FTDI driver destroys devices
October 22, 2014 3:33 PM   Subscribe

USB-to-serial chip manufacturer FTDI has deployed a new version of their Windows device driver, with a small bug: it doesn't work with many Arduinos and is damaging devices that used to work. Turns out that it isn't a bug -- FTDI's new driver is deliberately "bricking" devices if it thinks the chip is counterfeit (which is fairly easy to see). FTDI says it is in the license agreement and claims that they are "definitely not targeting end users", despite the fact that their actions are destroying end-user devices where the purchasers had no idea about the provence of the chips inside. Various communities respond and some question if the new driver is malware.
posted by autopilot (145 comments total) 23 users marked this as a favorite
 
Wonderful!

Now I get to pour though my control boards checking chips! Thanks FTDI!
posted by The Power Nap at 3:40 PM on October 22, 2014


Totally crazy. The twitter replies are surprising in how justified they see themselves.
posted by GuyZero at 3:40 PM on October 22, 2014 [1 favorite]


That twitter conversation (the "license agreement" link) is insane. Throwing up a dialog saying "fake chip" would be a perfectly reasonable response. Intentionally damaging the hardware is crazytown.

What's sad to me is that somewhere, a programmer was told to do this, and he did. I realize it can be pretty hard to make a principled stand for ethics, but I like to think I would refuse to intentionally destroy innocent end-user's hardware no matter what the consequences.
posted by zachlipton at 3:45 PM on October 22, 2014 [16 favorites]


One minor clarification: "fairly easy to see" was supposed to be a sarcastic "fairly easy to see if you can decapsulate the chip and have a high resolution microscope". It is not at all easy for end users to know if they have a fake chip. It is not even easy for hardware developers to tell and even harder to know if the batch that their contract manufacturer uses is legit.
posted by autopilot at 3:46 PM on October 22, 2014 [21 favorites]


Hey, ashkan soltani just became the FTC's Chief Technologist. How about it, time for our pound of flesh?
posted by RobotVoodooPower at 3:53 PM on October 22, 2014


Maybe FTDI owns stock in landfills or something.
posted by Sys Rq at 3:54 PM on October 22, 2014


I can't imagine the mindset that would allow anyone in management to believe, even for one second, that doing something like this is perfectly fine and proper. Christ, what assholes.
posted by Thorzdad at 3:56 PM on October 22, 2014 [6 favorites]


Unfortunately for them, I have a EULA on my hardware that they agree to by bricking it.
posted by Pogo_Fuzzybutt at 3:58 PM on October 22, 2014 [23 favorites]


See the hackaday article for potential mitigation and full scope. http://hackaday.com/2014/10/22/watch-that-windows-update-ftdi-drivers-are-killing-fake-chips/
posted by clvrmnky at 3:59 PM on October 22, 2014 [1 favorite]


I've been out of the microcontroller scene for quite some time, so these may be naive questions . . .

Is this the driver that would be required to use a USB-to-serial cable?
If so, is it the only game in town? Can you get cables (or equipment) that don't require drivers from this manufacturer?
posted by treepour at 3:59 PM on October 22, 2014


Uhh...I just got an FTDI cable in the mail today. Gonna use it on Linux. Any chance of bricking my homemade Arduino?
posted by DU at 4:02 PM on October 22, 2014


I'm sure the counterfeiters will be able to work around this quickly so that the only people affected long term are the end users who had no way to check if the chip was fake in the first place.
posted by ckape at 4:04 PM on October 22, 2014 [6 favorites]


claims that they are "definitely not targeting end users"

So, just collateral damage, then? Well, that makes it okay!

(Did they really not think this through? Or do they not give a shit? Neither option makes them look very good.)
posted by rtha at 4:08 PM on October 22, 2014 [3 favorites]


These chips give lightweight USB support for hardware that doesn't want or have it. It isn't about the cable. Rather, it is about the little dab of Silicon that resides on the embedded system that gives it a serial connection to some host system.
posted by clvrmnky at 4:11 PM on October 22, 2014 [1 favorite]


Holy cow, what assholes. They are actually bragging about their right to do this and say " if you aren't sure if your chip is legit, don't use our driver". But, apparently a lot of people have been bricked by Windows Update downloading the driver.

I hope people abandon these losers in droves.
posted by Benny Andajetz at 4:12 PM on October 22, 2014 [1 favorite]


These losers are pretty much the only game in town.
posted by clvrmnky at 4:13 PM on October 22, 2014


back when FTDI was the only game in town for USB-TTL serial, some friends an I decided to roll our own Arduino clone with the design objective being to lower the cost of entry for Arduino to below 10 dollars. this was back when the atmega128 was the new hotness. FTDI essentially killed the idea becaus their quantity pricing didn't ever go below ~$4 (the actual atmega128 at the time was ~$1 in quantity).
posted by Dr. Twist at 4:13 PM on October 22, 2014 [2 favorites]


This will not hurt their business, right? None of the owners of bricked chips are actually FTDI customers.... assuming there is *no* bug in the driver.
posted by asra at 4:15 PM on October 22, 2014


None of the owners of bricked chips are actually FTDI customers....

Except, perhaps, in the super-rare instance that an electronics enthusiast might have more than one device.
posted by Sys Rq at 4:20 PM on October 22, 2014 [3 favorites]


I would think a lot of Arduino users are pretty tech savvy. Surely someone could write/reverse engineer a modified driver?
posted by Benny Andajetz at 4:20 PM on October 22, 2014


FTDI has substantial brand recognition among the hobbyists that actually uses these chips. That's not such a common thing among small-time silicon vendors like FTDI. That's what they've just trashed.
posted by ryanrs at 4:22 PM on October 22, 2014 [5 favorites]


Uhh...I just got an FTDI cable in the mail today. Gonna use it on Linux. Any chance of bricking my homemade Arduino?

Shouldn't be. The worst-case scenario is that the FTDI chip in your cable is counterfeit, and the cable itself gets bricked, as weird as that sounds.

This can and should end up being a disaster for FTDI, because near-perfect counterfeit chips are everywhere. This is a particular problem if the chips aren't available in sufficient quantities (see Sparkfun's atmega328 problems) and you have to go with a distributor you're not familiar with.

So basically, the manufacturers generally aren't aware they're using counterfeits, the users have no idea that they're using counterfeits, and suddenly your device is broken without warning. Good job, FTDI.

The good news is that virtually every popular microcontroller available today has a variant with a USB controller on-chip, so there's almost no need to use an external USB-whatever bridge. Later arduinos either use an 8u2 to replace the FTDI or just use a processor that does USB itself.
posted by phooky at 4:23 PM on October 22, 2014 [6 favorites]


Kind of a dick move by FTDI, I think.

I can't condone counterfeiting... you'd like to know that the name-brand ICs used in a medical device are the real McCoy, but let's also not forget that we (western countries) have kind of embraced and rewarded the countries where this goes on with a wink and ever-increasing business. Wanna make a guess at how much of the house-brand electronics at big-box stores contain clone or counterfeit components?

I appreciate FTDI's position, but I think that throwing up a big warning window, and then not working would make their point a lot better than silently bricking hardware. You want your potential customers to be angry at the chip counterfeiters and companies using counterfeits or knockoffs, not mad at you for wrecking stuff.
posted by Artful Codger at 4:25 PM on October 22, 2014 [1 favorite]


Yeah I'm pretty sure I have a pulse oximeter that has a FTDI chip in the cable. DIAFFTDI.
posted by RobotVoodooPower at 4:27 PM on October 22, 2014


Akin to Dr. Twist's remark, one of the things that's always pissed me off about the Arduino ecosystem is including the FTDI chip on-board. All of my ATmega hacking has used something like this or this, because it's silly to incur the cost of an FTDI chip per-board where it is likely just to be used for debugging and one-time programming.

This is still a total dick move.
posted by 7segment at 4:34 PM on October 22, 2014 [2 favorites]


DU: it's an issue with the Windows driver. Hopefully you can't even install that on your Linux box if you tried.
posted by idiopath at 4:36 PM on October 22, 2014


Do the end users necessarily agree to FTDI's license terms when the driver is installed?
posted by Joe in Australia at 4:40 PM on October 22, 2014 [1 favorite]


Is there some diagnostic software I can run to find out which of my USB-to-serial cables are legit? Clearly, FTDI know how to check that.
posted by Devonian at 4:51 PM on October 22, 2014 [1 favorite]


Ah, apparently there's a (reasonably complex) unbrick procedure.
posted by Devonian at 4:56 PM on October 22, 2014 [4 favorites]


If this bricking were to happen to a victim of USB-to-serial-chip counterfeiting, would there be any good reason for that person not to sue FTDI in small claims court for the damage? I have no idea whether one can legally assign the right to destroy his or her hardware by clicking through an EULA, but it sounds like the kind of thing that might cost a lot of money to defend against.
posted by Juffo-Wup at 5:11 PM on October 22, 2014 [5 favorites]


DU's back! Welcome back, man!
posted by Aizkolari at 5:20 PM on October 22, 2014


> Is this the driver that would be required to use a USB-to-serial cable?

Yep.

> If so, is it the only game in town? Can you get cables (or equipment) that don't require drivers from this manufacturer?

Nope. Other options include the Prolific PL2303 line (which isn't tremendously stable, used to have zero Mac support, and once had a driver that deliberately BSODed Windows if it detected a fake) and the Silicon Labs CP2102 (which is decent cross-platform, is unimaginably cheap, and used in budget productions like the Shrimp kit — and also, for some reason, my astonishingly expensive Kenwood ham radio).

FTDI's a small company who made their name by making reliable interface chips. I understand their frustration when others leech off their hard-won reputation. The brickage can be reversed easily, and then end users should have a stern word with their supplier. Counterfeit chips in medical equipment? Shouldn't be; there's a whole separate QC'd×10⁹ supply chain for medical electronics, which is why you pay $$$$$ for medical-grade electronics.
posted by scruss at 5:26 PM on October 22, 2014 [5 favorites]


Notes on resetting the PID (de-brickification), not for the faint at heart or non-techie.

Pictures of real vs fake chips.
posted by sammyo at 5:31 PM on October 22, 2014 [1 favorite]


So for those of us who have no idea what this is, what kind of things might we destroy without even knowing it was a risk?
posted by jeather at 5:43 PM on October 22, 2014


what kind of things might we destroy without even knowing it was a risk?

That's part of the problem. We don't quite know. I personally own 2 SIIG USB-to-RS232 adapters. One has a real FTDI chip, the other has a fake.
posted by JoeZydeco at 5:48 PM on October 22, 2014 [2 favorites]


That is a good question. What else, other than Arduinos and similar devices, may have these counterfeit chips in them?
posted by thelonius at 5:49 PM on October 22, 2014


I personally own 2 SIIG USB-to-RS232 adapters. One has a real FTDI chip, the other has a fake.

So, okay, USB to other stuff cables? All USB cables, or does it depend what's on the other end? If you destroy that adapter, is just the adapter dead or does it affect whatever you have plugged into it?

I am sure these are really basic questions but I read the links and I have absolutely no idea what any of this means.

I don't have an Arduino, but I have no idea what kinds of things that I use have this kind of chip in them. (Given that I plug in flash drives, cables to attach to devices, mice and keyboards, the very basic kinds of things.)
posted by jeather at 5:55 PM on October 22, 2014


theolonius, jeather: if you have a usb device that you plug in and it appears as a serial port (COM1: or whatever) it could be using an FTDI chip. Prolific chips are more common, especially on cheaper kit. Printers, USB drives and others don't use these chips. FTDI chips are more expensive, but have reliable drivers and just. keep. working.

The only way you'll find out is if the thing stops working, unfortunately. You might be able to call up your hardware manager and see what's hanging off your USB bus; it'll say FTDI in the driver name.
posted by scruss at 6:05 PM on October 22, 2014 [2 favorites]


These losers are pretty much the only game in town.

I smell a kickstarter opportunity.
posted by weston at 6:08 PM on October 22, 2014


That is a mind-bogglingly annoying thing for them to do.
posted by rmd1023 at 6:13 PM on October 22, 2014


These losers are pretty much the only game in town.

ther are tons of other options now (especially since dean camera's LUFA library is really robust now), Exar, Si labs, Microchip, freescale, etc., etc. all make robust USB-FIFO/UART chips. FTDI's mojo really comes out because the drivers are in-box and they pretty much work.

since I started using the k20 series stuff from freescale I have stopped using a separate USB interface IC altogether.
posted by Dr. Twist at 6:37 PM on October 22, 2014 [3 favorites]


Ay caramba. I go through about 200 Arduino Nanos every year, sourced from a fabricator in China (they at least appear to contain legit chips, but reports are looking bad), and another 100 or so sourced from the mothership in Italy. I have no idea where the Chinese fabricator is getting their FTDI chips but I'm obviously not super-optimistic. Apparently I'll be doing some testing tomorrow.

Some of the forum posters are saying that a percentage of from-Italy Nanos are getting bricked by this update too. If that's true it's a major problem for everyone, and I'm not even totally sure how to test it -- I don't want to ask anyone to install the new driver to check boards, if it's going to function as malware. Maybe a VM image with the new driver so it doesn't contaminate the underlying system. Ugh -- what jackasses.
posted by range at 7:28 PM on October 22, 2014


Silicon Labs CP2102 [used in] for some reason, my astonishingly expensive Kenwood ham radio

Kenwood probably went with Silicon Labs instead of FTDI or Prolific because SILabs is a serious semiconductor company. The others kinda aren't.
posted by ryanrs at 7:32 PM on October 22, 2014 [1 favorite]


Would someone with a substantially less naive understanding of what "plug-and-play" means in 2014 please explain why we still need device-specific drivers for devices supposedly adhering to the UNIVERSAL Serial Bus specification?
posted by ZenMasterThis at 8:02 PM on October 22, 2014 [3 favorites]


ZenMasterThis, I'll take a swing at it.

Tonight, I've invented something called the UNIVERSAL Mail Protocol. It defines the maximum weight of a parcel for given classes of service, and defines a uniform tariff structure. It specifies a uniform addressing scheme, with pre-defined zone codes and even has side-effects like making it easier to predict which side of the street your parcel will end up on.

It does not, however, specify what kind of letters you'll get, or whether they'll be handwritten or typed. In some cases, it might not even be a letter, but a big box full of other unpredictable things.

That's USB, more or less.

USB specifies how packets of data get delivered, and impose some structure on various types of data that it passes, with more or less specificity depending on what you're doing. For example, HID (Human Interface Device) is pretty well-specced, but still require a driver to unpack those USB packets and turn them into keyboard presses or whatnot. Things like serial communications can be encapsulated in any number of ways, and controlling the device on the other end (the FTDI chip itself) is a completely different question than managing the data that the FTDI chip is sending. For example, how do you tell a device to stop sending data without it simply passing your "please stop!" command right on down to whatever you're serially communicating with? That's an open question, and is defined by the device driver(s).
posted by TheNewWazoo at 8:17 PM on October 22, 2014 [9 favorites]


This is actually a good thing. Counterfeit chips are a plague in the industry and cause a lot of harm and need to be stamped out.

First, it is important to distinguish between a copy and a counterfeit. If Samsung makes a copy of an iPhone with rounded corners and sells it as a Samsung phone at a lower price, that is a great benefit to consumers. People know exactly what they are getting -- a Samsung phone that is a lot like an iPhone at a cost saving. On the other hand, if someone makes a counterfeit Rolex watch and sells it as if it were a real Rolex watch, that is deception. The customer does not know what they are getting. They are getting a fake.

Copies are of benefit to customers. Counterfeits are cheating the customer.

The only way to stamp out counterfeits is to confiscate or destroy them. If you are unfortunate enough to have a some counterfeit $100 bills in your wallet and take them to the bank, sorry, but you can't keep them. The bank will confiscate them and you get nothing in return. Your only recourse is to assist the Treasury Department in finding the counterfeiters. You can't allow counterfeits to remain in the market.

There is little excuse for counterfeit parts getting into the supply system. If manufacturers buy their parts through reputable distributors, every lot of parts will be traced from foundry to assembly factory. But if a corner-cutting manufacturer is buying through the shady Chinese gray market, they can expect to get scammed.

If you get a device with counterfeit parts, you have no right to keep it. It is as illegal as a counterfeit $100 bill. Your recourse is to demand a refund from your retailer, forcing them to be more selective on their sourcing. You might think twice about purchasing from sketchy vendors just because they have an attractive price.
posted by JackFlash at 8:45 PM on October 22, 2014


I don't think a company should be able to unilaterally destroy your property on the mere suspicion that it's counterfeit.
posted by Pyry at 9:19 PM on October 22, 2014 [5 favorites]


Counterfeit chips are a plague in the industry and cause a lot of harm and need to be stamped out.

I don't see why you think these work-alike chips are a plague. They evidently do their job. Their packaging allegedly breaches FTDI's trademarks, and the use of FTDI's driver may be a breach of copyright, but FTDI's actions would be a crime and a civil wrong if not for the (dubious) argument that the users somehow consented to it.
posted by Joe in Australia at 9:28 PM on October 22, 2014 [9 favorites]


If you get a device with counterfeit parts, you have no right to keep it.

If you have some knockoff Chanel sunglasses, that doesn't authorize Karl Lagerfeld to sneak into your house and snap them in half.

Let the record show that FTDI did, with malice aforethought, destroy people's private property without warning, without authorization, and without due process. When private citizens do that, it is given names like vandalism, sabotage, etc., and prosecuted as such.
posted by Sys Rq at 9:29 PM on October 22, 2014 [20 favorites]


There is little excuse for counterfeit parts getting into the supply system. If manufacturers buy their parts through reputable distributors, every lot of parts will be traced from foundry to assembly factory. But if a corner-cutting manufacturer is buying through the shady Chinese gray market, they can expect to get scammed.

It's not remotely that simple. Here's Bunnie Huang on the counterfeit SD cards he encountered building the Chumby One. He wound up with poor performing counterfeit cards when purchasing from an authorized Kingston distributor, and both Kingston and the distributor initially swore up and down that they were the real deal.

I'll agree counterfeit parts are a real problem. But when the parts are buried inside devices and end users are completely and totally unable to tell the difference, what are you supposed to do?

There are also actual laws related to counterfeit currency that allow the government to confiscate it. That's different from the situation here where a company has just unilaterally decided to destroy stuff over trademark infringement.
posted by zachlipton at 9:30 PM on October 22, 2014 [16 favorites]


The counterfeit devices have counterfeited the FTDI vendor ID and product ID inside the device. These numbers are assigned by the USB organization and are unique to each qualified vendor and product. It costs tens or hundreds of thousand of dollars to certify that your devices perform correctly according to USB specs. This is key to Plug-and-Play. Non-compliant devices can take down the entire USB chain.

All that FTDI is doing is erasing the counterfeit IDs. It is as if you had a car with counterfeit license plates. They are removing the license plates. If that makes it difficult to drive your car, well then you have to take up your problem with whoever sold you the car with fake license plates. You don't get to keep driving around with fake plates.
posted by JackFlash at 9:47 PM on October 22, 2014 [2 favorites]


Let the record show that FTDI did, with malice aforethought, destroy people's private property without warning, without authorization, and without due process. When private citizens do that, it is given names like vandalism, sabotage, etc., and prosecuted as such.

It might even be computer hacking, particularly if the owner of the device isn't the one who installed the device driver.
posted by Joe in Australia at 9:50 PM on October 22, 2014 [3 favorites]


All that FTDI is doing is erasing the counterfeit IDs. It is as if you had a car with counterfeit license plates. They are removing the license plates. If that makes it difficult to drive your car, well then you have to take up your problem with whoever sold you the car with fake license plates. You don't get to keep driving around with fake plates.

A closer analogy would be that you buy a car with counterfeit windshield washer fluid in the tank, so the company that makes the real washer fluid comes along one day, acting on their own authority, and paints over your windshield with tar and black paint. If you're an expert in auto repair, you might be able to clean up the damage, but for most people, their cars are unusable.

Similarly, if I buy a counterfeit Rolex, the real Rolex company is not allowed to come into my house one night and drill a hole through the fake logo, destroying the watch in the process.

I'll note that both of your analogies have involved government actors, not random hardware companies. The government gets to make up rules about confiscating counterfeit government property. Private companies don't.

If FTDI's new drivers threw up an error message and refused to talk to counterfeit chips, people would not be so outraged. If there was some reasonable explanation that this was an unintended consequence of using the real drivers to talk to counterfeit chips, people would not be so outraged. But FTDI has basically admitted that they purposefully damaged people's hardware.
posted by zachlipton at 9:56 PM on October 22, 2014 [19 favorites]


Linux-USB may soon recognize the VID/PID of an affected device, providing the right driver for the chip.
An official recent Windows driver from FTDI detects counterfeit devices
and reprograms the internal EEPROM containing the USB PID to 0, effectively
bricking the device.

Add support for this VID/PID pair to correctly bind the driver on these
devices.
posted by zamboni at 9:58 PM on October 22, 2014 [1 favorite]


Nnnnno, if some jackass waltzes by and takes my license plates because they assert that they're counterfeit, I very much have a beef with the aforementioned jackass. People who make products don't get to just take or break things that they say are theirs or are counterfeits of their products; we have courts and law enforcement agencies to make those determinations of fact and seize the goods.
posted by ROU_Xenophobe at 9:58 PM on October 22, 2014 [9 favorites]


JackFlash, you're really understating the difficulty of keeping counterfeit chips out of the contract manufacturing supply chain. These are hobbyist products made for cheap in small volumes. The sort of ironclad silicon-to-assembly house tracking is uneconomical at these scales, and perhaps not even possible.
posted by ryanrs at 9:59 PM on October 22, 2014 [6 favorites]


If windows update is bricking people's devices via a new driver, that throws a couple of new complications into it. First of all, the end user probably didn't see a EULA, so it's extremely questionable legally (instead of merely very questionable legally). Second, I doubt Microsoft is going to be overjoyed about this. Intentionally making a driver update that bricks user devices? I bet this will cost them their WHQL certification.
posted by Mitrovarr at 10:18 PM on October 22, 2014 [8 favorites]


The vendor and product ID are owned by the vendor according to their license from the USB organization. Someone else is making chips and then counterfeiting the FTDI vendor ID inside the chip. The FTDI driver can recognize these counterfeits and is removing FTDI's ID from them so that they no longer have a counterfeit ID. They are not breaking the part. They are not destroying the part. They are simply removing a fake ID -- because it is fake. The part is not what it is pretending to be.

Counterfeit USB parts cause real harm to users. They can compromise the entire Plug-and-Play system. Being able to recognize counterfeit parts and removing the counterfeit ID is a benefit to consumers.
posted by JackFlash at 10:22 PM on October 22, 2014 [1 favorite]


JackFlash: Being able to recognize counterfeit parts and removing the counterfeit ID is a benefit to consumers.

Um, no. It's breaking people's stuff without their consent. You don't get to rewrite the firmware on devices you didn't even create, without the owner's knowledge or agreement (stuff buried in EULAs doesn't count). That's computer hacking.
posted by Mitrovarr at 10:35 PM on October 22, 2014 [4 favorites]


Being able to recognize counterfeit parts and removing the counterfeit ID is a benefit to consumers.

FTDI could have made the driver recognize counterfeit chips and refuse to communicate with them.
posted by bradf at 10:39 PM on October 22, 2014 [6 favorites]


So what we get from this is that FTDI chips are often counterfeit, and the company is being kind of a dick about it. They can ride their "counterfeit USB parts cause real harm" high horse all day long, all people are going to remember six months from now is "stay away from FTDI chips". Genius marketing move.
posted by Dr Dracator at 10:54 PM on October 22, 2014 [12 favorites]


The driver does all sorts of stuff inside the device. First, it identifies it. Then it enumerates the part. It configures the part to do the desired operations. That is what device drivers do. One of the things this device driver does is remove their own name if it is counterfeited inside a device.

If that doesn't make sense to you, then the vendor license specifically says they can do this. Hey, if you don't like it, complain to your cheap, sketchy counterfeiting company that is using counterfeit chips in its counterfeit products. They are violating the law and the vendor license for the driver says that FTDI has the right to disable counterfeit chips. Your beef is with your counterfeit product manufacturer.

This isn't a case of counterfeit chips leaking into the distributor supply chain. Those sorts of cases are rare. This is a case of device vendors deliberating buying what they know are counterfeit FTDI parts and putting them in their products because they are trying to sell cheap, non-compliant stuff. Don't buy from cheap, sketchy vendors, but if you do, don't complain because they are legally disabled.
posted by JackFlash at 10:57 PM on October 22, 2014


I can totally see counterfeit chips in medical equipment, like my portable pulse oximeter where the serial-to-USB chip is in the cable itself -- which looks like a regular USB cable except a little fatter.

These come with Windows software which allows you to monitor up to four patients at once. I can see these being used in lower income countries; the WHO even has a program that aims to identify low-cost pulse oximeters for these countries, because they are vital during surgery.

Which is why this is irresponsible.
posted by RobotVoodooPower at 11:01 PM on October 22, 2014 [11 favorites]


They can ride their "counterfeit USB parts cause real harm" high horse all day long

You really don't know anything at all about USB, do you? Or what it takes to certify a device and make it compliant with all the thousands of other PCs and USB devices. It is non-trivial, which is why counterfeiters don't bother and don't care. You should care, because it is why USB works.

Remember, there is a difference between copying and counterfeiting. Someone could make a device that does the same stuff that FTDI does, and in fact there are companies that do that. What you can't do is make a fake device and then slap FTDI's name on it.
posted by JackFlash at 11:05 PM on October 22, 2014


What you can't do is make a fake device and then slap FTDI's name on it.

Yes. That would be wrong. I don't think anyone here disputes that.

I don't know whether you have any legal background, but you seem to be asserting that FTDI's actions are a form of "self help". The problem with that argument is that self-help is generally limited to abating nuisances and repossessing property. Despite what you say above, a pattern of bytes within my device is not FTDI's property; nor is it a nuisance (in a legal sense). You need to acknowledge that

FTDI's own argument is that they have a license to do this. I don't know whether that is actually the case, and I don't think it would protect them against anyone else who happens to use their driver (e.g., by plugging a device into a computer on which the driver is running).
posted by Joe in Australia at 11:22 PM on October 22, 2014 [2 favorites]


JackFlash: The driver does all sorts of stuff inside the device. First, it identifies it. Then it enumerates the part. It configures the part to do the desired operations. That is what device drivers do. One of the things this device driver does is remove their own name if it is counterfeited inside a device.

Yeah, and in that final step, it crosses over into malware. Because the last step is maliciously damaging the user's equipment. Hell, device drivers modify files, too - would it be ok if the driver formatted your hard drive? Or overwrote key files in the operating system?

Look, think of what you're fighting for here. You are fighting for a world in which the manufacturer of a sub-component of your devices can legally destroy them in the hands of the end-user because they think (and they would never mess up, oh no) that they're using counterfeit components. And the end-user, who is apparently wrong in having not vetted the subcomponents of the device (which they don't even know about or understand), has no legal recourse and apparently must eat both the loss of the equipment and whatever problems were caused by its sudden failure. That's insane.
posted by Mitrovarr at 11:45 PM on October 22, 2014 [18 favorites]


bradf: "FTDI could have made the driver recognize counterfeit chips and refuse to communicate with them."

Which is exactly what Apple did when Palm were faking iPod vendor & device IDs.

The prevailing attitude in the "tech" community was slightly different then…
posted by Pinback at 11:50 PM on October 22, 2014


Nope, he's pretty much spot-on.

The only thing I'd disagree with is his statement that counterfeits getting into distributor supply chains is rare. It's been a problem for 30 years or more - anyone remember the fake Motorola 2N3055s in the 80s?

Hell, I've had fakes sent to me when I've ordered directly from the manufacturer's website (they used 3rd-party distributors for order fulfillment).
posted by Pinback at 12:20 AM on October 23, 2014 [2 favorites]


If that doesn't make sense to you, then the vendor license specifically says they can do this. Hey, if you don't like it, complain to your cheap, sketchy counterfeiting company that is using counterfeit chips in its counterfeit products. They are violating the law and the vendor license for the driver says that FTDI has the right to disable counterfeit chips.

They might well be using counterfeit chips in completely original products, and quite possibly without knowing. The existence of one counterfeit chip in a device does not make it a counterfeit device. If it turned out that somewhere in Apple's supply chain, one of the components was counterfeited, would that morally or legally allow me, as the hypothetical rights-holder to the component that some factory in China substituted, to brick everyone's iPhone? No, of course not. As the rights-holder, MY beef would be with Apple, their suppliers and factors, and not Apple's customers.

Your beef is with your counterfeit product manufacturer.

Nope. FTDI's beef is with the manufacturer of the product that includes the counterfeit FTDI chips to some extent, but more than that, FTDI's beef is with whoever is making the fake FTDI chips. As a consumer, I don't have a beef. Except with FTDI, now.
posted by Dysk at 2:17 AM on October 23, 2014 [10 favorites]


You really don't know anything at all about USB, do you? Or what it takes to certify a device and make it compliant with all the thousands of other PCs and USB devices. It is non-trivial, which is why counterfeiters don't bother and don't care. You should care, because it is why USB works.

JackFlash is entirely correct with that statement. The USB ecosystem works because there's a lot of effort taken by manufactures to make sure they build compliant devices and get them registered. And counterfeiters don't bother to follow that. That causes all sorts of problems. Worse, though, is when you say your X and you're a poorly implement version of X, the drivers for X may not work, or may crash your computer.

FTDI clearly has no duty to support the counterfeit chips, either. But I suspect they didn't want the reputation of writing buggy drivers, which is what silently failing on the counterfeits would do. FTDI is arguably being more honest here by openly and deliberately bricking the fakes. If they wanted to be subtle, they could have found some way to just blue screen the box whenever a fake device was put in, then say "Well, we use that location, I'm sorry that driver is incompatible with that chip but we didn't make or test that chip, so we're not going to fix that bug and you should contact that manufacture for updated drivers" and pretty much everyone would have been "Well, fuck, but what can you do?"

That would have been, in effect, the exact same thing -- it would have rendered your device useless, it arguably would have done more harm by rebooting the box -- and everybody would have just shrugged it of.

Counterfeits are a real problem. You design X, you need Y, the counterfeit is almost Y, and your reliable circuit becomes unreliable. This can, in fact, kill people. Counterfeiters never do rigorous testing on their products. So, you buy an IC that's supposedly hi temp reliable, you install it in an engine controller, 90 hours later it fails, and the right engine on an aircraft shuts down when the FADEC goes offline.

I'm still not sure this is the right thing to do. But given the massive problems that counterfeit ICs are causing in the real world, and how much worse the problem is getting, I'm still not sure that this is the wrong thing to do either.
posted by eriko at 2:33 AM on October 23, 2014


A tangent, but as someone who used to work in IT but as a software tester and who quit it for good in 2006, this thread, as many similar ones, makes me feel that I'm just one small step away from comprehending things, but always failing. It makes me feel like I'm inside a fog of familiarity, out of which sometimes hazy figures of comprehension emerge and then submerge again, but a full picture never develops. Like, right now I'm thinking, first, where would you even need an USB to serial connection? and then: I thought USB was a serial port? Or a bus? I don't know what the difference is! Why would you need a chip to change from serial to serial...? I'm confused...
posted by Pyrogenesis at 2:53 AM on October 23, 2014 [1 favorite]


JackFlash is entirely correct with that statement.

Hey I know *some* things about USB.
posted by Dr Dracator at 2:54 AM on October 23, 2014


FTDI clearly has no duty to support the counterfeit chips, either. But I suspect they didn't want the reputation of writing buggy drivers, which is what silently failing on the counterfeits would do.

They could also fail really loudly, maybe in a way that explicitly says "this is not working and that is because your chip is fake" rather than in a way that states that only implicitly, by effectively breaking the device.
posted by Dysk at 2:56 AM on October 23, 2014 [8 favorites]


Two points:

1) JackFlash and co are going on about the hypothetical alleged harm counterfeit chips could do in the USB environment, but of course FTDI is doing actual harm to people who have nothing whatsoever to do with this supposed problem

2) This is hella illegal in the EU, straight into the blacklist of forbidden EULA clauses. (And of course vendor licenses and any other contract between FTDI and anybody else but the end user don't matter; you can't be beholden to a contract you're not a part of.)
posted by MartinWisse at 3:04 AM on October 23, 2014 [16 favorites]


Perhaps a more nuanced response by FTDI would have been limit baud rates on ripped-off chips to 1200 for safety. But then, they are from Glasgow, so this is a colossal GET IT ROON YE to the counterfeiters.
posted by scruss at 3:05 AM on October 23, 2014


Search aliexpress for 'usb medical device'. Imagine how many devices across the developing world are going to be bricked by this little stunt. It's unbelievable to me that anyone could defend this.
posted by datadawg at 3:39 AM on October 23, 2014 [9 favorites]


Have we stumbled back into the land of "Just because you can doesn't automatically mean you should"?
posted by wenestvedt at 3:39 AM on October 23, 2014 [1 favorite]


This is hella illegal in the EU, straight into the blacklist of forbidden EULA clauses

Citiation needed. It's illegal to have a EULA to disable a legitimately purchased device, or the device or a competitor, but an device that is fraudulently claiming it is yours? That's not clear in the laws at all.

Have we stumbled back into the land of "Just because you can doesn't automatically mean you should"?

This is very clearly deep in the heart of that land.

There are a few of classes of counterfeit ICs. The first are absolute fake IC. They're not ICs at all. The second is completely fraudulent -- these are ICs, but they're nowhere near the IC you bought. Sparkfun once bought what was marked as an Atmel micro controller but was in fact a quad buck converter. The third are valid parks remarked out of spec. Back in the 486 days, there were a lot of 486-25DX remarked as 486-33DX parts. Many of them would work, most wouldn't be stable, and some failed outright. But at least they were Intel 486s.

This one is the fourth class -- it claims to be part X, it works mostly like part X, but it's in no way from the manufacture of part X. And this is a trend I really want stopped, because if I'm speccing critical parts based on part X, I need that goddamn part to be part X, not a mostly working clone. When you get a counterfeit in the lab or on the hobby bench, it's a PITA, but when you get a counterfeit in production after you built something to work on the real part, it can be a disaster.

Again -- I don't know if this is the right way to stamp out these counterfeits. I want them stamped out. It has clearly worked to show *just how band the problem is*. But it has broken devices that customers built/bought in good faith.

I want counterfeits stopped. This is spotting them. But still, it's harming people that didn't intend to act in bad faith. I don't mind clones -- that admit they are not the original part and provide real specs. Parts that *claim* to be what they are not are the problem here.

Well, except those "why I would I buy this part at $10 when I can get it from Random Chinese Site for $1.50." Well, you can get it for $1.50 because it's fake. So, when you do, that, I'm not going to have a lot of sympathy for you if you could get the real thing.

Search aliexpress

If you are buying medical devices from Aliexpress, you should flat out be sued for malpractice. Aliexpress is the king of counterfeits.
posted by eriko at 5:21 AM on October 23, 2014 [2 favorites]


I have some FTDI-based devices, or at least devices that I believe to be FTDI-based, hooked up to a Windows machine. Is there a nonintrusive way to tell whether or not the new FTDI driver will believe them to be counterfeit?
posted by Flunkie at 5:28 AM on October 23, 2014 [1 favorite]


I read the title and had a visual of an angry floral delivery guy smashing iPads.
posted by quonsar II: smock fishpants and the temple of foon at 6:19 AM on October 23, 2014 [10 favorites]


Three updates - first, this purports to be the code in the driver that does the bricking, and it looks genuine to me.

Second, FTDI has submitted a Linux patch to add this functionality. It has been notably unsuccessful in this.

And last, a Scottish friend has suggested an update to the FTDI EULA: ""In the event o you using chips that urnae oors, we'll set aboot ye, pit teh heid on ye, gang radge and pit yer arduino right oot the windae. And no in that order."
posted by Devonian at 6:57 AM on October 23, 2014 [11 favorites]


zachlipton: What's sad to me is that somewhere, a programmer was told to do this, and he did.
Huh. My initial reaction was that it had to be a programmer, a Techno-Libertarian-Utopian type, who thought of it and cackled with glee when he did it.
JackFlash: Counterfeit USB parts cause real harm to users. They can compromise the entire Plug-and-Play system. Being able to recognize counterfeit parts and removing the counterfeit ID is a benefit to consumers.
If "counterfeit USB parts ... can compromise the entire Plug-and-Play system," then by the same logic, destroying the entire USB ecosystem outright, to spur its replacement with something more robust, would also be "a benefit to consumers" in the long run.

One can justify almost anything with that reasoning. FTDI could deliberately brick competitors' chips, because they're supposedly less reliable and therefore "cause real harm to users." Intel could release mainboard driver updates that brick AMD systems, because hey, the AMD chips suck now. Go buy an Intel, losers! Uh, I mean, obtain some benefits, consumers.
JackFlash: There is little excuse for counterfeit parts getting into the supply system. If manufacturers buy their parts through reputable distributors, every lot of parts will be traced from foundry to assembly factory.
"Reputation" seems like an awfully nebulous, subjective, ill-defined concept to base an engineering system on, particularly when you're taking such a hard line on everything else about this.

In any case, reputations change. They'd be worthless if they didn't. One could certainly adopt the policy you suggest and yet get burned. The free market / global economy / regulatory system can't even establish secure, counterfeit-proof supply chains for airplane parts. Absent a cryptographic DRM-type system (making counterfeiting impossible but with its own attendant evils) there's little reason to think we'll ever have such a thing for $4 ICs.

It's possible for counterfeiting to be bad and for this reaction by FTDI to also be bad.
posted by Western Infidels at 7:33 AM on October 23, 2014 [5 favorites]


FTDI is not damaging the counterfeit device. FTDI is simply refusing to operate with the counterfeit device. It is also removing the counterfeit name inside.

FTDI makes two things. It makes a device driver that does one and only one thing -- communicate with FTDI devices. It also makes FTDI chips that do one and only one thing -- communicate with the FTDI driver.

When FTDI detects a counterfeit device, it simply refuses to operate with it. This has nothing to do with the VID. The device is as bricked as ever because the FTDI driver won't communicate with it. It has nothing to do with the VID.

The VID erasure is a side issue. That is not what bricks the device. FTDI is simply removing their own name from the device that the counterfeiter put in there so that anyone else won't be fooled. What bricks the device is that the driver will not communicate with it.

So if FTDI simply did not erase the counterfeit VID, would you be fine with that? You still have a brick even if they never change a byte in the device. Or would you demand that FTDI write a driver that works with counterfeit chips?
posted by JackFlash at 8:18 AM on October 23, 2014


The reason I mentioned aliexpress is because one can reasonably assume that anything sold there is counterfeit from top to bottom. Glucose monitors for $15. ECGs for $115. Of course it's fake. Anyone can afford it, that's how you can tell.

Maybe in countries where you get to sue people that sort of gear doesn't fly, but I expect to see things like that if I end up in hospital in Cambodia. Explain to me again how it's moral to brick them?
posted by datadawg at 8:23 AM on October 23, 2014 [5 favorites]


As a consumer, I have way of verifying the validity or not of the chips in devices I buy. As a result, the takeaway from this for me is 'never buy anything with an FTDI chip'. Because it could be fake and FTDI will brick the device if so. Therefore, avoid altogether.
posted by Dysk at 8:26 AM on October 23, 2014 [9 favorites]


Maybe in countries where you get to sue people that sort of gear doesn't fly, but I expect to see things like that if I end up in hospital in Cambodia. Explain to me again how it's moral to brick them?

Because it can kill people? Seriously, you are in favor of counterfeit medical devices? What kind of monster are you?

A counterfeit device is by definition inferior. The only reason for counterfeiting is so that you can save money by making an inferior device and then deceiving people into thinking it is a legitimate device.

Copies, clones, generics are great. You make a cheaper product and put your own name on it. Nobody is being deceived. But a counterfeit is something else. It is a deliberately inferior product that is intended to deceive people.

What counterfeit products do you support? Counterfeit HIV drugs that contain only sugar? Counterfeit airbags that blow your face off? Counterfeit corn flakes that contain melamine? Counterfeit Legos that contain lead? Counterfeit $100 bills? -- and have no doubt, the Treasury will confiscate them from you and give you absolutely nothing.
posted by JackFlash at 8:38 AM on October 23, 2014


As a result, the takeaway from this for me is 'never buy anything with an FTDI chip'. Because it could be fake and FTDI will brick the device if so. Therefore, avoid altogether.

And right there you have validated Gresham's Law -- bad money drives out good. Once customers get the idea that there are lots of counterfeit devices with a vendor's name on it, they will avoid those devices because of uncertainty. The only way to prevent devaluation is to eliminate the counterfeits, not pretend there are no counterfeits and look the other way. That never works. Word gets out.
posted by JackFlash at 8:50 AM on October 23, 2014


Because it can kill people? Seriously, you are in favor of counterfeit medical devices? What kind of monster are you?

So instead of having counterfeit devices that "might" lead to a death, they can have non-working devices that will almost certainly lead to deaths. Logic!
posted by Darken Skye at 8:54 AM on October 23, 2014 [10 favorites]


Tymkrs has a great summary of the situation and the pro and con positions.
posted by zamboni at 8:55 AM on October 23, 2014 [1 favorite]


"Whoever...knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to [a computer used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States]" faces fines or imprisonment under the Computer Fraud and Abuse Act.

I wouldn't want to be the person who authorized this right about now.
posted by one more dead town's last parade at 9:01 AM on October 23, 2014 [7 favorites]


No, you compare them to counterfeit HIV drugs that more or less work and have the same compounds but can be afforded by anyone.

To get personal, I have a stack of arduinos for electronics club which I strongly suspect are counterfeit after a blowout on 16VDC. They look like the real thing, had previously performed like the real thing, but were bought by the school from god-knows-who. I have never had a data transfer problem with them, and until the blowout problem I thought they were real. These are not melamine cornflakes.

You're saying these devices shouldn't exist, and I mostly disagree but don't expect any of the opposition to come around on that. My key point is that medical devices like this exist, they may well be relied on for critical care in parts of the world where better is not affordable, and they just got bricked by FTDI. I think that's disgusting.
posted by datadawg at 9:04 AM on October 23, 2014 [4 favorites]


A counterfeit device is by definition inferior.

Not by any definition of counterfeit I've ever read.

Copies, clones, generics are great. You make a cheaper product and put your own name on it. Nobody is being deceived. But a counterfeit is something else. It is a deliberately inferior product that is intended to deceive people.

The counterfeit FTDI chips we're talking about are functionally compatible clones. Are you saying that if they'd marketed the chips under their own name the products would be acceptable, but since they printed "FTDI" on top, the products are inferior?

What counterfeit products do you support? Counterfeit HIV drugs that contain only sugar? Counterfeit airbags that blow your face off? Counterfeit corn flakes that contain melamine? Counterfeit Legos that contain lead? Counterfeit $100 bills? -- and have no doubt, the Treasury will confiscate them from you and give you absolutely nothing.

A trademark infringing but functionally compatible USB to serial chip is in no way comparable to any of those things. As Western Infidels said above: "It's possible for counterfeiting to be bad and for this reaction by FTDI to also be bad."
posted by bradf at 9:04 AM on October 23, 2014 [5 favorites]


The counterfeit FTDI chips we're talking about are functionally compatible clones.

There is simply no way to know that. Most certainly they are not, because if they were tested, they would have their own vendor ID on them and not a counterfeit. You are confusing clones, which are good, with counterfeits, which are bad.

you compare them to counterfeit HIV drugs that more or less work and have the same compounds but can be afforded by anyone.

No, counterfeit drugs generally don't more or less work. You are confusing generics and counterfeit. Generics are cheap clones. They will be tested. They have their own name on them and everyone knows exactly what they are getting. It can't be confused with a name-brand drug.

Counterfeits are pretending to be something they are not. The primary reason for counterfeiting is to cover up the fact that they are inferior, untested products. What is to prevent someone from buying up all of those counterfeit drugs and selling them in the U.S. as legitimate products? Then no one knows what they are taking for their medical condition.
posted by JackFlash at 9:18 AM on October 23, 2014


There is simply no way to know that. Most certainly they are not, because if they were tested, they would have their own vendor ID on them and not a counterfeit.

First, buying a vendor ID doesn't require testing. Second, they were certainly tested to be functionally compatible with the chips they're counterfeits of.
posted by bradf at 9:25 AM on October 23, 2014 [1 favorite]


JackFlash: The VID erasure is a side issue. That is not what bricks the device.
This does not agree with the other things I'm reading about this in other places. Once the new driver connects to the device, the device won't work at all anymore, even if the user rolls back to an old driver or moves the device to another PC with an old drivers. It seems to have come to light in exactly this way; devices that were habitually used with several different computers stopped working - everywhere - after Windows Update quietly dropped a new driver into one Windows system the device was sometimes connected to.

The "bricking" is happening because the device - which FTDI does not own in any sense at all - is being modified. The ID erasure is the whole issue. It is the only reason anyone is angry about this.
FTDI is simply removing their own name from the device that the counterfeiter put in there so that anyone else won't be fooled.
Would you be OK finding out that government contractors have been regularly riffling through your wallet, looking for counterfeit money? Would you defend their right to confiscate, from you, goods you unknowingly purchased with counterfeit money? Do you believe for a second that as a first-world, technologically-connected person, your own possessions are somehow magically free of the taint of counterfeit parts? Have you actually checked all the parts in your PC, your laptop, your phone, your automobile, your television, DVR, etc.? Have you in fact checked any of them? Would you really be content if some or all of those machines stopped working because a semiconductor manufacturer who didn't make any of the parts they contained decided it should be so?
So if FTDI simply did not erase the counterfeit VID, would you be fine with that? You still have a brick even if they never change a byte in the device.
That's contrary to my understanding. Correct me if I'm wrong: Without the ID erasure, the device with a counterfeit chip could still be made to work with the older drivers it likely shipped with, or with open-source drivers on Linux, etc. It just wouldn't work with the latest official FTDI drivers. I'd be fine with that.
...would you demand that FTDI write a driver that works with counterfeit chips?
I wouldn't demand it, but given that FTDI have in fact been doing just that for years, and it's likely part of the reason they're in such a dominant position in their niche, it doesn't sound as zany as I guess you think it sounds.
posted by Western Infidels at 9:29 AM on October 23, 2014 [5 favorites]


JackFlash, you keep making analogies to other counterfeit products that are often seized by law enforcement with no recompense to the end user.

But in zero of those cases is it OK for a private company whose stuff is being counterfeited to use vigilante tactics and take or destroy counterfeit stuff from people without the involvement of law enforcement.
posted by straight at 9:30 AM on October 23, 2014 [9 favorites]


buying a vendor ID doesn't require testing.

If a device is tested, it must have its own vendor ID. If it doesn't have its own vendor ID, then it is using a counterfeit ID, and it most certainly has never been tested because to do that, it has to be submitted to the USB org for testing with a valid ID.

If a vendor has their own ID and fails to do testing, at least the customer can distinguish it from tested parts with different IDs. A counterfeit ID allows an untested part to pretend to be a tested part in order to deceive customers.

They were certainly tested to be functionally compatible with the chips they're counterfeits of.

That is most certainly not true. The primary reason for counterfeiting is to avoid the substantial costs of certification. Just because you can plug in a device and it seems to work does not mean that it is compliant.

Here (PDF) is just a preliminary checklist for USB compliance. It can take months to complete a compliant design. Failing one parameter can require a re-spin of silicon. It is a very complex analog electrical design process if that means anything to you. It's not just digital transistors and firmware. Finally, after you think your design is compliant, then you must submit the device to a USB test lab where results will be verified and it will be tested with other USB devices and hosts to determine compatibility. A non-compliant device can take down the USB bus. You won't necessarily know this just plugging in the device.

A counterfeit device most certainly did not complete all of this testing. If they did, they could simply get their own vendor ID and sell it under their own name. So no, it isn't functionally compatible. It is a counterfeit intended to deceive customers that it is functionally compatible.
posted by JackFlash at 10:05 AM on October 23, 2014


JackFlash, I think you've taken the wrong meaning from Dysk's comment. The new driver (and the older Prolific one that caused the BSOD) just creates the impression among the general population that USB things are flaky and frequently experience silent unexplained device failures. The damage to the FTDI brand is that anyone with some EE experience and who can recognize an FTDI chip now knows to avoid it, either in their design or in other people's designs. In fact the generic Arduino clones are agile enough that they have already moved to a different chip and are already advertising that they are using the CH340.

Star Simpson summed it up with a pithy tweet:
Today @FTDIChip ensures it is protecting innovation, by causing entire hardware community to ask how we can make devices without FTDI.
It seems to me that the right thing to do would have been to bring up a dialog of some sort that provides a useful error message or warning. As it is now, the end-users have no idea why their device is no longer communicating with their computer. There is no error message to search for and no indication that the issue is a known-problem as opposed to a random hardware failure. A clear dialog box that says "We think this device uses a counterfeit FTDI chip and therefore will not communicate with it" at least provides some useful feedback.

My question to those arguing in favor of FTDI's punish-the-end-user approach is simple: why is bricking the device better than a warning dialog?
posted by autopilot at 10:19 AM on October 23, 2014 [7 favorites]


I'm not very tech-savvy when it comes to things like ICs. I bought an Arduino to play with a few years back, and haven't done much with it recently. Now, if I understand correctly, I have to be afraid of hooking it to any Windows machine because the updated driver may intentionally brick it - because of a decision that the hardware manufacturer made (or, potentially, that the supplier to the hardware manufacturer made without informing them).

So I guess my question is this: how is any of this my fault? FTDI basically gets to waltz into my home and knowingly break my Arduino because of a manufacturing decision? A warning would make me mad at the place I bought my Arduino from. Disabling the USB functionality of the device makes me mad at FTDI.

It seems to me that my only recourse is to never buy things with FTDI chips in them again, unless I made the thing and sourced the chips myself to ensure that they were genuine.

Oh well, I didn't really want to get into microcomputing anyway.
posted by Kortney at 10:23 AM on October 23, 2014


It seems to me that the right thing to do would have been to bring up a dialog of some sort that provides a useful error message or warning.

A USB device driver can't just throw up a dialog box. An application can do that but the device driver can't. FTDI doesn't write the application. You write the application or buy application software.

The USB device driver is simply a connection between the plugged in USB device and the operating system's USB host driver. There is no dialog message passing mechanism between them.

how is any of this my fault?

It isn't. (Well, unless you intentionally buy from cheap sketchy vendors you aren't entirely off the hook. Incidentally, as far as the reports so far, this has only shown up for Arduino users who intentionally avoided certified Arduino products on the Arduino website and intentionally bought cheap chinese uncertified Arduino products).

Passing a counterfeit $100 bill may not be your fault either, but it will be taken away from you with no compensation. Who is at fault isn't the issue. The issue is the counterfeits must be destroyed. Counterfeits cause harm to everyone in the market. It's not just about you.
posted by JackFlash at 10:49 AM on October 23, 2014


Passing a counterfeit $100 bill may not be your fault either, but it will be taken away from you with no compensation.

The government has the authority to do this. FTDI and other private corporations do not.
posted by one more dead town's last parade at 10:54 AM on October 23, 2014 [4 favorites]


FTDI is not a government. Their devices are not currency. Passing a counterfeit $100 bill is not the same as using a device that contains another device that allegedly infringes on someone's trademark.
posted by bradf at 10:59 AM on October 23, 2014 [5 favorites]


When you say that these devices are bricked with a 0 VID is that because they only every work if they have a VID that causes FTDI's driver to load and make the thing work?

I think this is obviously going to end badly for FTDI but I think that it might be for the best. There's a lot of indignation in this thread but also the few comments representing the reality that lots of people are fine with counterfeits and not into paying anyone for software.

I don't really care to debate with that attitude. Live by the sword die by the sword. If you believe in the cyberpunk free-for-all then prepare to defend yourself.
posted by Wood at 11:10 AM on October 23, 2014 [1 favorite]


And USB should make VIDs cryptographic.
posted by Wood at 11:11 AM on October 23, 2014


Passing a counterfeit $100 bill is not the same as using a device that contains another device that allegedly infringes on someone's trademark.

This is not about trademarks. This is about counterfeits.

Patent, copyright and trademark law are very detrimental to markets. I favor open copying, cloning and generics. Counterfeiting has nothing to do with that.

Counterfeiting is not copying or cloning. It is deceiving someone into thinking a product is something it is not. That is a crime. It harms everyone in the market. If you cannot trust that a product is legitimate, then all products become suspect. This is the basis for Gresham's Law. It is the topic of the Nobel Prize for Akeloff, Spencer and Stilitz. It causes great harm to markets and great harm to consumers.

lots of people are fine with counterfeits and not into paying anyone for software.

Again the confusion between a copy and a counterfeit. If people buy bootleg software, they know they are getting a copy. There is no intent to deceive.

If they by bootleg software in a Windows CD case with the Windows logo and Windows hologram, they are buying a counterfeit. They don't realize that they are buying a copy. The intent is to deceive the consumer. Those two cases are entirely different. The problem with counterfeits is that you never know what you are getting. Even legitimate products become suspect which harms everyone.
posted by JackFlash at 11:23 AM on October 23, 2014


JackFlash, my point is plenty of consumers, just as much as any other people who claim ignorance in the supply chain, actually are aware that they have questionable sources and they don't care. Just like the raybans on the street. I'm saying some people are fine with counterfeits as well as copies.
posted by Wood at 11:33 AM on October 23, 2014


The USB ecosystem works because there's a lot of effort taken by manufactures to make sure they build compliant devices and get them registered.

Having worked on USB host driver code: *hollow laugh*.

A lot of the USB ecosystem -- at least in the Mass Storage class -- works mostly because Microsoft, Apple, and Linux bend over backwards to accommodate quirky not-quite-within-spec devices.

Cheap devices are an nightmare of shoddy implementation and corner-cutting. Windows has always done its best to accomodate such devices -- if you can identify the device, you can work around its specific quirks and bugs. And so there is a bit of a race towards the bottom: "but it works in Windows" pressures all other OSes to make the same accommodations.

(And it is a good question why a device-specific driver is needed here, while most mass storage, video, audio, and PTP (cameras etc) devices do just fine with the generic OS-supplied class drivers. There is a CDC class in USB that would be suitable, but most vendors apparently roll their own vendor-specific implementation.)
posted by We had a deal, Kyle at 11:38 AM on October 23, 2014 [5 favorites]


This is not about trademarks. This is about counterfeits.

Wait, what? Trademarks have everything to do with this. A counterfeit product is, pretty much by definition, one that uses someone else's trademark without authorization. Don't believe me, let's ask the International Trademark Association's factsheet, with its handy question #1: "What is counterfeiting?" (emphasis added):
Counterfeiting is the practice of manufacturing goods, often of inferior quality, and selling them under a brand name without the brand owner’s authorization. Generally, counterfeit goods are sold under a trademark that is identical to or substantially indistinguishable from the brand owner's trademark for the same goods, without the approval or oversight of the trademark owner.
Counterfeit currency or license plates, which you seem to keep conflating this situation with, are slightly different, since there it is the government with the exclusive right to make such products. Here, some people are making and selling products with FTDI logos silkscreened on to them and are claiming that they are FTDI products. FTDI has not authorized them to use their trademarks. Thus the people making such products are committing trademark infringement. That's what makes the products counterfeit.

If the manufacturers labeled the chips "Brand X Cheap USB Serial IC" and had them return their own vendor IDs, there'd be no trademark infringement. The products also wouldn't be counterfeit. You can't have one without the other.
posted by zachlipton at 11:52 AM on October 23, 2014 [4 favorites]


my point is plenty of consumers, just as much as any other people who claim ignorance in the supply chain, actually are aware that they have questionable sources and they don't care. Just like the raybans on the street. I'm saying some people are fine with counterfeits as well as copies.

Well, then that is wrong and selfish and anti-social because they are harming other consumers with counterfeits. A Rayban copy is fine. It doesn't harm other consumers. But don't put a Rayban logo on it to deceive people that it is something it is not. When you do that, now no one knows if they are buying the real thing or a counterfeit. Counterfeits can be bought up and resold as fake legitimate products. Would you be happy to pay full price and later find out you had a cheap counterfeit? Counterfeits harm consumers.

This isn't about protecting manufacturers. This is about protecting consumers.

That's the difference between copies and counterfeits. Patents and other bans on copying are to protect manufacturers to the detriment of consumers. Bans on counterfeits are the opposite, about protecting consumers. You would think that progressives would understand the difference.
posted by JackFlash at 11:53 AM on October 23, 2014


I've dabbled a bit with the USB protocol on Microchip PICs. Yes there's alot behind the whole USB ecosystem, but the work's mostly done, and there are full compliant USB stacks available as open-source for many popular parts. Microchip and others provide free or low-cost PIDs for people using their part in small-volume production. So USB compliance is just about a commodity now.

jackFlash: A counterfeit device is by definition inferior.

Not true... FTDI developed a reliable and popular part, kudos to them, but the design is several years old now, USB to serial isn't rocket science, and from a functional standpoint, it's entirely possible to whip up an equivalent clone in firmware running on one of many available small microcontrollers. Which is what these copy chips are, essentially.

The primary reason for counterfeiting is to cover up the fact that they are inferior, untested products.

Not necessarily. People counterfeit because the profit margin is tempting and they can trade on the existing infrastructure (drivers) and brand-name cachet. Let me ask you this- if these particular counterfeit FTDI chips are technically inferior, why have they been selling so well for so long? Wouldn't users and manufacturers already have been burned?

A USB device driver can't just throw up a dialog box. An application can do that but the device driver can't. FTDI doesn't write the application. You write the application or buy application software.

Wrong. Our Windows PCs are thick with drivers that have accompanying GUIs, status panels, tray icons etc etc. Drivers can also throw error messages out to the OS. FTDI could do whatever they want in that regard.

Just about all of us agree that FTDI is under no obligation to have their drivers support the counterfeit. Silently bricking the offending hardware is not the best response, and doesn't win the consumer over to your side, the way a clear onscreen explanation would.

Anyway, this will play out in a number of ways:
- the hardware fixes have appeared
- the counterfeiters will disable some or all of the ability for driver software to change vid, pid etc. Or, reset those values at every power-up. Easy peasy.
- drivers aren't that hard. Some programmer or team will produce an open-source driver that will play nicely with both FTDI and the clones, and the savvy will adopt it
- FTDI will (has) become a risky vendor to source from, because unless your supply chain is squeaky-clean, you now have the risk of shipping perfectly working devices that the FTDI windows driver will disable.
- FTDI's competitors will be able to grab some market share by reassuring clients that they won't pull the same shit.
posted by Artful Codger at 11:56 AM on October 23, 2014 [5 favorites]


A Rayban copy is fine. It doesn't harm other consumers. But don't put a Rayban logo on it to deceive people that it is something it is not.

Yes. We all pretty much agree with that. Trademark infringement = bad. But we're living in the here and now, where lots of people have a bunch of counterfeit Ray-Bans and don't even know it. It's unacceptable for Ray-Ban to pay thugs to run around ripping the counterfeit glasses off of people's heads.

Except instead of counterfeit Ray-Bans, which you might have some inclination that you have (e.g. you bought them from some guy on the sidewalk on Canal St. for five bucks), you're talking about a chip buried deep inside another product with at least several layers of middlemen between the end-user and the manufacturer. As others have discussed at length above, the supply chains on this stuff are anything but transparent, and even careful people who aren't going for too good to be true deals can be burnt.
posted by zachlipton at 12:01 PM on October 23, 2014 [1 favorite]


So if FTDI simply did not erase the counterfeit VID, would you be fine with that? You still have a brick even if they never change a byte in the device. Or would you demand that FTDI write a driver that works with counterfeit chips?

Here's the issue. FTDI wrote drivers that worked with counterfeit chips up until a certain point. They then (after an intermediate step when the drivers simply didn't work with counterfeits) wrote a piece of malware that attacks chips that they think are counterfeit, and bundled it with a new release of the driver.

You can claim all you want that what this malware does is legitimate, noble, or even protecting consumers. That doesn't mean that it is not malware, which is any software that is written to disrupt computer systems. Its purpose is specifically to disable certain devices that try to work with it. They used Windows Update to distribute this malware, which I'm sure is going over great with Microsoft. And they have been shredding their reputation by defending their decision to bundle this malware with their device drivers.

Even if this stood up in court under the EULA, FTDI is now a company that has knowingly distributed malware, and not trustworthy. I certainly couldn't recommend that anyone use any devices with their brand on it. Having your product counterfeited doesn't mean that you should distribute malware; two wrongs do not make a right.
posted by graymouser at 12:05 PM on October 23, 2014 [6 favorites]


Is it too late to point out that, given the topic of this thread, JackFlash's name is a bit eponysterical?
posted by one more dead town's last parade at 12:18 PM on October 23, 2014 [2 favorites]


It's sort of surprising that people who would get all up in arms with outrage if they found out Whole Foods were selling regular carrots as organic defend their right to keep their counterfeit microchips. It is really a libertarian, anti-progressive position.

I'm just guessing about the inconsistency, but I suspect it has something to do with Boyz Toyz.
posted by JackFlash at 12:19 PM on October 23, 2014 [1 favorite]


It's sort of surprising that people who would get all up in arms with outrage if they found out Whole Foods were selling regular carrots as organic defend their right to keep their counterfeit microchips.

If non-organic carrots branded as organic were made to rot in your mouth as soon as you bite into'em, you'd have a point.
posted by Artful Codger at 12:22 PM on October 23, 2014 [2 favorites]


I'm doubly glad I've been moving away from FTDI chips for a while now. As mentioned above, it is easy to find boards that work with class-compliant USB drivers - the idea of needing to install specialized drivers to work with FTDI devices seems really awkward, especially if you are developing devices for other people to use.

Also, mac OS 10.9 began bundling FTDI drivers with the OS - anyone know if it is as simple as bundling the as-is FTDI drivers or whether apple re-engineered the drivers themselves? I'm curious as one of my reasons for moving away from FTDI chips is its flaky behaviour.
posted by ianhattwick at 12:28 PM on October 23, 2014


I had to deal with Microsoft's WHQL in the past. (They're the folks that handle the tests that you have to pass to put the Windows logo on your hardware product box, etc.) Given the volume of incidents that MS Support is likely getting from (understandably uninformed) customers about "this used to work; now this doesn't work," and the huge, huge, huge premium MS puts on never ever (ever ever ever) breaking things, I can almost guarantee that someone from Microsoft is Having A Polite Phone Call with the fine folks at FTDI.

Regardless of your viewpoint on the ethics, legality, etc., this is likely a Big Deal in support departments all over. It certainly is going to be in my company, where our users use lots of USB-to-serial devices to control and interface with our products. Eventually, the dollars wasted in support departments, Microsoft and ours and all over, will cost FTDI big time. You can better believe that we're going to seriously consider this when looking at bridge chips in the future.
posted by introp at 12:41 PM on October 23, 2014 [5 favorites]


This is maybe a dumb question, but why do drivers even exist? I have trouble believing that right now, in 2014, that the compartmentalization of device and driver serves any other purpose than to allow DRM takedowns like this and to allow planned obsolescence.

I would wholeheartedly pay an extra $1-$5 for my device to have a plaintext XML driver specification accessible through a standardized protocol built into the device. It's utterly unconscionable that I have to replace a perfectly good scanner and send it to the landfill because the latest driver was last supported in Windows XP. Plug and Play should mean that I can plug the device into just about any dang thing (OS X, Windows, Linux, Android, I dunno, Solaris...) and have the device just work. The input/output scheme of a scanner or a pedometer or a Power Glove is not so complicated that I should have to dig around on web sites either proprietary or sketchy to download binary executables to get the dang thing to work.
posted by Skwirl at 12:41 PM on October 23, 2014 [1 favorite]


Drivers exist because most things are pretty hard (if not practically impossible) to standardize. As mentioned above, the interfaces to things like Human Interface Devices (e.g., keyboards and mice) and USB Mass Storage devices (thumb drives) are standardized. A lot more stuff like basic scanners *could* be if standardization weren't so danged difficult. Standards bodies have to answer to all their members, and they typically end up in compromises that don't satisfy the extreme edges of needs (lowest cost, highest performance, whatever). And drivers don't just take data from a device: they are often tightly coupled to device specifics, do off-loading of work from the device so it can be made cheaper, etc.

If you look at standardized devices of the past, only the really base-line functionality tends to get standardized. Everything else changes too fast. Keyboards are pretty much always keyboards. If you build a fancy keyboard with a little display for your tweets, you have it appears as two USB endpoints: one bog-standard HID keyboard and a second proprietary device that requires a driver to communicate with the display. You could argue that something like "generic display device" could be standardized, and you'd be right, but where's the value to a bunch of companies with wildly disparate needs sitting down and doing that?

USB storage drives are another great example. The USB mass storage device class was standardized long ago. It works great! You can plug in your flash thumb drive or your hard drive in an external enclosure. But what if you want access to features that weren't around when the USB MSC was designed? Stuff that no one had really dreamed up yet, like drives that support secure erasing or higher-performance versions of commands? Are you going to update all 200 programs on your computer to send the new XML "secure erase" command when appropriate, or are you going to update one driver that knows when to send it? Is Microsoft going to provide that driver when you're the only person making this new drive? Eventually some of that stuff gets standardized (like UAS for USB hard drives) and future hardware doesn't need the drivers. But the most interesting part of technology always happens out at the leading edge and that's where electronics have been for a long time.
posted by introp at 1:27 PM on October 23, 2014 [3 favorites]


If non-organic carrots branded as organic were made to rot in your mouth as soon as you bite into'em, you'd have a point.

This. If you set it up so that I can't use my counterfeit device on a computer, that's annoying (because I probably bought it thinking it was okay) but a perfectly valid thing to do. If you maliciously modify my counterfeit device with the explicit purpose of causing it to not work anywhere? That's kind of an asshole move.
posted by rmd1023 at 1:32 PM on October 23, 2014


And right there you have validated Gresham's Law -- bad money drives out good. Once customers get the idea that there are lots of counterfeit devices with a vendor's name on it, they will avoid those devices because of uncertainty.

Actually, I was fine with risking getting a counterfeit when FTDI weren't bricking them.
posted by Dysk at 4:40 PM on October 23, 2014 [2 favorites]


It's sort of surprising that people who would get all up in arms with outrage if they found out Whole Foods were selling regular carrots as organic defend their right to keep their counterfeit microchips. It is really a libertarian, anti-progressive position.

Aww. Cute stereotype, dude.

But you're wrong about that, too.
posted by Sys Rq at 4:53 PM on October 23, 2014 [2 favorites]


So many analogies. They don't work.
posted by smackfu at 4:59 PM on October 23, 2014


IANATechnician, but here's my attempt at a technical summary:

All USB devices are identified by a Vendor ID (VID) and Product ID (PID). You get a VID by paying money for a USB license and possibly jumping through some other hoops; you can then assign up to 65,536 PIDs to the devices you make.

When you connect a USB device, the thing you attach it to will identify it from the VID and PID. If it doesn't recognise the VID and PID it will not work.

FTDI manufactures FT232 chips, which are used as part of a connection between USB and serial devices. They distribute device drivers to allow computers to recognise and communicate with these chips. The device drivers are distributed automatically for Windows by Microsoft. Other operating systems have different mechanisms for distributing their own equivalents to Windows' device drivers.

FTDI's latest device driver for Windows will change the PID on counterfeit FT232 chips. The PID is set to zero.

The fact that the PID is now zero means that operating systems - Windows, OS X, Linux, whatever - will think they are talking to a new, unrecognisable device. They will not be able to communicate with it, and the device is consequently described as a "no more than a brick"; it has been "bricked".

If you know how to edit your operating system's configuration files directly you may be able to tell it how to recognise the USB device with its new PID and/or restore the old PID. This isn't hard on Linux. I expect that it is similarly easy on OS X, difficult on Windows.

It is important to remember that the change to the USB device's PID happens when it is plugged into a Windows computer. The change will remain even if it is subsequently plugged into other computers. If you restore the old PID and then connect the device to a Windows computer, the PID will be set back to zero again.

FT32 has tried to apply the same behavior to Linux, but their attempt was rejected. I don't know about OS X.
posted by Joe in Australia at 5:20 PM on October 23, 2014 [2 favorites]


FTDI's latest device driver for Windows will change the PID on counterfeit FT232 chips.

s/counterfeit FT232 chips/FT232 chips that FTDI asserts are counterfeit/

It's sort of surprising that people who would get all up in arms with outrage if they found out Whole Foods were selling regular carrots as organic defend their right to keep their counterfeit microchips. It is really a libertarian, anti-progressive position.

If Whole Foods were selling regular carrots as organic, we'd hope to see government action against WF. This isn't government action. This is like organic carrot farmers breaking into a Whole Foods and stealing all the carrots they claim aren't really organic.
posted by ROU_Xenophobe at 5:44 PM on October 23, 2014


Yeah, I'd be pretty pissed if some Del Monte employee came into my house and rendered my dinner useless (by say, chucking a pound of salt in it) just because the tomatoes I'd cooked it with had been sold at my local shop as Del Monte branded when they actually weren't. Whether those tomatoes would have passed the brand's quality control (which is what's relevant to me as a consumer, not whether they've actually been through the brand's quality control process) is not going to be on my mind in that instance. I'm just going to be pissed at Del Monte and swear never to buy anything bearing their name again.

How's that for a stupid but actually analogous analogy?
posted by Dysk at 5:52 PM on October 23, 2014 [5 favorites]


(Actually, it'd be more like my ready meal being ruined by the brand folks for having been made at the factory with tomatoes incorrectly labelled with their brand name. After all, it's not like I'm buying fake FTDI chips and making USB/serial interfaces, I'm buying a pre-constructed product that contains their chip.)
posted by Dysk at 6:03 PM on October 23, 2014


Update: Microsoft gave the following statement to Ars Technica :
Yesterday FTDI removed two driver versions from Windows Update. Our engineering team is engaging with FTDI to prevent these problems with their future driver updates via Windows Update.
So... have they walked it back?
posted by Artful Codger at 6:18 PM on October 23, 2014 [2 favorites]


And this morning, the tweets from FTDI that were linked in the OP are... gone. Sounds like a full retreat.

All's well that ends well, I guess.

(In case anyone's unclear on my own position, it's this: I don't condone counterfeiting, and although I do buy electronics from China, usually via ebay, I don't intentionally seek out counterfeit devices. I'm just looking for a good deal, the same as FTDI and just about every other manufacturer who have moved their production and manufacturing offshore. I expect (hope) that the industry is self-policing and that the governments would call out and take action against counterfeit goods... except that in hi-tech... they don't, do they, other than the cell-phone makers suing each other over rounded corners. Look at the successful IPO for Alibaba - if it's a den of counterfeiting, then why is it the stockmarket's new darling?

It's pretty clear to me that in the push for globalization of trade, a certain amount of such behaviour was expected and even tacitly condoned. How much of the new product flooding our shelves are knock-offs, clones, or near-shameless copies of popular western products? Sticking someone else's logo on your part is simply the last step.

Back on-topic - FTDI would be entirely justified in having their drivers detect counterfeit parts, alerting the user to the presence of the fake, and then, refusing to work with it. That's useful and instructive behaviour. Causing a crash, BSoD, or bricking the device - that's just being vigilantes and setting a terrible precedent.)

posted by Artful Codger at 5:22 AM on October 24, 2014 [2 favorites]


We appreciate your feedback, comments and suggestions.

As you are probably aware, the semiconductor industry is increasingly blighted by the issue of counterfeit chips and all semiconductor vendors are taking measures to protect their IP and the investment they make in developing innovative new technology. FTDI will continue to follow an active approach to deterring the counterfeiting of our devices, in order to ensure that our customers receive genuine FTDI product. Though our intentions were honorable, we acknowledge that our recent driver update has caused concern amongst our genuine customer base. I assure you, we value our customers highly and do not in any way wish to cause distress to them.

The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user’s hardware being directly affected.

As previously stated, we recommend to all our customers to guarantee genuine FTDI products please purchase either from FTDI directly or from one of our authorised distributors. http://www.ftdichip.com/FTSalesNetwork.htm

If you are concerned that you might have a non-genuine device, our support team would be happy to help out.

Yours Sincerely

Fred Dart – CEO
posted by scruss at 5:24 AM on October 24, 2014 [1 favorite]


That sounds to me like they're planning to release a driver that doesn't work with (what they believe to be) counterfeit devices, but won't modify the hardware itself. I guess that's better, but from my personal practical point of view it's the same thing. If I do a Windows Update, I run a risk of my devices no longer functioning for me.

The CEO says "If you are concerned that you might have a non-genuine device, our support team would be happy to help out." I am concerned that I might have a non-genuine device. Not because I bought from some outfit that seemed shady to me, but because it seems like this counterfeiting is a pervasive problem that could have affected even companies that seem reputable enough to me without them even knowing, and certainly without me knowing. So I'm concerned that Windows Update will in a practical sense kill my device, regardless of whether it kills it via an invasive method.

So I'd like to know how their support team will help me out. Will they release a program to detect (supposed) counterfeits, so that you can tell whether or not you can feel comfortable with updating the drivers?
posted by Flunkie at 6:11 AM on October 24, 2014


If the new driver doesn't work with your device, than you can just go back to the old driver. Much better than not being able to go back to the old driver because the hardware was updated.
posted by smackfu at 6:30 AM on October 24, 2014


Flunkie > That sounds to me like they're planning to release a driver that doesn't work with (what they believe to be) counterfeit devices, but won't modify the hardware itself. I guess that's better, but from my personal practical point of view it's the same thing. ... So I'm concerned that Windows Update will in a practical sense kill my device, regardless of whether it kills it via an invasive method.

what FTDI was doing with the most recent contentious driver was... killing (more accurately, reversibly paralyzing) the hardware. Going forward, the FTDI driver will (presumably) just refuse to work with detected counterfeit hardware. A huge difference from bricking. Who could fault FTDI for refusing to support counterfeits?

Will they release a program to detect (supposed) counterfeits?

That might be an interesting thing to do. Otherwise, if the new driver triggers some sort of message, as I hope it will... there's your counterfeit detection. Now aware that you have hardware that contains a counterfeit FTDI chip, you have several options:

- toss the hardware, or go back to your supplier and demand a replacement with no counterfeit parts.
- roll back your Windows FTDI driver to the last one that worked (find and save it NOW, kids)
- use the hardware with a Linux OS, which I expect will always have drivers that will run with FTDI or ccounterfeits, assuming that FTDI has no technical or legal way block that.

Again, it's unreasonable to expect any manufacturer to support hardware that has ripped off their IP. (but don't go all vigilante and brick it)
posted by Artful Codger at 7:58 AM on October 24, 2014


If the new driver doesn't work with your device, than you can just go back to the old driver.

So you would continue to use a device that you know to be an illegal counterfeit? Hey, not my problem?

Would you be willing to sell it to someone else on eBay?
posted by JackFlash at 8:06 AM on October 24, 2014


So you would continue to use a device that you know to be an illegal counterfeit?

Yes, I would continue to use a device that I suspect of containing a $2 chip that FTDI claims is infringing on their trademark until I could afford to find and purchase a device that doesn't contain any FTDI chips.
posted by bradf at 8:43 AM on October 24, 2014 [7 favorites]


Not everyone is in a position to replace hardware, especially when the overarching economic picture isn't so rosy. IT departments typically don't operate on what is considered the highest ethical position, but rather what is the most practical solution given budget constraints and competing needs. Good luck trying to convince the business world to care otherwise.
posted by krinklyfig at 8:51 AM on October 24, 2014


So you would continue to use a device that you know to be an illegal counterfeit? Hey, not my problem?

This isn't illegal, and there's good reason for that. It's illegal to sell something as something it isn't, it's not illegal to be on the receiving end of that deception.

Would you be willing to sell it to someone else on eBay?

Sure, why not? I'd not that it was a fake, of course, but it's not like FTDI see money from second-hand sales anyway.
posted by Dysk at 9:24 AM on October 24, 2014 [1 favorite]


E-bay's very harsh on selling counterfeits (previously), dysk. This might make it very hard to sell real FTDI-based products on eBay and get paid: you buy it, immediately claim it's fake, eBay refunds your money, seller gets no money for transaction ...
posted by scruss at 10:19 AM on October 24, 2014


E-bay's very harsh on selling counterfeits (previously), dysk.

Maybe, but things like counterfeit console controllers for example are rife. The product itself might not be counterfeit (i.e. not actually using brandnames/logos), but they're sure being sold that way (which I suppose just makes it an incredibly unconvincing counterfeit).
posted by Dysk at 10:26 AM on October 24, 2014


You could probably sell a third-party console controller without mentioning any protected IP. It's going to be really hard to describe an FTDI interface without using those magic four letters. Also, with the new windows drivers, the thing won't work, so the buyer has a legitimate cause for a refund.
posted by scruss at 12:33 PM on October 24, 2014


"Replacement USB cable, works with foo car interface / bar IR emitter / baz HR monitor, driver disk included"

done.
posted by tigrrrlily at 12:58 PM on October 24, 2014


You could probably sell a third-party console controller without mentioning any protected IP

You probably could but many eBay sellers don't. In fact, they'll blatantly lie about what their product is ("official ps3 controller Sony" with a picture of a cheap knockoff wired controller, for example)
posted by Dysk at 1:18 PM on October 24, 2014


So you would continue to use a device that you know to be an illegal counterfeit? Hey, not my problem?

Well, it's certainly better to have the choice. I'll make my own moral decisions.
posted by smackfu at 1:53 PM on October 24, 2014 [1 favorite]


Relevant amusing thread in the LKML.
posted by Poldo at 2:15 PM on October 24, 2014 [3 favorites]


Another alternative is the ATMega 8/16/32u. Since Arduino Unos, they've dropped FTDI in favor of an ATMega8u, which is reconfigurable to use whatever VID/PID you want to make up. This is all the more reason to abandon FTDI for new designs. I already did.
posted by Hello Dad, I'm in Jail at 2:58 AM on October 26, 2014 [1 favorite]


« Older "Portraits carry a weight, they are seen as...   |   The Kids At Duke Are Going To Love This Newer »


This thread has been archived and is closed to new comments