Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Hardware Technology

FTDI Removes Driver From Windows Update That Bricked Cloned Chips 572

New submitter weilawei writes: Last night, FTDI, a Scottish manufacturer of USB-to-serial ICs, posted a response to the ongoing debacle over its allegedly intentional bricking of competitors' chips. In their statement, FTDI CEO Fred Dart said, "The recently release driver release has now been removed from Windows Update so that on-the-fly updating cannot occur. The driver is in the process of being updated and will be released next week. This will still uphold our stance against devices that are not genuine, but do so in a non-invasive way that means that there is no risk of end user's hardware being directly affected." This may have resulted from a discussion with Microsoft engineers about the implications of distributing potentially malicious driver software.

If you design hardware, what's your stance on this? Will you continue to integrate FTDI chips into your products? What alternatives are available to replace their functionality?
This discussion has been archived. No new comments can be posted.

FTDI Removes Driver From Windows Update That Bricked Cloned Chips

Comments Filter:
  • by jabuzz ( 182671 ) on Friday October 24, 2014 @08:39AM (#48220171) Homepage

    They are a Scottish firm subject to U.K. Law (specifically Scottish law). As such unauthorised modification of computer materials is a criminal offence punishable with a maximum sentence of six months in jail or a 5000GBP fine.

    Stopping their device driver working with clone/counterfeit chips is fine. Making modifications to data help on such chips is outright illegal.

    • Ten years, if it's decided to be more serious and is handed over to thehigher courts to prosecute.

    • by khasim ( 1285 ) <brandioch.conner@gmail.com> on Friday October 24, 2014 @08:48AM (#48220231)

      And even without the law it seems fairly simple.

      You do not INTENTIONALLY break equipment that you do not own. You do not do that. No matter how you feel about that equipment. Particularly when the person who now owns said equipment has no idea that there is a problem.

      And I'd be wary of any company that could not understand that.

    • Re: (Score:2, Interesting)

      Comment removed based on user account deletion
      • by jabuzz ( 182671 ) on Friday October 24, 2014 @08:59AM (#48220319) Homepage

        Two wrongs don't make a right, was hopefully something that your parents taught you when you where quite small.

        The issue is that the FTDI driver is deliberately reprogramming a chip that is not theirs and for which they have no authorisation to do so. This is an unauthorised modification and illegal.

        You cannot stick something in a license agreement that allows you to break the law, because the courts will hold that part of the license agreement null and void.

        As many many people have said the right and legal thing was to simply stop working and post a message to the user that the chip is a counterfeit/clone.

        • Re: (Score:2, Informative)

          by Andy Dodd ( 701 )

          "The issue is that the FTDI driver is deliberately reprogramming a chip that is not theirs"

          Except they're only doing this to their USB VID/PID - which IS THEIRS.

          If you use FTDI's VID/PID, you're trying to pass yourself off as an FTDI chip, and it is YOUR FAULT ALONE if an operation that does not cause issues on genuine FTDI hardware does bad things to your own.

          (If you look at the decompiled code, the driver attempts to write the EEPROM on all hardware. However, genuine FTDI hardware won't actually START th

          • Re: (Score:3, Informative)

            by Anonymous Coward

            And that argument would absolve them if the bricking was accidental due to the VID/PID issue. Unfortunately their subsequent blog post on the topic has them admit it was intentional. This makes their actions illegal.

          • by QuasiSteve ( 2042606 ) on Friday October 24, 2014 @10:39AM (#48221633)

            Except they're only doing this to their USB VID/PID - which IS THEIRS.

            That may be a matter of interpretation.

            They are changing a number which is theirs (not sure if they'd have IP law on their side, or only the USB association's 'hear, hear!').

            However, this change occurs by actually modifying EPROM states, said EPROM most not being theirs.

            Of course then there's the bit about them not knowing that because it identifies itself as being theirs, thus it being the counterfeiters' fault for not counterfeiting it well enough to match the genuine article when sent this particular set of instructions, and the counter-issue that there doesn't appear to be any good reason to use those instructions except for targeting counterfeits, but that plain warnings don't seem to stem the tide of counterfeits, and whether counterfeits really are as big of an issue in the markets where they get most actively used anyway, and you've got a bit of a clusterfornication.

          • by gweihir ( 88907 ) on Friday October 24, 2014 @11:06AM (#48221971)

            Actually, it is not. "Their" USB VID/PID can legally be used by anybody, it just means that the USB logo may not be used. AFAIK (and just checked on some FT232 I have), there is no USB logo on these chips.

          • by bill_mcgonigle ( 4333 ) * on Friday October 24, 2014 @11:21AM (#48222143) Homepage Journal

            Except they're only doing this to their USB VID/PID - which IS THEIRS.

            No. They're doing it to property that other people own. Just because that property advertises a fraudulent USB ID does not transfer ownership of that property to FTDI. They are intentionally breaking other peoples' property and even crowing about it.

            FTDI is taking an end-justifies-the means stance, and implementing a vigilante approach. It's drinking the imaginary property Kool-Aid that gets people drunk on ideas like this, and they seem to lose all judgment.

            "If I want to deprive you of your watch, I shall certainly have to fight for it; if I want to buy your watch, I shall have to pay you for it; and if I want a gift, I shall have to plead for it; and, according to the means I employ, the watch is stolen property, my own property, or a donation. Thus we see three different results from three different means. Will you still say that means do not matter?" - MK Gandhi

        • by ledow ( 319597 )

          "As many many people have said the right and legal thing was to simply stop working and post a message to the user that the chip is a counterfeit/clone."

          As lots of OBD2 software does if you don't use a genuine ELM327 chip.

      • by cdrudge ( 68377 ) on Friday October 24, 2014 @08:59AM (#48220321) Homepage

        Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill.

        FTDI doesn't have to ensure that their driver doesn't break chips. It sounds however that FTDI went out of their way to detect whether the chip was a counterfeit or not, and if it was, specifically write to it to disable it when it could have just as easily done nothing (as disabling the driver from functioning).

        • Comment removed (Score:4, Interesting)

          by account_deleted ( 4530225 ) on Friday October 24, 2014 @09:07AM (#48220405)
          Comment removed based on user account deletion
        • by AmiMoJo ( 196126 ) *

          The driver writes a value into EEPROM that sets the device's PID to zero, after which it doesn't work. The write fails on real hardware because the EEPROM doesn't accept writes to even addresses, only odd ones. Fake hardware accepts the write.

          On the surface it looks malicious. FTDI's statement was all about the merits of genuine ICs, not "oops we bricked some fake devices, sorry".

      • Not recognizing a clone, or rather recognizing it and not allowing it to work on the system, would be one thing. Breaking people's devices so they never work anywhere is another. They're not hurting the cloners; they're hurting the downstream accidental or incidental purchasers who were, themselves, defrauded by the device manufacturer or the parts supplier.
        • Re: (Score:2, Insightful)

          Comment removed based on user account deletion
          • by tshawkins ( 1239974 ) on Friday October 24, 2014 @10:38AM (#48221615)
            You do know that the routine inside thier drivers as assertained from the symbol tables in the driver code was called "BrickClonedDevices" I think that is a smoking gun, and shows intent. How much chance does 99% of the population have of recovering the functionality of a bricked device, even if pid 0 is rewritable. Its like telling a comsumer that a phone that has scrambled its eeprom is still perfectly ok, all they have to Do is buy a JTAG interface, hook it up, learn several years of embedded systems knowledge. But its not bricked is it. For all intentive purposes it is Bricked as far as a consumer is concerned who has never heard of FTDI.
      • by Goaway ( 82658 )

        Why would FTDI have to ensure their driver doesn't break chips that aren't theirs?

        It's not that they didn't ensure that. It's that they ensured it did break them, very intentionally.

      • They certainly don't have to ensure that their drivers don't accidentally break chips that aren't theirs. The problem here is that they deliberately broke chips that aren't theirs. If their driver refused to service chips identified as counterfeits, that would be fine, with the caveat that they risk angering their real customers if there are false positives in their counterfeit detection method. If the driver also informed the user that the chip was a fake, that would be much better. But by intentionally bo

      • Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill.

        Like we don't have an agreement or licensing or other kind of contratc that I will NOT burn down your house or otherwise cause damage to you or your property.

        But that does NOT give me the right to burn down your house.

        We're talking about intentionally damaging a device.

        It would be a different matter for unintentional damage after someone uses your product , but even then you have to apply a sensible measure of care to avoid damage through wrong or careless handling. (A warning label is the simplest measure,

      • by ChumpusRex2003 ( 726306 ) on Friday October 24, 2014 @12:04PM (#48222653)
        Why would FTDI have to ensure their driver doesn't break chips that aren't theirs? There's no agreement, licensing, or goodwill. The problem is that this was not accidental. The FTDI anti-clone code in the driver is very sophisticated and actually performs a "preimage" cryptographic attack, to ensure that the clone chip doesn't detect the invalid configuration and auto-reset to factory defaults. Deliberately and with premeditation setting out to "damage" (which in legal terms includes temporary malfunction or impaired function) hardware is not legal without a court order or similar legal basis. The 2nd issue, is that of ensuring that they do not inconvenience wholly innocent parties. They failed at this. The FTDI anti-clone code will also deactivate genuine FTDI chips which have been configured with an external configuration memory in certain circumstances. This has been reported by a company which build development boards with numerous FTDI chips in different configurations; they found that the chip with an external EEPROM would get corrupted by new driver, even though the components were obtained from an authorized distributor.
    • but you forgot, it's authorized. they clearly stated it in their EULA!

      what do you mean you didn't read it?

    • Section 3 "unauthorised modification of computer material" being the relevant element. There isn't, I think, an existing case which exactly mirrors this, but it is similar to the matter of "time locks" in software (where a program disabled itself after a given time). For a long time after the passage of the act, lawyers theorised that such locks might be illegal in some circumstances; the prosecution of Alfred Whittaker in Scunthorpe Magistrates Court in 1993 showed that it could be. But crucially in Whi

  • by fuzzyfuzzyfungus ( 1223518 ) on Friday October 24, 2014 @08:42AM (#48220191) Journal
    I can only imagine that the lucky guy who picked up the call from Redmond about 'so, we understand that you...made a few changes...to the behavior of your WHQL drivers that frankly don't make Windows Update look very good...' got quite an earful.

    Even if MS thinks FTDI is on the crusade of the righteous, it certainly isn't to their advantage to have Windows Update involuntarily pulled into the fiasco.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      At least this was a nice test to see if Microsoft cares about the quality of the WHQL driver pool.
  • by Daemonik ( 171801 ) on Friday October 24, 2014 @08:44AM (#48220207) Homepage

    FTDI's chip is popular, and heavily counterfeited. Right or wrong they felt they had to go to these lengths to protect their business, and it has had the effect of bringing counterfeited chips into the public consciousness.

    The problem however, is that switching to another chipset won't eliminate the counterfeiters and the people who slip these chips into the supply chain to save a few bucks.

    So the better question is how can we improve the system to ensure that counterfeit chips aren't being secretly swapped into our products.

    • It would have been quite reasonable to - on plug-in, put up a 'this device is using a counterfeit chip'. Banner.
      (though if the chips merely reimplement the API -and do not copy the chip, and are not sold as made by the company - it is questionable if it's really counterfeit)

      • If they're re-using FTDI's manufacturer ID, then they're counterfeit. I agree that blocking use and announcing why is very different from vandalism.
      • by Andy Dodd ( 701 )

        "are not sold as made by the company" - They use FTDI's USB VID/PID - this is representing yourself as an FTDI chip.

        The tough thing is HOW to do it on first plug-in. The only method I can see that would work is to perform the same alteration the driver is doing, but instead of changing the PID to 0, change it to one reserved for fake chips. Then have the driver spit out lots of warnings if the "fake chip" PID is seen.

        (As to how their driver is doing its thing - from what I've read of decompiled code, it a

        • by JesseMcDonald ( 536341 ) on Friday October 24, 2014 @10:08AM (#48221227) Homepage

          They use FTDI's USB VID/PID - this is representing yourself as an FTDI chip.

          Only to the computer, which doesn't really count. These IDs could reasonably be considered part of the interface to the hardware; exceptions have been granted for both copyright and trademarks in the past when the infringement was required for the sake of compatibility. The real question is whether the buyer was misled to believe that these chips were manufactured by FTDI. It seems that this was indeed the case, but that's a separate issue from the USB VID/PID.

    • by King_TJ ( 85913 )

      Fake copies of hardware are a growing problem all over the electronics industry. Historically, the problem tended to resolve itself when the poor copies prematurely failed on enough people that a conscious effort was made to avoid them.

      It seems to me the problem that's happening now is, the counterfeits are getting good enough that they're actually becoming a good value for consumers. As just one example of this? I was just shopping for an off-road LED light bar to put on my Jeep. The traditional name bran

    • There is no part of "right" here, and is 100% wrong. You don't combat counterfeit items by destroying them, that doesn't do anything. You build a better product and accept that counterfeit exists because you aren't serving some part of the market. Serve that part, or deal with that the market has routed around your shortcomings via counterfeits.

    • by OzPeter ( 195038 )

      So the better question is how can we improve the system to ensure that counterfeit chips aren't being secretly swapped into our products.

      That's easy .. quality control on your part to verify that the chips in your product are genuine.

      Remember the old saying:

      Trust in God, but tie your camel

    • So the better question is how can we improve the system to ensure that counterfeit chips aren't being secretly swapped into our products.

      And here we have the question FTDI needed to ask before nuking people's equipment to deal with a crime that already took place.

  • ... that make me so happy to run Linux Mint and CyanogenMod exclusively as my OS's ...
    • by macraig ( 621737 )

      That's pretty thin logic ya got there, buddy. You'd best be praying those environments never gain measurable market share, because that is the only thing keeping you from being dragged squarely into the same drama.

    • by zdzichu ( 100333 )

      Don't worry, similar driver modification was proposed for inclusion – https://lkml.org/lkml/2014/10/... [lkml.org] . But Linux maintainers didn't took it. Instead, original driver was adjusted to work with FTDIs ”bricked” by Windows driver: http://marc.info/?l=linux-usb&... [marc.info]

      Linux is not fun anymore.

  • by Dredd13 ( 14750 ) <dredd@megacity.org> on Friday October 24, 2014 @08:52AM (#48220269) Homepage

    If I was a hardware manufacturer, this would make me MORE likely to use FTDI chips. It means I have greater confidence that what I'm getting is "real", because I know that they are actively trying to make counterfeiting their product more difficult.

    • Sorry but then your company then goes under after a large percentage of your customer base returns your products after they stop working.
      You can spec the designs ALL you want to use authentic chips, but when your company's accounting department sees they can save a few cents to a buck per device by using the less than authentic chip. You're pretty much sunk.
      Even if the accounting department agrees with you, and you get the company you work for to have boots on the ground in your manufacturing plants to make

      • by Dredd13 ( 14750 )

        *My* company doesn't go under in that model, because my company in that model is more careful about where I buy my chips from, getting them directly from FTDI for example, to ensure the provenance of the hardware I'm selling, rather than trying to find lots of them on alibaba.

        When you explain to accounting that we lose ALL the money if they use the fake chips, versus a small amount of money by using the real, most accountants get it.

        And - yes - there are companies who will randomly sample chips from lots of

        • by itzly ( 3699663 )
          So you buy your chips from FTDI, send them to China to have them assembled, and then some factory worker swaps them for fakes, while selling the originals.
          • by Dredd13 ( 14750 )

            If that's happening, I sue the bejeezus out of the factory worker. Or I decide "the risk isn't worth it", and control my own manufacturing.

            There are solutions to all these problems. They may cost more up-front, but that's -- again -- the market normalizing itself as it weeds out the cancer of fraud.

        • by DarkOx ( 621550 )

          I think a great deal of this comes from two sources:

          Company A creates a design, builds proto types etc. Hires Compnay B ( like a Foxcon to manufacture ) lets company be mange all the parts inventory etc. Essentially they just send orders.

          Company B makes the product with genuine parts as speced for some period of time. Company A feels good stuff is being made correctly etc. Gradually company B starts to do more and more runs with the knock off parts growing their margin because they continue to charge A

      • by bws111 ( 1216812 )

        If your company is so poorly run that you don't have certification processes and suppliers you can trust then you deserve to go under. If you have to destroy a few chips every now and then to make sure you are getting what you paid for, then you do that. If you have to have wording in your contracts with your suppliers that they are responsible for using genuine parts, then you do that, and you hold them to it.

        Every industry has counterfeiters. Responsible manufacturers know how to deal with it.

    • by qbast ( 1265706 )
      Yeah, right. You also risk getting warranty calls from 10 000 of your customers and bad reputation for years, because it turns out that your FTDI chips were either not as genuine as you thought or their drivers got a bit overzealous and bricked genuine FTDI chips too.
      • by Dredd13 ( 14750 )

        As I said in the other reply: buy direct. They sell direct. No need for a middle man.

        And if they brick the chips I purchased from them, I have a legitimate cause of action against them for the damages they caused by it.

        No problem either way.

    • At first I knee-jerk disagreed, because of my personal feelings about their crazy "it's ok to break other peoples' stuff" mentality. But looking at it from a HW mfr perspective, you're absolutely right.

      I know that my supplier is tough on counterfeits, check. They're already top in quality, check. And also, I will never incur support costs in dealing with angry end-users complaining about bricked chips. My competitors might, if they're cheapos, and that's a competitive advantage. The aggregate cost t
    • And how can you be sure that counterfeit chips don't make it into the supply chain somewhere down the line without you knowing about it?

      Having your devices get bricked (from the user's perspective) on mass because FTDI decided to try this again in the future seems like a rather large risk to take

    • by AmiMoJo ( 196126 ) *

      Also, now you know that FTDI will admit when it has made a mistake and reverse course. The other guys might just silently make their driver BSOD with fake chips and blame it on bad hardware *cough* Prolific *cough*

    • Why would you decide to use UST-to-Serial chips that need vendor specific drivers in the first place? That's a basic usb profile that should be handled with generic drivers.

      Largely reduces such unpleaseant surprises.

  • by jones_supa ( 887896 ) on Friday October 24, 2014 @08:53AM (#48220271)
    Is there a way to detect a counterfeit chip without bricking it? If that's the case, they could have just added a System Log message "FTDI device attached to system is not genuine! Driver will not start." Then the driver would return an error and Control Panel would show a yellow exclamation mark for the device.
    • From the sounds of it, that's pretty much what they're going to do.

      I'm totally fine with TFDI disallowing counterfeit devices, even tho the consumer will get boned in the end they will have to go back to the manufacturer that tried to save a few bucks by buying what is unquestionably a counterfeit chip at counterfeit price. There's no pleading ignorance when the official suppliers charge a certain amount and these back ally dealers are a fraction of the price. Any authorized fab is going to have a fixed lic

    • by Andy Dodd ( 701 )

      From looking at how their stuff works, no. The driver tries to change the PID on all devices, but genuine hardware doesn't actually write out the EEPROM until further action is taken, while clones immediately write out the EEPROM.

      Although it isn't really a "brick" - it sets the PID to 0. Which is invalid, but happens often enough these days that you can still force the hardware to be used. Someone wrote a Linux patch that would register the correct driver for FTDI's VID and a PID of 0.

      Another option FTDI

    • by caseih ( 160668 )

      Obviously there is a way, since their malware driver was detecting it and *then* changing the pid to 0x0000. In fact you can see source code for this that someone posted to the Linux Kernel Mailing list a few days ago. Hopefully the new driver will do exactly as you suggest, though I think a big warning message box saying that the device is not genuine, but continue to function might be enough for end users to let companies know their devices are using the fake chips.

  • Not a chance (Score:2, Informative)

    by Anonymous Coward

    My involvement with hardware is currently only as a hobbyist, but there's a hardware project I might get on soon at work. FTDI has shown that it is willing to punish both direct and indirect customers for a wrong committed by a third party, and has not even remotely recanted that view. Management apparently thinks that they merely went too far when the world is shouting at them that going in that direction at all is unacceptable.

    The obvious alternatives for USB-to-serial are:

    1) Prolific 220x [prolific.com.tw]
    2) Build a soft

  • by gweeks ( 91403 ) on Friday October 24, 2014 @08:58AM (#48220313) Homepage

    We don't use any of the serial only chips, but on the higher end with JTAG and SPI the FTDI parts work great and aren't too expensive. If any "clone" chips get into our supply chain we would be very pissed at whoever did it. We specify actual FDTI parts for a reason. The "clones" have very hit or miss quality. We don't use them under windows either.

    • by __aajfby9338 ( 725054 ) on Friday October 24, 2014 @09:34AM (#48220771)
      If FTDI provided a standalone counterfeit detection tool that manufacturers could use at final test or just as a spot check, then that could be helpful for conscientious designers/manufacturers like you or me who might find fake chips in our supply chain and then be really angry about that. We want to discover the problem before our finished goods end up in our customer's hands! It wouldn't address the problem of manufacturers who knowingly use fake parts or who just don't care, but it would be a step in the right direction. Deliberately and silently borking the fake chip after it's already in the end user's hands potentially causes a support burden for legitimate manufacturers of products using FTDI chips, without giving those manufacturers the information they need to constructively address the problem.
    • by j-beda ( 85386 )

      We don't use any of the serial only chips, but on the higher end with JTAG and SPI the FTDI parts work great and aren't too expensive. If any "clone" chips get into our supply chain we would be very pissed at whoever did it. We specify actual FDTI parts for a reason. The "clones" have very hit or miss quality. We don't use them under windows either.

      I suspect however that if FDTI fakes did make it into your supply chain, you would much prefer any FDTI software updates to toss up a "we won't work with this device" message rather than making the device not work with any software. I don't know that I would continue to use a supplier with this type of business practice if there were any viable alternatives.

  • As a "maker" who sells small runs of boards that I have manufactured in China by an assembly house, I trust that they will build the board to spec. But I do not have the wherewithal to manage and secure my supply chain from start to finish. If I specify a part, I trust that the assembly house uses genuine parts. If they do not, I don't know what sort of recourse I have if, two years, later, all of my parts start being bricked. But I certainly see it from FTDI's perspective (and Prolific, another serial
    • by Rob Riggs ( 6418 )
      Pardon the stray comma.
    • by OzPeter ( 195038 )

      As a "maker" who sells small runs of boards . . I trust that they will build the board to spec . . I don't know what the right answer is

      If you are getting boards built but not checking that they are to spec, then I'd suggest that you are not doing any quality control. Doing that would be the very first step in the process. And you don't have to test every board, just a random sample.

      And FTDI has now done the heavy lifting for you by writing software that will test if their chips are genuine.

    • by ogdenk ( 712300 )

      Maybe create a standard for USB serial interfaces that everyone can use? I think that already exists (the CDC).

      Bingo. NIH syndrome will always bite you in the ass. Not using an open standard because you want people to think you're more unique and cool is just a recipe for needlessly blowing money, reinventing the wheel and causing people great pain such as this.

      Personally, I think if they had sold the chips as "FTDI compatible" and have a link on the site or install CD to FTDI's driver download page instead of trying to brand them as FTDI chips this would be a non-issue. FTDI would simply have to compete.

  • by eclectro ( 227083 ) on Friday October 24, 2014 @09:10AM (#48220437)

    Any BOM that passes through my hands will get FTDI crossed off. I'm sorry they have a counterfeit problem. They need to improve anti counterfeiting measures instead of inflicting collateral damage. Their abrupt decision is smelly no matter how you look at it.

  • by Pedrito ( 94783 ) on Friday October 24, 2014 @09:10AM (#48220441)
    The FTDI driver license states "The license only allows use of the Software with, and the Software will only work with Genuine FTDI Components. Use of the Software as a driver for a component that is not a Genuine FTDI Component may irretrievably damage that component. It is your responsibility to make sure that all chips you use the Software as a driver for are Genuine FTDI Components." Surely they neglected to share this with their lawyer. You can't punish users because the manufacturers are breaking the law. How is my mother going to know if she has a genuine FTDI chip or not? That's just asinine.
    • by ledow ( 319597 )

      By the same token, if some bloke down the pub gives me a Windows key, shouldn't Microsoft allow it to activate?

      It doesn't work like that.

      Unfortunately, there's a difference between having a driver that won't drive a counterfeit chip, and one that actively "breaks" counterfeit chips.

      In the same way that Microsoft are quite entitled to refuse to activate illegal copies of Windows, but they aren't entitled to take it upon themselves to format your hard drives when they find them.

  • Anyone old enough to remember that Microsoft message?
  • by twdorris ( 29395 ) on Friday October 24, 2014 @09:27AM (#48220647)

    We had a similar situation come up with one of our older products. People copied our initial hardware designs some 12 years ago, built (crappy) knock offs and sold them as their own along with copies of our chips to go along with it. The black market was clearly going to run us out of business and I despised the idea of having to basically compete with ourselves just to keep handing new features over to leeches. It was infuriating to the point that I had seriously considered just shutting the business down and moving on to other things.

    Instead, we spent a LOT of time redesigning our stuff to prevent anyone from (reasonably) being able to do that again. We basically wasted an entire year just dealing with counterfeit issue rather than improving our core product.

    Luckily it paid off and we were able to shut that whole black market segment down. But at one point we had to consider the same option FTDI did. We gave thought to effectively bricking devices that we were able to identify as counterfeit or, worse, someone would send us one of these counterfeit packages asking us for support or service on the item. We had to basically return to them a chip and adapter we knew, without a doubt, was a bogus copy of our stuff.

    It was hard, but we knew full well we could not possibly damage or keep something they had purchased through what they considered legitimate channels. FTDI should have realized this as well. They royally screwed up on this one.

    It's a little strange, though, because if you buy something somewhere and it ends up being a stolen item, you're obligated to give it back to the original owner. I mean the police trail leads to your doorstep, you're out the item you bought whether you knew it was stolen or not. I guess the same concept doesn't applied to IP somehow. I'm not even sure how it would. I guess IP isn't really "property" after all.

  • by kheldan ( 1460303 ) on Friday October 24, 2014 @09:28AM (#48220659) Journal
    I work somewhere (a large chip manufacturer) where we use USB serial adapter cables all over our testing lab to interface things like thermal controllers. Since these are COTS items we have no control over what chip is in them. If this update had bricked our entire lab, it would have been a disaster and a total show-stopper for our testing schedule until we located (and understood!) the problem and fixed it. Personally I think it was a childish way for them to handle this situation and I'm glad they saw reason and yanked it back before it created a total disaster.
  • An alternative (Score:5, Insightful)

    by pjrc ( 134994 ) <paul@pjrc.com> on Friday October 24, 2014 @09:29AM (#48220685) Homepage Journal

    Today Atmel, Microchip and others make inexpensive microcontrollers with native USB peripherals. The Atmel "8u2" chip, for example, is less expensive than even most of the FTDI clones, and certainly a LOT less than a genuine FTDI chip.

    For years, I've published a very simple and easy-to-use USB code for those chips.

    http://www.pjrc.com/teensy/usb... [pjrc.com]

    I also publish a signed INF installer that works with ALL USB Serial based on this standard protocol (called Communications Device Class, Abstract Control Model, or CDC-ACM). All 3 operating systems have the necessary driver built in. Mac OS-X and Linux load it automatically. Windows needs the user to add a INF.

    http://www.pjrc.com/teensy/ser... [pjrc.com]

    Sadly, the CDC-ACM driver in Windows (called USBSER.SYS) is buggy. About a year ago, I sent Microsoft this reproducible bug report.

    https://www.youtube.com/watch?... [youtube.com]

    In a follow up email a few months ago, they were supposedly testing a fix. I'm hopeful that Windows 10 may be the first version of Windows to ever ship with a good quality USB Serial driver (as Linux has done for many years, and Apple as done since releasing Lion a few years ago).

  • LKML response (Score:5, Interesting)

    by Anonymous Coward on Friday October 24, 2014 @10:07AM (#48221209)

    FTDI tried to also get the "brick-patch" to Linux, but Greg Kroah-Hartman blocked it with this response [lkml.org]:

    Funny patch, you should have saved it for April 1, otherwise people might have actually taken this seriously :)

    Patches as performance art, now I've seen everything...

    greg k-h

    • by Megane ( 129182 )

      Here is the original message. [lkml.org] It has the comment "/* Attempt to set Vendor ID to 0 */". So yeah, they are intentionally fucking with a chip when it fails to validate. And in addition to fucking over buyers of equipment where the manufacturer may have unknowingly been given counterfeit parts, they've also told the cloners exactly what to change for their next run of chips.

      Wow, just WTF. It's one thing for them to claim some loss, no matter how slight, from people leeching off of their Windows driver. But co

      • by Megane ( 129182 )
        I thought I posted this yesterday, but maybe I forgot to hit submit: the original message was apparently intended as a joke, but was based on the actual disassembled code.
  • by jockm ( 233372 ) on Friday October 24, 2014 @10:17AM (#48221363) Homepage

    Yesterday a number of my clients called me to say they wanted me to design out the FTDI FT232R from current designs and replace it with an alternative (I settled on the Microchip MCP2200). Today, after this news, I called each of them to explain FTDI's change in policy and see if they still wanted to make this change. All of them said yes.

    The feedback was essentially this: FTDI's actions left a bad taste in their mouth and they didn't appreciate this action being taken without any real attempt to notify resellers and manufacturers; and now that they know the alternate chip I proposed was about half the price as FTDI's offering they are happy to change. Now none of these people are high volume manufacturers, so it will unclear if FTDI will even notice.

    The reason I have found for most clients wanting FTDI is confidence in the brand more than anything else. This move will affect it a little, but people's memories are short, and FTDI responded quickly enough that they won't suffer too much damage. My prediction is that FTDI will take a dip in sales for a quarter , and then things will return to more or less normal; but companies like Microchip will likely see an uptick, because manufacturers more aware of the alternatives.

  • by QuietLagoon ( 813062 ) on Friday October 24, 2014 @11:24AM (#48222171)
    I knew this would backfire on them [slashdot.org].

    .
    You can't go destroying hardware owned by consumers, no matter what the reason.

We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. -- Larry Wall

Working...