Slashdot Mirror
FTDI Removes Driver From Windows Update That Bricked Cloned Chips
New submitter weilawei writes: Last night, FTDI, a Scottish manufacturer of USB-to-serial ICs, posted a response to the ongoing debacle over its allegedly intentional bricking of competitors' chips. In their statement, FTDI CEO Fred Dart said, "The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user's hardware being directly affected." This may have resulted from a discussion with Microsoft engineers about the implications of distributing potentially malicious driver software.
If you design hardware, what's your stance on this? Will you continue to integrate FTDI chips into your products? What alternatives are available to replace their functionality?
If you design hardware, what's your stance on this? Will you continue to integrate FTDI chips into your products? What alternatives are available to replace their functionality?
This is why I love PICs
They are a Scottish firm subject to U.K. Law (specifically Scottish law). As such unauthorised modification of computer materials is a criminal offence punishable with a maximum sentence of six months in jail or a 5000GBP fine.
Stopping their device driver working with clone/counterfeit chips is fine. Making modifications to data help on such chips is outright illegal.
I can only imagine that the lucky guy who picked up the call from Redmond about 'so, we understand that you...made a few changes...to the behavior of your WHQL drivers that frankly don't make Windows Update look very good...' got quite an earful.
Even if MS thinks FTDI is on the crusade of the righteous, it certainly isn't to their advantage to have Windows Update involuntarily pulled into the fiasco.
FTDI's chip is popular, and heavily counterfeited. Right or wrong they felt they had to go to these lengths to protect their business, and it has had the effect of bringing counterfeited chips into the public consciousness.
The problem however, is that switching to another chipset won't eliminate the counterfeiters and the people who slip these chips into the supply chain to save a few bucks.
So the better question is how can we improve the system to ensure that counterfeit chips aren't being secretly swapped into our products.
Does FTDI provide a utility to un-disable the disabled chips? If the answer is no then the chips are for all intents and purposes bricked.
It's not a grey area at all; FTDI intentionally did this. That is a crime. There is no exception in the law for cases of counterfeit merchandise. If their driver update happened to unintentionally cause counterfeits to be bricked, it would not be an issue. But this was intentional and they admitted as such.
99% of people with the counterfeit FTDI products don't know they're counterfeit. They are victims too - victims of unscrupulous vendors.
... that make me so happy to run Linux Mint and CyanogenMod exclusively as my OS's ...
We should learn what we need to know about issues, before we decide what we need to feel about them.
If I was a hardware manufacturer, this would make me MORE likely to use FTDI chips. It means I have greater confidence that what I'm getting is "real", because I know that they are actively trying to make counterfeiting their product more difficult.
Is there a way to detect a counterfeit chip without bricking it? If that's the case, they could have just added a System Log message "FTDI device attached to system is not genuine! Driver will not start." Then the driver would return an error and Control Panel would show a yellow exclamation mark for the device.
When you send your fake Rolex (that you think is real) into Rolex for service, they don't send it back to you, they confiscate it as a counterfeit and it's destroyed. I went through this myself with a fake Mophie battery pack. They sent me back a photograph of the giant piles of counterfeit batteries that they confiscate because they came in for warranty work, and they weren't real.
This is functionally no different from that.
My involvement with hardware is currently only as a hobbyist, but there's a hardware project I might get on soon at work. FTDI has shown that it is willing to punish both direct and indirect customers for a wrong committed by a third party, and has not even remotely recanted that view. Management apparently thinks that they merely went too far when the world is shouting at them that going in that direction at all is unacceptable.
The obvious alternatives for USB-to-serial are:
1) Prolific 220x
2) Build a soft UART with a suitable microcontroller (PIC, AVR, Cortex-M0, whatever); this is apparently how the fakes work anyhow. Conform to USB CDC and most operating systems should have a built-in driver.
We don't use any of the serial only chips, but on the higher end with JTAG and SPI the FTDI parts work great and aren't too expensive. If any "clone" chips get into our supply chain we would be very pissed at whoever did it. We specify actual FDTI parts for a reason. The "clones" have very hit or miss quality. We don't use them under windows either.
As a "maker" who sells small runs of boards that I have manufactured in China by an assembly house, I trust that they will build the board to spec. But I do not have the wherewithal to manage and secure my supply chain from start to finish. If I specify a part, I trust that the assembly house uses genuine parts. If they do not, I don't know what sort of recourse I have if, two years, later, all of my parts start being bricked. But I certainly see it from FTDI's perspective (and Prolific, another serial chip manufacturer with the same problem). It's a really tough problem. I don't know what the right answer is. Maybe create a standard for USB serial interfaces that everyone can use? I think that already exists (the CDC).
the growth in cynicism and rebellion has not been without cause
Edit: Last night, FTDI, a Scottish manufacturer of USB-to-serial ICs, posted a response to the ongoing debacle over its allegedly intentional bricking of competitors' chips. Replace "competitors' chips" with "chips made by illegal scum sucking counterfeiters who bear no costs of driver development or warranty that unscrupulous manufacturers use to make a few more points of margin at the expense of FTDI and customers".
When Rolex sneaks into your house because somewhere in your apartment lease you agreed that trusted maintenance people could do so to make sure that everything is on the up and up, finds your Rolex to be a fake, and takes a winding gear out... would you consider that to also be functionally no different?
Because that's more akin to what has happened.
Windows users allow Windows (by default) to let WHQL drivers to be updated silently. FTDI made use of this mechanism to update their driver. Their driver, when called upon to communicate with the device, then sends it some data which either does nothing (genuine) or reversibly disables it (if counterfeit).
Section 3 "unauthorised modification of computer material" being the relevant element. There isn't, I think, an existing case which exactly mirrors this, but it is similar to the matter of "time locks" in software (where a program disabled itself after a given time). For a long time after the passage of the act, lawyers theorised that such locks might be illegal in some circumstances; the prosecution of Alfred Whittaker in Scunthorpe Magistrates Court in 1993 showed that it could be. But crucially in Whittaker, the locks were unknown to the customer (the company on whose computer the software was installed) - I don't think anyone thinks that time-limited trialware ("this software will stop working in 28 days unless activated") is illegal.
So whether FDTI are in trouble will depend on what expectation someone might have when installing the new driver (where the court assumes they actually read the licence screed). If the expectation was solely that it would improve their system or do nothing, they weren't giving consent, and FDTI may be found to have breached section 3. If the licence unambiguously said "this update will detect and disable fake or work-alike products without further interaction", they're probably fine. Likely the wording is much less clear, which is what keeps lawyers in jobs.
If all the bricked chips are counterfeits (that is, they have fake FDTI markings and have been passed of as real FDTI products), the Fiscal is probably going to say that a prosecution isn't in the public interest. The authorities, often working with trademark owners, have routinely seized counterfeit goods from unknowing individuals, with no compensation; they may argue this is an analogous case (sweeping analogies is what keeps judges in jobs). But if someone has been making FDTI workalike clones that aren't pretending (to consumers) that they're the FDTI product, their customers would have a better chance of twisting the Fiscal's arm.
## W.Finlay McWalter ## http://www.mcwalter.org ##
Any BOM that passes through my hands will get FTDI crossed off. I'm sorry they have a counterfeit problem. They need to improve anti counterfeiting measures instead of inflicting collateral damage. Their abrupt decision is smelly no matter how you look at it.
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
The FTDI driver license states "The license only allows use of the Software with, and the Software will only work with Genuine FTDI Components. Use of the Software as a driver for a component that is not a Genuine FTDI Component may irretrievably damage that component. It is your responsibility to make sure that all chips you use the Software as a driver for are Genuine FTDI Components." Surely they neglected to share this with their lawyer. You can't punish users because the manufacturers are breaking the law. How is my mother going to know if she has a genuine FTDI chip or not? That's just asinine.
That isn't actually so clear:
According to the die shots, the clone chips' implementation is more or less entirely different from the FTDI implementation. Intended to be pin-compatible, and exhibit the same behavior; but totally different silicon, not a cut and paste job.
The clones that are then labelled and sold as 'FTDI' are, certainly, in all kinds of violation of trademark law; but what of any that are just blob-topped or generically packaged and not represented as being actual FTDI? Not something FTDI likes, or is obliged to provide driver support for; but neither was the Compaq 'IBM PC compatible' BIOS.
Even if the (typically very harsh, though widely unenforced) laws regarding trademark infringing goods do actually allow FTDI to brick them in the field, they haven't actually established that a given chip is a counterfeit, rather than a mere clone, before bricking it. Unless they wish to claim that "0x0403" is entitled for trademark protection, the driver is hardly in a position to distinguish between the two.
I'm quite certain that most people wouldn't even know that they invited anybody into their house - as it is, they're technically already in the house (FTDI's drivers come with Windows). The invitation would be with the update - but as the occupant, I'm even unaware of this invitation. In this analogy, I trust my landlord, and my landlord trusts the maintenance people. The maintenance people broke that trust, no matter how well-intentioned their actions.
As far as the winding gear bit - FTDI merely cause a re-write of the USB PID to 0000. Nothing that can't be restored, just as a winding gear can be put back into place. It's not so much destruction as it is disabling.
Anyone old enough to remember that Microsoft message?
"Eve of Destruction", it's not just for old hippies anymore...
They could make an argument that "0x0403" is a reference to the "FTDI" identifier, which is trademarked, and so they are claiming (to hardware and anyone who talks to it directly) that they *are* made by the vendor 0x0403/FTDI. At which point, it's a textbook trademark dilution matter.
We had a similar situation come up with one of our older products. People copied our initial hardware designs some 12 years ago, built (crappy) knock offs and sold them as their own along with copies of our chips to go along with it. The black market was clearly going to run us out of business and I despised the idea of having to basically compete with ourselves just to keep handing new features over to leeches. It was infuriating to the point that I had seriously considered just shutting the business down and moving on to other things.
Instead, we spent a LOT of time redesigning our stuff to prevent anyone from (reasonably) being able to do that again. We basically wasted an entire year just dealing with counterfeit issue rather than improving our core product.
Luckily it paid off and we were able to shut that whole black market segment down. But at one point we had to consider the same option FTDI did. We gave thought to effectively bricking devices that we were able to identify as counterfeit or, worse, someone would send us one of these counterfeit packages asking us for support or service on the item. We had to basically return to them a chip and adapter we knew, without a doubt, was a bogus copy of our stuff.
It was hard, but we knew full well we could not possibly damage or keep something they had purchased through what they considered legitimate channels. FTDI should have realized this as well. They royally screwed up on this one.
It's a little strange, though, because if you buy something somewhere and it ends up being a stolen item, you're obligated to give it back to the original owner. I mean the police trail leads to your doorstep, you're out the item you bought whether you knew it was stolen or not. I guess the same concept doesn't applied to IP somehow. I'm not even sure how it would. I guess IP isn't really "property" after all.
The T&C are there. If you've decided to automatically accept updates without reading the T&C you're agreeing to, well, that's your own bad legal judgement.
And -- in this case -- the T&C specifically say that they "may" break counterfeit hardware.
I work somewhere (a large chip manufacturer) where we use USB serial adapter cables all over our testing lab to interface things like thermal controllers. Since these are COTS items we have no control over what chip is in them. If this update had bricked our entire lab, it would have been a disaster and a total show-stopper for our testing schedule until we located (and understood!) the problem and fixed it. Personally I think it was a childish way for them to handle this situation and I'm glad they saw reason and yanked it back before it created a total disaster.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
That is theft, outright, and you could easily sue for it. They dont get to keep property that is not theirs. Anyone with money to burn would ass ream them in court for that.
Good-bye
Today Atmel, Microchip and others make inexpensive microcontrollers with native USB peripherals. The Atmel "8u2" chip, for example, is less expensive than even most of the FTDI clones, and certainly a LOT less than a genuine FTDI chip.
For years, I've published a very simple and easy-to-use USB code for those chips.
http://www.pjrc.com/teensy/usb...
I also publish a signed INF installer that works with ALL USB Serial based on this standard protocol (called Communications Device Class, Abstract Control Model, or CDC-ACM). All 3 operating systems have the necessary driver built in. Mac OS-X and Linux load it automatically. Windows needs the user to add a INF.
http://www.pjrc.com/teensy/ser...
Sadly, the CDC-ACM driver in Windows (called USBSER.SYS) is buggy. About a year ago, I sent Microsoft this reproducible bug report.
https://www.youtube.com/watch?...
In a follow up email a few months ago, they were supposedly testing a fix. I'm hopeful that Windows 10 may be the first version of Windows to ever ship with a good quality USB Serial driver (as Linux has done for many years, and Apple as done since releasing Lion a few years ago).
PJRC: Electronic Projects, 8051 Microcontroller Tools
Seems like FTDI has admitted they were bricking counterfeit parts on purpose. How would someone go about determining if their device quit working because it was bricked by FTDIs bricking driver? Is there a lawyer out there who would want to do a class action against FTDI for damaging peoples equipment? Also I do not see why FTDI would take this approach I would think they would stand to make a lot of money and gain some good will if instead they had their driver pop up a message to the user that his device had a counterfeit FTDI chip in it and offer the owner the option to join a class action suite against the equipment manufacturer by entering certain info (name address equipment make model and manufacturer ) and in return they would allow their driver to work with the counterfeit chip and share in a settlement over the counterfeit parts or they could purchase a right to use their driver for a fee equal to the chip cost ($2-$10 depending on chip) or they could choose to do neither in which case the driver would no longer work with the counterfeit chip. This strategy would help them eliminate counterfeiters or at least pay them for the right to use their software.
So we shouldn't just blame the users for buying products with counterfeit chips - which they may very well not even have known about - but we should also blame them for not digging up the automatic driver update mechanism that they may very well not even have known about?
Is there anything else we could blame on the user - the party most immediately affected - in this situation?
Although I disagree with what FTDI did, this is a terrible analogy.
FTDI did not "break" anything. They modified counterfeit products so that they would no longer function with FTDI's drivers. The device itself was still fully functional, and could even (fairly easily) be modified back into a non-counterfeit state.
The "watch" equivalent would be as if a Rolex service person was invited into your house (you initiate driver updates) to service your Rolex watch and your Rolex clock. You watch and clock are the latest "smart" devices and time-sync with each other via Wi-Fi.
The service guy notices that your Rolex clock is actually a "Rollexx" knock-off, so he wraps the antenna in tin-foil so the two can no longer communicate.
You are free to take the tinfoil off after the service guy leaves. (ok, it's a little bit harder to reprogram a PID, but given there were "fixes" up yesterday within hours of the story breaking, it's a reasonable analogy).
No, I think that about covers it.
The comma might recieve a pardon, but the first period and capital B on "But" will be tried, found guilty, and executed immediately.
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
FTDI tried to also get the "brick-patch" to Linux, but Greg Kroah-Hartman blocked it with this response:
Funny patch, you should have saved it for April 1, otherwise people might have actually taken this seriously :)
Patches as performance art, now I've seen everything...
greg k-h
As a potential end-user (i.e.: I bought an Arduino to explore a hobby, and own a device with an embedded Ardino), I would point out that FTDI's statement isn't an apology but an excuse for their behavior:
As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honourable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.
As such, if you specify FTDI products but your supply chain can't guarantee or hasn't guaranteed genuine FTDI products, or has specified or equivalent products, you're still vulnerable to their drivers suddenly causing your products to fail. You're customers won't love you for that! You still have every reason to evade FTDI at this point as they're still threatening an existing product base.
As an end-user, the issue of counterfeit chips doesn't rise to the level of probably aware.
This perspective is not terribly fair to FTDI's product line being subverted by counterfeits, or the general problem of counterfeit devices. All I can suggest is some form of planned obsolescence implemented by FTDI's drivers (which is just a fig-leaf of protection from irritated end-users.)
"Bricked" means that it is no longer useful, ever, under any circumstances. It's dead, and not recoverable.
In this case the end user is temporarily inconvenienced until they load up some software to restore the PID, or use software that can make use of the device even with a PID of 0.
As I understand it, FTDI doesn't actually have legal ownership of the PID:VID combo. usb.org handles the PID:VID registry, but if a chip manufacturer hasn't registered with them there is no legal reason preventing them from using any PID:VID numbers that they feel like.
Yesterday a number of my clients called me to say they wanted me to design out the FTDI FT232R from current designs and replace it with an alternative (I settled on the Microchip MCP2200). Today, after this news, I called each of them to explain FTDI's change in policy and see if they still wanted to make this change. All of them said yes.
The feedback was essentially this: FTDI's actions left a bad taste in their mouth and they didn't appreciate this action being taken without any real attempt to notify resellers and manufacturers; and now that they know the alternate chip I proposed was about half the price as FTDI's offering they are happy to change. Now none of these people are high volume manufacturers, so it will unclear if FTDI will even notice.
The reason I have found for most clients wanting FTDI is confidence in the brand more than anything else. This move will affect it a little, but people's memories are short, and FTDI responded quickly enough that they won't suffer too much damage. My prediction is that FTDI will take a dip in sales for a quarter , and then things will return to more or less normal; but companies like Microchip will likely see an uptick, because manufacturers more aware of the alternatives.
What do you know I wrote a novel
But you aren't a FTDI user, you are a user of a counterfeit device that happens to lure the OS to load a FTDI driver.
If anything - shun Chinese fake products.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
The government is the only reason why that IP is "your IP". It's an artificial monopoly granted by your government that does not exist in natural law. They're your sole recourse. Damaging other people's property, knowingly and/or intentionally, is not on the list of legal avenues for recourse, and will probably get you in to legal trouble, as you're about to see with FTDI. You don't have a right to enforce copyright law yourself. The government is your sole remedy. You'll feel bad when you're fined and jailed.
It is a textbook trademark case, but you're referring to the wrong part of the textbook. Consider the case of the game consoles which wouldn't operate without a bit-for-bit copy of the manufacturer's logo in the ROM, a trick intended to shut out unlicensed game developers. The court ruled that third-party developers could include the logo image without a license despite the fact that it was both copyrighted and trademarked, because the manufacturer had chosen to make it necessary for compatibility.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
The problem is that FTDI wasn't screwing up "whomever is profiting from ripping [them] off." The device user likely purchased the device expecting a genuine chip. Refusing to work with the fake would have achieved the same effect, but would have left the user with the ability to (possibly) obtain a different driver (legal 3rd party, FOSS, etc).
Since you proposed a wild west analogy, it would be like finding out that a cattle rustler "borrowed" one of your free-range bulls to impregnate* his cows, the offpring of which were sold to local farmers. So, in retribution, you ride in and shoot all the calves which have similar patterned spots on their fur, thereby punishing the farmers who innocently purchased the calves at auction. Meanwhile, you have done nothing to the rustler who actually committed the crime.
Do this a few times and you are likely to be the one who is going to be lynched.
* The rustler returned the bull to the range. Only the bull's "software" was being copied. In case anyone wants to complain about the analogy, think about stud fees for prize bulls.
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
But in this case, the manufacturer didn't choose that 0x0403. The USB working group did.
How do we know the @)#$*)@^& driver isn't buggy?
Hardware drivers routinely are shitty.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Counterfeit components are much more of an issue than you might imagine. Counterfeit and reclaimed components are very common in the component supply chain, and there's almost no way for a manufacturer to determine whether they've bought a dud or the genuine article. Most electronics companies contract out circuit board manufacture and component procurement - unless you're making a huge number of boards, it simply isn't economical to run this kind of operation in-house. At the end of the day it comes down to trust and supplier vetting - but you can only really vet the first link in what can be a very long supply chain. All it takes is for one supplier in the chain to be slightly dishonest, and you end up with a counterfeit device on your board.
Now - there are companies who will specify forged parts - but equally there are companies who specify the genuine article, and don't get it. How would they ever know? FTDI's approach is (was?) to stop the end-user's device from functioning. This device could have been supplied by a legitimate supplier (and not a dodgy eBay import) - yet this company was (until now) completely unaware until faulty units start piling up on their doorstep. Let's also remember that not all electronics companies are the size of Cisco - and a product recall to replace what they believed to be a genuine part could prove so expensive as to put someone out of business.
Realistically, it's an almost impossible problem to solve - semiconductor manufacturers deal in massive quantities through distributors - and the smaller the quantity that you require, the more distributors are involved in the sale. Some may advocate buying direct - but realistically, no semiconductor manufacturer is equipped to do this at present. Manufacturers need to find ways to prove that their components are authentic, rather than telling end users that they have bought a fake.
Have a look at this blog - a small supplier of a very nice series of logic analysers who were hit with exactly this kind of problem. They procured components in good faith, yet had to carry the costs of their supplier's dishonesty. Not what a small business needs when they're just getting going.
Instead, we spent a LOT of time redesigning our stuff to prevent anyone from (reasonably) being able to do that again.
Any pointers you care to share? Or would that be proprietary IP?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
They could make the argument; but I'm not sure that they could win it.
It is widely accepted that you can use a protected mark, so long as you don't do so deceptively, to provide information about your product(the usual formulation is "Store brand product, compare to Product(tm) active ingredients). Not a trademark violation, even if the trademark holder might not like it; just telling the customer what your product is intended to be compatible with.
In computing applications, since the data are usually being sent to an (often inflexible and buggy) program rather than to a human, and since identifying information is often necessary for operation, even more blatant use is often accepted. Most browsers still claim to be "Mozilla/5.0" followed by a bunch of other stuff, often equally trademarked and equally false, because that particular string was the only way to get the correct output from assorted crufty HTTP servers. In more adversarial cases, like Lexmark's battle with Static Control Components over toner lockout chips, SCC ended up being allowed to duplicate an even larger chunk of Lexmark's firmware, over Lexmark's objections; because that was deemed a technically necessary part of producing an interoperable toner cartridge.
The USB VID/PID is conceptually in a similar position to the browser UA: it's not hard to find; but not really there for human readers and subject to fairly specific technical limitations if you actually want it to work. "0x0403" is a valid VID. "0x0403 (compatible; China Cloneshop)" is not. It won't even work, much less request the correct driver. USB does provide for purely descriptive, human readable, information fields ('Manufacturer String Descriptor', 'Product String Descriptor', and 'Serial Number String Descriptor') and those aren't subject to technical constraints.
I certainly wouldn't want to be on defense if I were selling a product with somebody else's trademark misused in the string descriptor fields; but the VID/PID would be much more defensible.
Thanks for finding that for us.
MODS : mod parent up, plzokthx!
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The reason the most manufactures use the FTDI driver is because most windows systems already have it installed. This makes it easier for consumers because they don't have to track down a driver from some unknown source. But it is well within FTDIs right to change their driver as it fits their needs. The solution would be for their to be a standard driver that manufacturers could use for usb to serial communication just as there is a standard mouse and keyboard driver for usb devices.
"When you send your fake Rolex (that you think is real) into Rolex for service, they don't send it back to you, they confiscate it as a counterfeit and it's destroyed."
That's a lawsuit waiting to happen. If it's not your product, you send it back to me. You don't go "Oh, you bought a knockoff, we're just going to destroy it and not give you a choice in possibly getting your money back." No, you give me my fucking product back and that's the end of story unless I tell you otherwise.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
And in turn, when primitives like you act on it, the government has to make sure you do not do it again. There is a reason for the monopoly on violence and there is a reason to enforce it.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
They seem to be the only vendor of USB serial chips whose products seem to "just work" under the majority of use cases, on both Windows and Linux. Every time I have had a weird USB serial problem (on either OS), the solution has been to get a FTDI-based device. Problem solved.
If 3rd party vendors are illegally appropriating their IP, then they can go after those vendors in court. I also have no problem with them rigging their driver so that it does not work with "clone" products. But intentionally damaging devices they do not own steps over the line.
I do not think a boycott is the answer. Yes, they made a mistake with this driver update; but do you really want to (potentially) drive the designer of the best existing USB serial chip out of business? If we go that route, everyone loses.
.
You can't go destroying hardware owned by consumers, no matter what the reason.
They explicitly wrote code that intentionally bricks the connected device. It takes advantage of a bug/ implementation detail such that it does NOTHING on a FTDI device. Because it doesn't do anything at all on a genuine FTDI device, there is no innocent reason for FTDI to put it in their driver.
If the code did something useful on an FTDI device but broke counterfeit devices, that could be accidental. That's not the case, though - the code never does anything good, it only breaks things.
The Chinese Govt doesn't give a rat's ass about this; they're filling their pockets too.
I have at least one counterfeit problem a year, and our supply chain is as locked down as it gets.
If a medical device fails, and someone dies because of their driver, they'll all be in prison, from the ceo to the guy that sent it to M$.
Truth isn't Truth - Guliani
A fake battery pack is probably a fire hazard, having to be destroyed, and were under no obligation to send you back a replacement.
Doc, my chest hurts. Ohh, seems your heart transplant was from an unofficial donor, we'll just destroy that for you.
Well, as noted, it happens with watchmakers, clothing/accessory companies as well, etc., etc.
Reading the article now (shame on me for not doing so), I suspect there is malice or 'good intentions' resulted in failed risk analysis and fallout prediction.
Jumpstart the tartan drive.
They can be taken from you by authorities, not businesses. Regardless of its IP status, that physical item belongs to me until a judge says otherwise.
Good-bye
It's a shame that USB has UMS for storage and UVC for video, but there isn't a similar standard for COM ports.
With that said, it's a serial port. Come on guys!! Just make a pin compatible part and write your own driver. It would probably take about the same amount of time to reverse engineer FTDI. Can you even copyright an IC footprint?
What about the intel X86 compatible clones that were common in the 1980's and 1990's? Intel didn't give permission for other companies to use their instruction set.
That would be wrong.
AMD and Intel had a Microcode cross-licensing agreement from way back in the late 1970s.
Even if they hadn't, word on the street is that one of the requirements IBM had for using Intel processors in its personal computers was that there had to be a second source for them. Meaning that Intel had to license the designs to a second company. What company was that? AMD.
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
No, you give me my fucking product back and that's the end of story unless I tell you otherwise.
Whoa, we got a badass here.
Explain again why Rolex is obligated to send a counterfeit product to you via mail. Is it something to do with "hard-earned money" or some shit like that which gives you some sort of magical capitalism rights because you paid for a product with money from your hot little hand? What about the rights of Rolex to enforce their trademarks? Does the fact that you paid money for an illegal product (and then had the fantastic idea to send it to them to fix) overrule their right to protect their business?
If it's not your product, you send it back to me.
But it says right there, right on the watch face - "Rolex". That's their product, right? You sure as hell thought it was when you bought it for fifty bucks, right? Or did you know it wasn't theirs, but decided to send it to them for service anyway?
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
FTDI didn't choose that specific value(though, thinking back to Intel's amusing choice of '8086' as their PCI vendor ID, you probably can choose a VID if you push hard enough or have a cute reason); but there are still some commonalities(though arguably some differences as well):
The USB spec (and, probably more importantly, USB as implemented on basically all commercially relevant systems) supports essentially two mechanisms for telling the OS what driver your device requires:
If supported by a generic class driver; your device descriptors include a bDeviceClass field containing a defined USB device class code; but isn't 0xFF(which is valid; but means 'vendor defined'), a bDeviceSubClass field with a valid subclass code, and a bDeviceProtocol field with a valid protocol code.
If your device is supported by a specific driver(or one of the hybrid arrangements, not uncommon, where a versatile device class like USB HID will be used to do most of the low-level work; but a vendor-specific driver will implement whatever device specific behavior is offered on top of that), then you need to supply the correct VID/PID combination.
Now, let me be clear, I see absolutely no reason why FTDI should need to provide driver support for clones, so even if Windows(correctly, as an OS) responds to a USB device with an FTDI VID/PID by loading the FTDI driver, it is fully within their rights to have a driver that detects and ignores non-FTDI parts.
However, (and this is where the analogy to consoles and trademarked-but-technically-necessary really comes in), the USB spec does not offer a 'compatible with VID/PID' device description option. Either you specify the appropriate generic class, or you specify a VID/PID and a vendor-specific class. There is no other way (barring atypical configurations and kernel hacker tricks that aren't of much use in the wider world) to do it.
If you want a Game Boy or whatever to load your cartridge, you need that logo to be present at the appropriate address. If you want to specify "I need the driver that supports device X", you have to supply device X's VID/PID. There is no 'compatible with device X; but actually made by me' mechanism.
If you are buying fake FTDI gear to take advantage of FTDI's driver devs, then I have no pity. Not FTDI's problem to support you. However, there are 3rd-party FTDI-device-supporting drivers (notably on Linux and BSD, maybe somebody has ported one to Windows or OSX, maybe you plan to implement your own, whatever) that it would be perfectly legitimate for an FTDI-compatible device to request, and (so long as it doesn't involve copyright or patent infringement, or fraudulent misrepresentation) there are perfectly licit non-FTDI chips that implement FTDI-compatible behavior. The USB-IF certainly doesn't have enough power over short hex values to stop that; and I'm not convinced that we would want them to.
A large number of now standard or semistandard devices, protocols, and command sets we don't even think about today started life as dirty clones of the more popular brand: The PC BIOS, the (still spoken, in extended form, by a moderately alarming number of things) Hayes command set, the 16550 UART (originally a National Semiconductor model number; now register compatibility with those is practically a standard in itself, thanks to about a zillion clones), the NE1000/2000-compatible NICs that helped make ethernet ubiquitous and cheap...
Again, FTDI has every right to make the use of their drivers contingent on the use of their ICs (or some other licensing terms, if that amuses them). Also, non-FTDI parts being sold (with varying degrees of sophistication, from pure nonsense to nearly perfect fakes) as FTDI is a bad thing. For FTDI, for the buyer being defrauded, for the electronics supply chain generally.
However, we would not be well served to be blinded to the (generally desirable and helpful, as much as incumbents dislike them) history of 3rd-party in
The number may have been assigned by the USB WG, but it was the manufacturer who decided to check for it in the drivers. Either way, the use of that number is a necessary part of creating drop-in-compatible hardware.
Of course, they can't advertise their product with the USB logo if they're not following the USB specifications, including the use of assigned ID numbers, but that's a separate matter. There is no requirement for non-members to adhere to the ID numbers assigned by the USB WG so long as they don't claim to be fully compliant.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
> It's not the fault of the driver if ... the driver tells the hardware to do a write, and the hardware does
How do you figure that what the driver does isn't the fault of the driver?
The driver gives instructions that tell the hardware to self destruct. The hardware faithfully follows the instructions.
It would be different if the instructions were to do something useful, but the clone instead destroyed itself. There is no innocent purpose for this sequence of instructions.
I think DirecTV got away with that in part because they still owned the cards in question and were just allowing users to make use of them. (The hack worked by modifying official DirecTV cards.)
Actually, it is not. "Their" USB VID/PID can legally be used by anybody, it just means that the USB logo may not be used. AFAIK (and just checked on some FT232 I have), there is no USB logo on these chips.
Oh really? Not according to this FAQ:
Regardless of the fact that it may be legal for others to do so, it's unethical and clearly misrepresentation. It's like when Palm tried to use the USB VID of Apple so iTunes would think the Palm Pre was an iPhone - great for Pre users until that causes crashes or data corruption for users and Apple could be held liable.
Rightly so, Palm was slapped down for their "reuse" of Apple's VID.
Make sure everyone's vote counts: Verified Voting
I will no longer put any FTDI parts for two reasons :
No more money for you FTDI. Try to innovate instead of trying to brick people's hardware.
uski
The makers of counterfeit chips are in the wrong here, not FTDI. They used FTDI's PCI vendor ID (presumably without authorization).
Everyone who had a bricked chip should go to the manufacturer and demand a replacement or a firmware flash. Maybe then those guys would use their own device identifiers and supply their own drivers.
But most people are probably just cutting corners to get something cheap. And then they blame everyone else for their problems.
Bottom line: This driver would never install on a system with a counterfeit chip if the vendor did not use FTDI's identifier. There is a standard, and it was violated by each and every knock-off chip that bricked.
Maybe FTDI deserves some heat for sticking it to their non-customers, but I have little sympathy for anyone in this snafu.
---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
A big advantage of running Windows and requiring signed drivers!
Oh, wait, no, that's the opposite. LOL.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
The chip itself was an unlicensed knock off that used the same drivers.
No mercy.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
I don't have to share my IP with you or anyone. I can make it and keep it for myself. Who's is it now?
And what incentive do I have to share it with you or make it if you're just going to jack it?
You're effectively justifying behavior that undermines the whole information economy. It's fucking retarded.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Alright, regardless of your take on FTDI's actions. Isn't the real problem here trying to fix a broken market with a regulatory or software solution?
I mean why is the FTDI chip so routinely copied, or cloned? It all comes down to price and availability. We saw this with online music, and we are seeing a corollary here. In this case the end users aren't the market though, they are collateral damage in the dispute between FTDI and hardware manufacturers. FTDI has a product the market wants, but they are asking for a price that the market doesn't want to pay. So people are stepping in with drop in replacements for the parts that the market doesn't want to spend money on, or can't get access to. The best way for FTDI to fight clone makers is to lower their prices and raise their production until the market decides that taking the risk with a clone chip isn't worth it.
And this doesn't just apply to FTDI. This applies to anyone making a commodity part that is widely used by the electronics industry. Sure high quality part manufacturers will never be able to bring their cost down the exact same level as cheap knockoffs, but if they get closer they will recapture some of the market. In the case of the FTDI chip we are discussing right now, the part has been on the market long enough that they have probably made up their manufacturing and tooling costs at this point and could lower the price to meet market demand if they wanted to.
Maybe we just need to push for a "generic" chip industry similar to the US drug market, though the protected window for the original designer would have to be much shorter to factor in the shorter dev/test/to market lifecycle of electronic components. By this time would could have authorized FTDI usb to serial clones, and FTDI would be banking a fraction of a cent per unit while working on the next faster or more power efficient model.
inb4u... really?
Prolific had some counterfeiting problems too, and while they didn't brick devices by changing them they did release a never ending stream of updates with the only improvement being that they no longer worked with counterfeits.
The real alternative is to stop working with USB bridges. With so many microcontrollers come with native USB support and excess memory to implement it. They only real problem then is you need a VIN, something you got automatically when using a bridging chip.
FTDI's download page says:
"FTDI drivers may be distributed in any form as long as license information is not modified."
The owner of the device simply plugs it in. Windows then automatically loads the FTDI driver based on the information that _FTDI_ gave them. Microsoft and FTDI decided to load the FTDI driver for that device. So how exactly is the user "using unlicensed software illegally"?
The manufacturer of the comms chip did precisely the same thing FTDI did - manufacture a chip with a compatible USB ID. Exactly which law gives FTDI exclusive use of that number, and makes it illegal to build a compatible device?
The point of trademark law is for the buyer to be able to know that the product is genuine. It's for the buyer's sake, not the company's sake. That is, something branded FTDI but not really FTDI is fraud of the buyer. For FTDI to then intentionally modify the device so that it stops working is to further harm the buyer. So FTDI is just pulling a total fail here.
The information economy has existed from the beginning of time. It's only recently that it's had huge violence-backed walls erected within it.
What does your hate of FTDI have to do with your love of PICs?
Here's a list of microcontroller brands which include built in USB in their lineup:
PIC
AVR 90, mega and xmega
AVR32 UC3
STM32
MSP
Actually the only standout I really could find was Parallax Propeller series. They don't seem to produce one with USB support built in.
would you risk a subpoena?
or a leak?
These aren't clones.
The devices in question are internally completely different, but mimic the FTDI command set. They're workalikes, not clones, nightshift runs or factory rejects.
The "sin" comes from marking device packages as FTDI (trademark violation) and presenting a USB Vendor ID of FTDI (unlicensed use of the ID)
Analysis shows that the IP which went into creating the workalikes is at least as expensive as the FTDI devices and the die costs are about the same. What this really exposes is how much FTDI is making from their brand name for what is a generic serial device and what lengths they will go to to protect that brand name.
It's because the profit margin exists over generic, that unscrupulous vendors badge the workalines as FTDI - and the fakes are so good that they're hard to detect visually. The price differential on fake branding is almost nonexistant - 3-5% or less (sometimes no difference), which is within the margin of error on supply chains, so it's no wonder these appeared in production runs.
As others have said, FTDI has burned a shedload of goodwill in a mantter of days. If they wanted to flag attention to the fakes they could have done so in a far less destructive manner (which amounts to arbitrary seizure and destruction of property, something which requires a court order in most countries even for trademark piracy)
Thankfully, there are a bunch of pin-compatible replacements for the device from various makers The FTDI device itself was a pin-compatible replacement for first-generation usb-serial chips.
Workalike makers now know how to make their devices even better mimics of FTDI - plus how to resist VID reprogramming - and a lot of people in the design and build sphere now know that many of the pin-compatible devices are significantly cheaper, use less power and run faster.
The ironic thing out of all this is that the workalikes are significantly faster devices which draw less power and could easily stand on their own 2 feet as a properly branded item. They were sold as FTDI because of resistance to buying other brands by western designers.
End result: Own Goal by FTDI. Did they do this as a prelude to getting out of the serial chip market?
Better throw all your computing devices away then, jerk. Oh and I'm fucking sick and tired of fucking assholes on the fucking Internet making assumptions and putting words in my mouth. WHO SAID we're buying things from 'questionable sources' and not a major outlet? WHO SAID we're buying cheap shit? WHO SAID that even a major manufacturer isn't susceptible to getting counterfeit parts, or is willing to cut corners by using an 'equivalent' part, and WHO SAID that we're responsible for any of this when a goddamned USB dongle is completely molded in plastic and you CANNOT open it up to see what parts it's made with? Oh no this is the goddamned motherfucking INTERNET, and any fucking asshole who wants to post anonymously can say any goddamned thing they want and NEVER be called out to back any of it up, and I have the GALL to actually get sick and tired of it? I'm called NAMES like this is 6th Grade or something. Fuck this shit.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Fine, we'll just go back to trade secrets.
That is what we had before patients. Companies simply kept information to themselves.
And a result of that was a much lower rate technological development because information was fragmented.
Look, if I come up with something... if I create something... why shouldn't I get rewarded for that? Why would you assume you have a right to take what I create and pay me nothing? Don't you see that I can't live or make that my job if I can't get paid? And if I can't get paid doing it, then that means I have to spend most of my time doing something else and only create in my spare time for FUN. You're going to get much less out of people if you do that then if you support them so they can produce stuff all the time. What is more, you're going to make sure that big companies and organizations spend basically no time creating anything. They'll make stuff but it won't be innovative because none of their own IP will be protected unless they keep it as a trade secret which means the secrets might be in a factory machine or something but never obvious in the final product.
The illogic of your position is just so fucking obvious... how can you not see how self destructive your position is here? You're cutting your dick off and saying "why is that a problem?".... well... I don't really mind if you want to live in a society like that. That is fine by me. I just don't want to live in your society then. I'll live in a society where IP is protected and you can live in one where it isn't. And we'll just see where that goes.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
So the next time you buy a car, I am justified slashing the tires because I notice that it contains a seat with similar designs to the one which I hold a patent on? (or perhaps just removing the valve from the tires, as that is "reversable.") It doesn't matter that you had nothing to do with the infringement, and no knowledge of its occurrance.
No mercy. You should have researched each part delivered with your new car, and asked the dealer to replace the infringing seat with one from a different make of vehicle which properly licenced my design.
The point is that you/FTDI are attacking the wrong person. The only logical response to such attacks is for the consumer to avoid all products which use FTDI chips, as the consumer cannot tell if they are counterfit until after they are rendered inoperable. I have no problem with you/FTDI refusing to work with the counterfit, but when your response crosses over to misplaced vigilanteism it is wrong. And despite it being cliche, two wrongs still don't make a right.
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Do you know what the *best* part is?
The current system does nothing to prevent people from creating their own stuff and releasing it under whatever asinine license they want. So not only are people insisting that their open method of production/distribution is better than a proprietary one, but they seem to feel that we're beholden to play by their rules, simply because there's no physical limitation preventing them from copying/cloning whatever they want.
If FOS hardware/software were the amazing, best-for-humanity method for driving technology forward that all its proponents seem to think, why the hell is proprietary hardware/software so successful in the market?
What FTDI did was like someone who gets hit by a bully, and then turns around and hits the smaller boy standing on the other side of them. They punished the wrong people, and are themselves now the criminal. 8-(
I have several Genuine and several fake FTDI on Arduino derivative boards.
The fakes have laser etched labels that are quite well done. BUT the “Pin 1” dot in the plastic is just a little different.
Genuine is large dot, not very shiny
Fake is slightly smaller dot and quite shiny
You can see this clearly on this photo: http://s.zeptobars.ru/ftdi-FT2...
Regards, Terry King
They're witless children with little more then the first flush of a political identity. And so devoid are they of even rudimentary critical thinking skills that they get brainwashed by the first thing to try and colonize their minds.
It always goes back to the education system.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
You can't patient that.
I swear... you people are so fucking stupid... it is remarkable that you can sustain this absurd arrogance at the same time you're clearly without so much as a single wit.
And my statement initially only referred to stolen tech so similar to the original that it ran on the same firmware. And my statement was that I didn't have a problem with a maker tweaking a firmware update so that it bricked knock offs.
Don't like that? Don't steal my shit.
You mad, bro? What are you going to do about?
Do this for me. Hold your breath until you turn blue. That will show me, tiger.
Seriously though... get bent.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
You can't patient that.
Interesting... Try US patent # 8,801,101 : Vehicle Seating System
I have a few more. Both in the field of Automotive Seating (which you just stated couldn't be patented), and in other fields. How many do you have?
Anyhow... Peace "Bro". Nobody is mad here. On the other hand, you are the one who has been ranting about people "stealing your sh--." My point is just that vigalenteism only harms innocents. Go ahead and bring suit against the actual theves. Feel free to write your drivers to only work with your hardware. But do no harm otherwise (to the end user who is innocent, and likely unaware of who manufactured the componant parts.) I attempted to express this with humor first, and later with a more concrete example by transferring it to another modern day product, but apparently both attempts have been in vain.
P.S. It is also worth noting that in a discussion, generally whomever yells first (swears, calls names, etc) has lost the argument. I thank you for your submission.
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
Review your citation:
http://pdfpiw.uspto.gov/.piw?D...
That is a specific system.
Furthermore, just citing a bad patient doesn't mean that it will be sustained in court.
Show me a bad patient sustained in court. And then I'll just point out flaws in the legal system. I'll point out that murderers at let go all the time by bad juries etc and yet we both agree murder should be illegal.
Your move.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
My move? Frankly, this has now gone far enough off topic that I am struggling to get it back on, but lets try anyhow.
Of course it is a specific system, all patents are. This just happens to be my specific system (assigned to my former employer). As to whether it is good or bad . . . time will tell. I certainly hadn't seen anything remotely like it when we developed it. What I can say is that millions of vehicles have been manufactured with it in the last seven years. (Yes, the corporate patent lawyers managed to stretch the application process out that long. Don't blame me.)
Good or bad, you are free to design around the patent, creating a system which performs a similar task through different means. (Yes, I am oversimplifying.) This is not a mistake in the patent system, it was done that way on purpose. If you can do it simpler, without losing functionality, I'll be the first to congratulate you.
None of this changes my original point regarding vigilanteism, and the potential for Streisand-like backfires.
(Hmm . . . With a better segue that might have counted for getting back on topic. As it is... Not so much. Feel free to bring it back home.)
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
So you are saying you agree with me and the patient system and IP rights are reasonable.
Okay... we have no disagreement.
This issue is concluded.
Or do you want to make a coherent point that uses contributing evidence or arguments that in anyway contradicts my position? Because you seemed to be disagreeing with me and then cited evidence that didn't support your position... and then made this post which seems to take something similar to my own side... which makes me wonder what the hell we're arguing about here?
I'm going to just assume you were agreeing me all along and this was just a failure in communication.... unless you want to correct that.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
I agree, and disagree. I have no issue with the concept of patent rights, or IP in general. There are some big issues with the implementation at the USPTO, etc., but that is another topic. I am not one of the "information wants to be free (so I am going to take it)" people.
Where we seem to disagree is what a proper (legally appropriate) response is when aggrieved. You are certainly allowed to defend your IP rights, either through the courts, or by attempting* to protect it technically. I can even empathize with your frustration when your work has been stolen. I was just saying that, as tempting as it may seem, one can't go over to the dark side and start repaying evil with evil. Bricking the end-user crosses that line; passively refusing to operate would be ok. It may not be as satisfying, but wearing the white hat means that one has a larger set of constraints than those in black. (How many more metaphors can I work in here?)
* I say "attempting" because historically the track record of such technical controls are rather poor. There is usually a technical work-around to the technical protection. One can attempt an arms-race, but there are limits to what one can do ethically. Which is back to my original point, again.
Personal insults aside, the citation was not germane to the original argument, but was in response to your questioning the ability to patent the mechanical design of a car seat, which was the parallel example that I was trying to use to make my on-topic argument. I don't have a bunch of case-law to cite, but neither do you. I am merely discussing the ethical ramifications of over-reacting.
P.S. Thanks for the spirited back and forth discussion. You can have the last post if you wish.
McFly777
- - -
"What do people mean when they say the computer went down on them?" -Marilyn Pittman
If a consumer buys stolen property it can be ceased by the legitimate owners at will without compensation.
The grievance is between the consumer and the thief who stole BOTH from the legitimate producer and from the consumer by selling stolen goods.
It sucks for the consumer but maybe next time they won't buy stuff from dodgy pete with the low low prices out of the back of a van in an alley.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.