FTDIgate 2.0?

[madsci1016]

And obviously if the number of fake chips was very, very small, FTDI would not attempt these shenanigans.

There's only 0.01% counterfeit currency in circulation. Yet there what like 6 tiers of anti-counterfeit technology built into our bills now? At how much of an investment into the R&D to enable that technology? And every time a new detection method was developed to detect fake currency, all the people holding the now detectable fake currency suddenly loss the use of that money. Sounds awfully familiar.

You've completely ignored my point: The one who is being punished, end user buying the product has no way of determining the authenticity before they buy it and also after they buy it (without a destructive firmware test).

Because it's hard to detect fakes we shouldn't bother to do something about it? Should we apply that to all illegal activity? FTDI has literally given us tools to make it easier to test for fakes.

There seems to be a real inability by some to acknowledge that the people most adversely affected by FTDI's actions are those who have no way to avoid the problem other than try to buy products that use chips from other manufacturers- that is assuming they are even sophisticated enough to know how to determine that.

I have a way. Buy from real vendors. You pay more money for the insurance you are getting real products. Personally, 5 figures worth of units and no fakes. I have yet to see an example of Digikey selling counterfeit FTDIs. And if they did, I be dam sure they replace the fake stock at no cost.

Some bad FETs may overheat and catch fire. We still don't blame the fire for making the device inoperative. We blame the supply chain that gave us the fake

Strawman. No one would blame FTDI if fake chips were catching on fire.

And I don't blame them for a vendor selling me fake chips. They have no obligation to make non FTDI hardware work with FTDI drivers

[pickle9000]

Morals aside, who here would design a product with a component (any component) known to be on the counterfeit market when alternatives (from alternate manufacturers or by way of a design change) exist?

I avoid components that have a known counterfeit on the market, it's beneficial to my customers.

Try talking this over with a customer, tell them you want the design that contains a part that is currently being counterfeit. They will say give me another option.

This is the reality of the market, I do feel sympathy and even understand where they are coming from but I will not risk a customers design because of the issue.

[madsci1016]

Morals aside, who here would design a product with a component (any component) known to be on the counterfeit market when alternatives (from alternate manufacturers or by way of a design change) exist?

I avoid components that have a known counterfeit on the market, it's beneficial to my customers.

Try talking this over with a customer, tell them you want the design that contains a part that is currently being counterfeit. They will say give me another option.

This is the reality of the market, I do feel sympathy and even understand where they are coming from but I will not risk a customers design because of the issue.

That is a valid risk mitigation strategy, but comes with an associated design/redesign cost. Every time one of your components starts to be counterfeit, you have to do the R&D to identify and test a replacement.

 I choose to rely on the safety of my historically proven supply channels. (Digikey, for example) to make sure I never receive fakes. It's higher risk, by some small measure, but it's lower development costs, as I don't need to redesign my products just because a component starts to enter the black market.

[miguelvp]

I don't buy it that they are victims, they are purchasing the cheapest offerings on purpose, so it's their fault for promoting unfair competition and theft.

People who buy inexpensive things are "promoting unfair competition and theft"? What's your cutoff price where one transitions from promoting theft to being an honest buyer?

Easy, you contact FTDI sales and they should take care of you as far as the distribution and support goes.

Since people speculate I'm going to do the same.

What if some shady manufacturer started to sell uCurrents that look like the real thing but not really up to spec. What would Dave do when he is inundated with support calls and asking for refunds, as far as the consumer is concerned it's his product after all and he should offer support because they did buy it in good faith even if they though it was a bit odd that the price was just 10% of the original.

Or what if someone shadowed his content with his material on YouTube? Oh wait, that did happen.
I can think of a thousand ways to monetize other peoples videos under the fair use clause.

Same thing with Open Source Hardware, sure there will be pressure not to do it, but legally there is no recourse.

I wonder how much did FTDI saved just by not having to deal with customer support cases and engineering hours investigating those cases, when now they just can tell the manufacturer that they where very unfortunate to purchase fake chips and to contact their sales department so they can find a trusted distributor.

The thing is that the customer doesn't even know what FTDI is, so they will go to the manufacturer to straighten things out since they are after all the ones that sold the product and they should support it. I don't see why FTDI has to support non FTDI products that are eating in their profits.

Also are these clones 100% up to spec, as in do they have the same capabilities that that FT232 has according the datasheet?

[mtdoc]

That labeling of people that don't share your opinion

it's a descriptive term. I'm open to suggestions for an equally concise term to refer to those who try and justify FTDI's actions

cancels everything you are saying because you are not being objective.

a convenient way to dodge the issues I raise.

Buy go ahead and promote piracy all you want.

Strawman. I've seen no one justifying piracy. The issue being discussed is what is the appropriate response to piracy? Who's  not being objective here?

The message that comes across from you, even if you have mentioned many times that you are against counterfeit products is that you are indeed blaming companies that are trying to do something about it.

No, what I am saying is that FTDI's tactics have been misguided and self destructive. I think what these responses by them show (including their response to Dave on Twitter) is that this area of their business is failing. The reason likely has little to do with the clones but instead is largely due to the availability of better alternatives as you yourself and others here have pointed out. If I was an investor in FTDI, I would take these episodes to be a sign to get out.

[pickle9000]

Morals aside, who here would design a product with a component (any component) known to be on the counterfeit market when alternatives (from alternate manufacturers or by way of a design change) exist?

I avoid components that have a known counterfeit on the market, it's beneficial to my customers.

Try talking this over with a customer, tell them you want the design that contains a part that is currently being counterfeit. They will say give me another option.

This is the reality of the market, I do feel sympathy and even understand where they are coming from but I will not risk a customers design because of the issue.

That is a valid risk mitigation strategy, but comes with an associated design/redesign cost. Every time one of your components starts to be counterfeit, you have to do the R&D to identify and test a replacement.

 I choose to rely on the safety of my historically proven supply channels. (Digikey, for example) to make sure I never receive fakes. It's higher risk, by some small measure, but it's lower development costs, as I don't need to redesign my products just because a component starts to enter the black market.

- Minimizing fakes is just a matter of knowing and trusting your sources, not an issue for any normal design unless you spec out an out of production device. So no arguments on that one.
- Once designed there is no real issue. You don't pull a product unless you have actually installed a part that will or is causing issues.
- My original statements refer to original design or as part of an upgrade that is already taking place.

[madsci1016]

- Minimizing fakes is just a matter of knowing and trusting your sources, not an issue for any normal design unless you spec out an out of production device. So no arguments on that one.
- Once designed there is no real issue. You don't pull a product unless you have actually installed a part that will or is causing issues.
- My original statements refer to original design or as part of an upgrade that is already taking place.

I guess I am misreading your original post, as I thought you were inferring to never design with FTDI again.

The companies I know of have existing products in the field with FTDI, and will continue to sell those products without changing them away from FTDI, and will also continue to use FTDI in new designs, as the IP of the company is already invested in FTDI, and designing, regression testing, and supporting mixed products with mixed drivers would cost more money.

[mtdoc]

There's only 0.01% counterfeit currency in circulation. Yet there what like 6 tiers of anti-counterfeit technology built into our bills now?

Exactly. The effort goes into making the technology harder to copy. i.e. Innovation. If FTDI can't innovate their way out of the clone problem by competing on price or features- too bad - they fail. Unfair? Perhaps but that is the way the market works.

Because it's hard to detect fakes we shouldn't bother to do something about it?

Another Strawman. No one said that. The question is how best to respond.

I have a way. Buy from real vendors. You pay more money for the insurance you are getting real products. Personally, 5 figures worth of units and no fakes. I have yet to see an example of Digikey selling counterfeit FTDIs. And if they did, I be dam sure they replace the fake stock at no cost.

And once again you fail to acknowledge that thei issue is that it's the end users being affected, not just those buying components for manufacturing.

[zapta]

...
What the FTDI apologists continue to ignore ...

That labeling of people that don't share your opinion cancels everything you are saying because you are not being objective.

+1

No need to lower the debate with personal labels.

[miguelvp]

That labeling of people that don't share your opinion

it's a descriptive term. I'm open to suggestions for an equally concise term to refer to those who try and justify FTDI's actions

Huh, it's more than a descriptive term and obviously not taken at random, do not insult also my intelligence and comprehension of the human factor.
I mean, "Apologist" on your use it's a combination of defender and apologizing on someone else's behalf with a demeaning connotation touch to it.
Very carefully selected.

cancels everything you are saying because you are not being objective.

a convenient way to dodge the issues I raise.

Not at all, you said:

What the FTDI apologists continue to ignore is the fact that consumers have no way of knowing the product has a fake FTDI chip in it beforehand and are being harmed by FTDIs tactics if it does. This is causing the people who make the choice of what chip to use in their product - choose other chips. FTDI claims to be targeting the cloners but continues to shoot themselves in the foot.

And I did reply this as well which you have not included:

Let's be clear about what the driver does and doesn't, your PC sends characters and the driver echoes the "NON GENUINE DEVICE FOUND!" character by character as you try to communicate with the device.

Even if the device receives those strings it would be a pretty poorly designed protocol that blindly accepts anything without initialization and exchanging some initialization handshakes to make sure the device is communicating with the appropriate piece of software running on the PC, otherwise any other program can hijack the COM port and create havoc.

I think it's a valid implementation from FTDI part to protect their hard work.

Claiming that a lot of devices are affected by this? well then they should return them to whoever was careless enough to use fakes, and I don't buy it that they are victims, they are purchasing the cheapest offerings on purpose, so it's their fault for promoting unfair competition and theft.

What if you buy an expensive piece of kit, you check it and it has Rubycon caps on the power supply so you feel really good about it, but they happen to be fake and shortly after a year and your warranty expiring, they start leaking. Who are you going to blame?

Buy go ahead and promote piracy all you want.

Strawman. I've seen no one justifying piracy. The issue being discussed is what is the appropriate response to piracy? Who's  not being objective here?

Hmm Strawman... is that you Mojo? he used it a lot.
kidding aside, look at what you didn't quote me on, I did address that I think (In My Opinion, to be clear) that FTDI did the right thing and their response on their second approach is a good response to the issue at hand.

Clearly the consumer doesn't even know what FTDI is or means, maybe a flower delivery service, their device stops working they call the manufacturer since they are the ones that made the product.

The message that comes across from you, even if you have mentioned many times that you are against counterfeit products is that you are indeed blaming companies that are trying to do something about it.

No, what I am saying is that FTDI's tactics have been misguided and self destructive. I think what these responses by them show (including their response to Dave on Twitter) is that this area of their business is failing. The reason likely has little to do with the clones but instead is largely due to the availability of better alternatives as you yourself and others here have pointed out. If I was an investor in FTDI, I would take these episodes to be a sign to get out.

Yup, their first approach was harsh and they did deserve the heat.
This time around, I think they are on their right to not support non-FTDI components and associated support costs.

If some device stops working I contact the manufacturer I don't go to the chip and contact the chip maker.

Why should FTDI allow their driver talk to non FTDI chips? just because they did before? that's not reason enough (In my opinion again) if it's hurting their bottom line.

It's their property (the driver that is) so they are free to do what they want, will it end up hurting them or helping them, I'm pretty sure they are monitoring that. As for twitter etc, it's normal for a company not to stir things up, because the vocal minority will amplify their voice while the silent majority doesn't care at all.

[amyk]

That's fine. But dumping trash data or frying chips are not fine.

And making counterfeit chips or otherwise ripping off FTDI's IP is fine? Maybe in China, but not where I'm from.

Sure, FTDI took the nuclear option here, but I think they're completely justified in doing so.

Cloning die is a big no go. Cloning protocol, as long as it was not patented, is fine at least in China. But you CAN NOT put FTDI logo on the chip, of course.

Actually...

https://en.wikipedia.org/wiki/Semiconductor_Chip_Protection_Act_of_1984

...copyright of the layout, i.e. the masks, only lasts for 10 years, at least in the US. I think the FT232s are more than 10 years old now... also, from the article:

The SCPA permits competitive emulation of a chip by means of reverse engineering.

More food for thought: the only difference between an illegal and legal clone is whether or not there is the FTDI logo on it, which is something the driver cannot determine at all. And if copying a much longer piece of code that is required for interoperability is legal, a VID:PID pair is likely to be as well. Even if FTDI tried to twist it into some sort of trademark protection by e.g. making the chip respond with "this is a genuine FTDI device", that probably won't work either: https://en.wikipedia.org/wiki/Sega_v._Accolade

[madsci1016]

that is required for interoperability is legal, a VID:PID pair is likely to be as well. Even if FTDI tried to twist it into some sort of trademark protection by e.g. making the chip respond with "this is a genuine FTDI device", that probably won't work either: https://en.wikipedia.org/wiki/Sega_v._Accolade

Though none of this says FTDI must be forced to write working drivers for devices it doesn't sell. I agree bricking devices might violate the spirit of these court cases, but refusing to work with non genuine hardware doesn't.

[mtdoc]

Huh, it's more than a descriptive term and obviously not taken at random, do not insult also my intelligence and comprehension of the human factor.
I mean, "Apologist" on your use it's a combination of defender and apologizing on someone else's behalf

Yes that is the definition.

with a demeaning connotation touch to it.

No, not part of the definition - that is your judgement of my use.

Again -I'm open to suggestions for a different term. It seems apt and descriptive since it means exactly what you say.  Of course there is a judgement by me associated with it in this case - that is a judgement that the defending and apologizing is unjustified.

It is not meant as a personal attack at all - in fact I have not used it directed at you or anyone specifically - just to concisely refer to those who are - well - apologizing for and defending FTDI's behavior.

To be honest - I have a lot of respect for you miguelvp based on your history of posting here you are knowledgeable and non ideological. If you have taken any of my arguments personally - I apologize.

I think it's a valid implementation from FTDI part to protect their hard work.

Valid? perhaps. My argument continues to be that it is misdirected and foolish.  That's all. It's not a personal attack on you or anyone else.

whoever was careless enough to use fakes, and I don't buy it that they are victims, they are purchasing the cheapest offerings on purpose, so it's their fault for promoting unfair competition and theft.

What does "careless enough to use fakes mean"  are you saying the average electronics hobbyist who goes on eBay and searches for USB serial converter is being careless? how are they supposed to determine which have fake chips?. And no price alone is not enough to make that determination.

Hmm Strawman... is that you Mojo? he used it a lot.

Now that qualifies as a personal attack!.   I'm disappointed. BTW strawman is a commonly used term by many on this and other forums - you realize that I'm sure.

kidding aside, look at what you didn't quote me on, I did address that I think (In My Opinion, to be clear) that FTDI did the right thing and their response on their second approach is a good response to the issue at hand.

I didn't quote that because it's just a different opinion - not a point of fact to debate.

No, what I am saying is that FTDI's tactics have been misguided and self destructive. I think what these responses by them show (including their response to Dave on Twitter) is that this area of their business is failing. The reason likely has little to do with the clones but instead is largely due to the availability of better alternatives as you yourself and others here have pointed out. If I was an investor in FTDI, I would take these episodes to be a sign to get out.

Yup, their first approach was harsh and they did deserve the heat.

On that we agree- This most recent approach is still foolish IMO but less bad I agree. In general in this thread though I think the topic has been about their overall approach to this issue - including both attempts go after the fake chips.

In addition, the recent blocking of Dave and others by FTDIChip on Twitter just further reinforces my opinion that their management is completely inept and out of touch.

[boffin]

Interesting.  New Firmware release today...


http://www.ftdichip.com/Drivers/VCP.htm

[miguelvp]

I wonder if they changed the string to only go to the PC and not the device?

Or have they succumb to the internet pressure of the vocal few?

I don't have any FTDI chips, clones or not, then again I don't have any xxxduino in here, but maybe I do but if I do, it's probably the real deal.

Nope, I did a "driverquery" on my command prompt and no sign of FTDI.

[filssavi]

I would like to know if anyone thinks here that what they are doing here is anything more than just a personal vendetta...
By that i mean, the non genuine string (and even the bricking stuff) will not make cloners abbandon the market, it will only prompt them at better emulating the real FTDI ic's to pass the f****in check, and even if it did, what would it bring in FTDI's bank account

It' like thinking that when the police seizes a batch of fake handbags, that would have ben sold for 50€, the clients not finding the clone will go at the Hermes shop and drop 20000€ on a real one. It's not happening, the client will find another fake handbags they like...

I mean piracy is a social/commercial problem, you can't solve it by shouting, yelling and punching people

The core problem here are 2:
-the IC price out of touch with reality, so cloners can undercut the price and still have huge margins
-FTDI is fading out of market by mean of shear obsolescence of their products, even the smallest mcu's have usb in them and the market for USB/serial is disappearing.

So if for a healty company cloners are annoying but inevitabile for FTDI they are an existential threat due to the incompetance of the management

[Karel]

That's fine. But dumping trash data or frying chips are not fine.

That's your opinion and the opinion of some others, mostly hobbyists who got burned by buying cheap (Chinese) products.
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

Aim your anger to the counterfeiters, not to a a company that tries to protect their investment by not supporting
counterfeit chips with their driver. There's nothing wrong with sending the string "this is not a genuine chip" when counterfeit
is detected.

[Karel]

I would like to know if anyone thinks here that what they are doing here is anything more than just a personal vendetta...
By that i mean, the non genuine string (and even the bricking stuff) will not make cloners abbandon the market, it will only prompt them at better emulating the real FTDI ic's to pass the f****in check, and even if it did, what would it bring in FTDI's bank account

That's up to FTDI to decide what's best for their interest. I guess they have done some estimaton about this.
Apparently, they think it's better for their business by doing so. As long as they don't break any law, it's completely up to them.

[Gribo]

I just got an evaluation board from NXP (PNEV512B) which contains an FTDI FT232RQ device. Guess what? VID is 0. Thanks to FTDI and NXP I lost an hour of my life. 

[westfw]

Has anybody here purchased any FTDI device from a legitimate distributor in the last, say, 6 months and received a fake?

Does anyone have an Arduino Nano that doesn't have a counterfeit FTDI?  There were hints that even the original (Gravitech-manufactured) boards might have had fakes - people who had bought full-price Nanos from trusted distributors were getting their chips bricked back in 2014...

[pickle9000]

That's fine. But dumping trash data or frying chips are not fine.

That's your opinion and the opinion of some others, mostly hobbyists who got burned by buying cheap (Chinese) products.
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

Aim your anger to the counterfeiters, not to a a company that tries to protect their investment by not supporting
counterfeit chips with their driver. There's nothing wrong with sending the string "this is not a genuine chip" when counterfeit
is detected.

The real issue is that the decision to "play" with the driver brings attention to the counterfeits. I agree that they have every right to do so (within reason).

For myself and my customers I would opt not to use a potentially counterfeit device in future designs. There are many other choices out there and I'd move on to the next device. This is not a supply issue just another criteria used on a BOM. 

[station240]

I just got an evaluation board from NXP (PNEV512B) which contains an FTDI FT232RQ device. Guess what? VID is 0. Thanks to FTDI and NXP I lost an hour of my life. 

I've just discovered some of the Ti evaluation/dev boards with onboard JTAG programmer (USB), use a FTDI FT2232D as the device.
$8.53 each in FTDI's shop, or 100 for $633.08, plus crappy exchange rate and postage. Now I have to wonder if FTDI's 'special' drivers* will screw with JTAG programmers, looks like I'll have to ask Ti for help as I would like to have onboard JTAG to USB in my PCB designs.

* special in that no one else is pulling this sort of shit.

[miguelvp]

Has anybody here purchased any FTDI device from a legitimate distributor in the last, say, 6 months and received a fake?

Does anyone have an Arduino Nano that doesn't have a counterfeit FTDI?  There were hints that even the original (Gravitech-manufactured) boards might have had fakes - people who had bought full-price Nanos from trusted distributors were getting their chips bricked back in 2014...

That's hardly a company (well companies now) using legitimate distribution channels, actually as one of the companies was concerned they were the only place to produce the Arduinos.

I think people that have fake chips on their xxxduinos should complain to the manufacturer to make things right, after all it's bad karma to build a business based on someone else's (a student) hard work like the duino folk did.

[janoc]

That's fine. But dumping trash data or frying chips are not fine.

That's your opinion and the opinion of some others, mostly hobbyists who got burned by buying cheap (Chinese) products.
In a professional environment, this plays no role, apart from the fact that you have to check your sources, but a professional
already did that.

Wow, Karel, I wouldn't want to work for the customer support of your company if your engineers have this attitude! You think that the Intel folks who had to deal with the support request because of the fake adapter work for free or what? Someone has to pay for the wasted hours! And that was a stupid error message on a hobbyist's product, now imagine if a production line stops because of a monitoring PC with Windows XP that has been updated and now spews garbage into a PLC. We are talking hundreds of thousands of euro of lost money because of this.

You have obviously no idea about what it takes to support a commercial product and the nightmares you get - even if you did all due dilligence and this sort of thing is not really your fault - you still get blamed, because the client doesn't (and shouldn't) care!

Our company doesn't build machinery but we build simulators for it to train operators - and have to regularly deal with issues such as PLC that controls the simulator control panels stopping to talk to the rest of the system because some stupid driver got updated behind our back or someone thought it was a good idea to replace a cable. The PLCs use serial ports, so these USB to serial adapters are common. Who do you think gets called when a guy at a factory in Mexico has a problem starting the simulator in the morning? (which is late evening here in France)?

Do you know how much money does all this cost? Both in direct costs (money to pay the engineer to do the actual support and troubleshooting) and indirect - because our product is seen as "broken and never working right", even though the problems are in 99% of cases nothing to do with us - bad cables, unplugged components (yay, cleaners), flooding (yay, facility management), fried equipment because of power surges (yay, someone was too cheap to put in a surge protector despite our explicit advice), etc.

Yes, poor design, people opting for cheap solutions, etc - but one rarely has the luxury to control all of this in real world. If the client decides to do something against your advice, you can't do much there. Also you cannot demand that the PC used for the system is never updated or network connected. That's just not reasonable thing to ask, especially when your product is mainly software and depends on good functioning of the PC (i.e. no viruses, malware, etc.)

We have never bought any of USB to serial adapters ourselves, it is usually the client who supplies the same hw as they are using for production, so how can I guarantee that the supplier didn't ship one with a counterfeit chip with the PLC? Or that even the ethernet enabled PLC doesn't have a fake chip inside? Counterfeit parts were discovered even in airplanes (both Airbus and US military), where the supply chain is much more strictly regulated than for a $10 computer part.

Their supplier likely doesnt have an idea what is in those cables neither because they just got them from Siemens or whoever their vendor is. But it will be us as the integrator who gets hit with the support calls and costs, not Siemens! Siemens will at best replace the cables/PLC, the rest of the expense is out of our pocket. In that situation, a vendor going rogue and doing what FTDI is doing now is just a nightmare. Are we impacted? If yes, how much? What could fail? Where?

Reality doesn't often match with whatever the armchair critics dream out. Some of this can be covered by the contracts (aka client gets billed), but it is still wasted time debugging the problem. That you haven't seen these problems doesn't mean they don't exist but that you should get out of your chair and broaden your horizon before making a fool of yourself.

[madires]

It's entertaining to watch the FTDI apologists twist and turn to justify FTDI's tactics. 

The bottom line remains the same: People who unknowingly bought products with fake FTDI chips are being harmed and FTDI's actions are alienating their own customers. 

They are being outdone by other companies with competing products and their actions regarding clones, whether justified or not, are only exacerbating migration of their customers to those alternatives as well as generating a feeling of ill will towards the FTDI brand.

Yes, that's excatly how the market works. If FTDI is so concerned about fake chips they shouldn't publish their Windows driver and provide a driver SDK to their customers. So any company building some product with a FTDI chip can get their own USB ID and ship the product with a dedicated driver. The way FTDI deals with the fake chips at the moment is simply