FTDIgate 2.0?

[c4757p]

If you're writing a driver, and your number one priority isn't making devices work, you're not writing a driver. If you want to argue that clones are unpredictable and can't be trusted, then fine, refuse to operate with them, the same way my operating system's mouse driver won't even try to talk to my USB flash stick. It knows it can't. Even if the latter reported an incorrect VID/PID and it started to, it'd stop as soon as it realized something wasn't right. Start sending garbage or intentionally damaging the device and you're not an engineer, you're just a dick.

Whatever happened to engineering ethics? Here's a good example. Lots of stuff about not endangering life or property. Nothing about "when you can blame someone else for endangerment of life or property, have at it". Nothing about "don't worry about endangering life or property until you've actually seen it happen once, hypothetical hazards aren't real". I seriously hope I never end up owning a device made by some of the people here.

[Karel]

That's not the responsibility of FTDI. Every engineer that designs a possible dangerous device that uses a serial port without
any data checking protocol, is an idiot.

I agree on the latter, but the reality is that there are a lot of products with serial interfaces and no input validation. So it's not a non-issue.

It's an issue caused by incompetent or criminal engineers.

[Karel]

Whatever happened to engineering ethics?

You should ask that to the engineers who designed the counterfeit chips.

[c4757p]

Whatever happened to engineering ethics?

You should ask that to the engineers who designed the counterfeit chips.

Ahhhh, you're one of those people who think it's okay to do something unethical as long as you're doing it in response to something else unethical.

Okay, that explains this whole thread for me. Makes sense.

[suicidaleggroll]

1) They don't detect counterfeits. They detect non FTDI chips. It could be a legitimate compatible chip, a clone, a grey market FTDI silicon, or a counterfeit.

Legitimate manufacturers do not impersonate their competition by spoofing their vendor ID and product ID, in order to piggyback on a closed source, proprietary driver that they do not have permission to use.  If there are any manufacturers doing that (it would take some impressive mental gymnastics to continue calling them "legitimate" at this point), FTDI has every right to say "No", forcing those manufacturers to either write and distribute their own drivers, or obtain the permission of a different competitor and piggy back off of theirs.  What's wrong with competing on a level playing field?  FTDI is under no obligation to properly support chips they did not produce.

[suicidaleggroll]

Whatever happened to engineering ethics? Here's a good example. Lots of stuff about not endangering life or property. Nothing about "when you can blame someone else for endangerment of life or property, have at it". Nothing about "don't worry about endangering life or property until you've actually seen it happen once, hypothetical hazards aren't real". I seriously hope I never end up owning a device made by some of the people here.

"Endangering life or property"...here we go again.

Let's think about this for a second.  We're talking about a device, which is INTENDED to be plugged into a Windows machine during operation.  Your entire argument is that there is a product out there (not just one, but apparently enough for this to be a serious ethical violation), which if, during it's NORMAL AND INTENDED operation, a user were to open up HyperTerminal and type the wrong character, the device would be permanently destroyed, and/or would injure or kill somebody.

That is an extraordinary claim, and just like with that nutter in the free energy thread, I'd like to see some proof that such a device actually exists.  Until you can provide such proof, these are just baseless suspicious that merit no further discussion.

In the absence of such a ridiculously, criminally buggy piece of hardware, the result is no different than simply refusing to communicate.  The device doesn't work, it provides a message that says why, and the user should take it up with the manufacturer.

[c4757p]

FTDI distribute their driver through the official mechanism on Windows, it's essentially part of the operating system. What the hell is wrong with using it? If they don't want people using their driver they shouldn't give it away.

Let's think about this for a second.  We're talking about a device, which is INTENDED to be plugged into a Windows machine during operation.  Your entire argument is that there is a product out there (not just one, but apparently enough for this to be a serious ethical violation), which if, during it's NORMAL AND INTENDED operation, a user were to open up HyperTerminal and type the wrong character, the device would be permanently destroyed, and/or would injure or kill somebody.

This isn't my claim, can't you read? I don't know if there is such a device, or if there is, how many there are - and neither do FTDI's engineers.

[Sal Ammoniac]

Perhaps clone chip makers should just write their own driver and start marketing their chips as a cheaper, better, FTDI pin compatible alternative?  They could  brand them FDTI (at least that would be more honest and not illegal)....

They should have done that in the first place.

But probably they are not capable to write a (stable) driver, or writing it costs too much money,
or probably both...

I find it strange that a company that has the resources and money to create a counterfeit chip doesn't just write their own driver. I'd imagine that writing a driver costs a lot less than developing and testing a chip. Mask sets and proto fabs alone for a chip are ~1M$, which will pay the salaries of ten driver engineers for a year (more in Asia). Surely they could cook up a driver in that period of time.

[suicidaleggroll]

This isn't my claim, can't you read?

That is your claim.  You keep talking about damage to property or endangering life, the only way that's possible is if such a device exists.  Prove it, or stop bringing up ethical violations, property damage, endangerment of life, etc.

[c4757p]

FTDI already went to the trouble of getting it into the distribution system, why should they bother writing a driver? Just like if you're building a USB mouse, you use the existing USB HID standard rather than writing your own driver because the driver for that is already on the operating system.

[suicidaleggroll]

FTDI already went to the trouble of getting it into the distribution system, why should they bother writing a driver? Just like if you're building a USB mouse, you use the existing USB HID standard rather than writing your own driver because the driver for that is already on the operating system.

Because that driver is not open for everyone to use.  It's FTDI's driver.  The reason it's so well integrated is because of the time and effort FTDI put into doing so.  If FTDI doesn't want their competition to use it, they have every right to not let them.

[Sal Ammoniac]

FTDI distribute their driver through the official mechanism on Windows, it's essentially part of the operating system. What the hell is wrong with using it? If they don't want people using their driver they shouldn't give it away.

So let's say that someone cloned Nvidia's graphics chipset and made their own board--should they just piggyback on Nvidia's drivers (which are part of Windows) rather than writing their own? Nvidia has invested millions in writing these drivers and it's a key part of their IP. Where do you draw the line?

[c4757p]

This isn't my claim, can't you read?

That is your claim.  You keep talking about damage to property or endangering life, the only way that's possible is if such a device exists.  Prove it.

Part of engineering something to be safe is guarding against hypothetical hazards. It doesn't matter if such a device exists. When you intentionally create a driver to send faulty data, you're making the assumption that no safety-critical devices will malfunction, and frankly I do not trust FTDI's engineers with my own safety any farther than I can throw them.

It's not like making the safe choice here was expensive and difficult, and the engineers had to balance theoretical danger against real cost. It would have cost them nothing extra to just refuse to work.

Because that driver is not open for everyone to use.  It's FTDI's driver.  The reason it's so well integrated is because of the time and effort FTDI put into doing so.  If FTDI doesn't want their competition to use it, they have every right to not let them.

Who says? It's on my computer.

[c4757p]

FTDI distribute their driver through the official mechanism on Windows, it's essentially part of the operating system. What the hell is wrong with using it? If they don't want people using their driver they shouldn't give it away.

So let's say that someone cloned Nvidia's graphics chipset and made their own board--should they just piggyback on Nvidia's drivers (which are part of Windows) rather than writing their own? Nvidia has invested millions in writing these drivers and it's a key part of their IP. Where do you draw the line?

Absolutely, why not? The driver is part of the operating system. If they wanted their IP protected they shouldn't have given it away.

Now, whether they should clone the chipset itself is a separate question entirely, and depends on whether they just mimic its behavior or actually went and copied the chip itself.

[suicidaleggroll]

Perhaps clone chip makers should just write their own driver and start marketing their chips as a cheaper, better, FTDI pin compatible alternative?  They could  brand them FDTI (at least that would be more honest and not illegal)....

They should have done that in the first place.

But probably they are not capable to write a (stable) driver, or writing it costs too much money,
or probably both...

I find it strange that a company that has the resources and money to create a counterfeit chip doesn't just write their own driver. I'd imagine that writing a driver costs a lot less than developing and testing a chip. Mask sets and proto fabs alone for a chip are ~1M$, which will pay the salaries of ten driver engineers for a year (more in Asia). Surely they could cook up a driver in that period of time.

It makes perfect sense.  They don't want to compete, they want to impersonate.  They want to steal some of FTDI's market share without having to build up their own name and reputation.  So they stick FTDI's logo on the chip, fake the VID/PID, and make under-the-table deals with corrupt suppliers to get them into the system.

[suicidaleggroll]

Part of engineering something to be safe is guarding against hypothetical hazards. It doesn't matter if such a device exists

Yes it does, because your entire argument is based around it.  If such a device does not exist, which I am certain of (just like I'm certain there are no operational over-unity devices), then your argument has no merit.  Printing a message that says it's not genuine accomplishes the same thing as refusing to work with the chip, with the addition of reduced debugging time.

[AlxDroidDev]

Because that driver is not open for everyone to use.

Well, it is freely available for download on their website!

The reason it's so well integrated is because of the time and effort FTDI put into doing so.  If FTDI doesn't want their competition to use it, they have every right to not let them.

Really? How much money EXACTLY, has FTDI invested in building the drivers? How many man-hours were spent? How can you tell FTDI has spent so much time and effort writing the drivers?

Actually, writing Windows drivers isn't exactly rocket science, and the examples in the Windows DDK (Driver Development Kit) already take care of a great part of such task.

Unless you have real, factual data, please stop saying that FTDI has invest a lot of time and effort into writing their crappy drivers.

[c4757p]

Yes it does, because your entire argument is based around it.  If such a device does not exist, which I am certain of (just like I'm certain there are no operational over-unity devices), then your argument has no merit.

You're as sure that no devices malfunction when receiving the wrong data as you are that no devices violate basic laws of physics? Damn, you have a lot of faith in engineers. Also never actually used any real-world devices, as far as I can tell.

[suicidaleggroll]

Because that driver is not open for everyone to use.

Well, it is freely available for download on their website!

By "everyone" I was clearly referring to competitors trying to impersonate FTDI devices, not end-users of legitimate FTDI devices.

The reason it's so well integrated is because of the time and effort FTDI put into doing so.  If FTDI doesn't want their competition to use it, they have every right to not let them.

Really? How much money EXACTLY, has FTDI invested in building the drivers? How many man-hours were spent? How can you tell FTDI has spent so much time and effort writing the drivers?

Actually, writing Windows drivers isn't exactly rocket science, and the examples in the Windows DDK (Driver Development Kit) already take care of a great part of such task.

Unless you have real, factual data, please stop saying that FTDI has invest a lot of time and effort into writing their crappy drivers.

Who cares how much?  They invested their money in it, they are allowed to say who can use it.  If it's so trivially easy and cheap to make a driver for FTDI chips, get it signed, and integrated into the Windows Update ecosystem so transparently that end-users don't even notice, then why don't you do it?  Seriously.  Make your own, advertise it as a universal driver for all FTDI-compatible devices (clones, counterfeits, or legitimate), and sell it or give it away for free as you like.

[suicidaleggroll]

Yes it does, because your entire argument is based around it.  If such a device does not exist, which I am certain of (just like I'm certain there are no operational over-unity devices), then your argument has no merit.

You're as sure that no devices malfunction when receiving the wrong data as you are that no devices violate basic laws of physics? Damn, you have a lot of faith in engineers. Also never actually used any real-world devices, as far as I can tell.

Malfunction?  I'm sure there are many that would.  Endanger life?  No.

[c4757p]

Who cares how much?  They invested their money in it, they are allowed to say who can use it.

Horseshit. They put it on my computer, I can use it for anything I damn well please, including with counterfeit devices. Of course, that's a separate question from whether they should or should not mess with those devices, I'm not sure why we're even asking that.

Malfunction?  I'm sure there are many that would.  Endanger life?  No.

Hilariously naive, or frighteningly, if you're actually an engineer.

(Though, also note how you're making hyperbole out of my statements by removing the phrase "or property", which I was careful to include. Endangering property is much more likely.)

[suicidaleggroll]

Who cares how much?  They invested their money in it, they are allowed to say who can use it.

Horseshit. They put it on my computer, I can use it for anything I damn well please, including with counterfeit devices. Of course, that's a separate question from whether they should or should not mess with those devices, I'm not sure why we're even asking that.

You can try, but FTDI is under no obligation to deliver a driver that will work properly with them.

Malfunction?  I'm sure there are many that would.  Endanger life?  No.

Hilariously naive, or frighteningly, if you're actually an engineer.

Why?  Because I don't believe that a device that was developed with such gross incompetence that if during normal, intended operation, a single out of place character or some EMI would result in death, could or would ever make it into a SOL application?  How is that belief frightening to you?

[Sal Ammoniac]

Yes it does, because your entire argument is based around it.  If such a device does not exist, which I am certain of (just like I'm certain there are no operational over-unity devices), then your argument has no merit.

You're as sure that no devices malfunction when receiving the wrong data as you are that no devices violate basic laws of physics? Damn, you have a lot of faith in engineers. Also never actually used any real-world devices, as far as I can tell.

And you probably have never worked on the development of a device where bad data could create a hazardous condition. I have, and believe me, it's not something you take lightly (if you're competent, that is). You do whatever you can to ensure that nothing bad happens no matter what data is thrown at you. You validate the data, using checksums, CRCs, or whatever it takes to ensure that you reject bad data. You put hardware interlocks into the design as an additional fail-safe. And after you do all that you test, test, and do more testing throwing all sorts of bad crap at the device to ensure that you covered all of the pathological cases.

Any engineer designing a safety-critical device that cannot detect and reject "NON GENUINE DEVICE FOUND!" coming in on a serial port deserves to be fired and perhaps even prosecuted.

[suicidaleggroll]

And you probably have never worked on the development of a device where bad data could create a hazardous condition. I have, and believe me, it's not something you take lightly (if you're competent, that is). You do whatever you can to ensure that nothing bad happens no matter what data is thrown at you. You validate the data, using checksums, CRCs, or whatever it takes to ensure that you reject bad data. You put hardware interlocks into the design as an additional fail-safe. And after you do all that you test, test, and do more testing throwing all sorts of bad crap at the device to ensure that you covered all of the pathological cases.

Exactly

[c4757p]

Yes, we've all heard the argument that competent engineers do things competently. Congratulations, the tautology club meets when the tautology club meets, I'm sure they'd love to have you as a member if they want you. I can only imagine you're trying to distract people from the real argument, which is whether FTDI engineers should go messing with the ones who aren't competent.

Of course, we've all heard your answer already, which is screw people who bought something from incompetent engineers, they should have known better and deserve what they get. I can only hope that bites you someday when you have something designed by an incompetent engineer in a field you didn't have the experience to evaluate properly.