FTDIgate 2.0?

[madires]

Since you are such an expert in law and you seen a company committing a crime as you said. Then as an EU citizen you should report them. I don't claim to have intrinsic knowledge of EU law at all, but you do make such claims.

Not reporting a crime is as bad as committing one, right?

This is my absolute last reply in this thread:

I'm not an expert, but I have a basic understanding of German law and know my limits. Please read about "Strafanzeige" and "Strafantrag" and maybe you'll understand that your suggestion doesn't make sense. And trolling me doesn't change any facts, but if you like, keep going.

[mtdoc]

Not reporting a crime is as bad as committing one, right?

Um no - of course it isn't. Is that what you really believe?  If so are you taking down the license plate numbers and reporting every speeder you see on the road? How about every person you see littering? Every person you know who has illegally downloaded pirated software or media?


I have a question for those here who are voraciously defending and excusing FTDI's actions:

Why have they taken the approach of first bricking chips and then having chips send out erroneous data instead of simply making their driver not work with the clones?

In my mind that is the crux of the issue. In both cases they have deliberately chosen to take punitive action against the end user - not the clone makers but the end user - who in almost every case has no way of knowing they purchased a product with a cloned chip! 

This along with way they've handled the controversy in social media is very telling of their mindset and why so many have decided to stop using their chips in their designs and stop buying products that use their chips.

[madsci1016]

I have a question for those here who are voraciously defending and excusing FTDI's actions:

Why have they taken the approach of first bricking chips and then having chips send out erroneous data instead of simply making their driver not work with the clones?

Been answered in this thread:

Have you ever installed an updated driver to find the hardware stop working? What’s the first thing you do? Do you rip open your computer or device and check all chips for authenticity? What many people do (and admit it, you would to), is roll-back to the last known working driver, curse the company for making a bad new driver, and never update the driver again. That does nothing to alert anyone to a bad supply chain and makes you think FTDI is bad at writing working drivers.

[miguelvp]

Not reporting a crime is as bad as committing one, right?

Um no - of course it isn't. Is that what you really believe?  If so are you taking down the license plate numbers and reporting every speeder you see on the road? How about every person you see littering? Every person you know who has illegally downloaded pirated software or media?

That is not criminal. I think there is a differentiation of Crime vs Breaking the Law.

[mtdoc]

Been answered in this thread:

Have you ever installed an updated driver to find the hardware stop working? What’s the first thing you do? Do you rip open your computer or device and check all chips for authenticity? What many people do (and admit it, you would to), is roll-back to the last known working driver, curse the company for making a bad new driver, and never update the driver again. That does nothing to alert anyone to a bad supply chain and makes you think FTDI is bad at writing working drivers.

Alright - that is one rational - but it does not answer the question of why they chose to do something that is punitive to the end user.

The answer I think is obvious: - they care more about trying to stop clones than they do about their customers. And yes it IS THEIR customers that they are impacting - because those affected thought they were buying FTDI chips.

As Dave said in the recent Amp Hour show - the onus is on FTDI to develop a technology or other means to make their chips clearly distinct and make the cloners jobs more difficult. (he suggested a holographic type label on the chip as one possible way).  They are doing none of that. Instead they have chosen to take the cheap, lazy way out and change their driver in a way that affects the end user. The most this can possibly achieve to decrease clones is to do so by decreasing  overall use of any FTDI type chips.

[mtdoc]

I think there is a differentiation of Crime vs Breaking the Law.

Perhaps English is not your first language?  A crime is synonymous with breaking the law.

But you were just trolling with your question to Madires weren't you?  I don't believe you or any sane person believes that not reporting a crime is just as bad as committing the crime itself.

[donotdespisethesnake]

It's getting interesting. Which chips exactly don't have the FTDI name/logo and do use FTDI's USB VID & PID?
Please show me a link or a Farnell/Mouser/RS Components product number.

Go back a few pages and read my posts... there's the Supereal SR1107/RD232A (likely the bulk of the clones) and Integral IZ232R (bare die). I also referenced this post from the first FTDIgate.

I followed your links but I couldn't find any real information about those chips like where I can buy them, and where to find
the datasheet. Can you please provide links with some real useful info?

You can find the Integral IZ232R datasheet here http://www.bms.by/eng/spec/index.php?pass=inf1

[madsci1016]

Alright - that is one rational - but it does not answer the question of why they chose to do something that is punitive to the end user.

The answer I think is obvious: - they care more about trying to stop clones than they do about their customers. And yes it IS THEIR customers that they are impacting - because those affected thought they were buying FTDI chips.

As Dave said in the recent Amp Hour show - the onus is on FTDI to develop a technology or other means to make their chips clearly distinct and make the cloners jobs more difficult. (he suggested a holographic type label on the chip as one possible way).  They are doing none of that. Instead they have chosen to take the cheap, lazy way out and change their driver in a way that affects the end user. The most this can possibly achieve to decrease clones is to do so by decreasing  overall use of any FTDI type chips.

Well, step back and look it it from another direction and apply some business logic.

Because drivers don't run in userspace, the other heavily suggest option of "pop-up message" can't be done either. And system logs can be ignored. They choose the way users would most likely be alerted to the fact the have a counterfeit device, by printing out a message in the one place the driver has the direct ability to and will most likely be seen by a user.

Now, the fundamental difference between the 2 sides arguing here is this:

1)  One side believes they should be able to use clones or counterfeit devices even if they are aware of them. 'If it works, it works, who cares if it's not authentic, right?' They are pissed that FTDI is taking their toys away, or that's what if feels like to them. They are using the 'poor end user who has no idea' as an example of why allowing clones to work should be a burden on FTDI.

2) The other side refuses to accept using clones or counterfeits at all. They feel when you buy from companies like FTDI, you pay more for the quality, customer service and support. You have paid more for a company that goes to the trouble to get drivers into the Windows update ecosystem so rapid deployments are easier. And you pay a supplier more to guarantee authentic parts. They are more pissed that a supplier failed by shipping knock-offs instead of the real thing. They support FTDI in their effort to identify and discourage cloning and counterfeiting.

I'm obviously in group 2. Even if a find mid production that products have clone chips in them, they come off the line. I don't care if it seems to work, or maybe even tests better. It's too risky to put trust in an unknown system.

Again, i know of one company that uses FTDI cables in the 4-5 figure magnitude. They are plugged into customer owned windows computers. They aren't batting an eye at these developments, as they trust their supply chain. They would rather have any fakes identified and replaced all at once by a mechanism like this as it is more cost effective than replacing them over time as they prematurely fail. Now I haven't heard of any of their customers reporting issues yet, but be sure if cables did come back clones, the supplier would have hell to pay.

[dannyf]

Here is this irony. You guys are so sure of fdti having commtted a crime, and yih are so sure yiy will prevail.

Yet, you are so afraid of suing fdti. What are you waiting for? Mortgage your house, let go of your job, concentrate on winning a lawsuit vs fdti. Since you are so right and they so wrong, I'm sure your winning will be big.

[miguelvp]

I think there is a differentiation of Crime vs Breaking the Law.

Perhaps English is not your first language?  A crime is synonymous with breaking the law.

But you were just trolling with your question to Madires weren't you?  I don't believe you or any sane person believes that not reporting a crime is just as bad as committing the crime itself.

Crime in the US is a misdemeanor or a felony, both carry imprisonment. Then you have a Violation which also carries imprisonment but of under 15 days but doesn't go into a criminal record.
Then you have infractions and offences.

But you are right, in the US is not a crime to not report a crime:
https://en.wikipedia.org/wiki/Misprision_of_felony

It's still an offence in the US, but it's a misdemeanor in other countries including England. So failure to report can get you imprisonment.

So I guess I exaggerated a lot, let's say that it's illegal not to report a crime unless you are a close family member. I guess for a company it might include employees of that company, but not officers of such company.

Edit: correction, I guess it's still a misdemeanor in Virginia and can land you in jail.
http://crimlaw.blogspot.com/2009/04/misprision-of-felony-failing-to-report.html

Edit2: another correction, since 1997 is not a misdemeanor (which fall under crime) not to report a felony (which also fall under crime) in the UK.
There might be exceptions if the crime is of a terrorist act or a hate crime but I'm not going to dig more into it.

[c4757p]

Here is this irony. You guys are so sure of fdti having commtted a crime, and yih are so sure yiy will prevail.

Yet, you are so afraid of suing fdti. What are you waiting for? Mortgage your house, let go of your job, concentrate on winning a lawsuit vs fdti. Since you are so right and they so wrong, I'm sure your winning will be big.

Why? Not everything has to drag lawyers in. In fact, the fewer lawyers, the better. Personally, I don't care whether they committed a crime or not, that doesn't factor into my judgment of whether someone is a dickhead at all. I never imagined they had done something criminal. They're just dicks.

[mtdoc]

1)  One side believes they should be able to use clones or counterfeit devices even if they are aware of them. 'If it works, it works, who cares if it's not authentic, right?' They are pissed that FTDI is taking their toys away, or that's what if feels like to them. They are using the 'poor end user who has no idea' as an example of why allowing clones to work should be a burden on FTDI.

No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...

I and many others do not have any particular desire to use clones or counterfeits. I've seen no one here who claims they do. As far as i know, I have no devices with cloned/counterfeited chips.  Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips. It's easy since there are several other good choices.

The issue - once again - is that there is no way for the end user to know for sure they are getting a device with authentic chip. Furthermore, even if there was - the majority of consumers would likely not know about it - since most will know nothing about FTDI, usb-serial conversion, etc.  IOW - people with no knowledge or intention to buy a device with a cloned chip (or make a device with a cloned chip) are being adversly affected.

Since FTDI clearly knows this is the case - their actions reveal their motives and ethics - that is what is driving people away from them.

[mtdoc]

Personally, I don't care whether they committed a crime or not, that doesn't factor into my judgment of whether someone is a dickhead at all. I never imagined they had done something criminal. They're just dicks.

Yep, absolutely. I feel the same. Crime, no crime - who cares as far as I'm concerned.  All I know is they are acting like incompetent dickheads. Who wants to buy or use products from such a company? I certainly don't.

[madsci1016]

No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...

No need to be rude. I could say the same to you, as you seem to be missing my point even though it's been repeated.

 Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips. It's easy since there are several other good choices.

Don't have that option? You don't have an option to buy from trusted dealers? Why? Yes you do.  Buy from trusted dealers and if you can test incoming stock, do that too. (which we now can!)

None of us can be 100.000000000% sure we get real parts, but we can be 99.999999% sure if we buy from certified suppliers, and feel better that they should cover any costs of replacing any fakes we do get from them. As we pay them to get the real deal.

Again, You want to understand us? It's easy, clones or counterfeits are never acceptable to us, even if they work. I'd rather have them deactivated (even in our customers hands) so we can find and replace them, and berate the supplier into paying costs or lose our business.

Does anyone have a Digikey order# that ended up being fake FTDIs? OR have we all spent 555 posts arguing about a hypothetical that never happened?

[all_repair]

This kind of discussion always gets so emotional. Nobody would have complained if FTDI would implement their drivers and tools in a way that they only work with their own products. That's their right and if they did so from the very beginning, this whole problem would have never existed.
On the other hand bricking ICs (and thus devices) or potentially damaging devices by sending out garbage is a no-go. Even though admittedly the chances that an identified fake chip doesn't have an FTDI logo is about as unlikely as people being killed or injured by the "non genuine" string, the mere fact that both is not 100% impossible should be more than enough reason never to do such a thing. Obviously nobody of us has the juridical knowledge to judge the legal implications exactly, but it must be clear that even potentially damaging other people's property is nothing you can do without at least expecting to get legal trouble.
To talk in pictures as this was done so many times before in this thread: if someone stole your car, you should call the police, but setting his house on fire would be considered a crime in most civilized countries. Now to make the picture even more accurate, this is like setting the house of someone on fire who bought your stolen car unknowingly. Who could claim this was just or reasonable?

People here are too kind in answering and treating seriously the FDTI PR rubbish replies, and so ended up getting emotion with all the rubbish logic.  I don't think FDTI is so stupid not to know the problems they are going to create to their past supporters.  They decided to abandon these people as they think they can legally shift any contanmination of their supply chains downwards, and can do so safely for all past sale.  Legally, likely they are at the upper hand, it is almost impossible to trace back for the end-customers.  Most likely people do not have the time and resources to go after them.  And likely FDTI have accepted the lost of the "cable" business.  So why the recent moves, they must know about Prolific saga and likely got a windfall from their mis-step.  Either they are very desperate now, or they are going after the only big variant in the market now:  the movement of hobbyist, maker, pi amd arduino communities.   Developers here, must not throw your good money and good effort after FDTI, no sane people doing integration can accept the uncertainty of using FDTI.  The cost of correcting a field problem is VERY huge, many many factors of a FDTI chip. 
In my view, they are NOT going to get the market of the maker communities either.  These people know too much, have plenty of time, too price sensitive, changing and redeveloping is not chore but fun.  This market is and will never be the taking for FDTI.  FDTI by trying to screws your old market and your preceived new market, you shall ended up been screwed.   FDTI has abandoned its own brand.

[mtdoc]

No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...

No need to be rude.

I was not being rude

I could say the same to you, as you seem to be missing my point even though it's been repeated.

I have not misrepresented your position as you have done of others.

Don't have that option? You don't have an option to buy from trusted dealers? Why? Yes you do.  Buy from trusted dealers and if you can test incoming stock, do that too. (which we now can!) 

Once again you're ignoring the issue. I am not manufacturing boards - I am an end user. Please tell  me which of these products contain fake chips and which do not.  How about these?

As for buying chips. For my projects I usually buy from Digikey - but not always. Some people don't have that option. But more importantly - someone who uses a contract manufacturer may have no control of where the chips in their product comes from.  And it's already has been shown that fake chips have infiltrated usually reliable supply chains.

[nctnico]

No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...

No need to be rude. I could say the same to you, as you seem to be missing my point even though it's been repeated.

Given the choice I would happily pay a bit more for devices with a known authentic chip as I'm sure most would.But I don't have that option so my choice is to no longer buy any devices that have "FTDI" chips. It's easy since there are several other good choices.

Don't have that option? You don't have an option to buy from trusted dealers? Why? Yes you do.  Buy from trusted dealers and if you can test incoming stock, do that too. (which we now can!)

No you can't test your incoming stock because you don't know what the cloners and FTDI come up with next. Besides that I don't want to test incoming stock if I can avoid it because it costs me time & money which doesn't add value to my product. Using a different UART to USB is much easier especially since Windows 10 supports a whole range of serial port products out of the box (about 15 years after Linux but hey they finally got it).
FTDI has a conflict with the cloners and the best thing to do in case of a conflict is run away from it as far as you can or you might get hurt. When the shit hits the fan you better not be around!

[Someone]

No that is not it at all. Your completely missing the point - and since it has been presented in numerous ways repeatedly - I'm at a loss as to why...

No need to be rude.

I was not being rude

I could say the same to you, as you seem to be missing my point even though it's been repeated.

I have not misrepresented your position as you have done of others.

Don't have that option? You don't have an option to buy from trusted dealers? Why? Yes you do.  Buy from trusted dealers and if you can test incoming stock, do that too. (which we now can!) 

Once again you're ignoring the issue. I am not manufacturing boards - I am an end user. Please tell  me which of these products contain fake chips and which do not.  How about these?

As for buying chips. For my projects I usually buy from Digikey - but not always. Some people don't have that option. But more importantly - someone who uses a contract manufacturer may have no control of where the chips in their product comes from.  And it's already has been shown that fake chips have infiltrated usually reliable supply chains.

Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

Wha wha wha, why can't I buy genuine handbags from the sunday market stalls, wha wha wha.

[mtdoc]

Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

So your answer is to buy from the most expensive place possible? 

If that is FTDIs answer then once again - it would demonstrate their incompetence and complete disregard for their customers since very few would do that. Why would anyone do that when there are numerous - perfectly functional alternatives available that use other manufacturers chips for much lower prices?

You've just demonstrated the point perfectly: FTDI is insensitive to customer needs and their current efforts to combat cloners is hurting themselves more than the cloners.

[madsci1016]

Please tell  me which of these products contain fake chips and which do not.  How about these?

I can't tell you, the seller does. I can guarantee (or really Sparkfun guarantees) that this is a real FTDI product. And if it's not, they will replace it for one that is.

If you buy from eBay plug it into your computer and get garbage data, it's because you are using a product with the wrong driver. Complain to your seller, as it's their fault. They don't respond? Then it's your fault from buying from a seller without good support channels.

Do you not realize when you buy a product, you have to pay for more than just the cost of the BOM of that product? You don't have to buy from the most expensive source, but you have to itemize what you are paying for. When you buy from eBay, you are not paying for reliable real products nor customer support. 

[mtdoc]

If you buy from eBay plug it into your computer and get garbage data, it's because you are using a product with the wrong driver. Complain to your seller, as it's their fault. They don't respond? Then it's your fault from buying from a seller without good support channels.

If you think that is the answer, you clearly don't understand the world of the electronics hobbyist. In the real world the answer is to avoid FTDI products as I and many others are doing. How's that gonna work for FTDI?

What's your answer to the designer using a contract manufacturer for their product? Once their large order has been made with a chip that later no longer works - how are they supposed to address that without a large loss to their business?  Again - the answer - don't risk it - design with one of the alternatives. How's that good for FTDI?

[Someone]

Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

So your answer is to buy from the most expensive place possible? 

If that is FTDIs answer then once again - it would demonstrate their incompetence and complete disregard for their customers since very few would do that. Why would anyone do that when there are numerous - perfectly functional alternatives available that use other manufacturers chips for much lower prices?

Free market, so if you like the alternatives so much buy them instead and stop complaining, if you want authentic FTDI parts you need to buy through their channels not your arbitrary choice of lowest cost supplier.

[madsci1016]

If you think that is the answer, you clearly don't understand the world of the electronics hobbyist. In the real world the answer is to avoid FTDI products as I and many others are doing. How's that gonna work for FTDI?

LOL, they will laugh? I doubt even 1% of their sales are ultimately for hobbyist and even small business selling to hobbyist. And no one that I have spoken to that deals with FTDI orders in 5 figures has batted an eye at this issue, because, again, trusted supply chains at trusted for a reason.

What's your answer to the designer using a contract manufacturer for their product? Once their large order has been made with a chip that later no longer works - how are they supposed to address that without a large loss to their business?  Again - the answer - don't risk it - design with one of the alternatives. How's that good for FTDI?

Write better contracts that include support and guarantee authenticity and reliability estimates? When the contract isn't met, sue. There's always a chance a counterfeit part fails and ruins an entire product line. Clauses against such events aren't new.

[mtdoc]

Free market, so if you like the alternatives so much buy them instead and stop complaining, if you want authentic FTDI parts you need to buy through their channels not your arbitrary choice of lowest cost supplier.

I'm not complaining at all and I'm not put out by FTDIs actions personally at all. This is a forum for discussion.  FTDIs actions are a topic of discussion.  If that's your tact then you've run out of arguments.

 I and others just find it remarkably boneheaded of FTDI to do the things they've done. They could dissapear tomorrow from the USB-serial converter business and it would barely cause a hiccup - I suspect that is what will happen eventually.

[nctnico]

Dont use a suspect channel, its not hard. Digikey and Mouser will happily sell you USB-uart modules and cables.

So your answer is to buy from the most expensive place possible? 

If that is FTDIs answer then once again - it would demonstrate their incompetence and complete disregard for their customers since very few would do that. Why would anyone do that when there are numerous - perfectly functional alternatives available that use other manufacturers chips for much lower prices?

Free market, so if you like the alternatives so much buy them instead and stop complaining, if you want authentic FTDI parts you need to buy through their channels not your arbitrary choice of lowest cost supplier.

The problem is that in every supply chain there is a been counter which thinks he/she is smarter than the rest and buys parts from a shady source to save a few pennies. How do you think those Nigerians scam even very smart people into giving them their money?