and causing this problem (from what I read here they dont fry them just ignore them now) what drivers can be used to read the fakes? (if indeed they are fake... no evidence for that yet).
-
Never use FTDI before, glad that I don't need to use them.
-
This could be coincidence or unrelated but we have just had 3 Barth PLCs fail with a comms error, the PLC works fine with the previous program but when trying to update it just says "iThok-RS232: Error write data ti", the virtual COM port that was previously there dissapears. Barth are a low end PLC but are a German company distributed by RS Components. Inside the PLC I can see the FTDI chip. The first unit ran 2 weeks, the 2nd ran 2 days and the 3rd for 1 day.
If its the case that some fakes have gotten into the supply chain and causing this problem (from what I read here they dont fry them just ignore them now) what drivers can be used to read the fakes? (if indeed they are fake... no evidence for that yet).
That's easy. Replace Windows with Linux. FTDI drivers are built into the Kernel, and there is none of this "clones vs. monopoly" bullshit, so it should "Just Work".
Friends don't let friends design anything industrial using any Windows O/S ...
If you can't change the O/S at this stage of the game, then get your supplier to fix it-- (it should be under warranty)-- replace the board(s) that have the clone chips in them with boards that have FTDI chips in them.
We got the issue sorted, nothing to do with FTDI chip in the end. Something weird deep in the .ini file causing an issue as we were pushing the little PLC a bit hard. We got it sorted with some good tech support from Barth and pro-sign.de so thumbs up for them.
Thumbs down as well for FTDI anyway.
-
just a general question, does FTDI still continue to brick CHINA FTDI products?
cos i just bought some FTDI equipped stuff from CHINA and the supplied driver is not working, i am contemplating to use the actual FTDI :scared: driver ... or does anyone have a CHINA version driver like v2.12.14 i could "borrow" ... :P
-
I'm pretty sure that new drivers don't brick the chips, they just won't readout data correctly. http://hackaday.com/2016/02/01/ftdi-drivers-break-fake-chips-again/ (http://hackaday.com/2016/02/01/ftdi-drivers-break-fake-chips-again/)