Slashdot Mirror
FTDI Driver Breaks Hardware Again (eevblog.com)
janoc writes: It seems that the infamous FTDI driver that got famous by intentionally bricking counterfeit chips [NOTE: that driver was later removed] has got a new update that injects garbage data ('NON GENUINE DEVICE FOUND!') into the serial data. This was apparently going on for a while, but only now is the driver being pushed as an automatic update through Windows Update, thus many more people stand to be affected by this.
Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.
Let's hope that nobody dies in an industrial accident when a tech connects their cheap USB-to-serial cable to a piece of machinery and the controller misinterprets the garbage data.
I think I'll keep my Windows computers with updates disabled, as all the updates have been detrimental to the user, lately.
Checking the eevblog thread, though it seems it affects Windows 10, which I also elected not to touch.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
Thanks to the reality of supply chains, companies intending to buy the real deal can accidentally buy the knockoffs. Anyone willing to do this(or their previous actions, like bricking devices) is someone I intend to never purchase from, real deal or not.
There are now plenty of competitors to FTDI. Don't buy FTDI- even if you think you're buying the real deal, reality can intervene.
I've just thrown my reels of FTDI chips in the bin.
NEVER again FTDI.
Yep, Microsoft should revoke WHQL on future driver versions and refuse to certify FTDI drivers in the future.
This is a blatant violation of trust; end users have no way to know if the FTDI chips in their devices are genuine.
Not necessarily true. Low-level technology like this is frequently the source of "cascading failure" that can endanger people or property.
For instance, we have many USB-to-Serial devices installed in chains that capture weight readings from industrial scales. If this suddenly and inobtrusively starts causing that measurement data to be misaligned in the output, those weight readings could be transmitted to shippers who may or may not re-weigh the product based on our volume. In the worst case scenario, something like this could be done as the last check-weight for loading an aircraft -- a weight-critical application where getting it wrong can cause a tail-strike on takeoff.
Screwing with low-level data INTENTIONALLY is never a good thing. End users have no way of ever knowing that it's happening. Pushing it by Windows Update, where no devs are involved to catch the error, is a recipe for potential disaster somewhere.
This IS Pure Crap... on the part of FTDI.
Notice: Your mouse has been moved. Windows will now restart so this change can take effect.
What I'd be curious to know is how FTDI managed to pull this again. I would have imagined that Microsoft would have been less than pleased with them after their last attempt and either watching them more carefully or only letting them back with some sort of stern warning. One would certainly think that it would hurt FTDI more than it hurts Microsoft if FTDI chips become 'those ones you have to manually download drivers for'.
Why can't FTDI realise that this kind of behaviour is only going to hurt innocent end users, rather than the people responsible for peddling counterfeit devices? I've bought hundreds of these devices in the past from reputable suppliers, and in precisely zero cases can I determine whether the chipset is genuine or not before purchase. If I can't tell what I'm buying, then why am I being punished when I've bought in good faith? Why can't FTDI instead use existing mechanisms and laws to find the people responsible?
Of course Linux drivers for these devices work every time, counterfeit or not. Perhaps a different approach might be for someone to take the Linux code and create a decent open-source Windows driver to replace the buggy (i.e. injecting unwanted serial data) FTDI code?
Why do you expect this of all the things in Windows 10 to be in the interest of the end user? Why should this be the odd man out?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I would imagine Windows Hardware Quality Labs tests the drivers against the hardware they are made to support. Requiring anyone to test real drivers against fake hardware would be a Gordian knot as new knockoff distributors appear and then fade away when someone starts trying to find them. I'm sure the same factory would produce the same knockoff and a "new" distributor would get it into the supply chains.
All that being said, I learned long ago not to let Windows update my hardware drivers, any hardware drivers. I just fixed one the other day where suddenly a favorite resolution on an LCD TV was missing. It took a bit to figure out the latest graphics driver (Intel via Windows update) installed a management program limiting display resolutions. Removed that program (and hid the update) and everything was back to normal.
Of course, in this case it would not matter where you got the update, if your device is counterfeit it gets tagged.
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Wait, you're actually surprised that Microsoft is okay with screwing users over something they already paid for?
If Whipslash is reading this - one thing that would be a REALLY interesting addition to Slashdot would be to go find someone from the company to speak to these issues, if possible. Something of an immediate Q&A to either clear up the news or confirm that the situation is as crummy as it appears.
I don't think that /. will every be able to work like that. Compare /. with Ars. Ars actually employs genuine technical minded journalists and produce long form stories of their own. When appropriate they do reach out to all parties to get comment from both sides. /. on th either hand is really just a news aggregator with a fancy commenting system. If anything it should be up to the producers of the original story to looking for comment.
I am Slashdot. Are you Slashdot as well?